well you guess just about right about Apple not making it easy to debug ;) $ /usr/bin/uptime 10:25 up 38 days, 40 mins, 3 users, load averages: 1.98 2.19 2.32
$ sudo dtruss /usr/bin/uptime dtrace: system integrity protection is on, some features will not be available dtrace: failed to execute /usr/bin/uptime: (os/kern) failure /tmp/coreutils/bin/uptime 10:25:37 up 18802 days 7:41, 3 users, load average: 3.91, 2.55, 2.44 $ sudo dtruss /tmp/coreutils/bin/uptime Password: dtrace: system integrity protection is on, some features will not be available SYSCALL(args) = return 10:24:07 up 18802 days 7:40, 3 users, load average: 2.48, 2.29, 2.37 open("/dev/dtracehelper\0", 0x2, 0x0) = 3 0 ioctl(0x3, 0x80086804, 0x7FFEEDCAA910) = 0 0 close(0x3) = 0 0 mprotect(0x101F83000, 0x4000, 0x1) = 0 0 mprotect(0x101F64000, 0x4000, 0x1) = 0 0 access("/AppleInternal/XBS/.isChrooted\0", 0x0, 0x0) = -1 2 bsdthread_register(0x7FFF20337498, 0x7FFF20337484, 0x2000) = 1073742047 0 shm_open(0x7FFF2020FF66, 0x0, 0x2020ECBB) = 3 0 fstat64(0x3, 0x7FFEEDCA9650, 0x0) = 0 0 mmap(0x0, 0x1000, 0x1, 0x40001, 0x3, 0x0) = 0x101F76000 0 close(0x3) = 0 0 ioctl(0x2, 0x4004667A, 0x7FFEEDCA9704) = 0 0 mprotect(0x101F94000, 0x1000, 0x0) = 0 0 mprotect(0x101FA0000, 0x1000, 0x0) = 0 0 mprotect(0x101FA1000, 0x1000, 0x0) = 0 0 mprotect(0x101FAD000, 0x1000, 0x0) = 0 0 mprotect(0x101FAE000, 0x1000, 0x0) = 0 0 mprotect(0x101FBA000, 0x1000, 0x0) = 0 0 mprotect(0x101F8F000, 0x90, 0x1) = 0 0 mprotect(0x101FBB000, 0x1000, 0x1) = 0 0 mprotect(0x101F8F000, 0x90, 0x3) = 0 0 mprotect(0x101F8F000, 0x90, 0x1) = 0 0 issetugid(0x0, 0x0, 0x0) = 0 0 getentropy(0x7FFEEDCA8D40, 0x20, 0x0) = 0 0 getentropy(0x7FFEEDCA8D90, 0x40, 0x0) = 0 0 getpid(0x0, 0x0, 0x0) = 13143 0 stat64("/AppleInternal\0", 0x7FFEEDCA9C20, 0x0) = -1 2 csops_audittoken(0x3357, 0x7, 0x7FFEEDCA9750) = -1 22 proc_info(0x2, 0x3357, 0xD) = 64 0 csops_audittoken(0x3357, 0x7, 0x7FFEEDCA9840) = -1 22 sysctlbyname(kern.osvariant_status, 0x15, 0x7FFEEDCA9C70, 0x7FFEEDCA9C68, 0x0) = 0 0 csops(0x3357, 0x0, 0x7FFEEDCA9CA4) = 0 0 geteuid(0x0, 0x0, 0x0) = 0 0 getuid(0x0, 0x0, 0x0) = 0 0 dtrace: error on enabled probe ID 1712 (ID 566: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28 gettid(0x7FFEEDCA88E0, 0x7FFEEDCA88E4, 0x0) = -1 3 geteuid(0x0, 0x0, 0x0) = 0 0 getegid(0x0, 0x0, 0x0) = 0 0 csops(0x3357, 0x0, 0x7FFEEDCA962C) = 0 0 gettid(0x7FFEEDCA88B0, 0x7FFEEDCA88B4, 0x0) = -1 3 geteuid(0x0, 0x0, 0x0) = 0 0 getegid(0x0, 0x0, 0x0) = 0 0 open_nocancel("/usr/share/locale/en_US.UTF-8/LC_COLLATE\0", 0x0, 0x0) = 3 0 fcntl_nocancel(0x3, 0x3, 0x0) = 0 0 getrlimit(0x1008, 0x7FFEEDCAB250, 0x0) = 0 0 fstat64(0x3, 0x7FFEEDCAB1C8, 0x0) = 0 0 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x3) = 0 0 open_nocancel("/usr/share/locale/en_US.UTF-8/LC_CTYPE\0", 0x0, 0x0) = 3 0 fcntl_nocancel(0x3, 0x3, 0x0) = 0 0 fstat64(0x3, 0x7FFEEDCAB308, 0x0) = 0 0 fstat64(0x3, 0x7FFEEDCAB108, 0x0) = 0 0 lseek(0x3, 0x0, 0x1) = 0 0 lseek(0x3, 0x0, 0x0) = 0 0 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x3) = 0 0 open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MONETARY\0", 0x0, 0x0) = 3 0 fstat64(0x3, 0x7FFEEDCAB318, 0x0) = 0 0 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x3) = 0 0 open_nocancel("/usr/share/locale/en_US.UTF-8/LC_NUMERIC\0", 0x0, 0x0) = 3 0 fstat64(0x3, 0x7FFEEDCAB318, 0x0) = 0 0 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x3) = 0 0 open_nocancel("/usr/share/locale/en_US.UTF-8/LC_TIME\0", 0x0, 0x0) = 3 0 fstat64(0x3, 0x7FFEEDCAB318, 0x0) = 0 0 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x3) = 0 0 open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/LC_MESSAGES\0", 0x0, 0x0) = 3 0 fstat64(0x3, 0x7FFEEDCAB318, 0x0) = 0 0 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x3) = 0 0 open_nocancel("/var/run/utmpx\0", 0x2, 0x0) = 3 0 fcntl_nocancel(0x3, 0x2, 0x1) = 0 0 fstat64(0x3, 0x7FFEEDCAB620, 0x0) = 0 0 fstat64(0x3, 0x7FFEEDCAB448, 0x0) = 0 0 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 kill(156, 0) = 0 0 kill(36256, 0) = 0 0 kill(71582, 0) = 0 0 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x3) = 0 0 dtrace: error on enabled probe ID 1712 (ID 566: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28 access("/etc/localtime\0", 0x4, 0x0) = 0 0 open_nocancel("/etc/localtime\0", 0x0, 0x0) = 3 0 fstat64(0x3, 0x7FFEEDCAB450, 0x0) = 0 0 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x3) = 0 0 issetugid(0x0, 0x0, 0x0) = 0 0 open_nocancel("/var/db/timezone/zoneinfo/posixrules\0", 0x0, 0x0) = 3 0 fstat64(0x3, 0x7FFEEDCAB2A0, 0x0) = 0 0 dtrace: error on enabled probe ID 1684 (ID 954: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x3) = 0 0 shm_open(0x7FFF22BA1088, 0x0, 0x0) = 3 0 mmap(0x0, 0x1000, 0x1, 0x40001, 0x3, 0x0) = 0x101FBC000 0 close_nocancel(0x3) = 0 0 getuid(0x0, 0x0, 0x0) = 0 0 geteuid(0x0, 0x0, 0x0) = 0 0 getgid(0x0, 0x0, 0x0) = 0 0 getegid(0x0, 0x0, 0x0) = 0 0 open("/tmp/coreutils/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo\0", 0x0, 0x0) = -1 2 open("/tmp/coreutils/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo\0", 0x0, 0x0) = -1 2 open("/tmp/coreutils/share/locale/en_US/LC_MESSAGES/coreutils.mo\0", 0x0, 0x0) = -1 2 open("/tmp/coreutils/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo\0", 0x0, 0x0) = -1 2 open("/tmp/coreutils/share/locale/en.utf8/LC_MESSAGES/coreutils.mo\0", 0x0, 0x0) = -1 2 open("/tmp/coreutils/share/locale/en/LC_MESSAGES/coreutils.mo\0", 0x0, 0x0) = -1 2 fstat64(0x1, 0x7FFEEDCAB368, 0x0) = 0 0 ioctl(0x1, 0x4004667A, 0x7FFEEDCAB3B4) = 0 0 dtrace: error on enabled probe ID 1712 (ID 566: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28 dtrace: error on enabled probe ID 1682 (ID 956: syscall::write_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x1) = 0 0 close_nocancel(0x2) = 0 0 Cordialement, Thomas Manson. On Wed, Jun 23, 2021 at 7:37 PM Paul Eggert <egg...@cs.ucla.edu> wrote: > > On 6/23/21 10:03 AM, Manson Thomas wrote: > > Can you provide some dtrace command you want me to run ? > > > > I've got dtrace on my machine, but I don't know how to use it. > > You're ahead of me, as I don't have dtrace (I don't use macOS). :-) > > I believe you can run "dtruss /usr/bin/uptime". You may need appropriate > (root) privileges, so perhaps "sudo dtruss /usr/bin/uptime". Or perhaps > you need to go to further lengths, as Apple doesn't make it easy to > debug its programs. > > https://stackoverflow.com/questions/33476432/is-there-a-workaround-for-dtrace-cannot-control-executables-signed-with-restri