rptrace 0.1.0

data/lib/rptrace/syscall_event.rb

@@ -0,0 +1,355 @@
+# frozen_string_literal: true
+
+require "fcntl"
+
+module Rptrace
+  # Renderable syscall event (enter/exit).
+  class SyscallEvent
+    # Map of errno number to symbolic name (e.g., 2 => "ENOENT").
+    ERRNO_NAME_BY_NUMBER = Errno.constants.each_with_object({}) do |const_name, map|
+      errno_class = Errno.const_get(const_name)
+      next unless errno_class.is_a?(Class) && errno_class < SystemCallError
+      next unless errno_class.const_defined?(:Errno)
+
+      map[errno_class::Errno] ||= const_name.to_s
+    rescue NameError
+      next
+    end.freeze
+    # Linux kernel upper bound for -errno syscall return convention.
+    LINUX_MAX_ERRNO = 4095
+    # Access mode mask for open/openat flags.
+    OPEN_ACCESS_MASK = Fcntl.const_defined?(:O_ACCMODE) ? Fcntl::O_ACCMODE : 0x3
+    # Mapping of open access mode value to symbolic name.
+    OPEN_ACCESS_NAMES = {
+      (Fcntl.const_defined?(:O_RDONLY) ? Fcntl::O_RDONLY : 0) => "O_RDONLY",
+      (Fcntl.const_defined?(:O_WRONLY) ? Fcntl::O_WRONLY : 1) => "O_WRONLY",
+      (Fcntl.const_defined?(:O_RDWR) ? Fcntl::O_RDWR : 2) => "O_RDWR"
+    }.freeze
+    # Mapping of open/openat modifier bits to symbolic names.
+    OPEN_FLAG_NAMES = %i[
+      O_APPEND O_ASYNC O_CLOEXEC O_CREAT O_DIRECT O_DIRECTORY O_DSYNC O_EXCL O_LARGEFILE
+      O_NOATIME O_NOCTTY O_NOFOLLOW O_NONBLOCK O_PATH O_SYNC O_TMPFILE O_TRUNC
+    ].each_with_object({}) do |const_name, map|
+      next unless Fcntl.const_defined?(const_name)
+
+      value = Fcntl.const_get(const_name)
+      next unless value.is_a?(Integer) && value.positive?
+
+      map[value] = const_name.to_s
+    end.freeze
+    # Mapping of PROT_* values used by mmap/mprotect.
+    PROT_NAMES = %i[
+      PROT_EXEC PROT_GROWSDOWN PROT_GROWSUP PROT_NONE PROT_READ PROT_SEM PROT_WRITE
+    ].each_with_object({}) do |const_name, map|
+      next unless Fcntl.const_defined?(const_name)
+
+      value = Fcntl.const_get(const_name)
+      next unless value.is_a?(Integer)
+
+      map[value] = const_name.to_s
+    end.freeze
+    # Bit mask for MAP_* type field.
+    MAP_TYPE_MASK = Fcntl.const_defined?(:MAP_TYPE) ? Fcntl::MAP_TYPE : nil
+    # Mapping of mmap type flags.
+    MAP_TYPE_NAMES = %i[
+      MAP_PRIVATE MAP_SHARED MAP_SHARED_VALIDATE
+    ].each_with_object({}) do |const_name, map|
+      next unless Fcntl.const_defined?(const_name)
+
+      value = Fcntl.const_get(const_name)
+      next unless value.is_a?(Integer)
+
+      map[value] = const_name.to_s
+    end.freeze
+    # Mapping of additional mmap modifier bits.
+    MAP_FLAG_NAMES = %i[
+      MAP_32BIT MAP_ANONYMOUS MAP_ANON MAP_DENYWRITE MAP_EXECUTABLE MAP_FILE
+      MAP_FIXED MAP_FIXED_NOREPLACE MAP_GROWSDOWN MAP_HUGETLB MAP_LOCKED MAP_NONBLOCK
+      MAP_NORESERVE MAP_POPULATE MAP_STACK MAP_SYNC MAP_UNINITIALIZED
+    ].each_with_object({}) do |const_name, map|
+      next unless Fcntl.const_defined?(const_name)
+
+      value = Fcntl.const_get(const_name)
+      next unless value.is_a?(Integer) && value.positive?
+
+      map[value] ||= const_name.to_s
+    end.freeze
+    # Mapping of clone(2) flag bits in the upper bits of clone flags argument.
+    CLONE_FLAG_NAMES = {
+      0x0000_0100 => "CLONE_VM",
+      0x0000_0200 => "CLONE_FS",
+      0x0000_0400 => "CLONE_FILES",
+      0x0000_0800 => "CLONE_SIGHAND",
+      0x0000_1000 => "CLONE_PIDFD",
+      0x0000_2000 => "CLONE_PTRACE",
+      0x0000_4000 => "CLONE_VFORK",
+      0x0000_8000 => "CLONE_PARENT",
+      0x0001_0000 => "CLONE_THREAD",
+      0x0002_0000 => "CLONE_NEWNS",
+      0x0004_0000 => "CLONE_SYSVSEM",
+      0x0008_0000 => "CLONE_SETTLS",
+      0x0010_0000 => "CLONE_PARENT_SETTID",
+      0x0020_0000 => "CLONE_CHILD_CLEARTID",
+      0x0040_0000 => "CLONE_DETACHED",
+      0x0080_0000 => "CLONE_UNTRACED",
+      0x0100_0000 => "CLONE_CHILD_SETTID",
+      0x0200_0000 => "CLONE_NEWCGROUP",
+      0x0400_0000 => "CLONE_NEWUTS",
+      0x0800_0000 => "CLONE_NEWIPC",
+      0x1000_0000 => "CLONE_NEWUSER",
+      0x2000_0000 => "CLONE_NEWPID",
+      0x4000_0000 => "CLONE_NEWNET",
+      0x8000_0000 => "CLONE_IO"
+    }.freeze
+    # Mapping of wait4(2) option bits.
+    WAIT_OPTION_NAMES = {
+      Constants::WNOHANG => "WNOHANG",
+      Constants::WUNTRACED => "WUNTRACED",
+      Constants::WCONTINUED => "WCONTINUED",
+      Constants::WALL => "__WALL"
+    }.freeze
+
+    attr_reader :tracee, :syscall, :args, :return_value, :phase
+
+    def initialize(tracee:, syscall:, args:, phase:, return_value: nil)
+      @tracee = tracee
+      @syscall = syscall
+      @args = args
+      @phase = phase
+      @return_value = return_value
+    end
+
+    # @return [Boolean]
+    def enter?
+      phase == :enter
+    end
+
+    # @return [Boolean]
+    def exit?
+      phase == :exit
+    end
+
+    # @return [String]
+    def to_s
+      call = "#{syscall.name}(#{formatted_args})"
+      return "#{call} ..." if enter?
+
+      "#{call} = #{formatted_return_value}"
+    end
+
+    # @return [String]
+    def formatted_args
+      args.each_with_index.map do |value, index|
+        type = syscall.arg_types.fetch(index, nil)
+        format_argument(type, value, index)
+      end.join(", ")
+    end
+
+    # @return [String]
+    def formatted_return_value
+      return "?" if return_value.nil?
+      return return_value.to_s unless syscall_error_code?(return_value)
+
+      errno = -return_value
+      name = ERRNO_NAME_BY_NUMBER.fetch(errno, "ERRNO_#{errno}")
+      message = SystemCallError.new(errno).message
+      "-1 #{name} (#{message})"
+    end
+
+    private
+
+    def format_argument(type, value, index)
+      case type
+      when :str
+        format_string_pointer(value)
+      when :ptr, :buf
+        format_pointer(value)
+      when :flags
+        format_flags(value, index: index)
+      when :mode
+        format_mode(value)
+      when :fd, :int, :uint, :size, :pid
+        Integer(value).to_s
+      else
+        value.inspect
+      end
+    end
+
+    def format_string_pointer(value)
+      return "NULL" if pointer_null?(value)
+
+      tracee.memory.read_string(Integer(value)).inspect
+    rescue Rptrace::Error, StandardError
+      format_pointer(value)
+    end
+
+    def format_pointer(value)
+      return "NULL" if pointer_null?(value)
+
+      format("0x%x", Integer(value))
+    end
+
+    def format_flags(value, index:)
+      number = Integer(value)
+
+      if open_flags_argument?(index)
+        decode_open_flags(number)
+      elsif mmap_prot_argument?(index)
+        decode_mmap_prot(number)
+      elsif mmap_flags_argument?(index)
+        decode_mmap_flags(number)
+      elsif clone_flags_argument?(index)
+        decode_clone_flags(number)
+      elsif wait_options_argument?(index)
+        decode_wait_options(number)
+      else
+        format("0x%x", number)
+      end
+    end
+
+    def format_mode(value)
+      number = Integer(value)
+      return "0" if number.zero?
+
+      format("0%o", number)
+    end
+
+    def open_flags_argument?(index)
+      return false unless %i[open openat].include?(syscall.name)
+
+      flag_arg_name = syscall.arg_names.fetch(index, nil)
+      flag_arg_name == :flags
+    end
+
+    def mmap_prot_argument?(index)
+      return false unless syscall.name == :mmap
+
+      syscall.arg_names.fetch(index, nil) == :prot
+    end
+
+    def mmap_flags_argument?(index)
+      return false unless syscall.name == :mmap
+
+      syscall.arg_names.fetch(index, nil) == :flags
+    end
+
+    def clone_flags_argument?(index)
+      return false unless syscall.name == :clone
+
+      syscall.arg_names.fetch(index, nil) == :flags
+    end
+
+    def wait_options_argument?(index)
+      return false unless syscall.name == :wait4
+
+      syscall.arg_names.fetch(index, nil) == :options
+    end
+
+    def decode_open_flags(value)
+      names = []
+
+      access = value & OPEN_ACCESS_MASK
+      names << OPEN_ACCESS_NAMES.fetch(access, format("0x%x", access))
+
+      remaining = value & ~OPEN_ACCESS_MASK
+      OPEN_FLAG_NAMES.keys.sort.reverse_each do |bit|
+        next if bit.zero?
+        next unless (remaining & bit) == bit
+
+        names << OPEN_FLAG_NAMES.fetch(bit)
+        remaining &= ~bit
+      end
+
+      names << format("0x%x", remaining) unless remaining.zero?
+      names.join("|")
+    end
+
+    def decode_mmap_prot(value)
+      return PROT_NAMES.fetch(0, "0") if value.zero?
+
+      names = []
+      remaining = value
+      PROT_NAMES.keys.sort.each do |bit|
+        next if bit.zero?
+        next unless (remaining & bit) == bit
+
+        names << PROT_NAMES.fetch(bit)
+        remaining &= ~bit
+      end
+
+      names << format("0x%x", remaining) unless remaining.zero?
+      names.empty? ? format("0x%x", value) : names.join("|")
+    end
+
+    def decode_mmap_flags(value)
+      names = []
+      remaining = value
+
+      if MAP_TYPE_MASK
+        map_type = value & MAP_TYPE_MASK
+        names << MAP_TYPE_NAMES.fetch(map_type, format("0x%x", map_type)) unless map_type.zero?
+        remaining &= ~MAP_TYPE_MASK
+      end
+
+      MAP_FLAG_NAMES.keys.sort.each do |bit|
+        next unless (remaining & bit) == bit
+
+        names << MAP_FLAG_NAMES.fetch(bit)
+        remaining &= ~bit
+      end
+
+      names << format("0x%x", remaining) unless remaining.zero?
+      names.empty? ? format("0x%x", value) : names.join("|")
+    end
+
+    def decode_clone_flags(value)
+      names = []
+      exit_signal = value & 0xFF
+      remaining = value & ~0xFF
+
+      CLONE_FLAG_NAMES.keys.sort.each do |bit|
+        next unless (remaining & bit) == bit
+
+        names << CLONE_FLAG_NAMES.fetch(bit)
+        remaining &= ~bit
+      end
+
+      names << format_clone_exit_signal(exit_signal) unless exit_signal.zero?
+      names << format("0x%x", remaining) unless remaining.zero?
+      names.empty? ? "0" : names.join("|")
+    end
+
+    def format_clone_exit_signal(signal)
+      signal_name = Signal.signame(signal)
+      signal_name.start_with?("SIG") ? signal_name : "SIG#{signal_name}"
+    rescue ArgumentError
+      signal.to_s
+    end
+
+    def decode_wait_options(value)
+      return "0" if value.zero?
+
+      names = []
+      remaining = value
+      WAIT_OPTION_NAMES.keys.sort.each do |bit|
+        next unless (remaining & bit) == bit
+
+        names << WAIT_OPTION_NAMES.fetch(bit)
+        remaining &= ~bit
+      end
+
+      names << format("0x%x", remaining) unless remaining.zero?
+      names.empty? ? format("0x%x", value) : names.join("|")
+    end
+
+    def pointer_null?(value)
+      Integer(value).zero?
+    rescue StandardError
+      false
+    end
+
+    def syscall_error_code?(value)
+      value.is_a?(Integer) && value.negative? && (-value) <= LINUX_MAX_ERRNO
+    end
+  end
+end

data/lib/rptrace/syscall_table/aarch64.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Rptrace
+  module SyscallTable
+    # aarch64 syscall table.
+    module AARCH64
+      # @return [Hash{Integer => Rptrace::Syscall::SyscallInfo}]
+      TABLE = {
+        56 => Syscall::SyscallInfo.new(number: 56, name: :openat, arg_names: %i[dirfd pathname flags mode], arg_types: %i[fd str flags mode]),
+        57 => Syscall::SyscallInfo.new(number: 57, name: :close, arg_names: %i[fd], arg_types: %i[fd]),
+        63 => Syscall::SyscallInfo.new(number: 63, name: :read, arg_names: %i[fd buf count], arg_types: %i[fd buf size]),
+        64 => Syscall::SyscallInfo.new(number: 64, name: :write, arg_names: %i[fd buf count], arg_types: %i[fd buf size]),
+        93 => Syscall::SyscallInfo.new(number: 93, name: :exit, arg_names: %i[status], arg_types: %i[int]),
+        94 => Syscall::SyscallInfo.new(number: 94, name: :exit_group, arg_names: %i[status], arg_types: %i[int]),
+        221 => Syscall::SyscallInfo.new(number: 221, name: :execve, arg_names: %i[filename argv envp], arg_types: %i[str ptr ptr])
+      }.freeze
+
+      # @return [Hash{Symbol => Rptrace::Syscall::SyscallInfo}]
+      BY_NAME = TABLE.each_with_object({}) do |(_number, info), map|
+        map[info.name] = info
+      end.freeze
+    end
+  end
+end

data/lib/rptrace/syscall_table/generator.rb

@@ -0,0 +1,172 @@
+# frozen_string_literal: true
+
+module Rptrace
+  module SyscallTable
+    # Generates syscall table Ruby files from Linux unistd headers.
+    module Generator
+      # Raised when syscall header cannot be resolved for an architecture.
+      class HeaderNotFoundError < ArgumentError; end
+
+      module_function
+
+      # Header lookup and output mapping by architecture.
+      ARCH_CONFIG = {
+        x86_64: {
+          module_name: "X86_64",
+          output_path: "lib/rptrace/syscall_table/x86_64.rb",
+          env_key: "PTRACE_SYSCALL_HEADER_X86_64",
+          header_candidates: [
+            "/usr/include/x86_64-linux-gnu/asm/unistd_64.h",
+            "/usr/include/asm/unistd_64.h",
+            "/usr/include/x86_64-linux-gnu/asm/unistd.h"
+          ].freeze
+        }.freeze,
+        aarch64: {
+          module_name: "AARCH64",
+          output_path: "lib/rptrace/syscall_table/aarch64.rb",
+          env_key: "PTRACE_SYSCALL_HEADER_AARCH64",
+          header_candidates: [
+            "/usr/include/aarch64-linux-gnu/asm/unistd.h",
+            "/usr/aarch64-linux-gnu/include/asm/unistd.h",
+            "/usr/include/asm-generic/unistd.h"
+          ].freeze
+        }.freeze
+      }.freeze
+
+      # Matches numeric __NR_* macro definitions.
+      DEFINE_REGEX = /^\s*#\s*define\s+__NR(?:3264)?_([a-zA-Z0-9_]+)\s+([0-9]+)\b/.freeze
+
+      # Generates tables for all configured architectures.
+      #
+      # @param root_dir [String]
+      # @param arches [Array<Symbol>]
+      # @param skip_missing [Boolean] skip architectures without headers
+      # @return [Array<Hash>]
+      def generate_all(root_dir: Dir.pwd, arches: ARCH_CONFIG.keys, skip_missing: false)
+        generated = []
+
+        arches.each do |arch|
+          begin
+            generated << generate_for(arch, root_dir: root_dir)
+          rescue HeaderNotFoundError
+            raise unless skip_missing
+          end
+        end
+
+        generated
+      end
+
+      # Generates tables and reports skipped architectures.
+      #
+      # @param root_dir [String]
+      # @param arches [Array<Symbol>]
+      # @return [Hash]
+      def generate_available(root_dir: Dir.pwd, arches: ARCH_CONFIG.keys)
+        generated = []
+        skipped = []
+
+        arches.each do |arch|
+          begin
+            generated << generate_for(arch, root_dir: root_dir)
+          rescue HeaderNotFoundError => e
+            skipped << { arch: arch.to_sym, reason: e.message }
+          end
+        end
+
+        { generated: generated, skipped: skipped }
+      end
+
+      # Generates one syscall table file.
+      #
+      # @param arch [Symbol]
+      # @param root_dir [String]
+      # @return [Hash]
+      def generate_for(arch, root_dir: Dir.pwd)
+        config = ARCH_CONFIG.fetch(arch.to_sym) do
+          raise ArgumentError, "unsupported arch: #{arch}"
+        end
+        header_path = resolve_header_path(config)
+        entries = parse_header(File.read(header_path))
+        raise ArgumentError, "no syscall entries found in #{header_path}" if entries.empty?
+
+        output_path = File.expand_path(config.fetch(:output_path), root_dir)
+        File.write(output_path, render_table(module_name: config.fetch(:module_name), entries: entries))
+
+        {
+          arch: arch.to_sym,
+          header_path: header_path,
+          output_path: output_path,
+          entries_count: entries.size
+        }
+      end
+
+      # Parses #define __NR_* entries from header content.
+      #
+      # @param content [String]
+      # @return [Array<(Integer, Symbol)>]
+      def parse_header(content)
+        by_number = {}
+
+        content.each_line do |line|
+          match = line.match(DEFINE_REGEX)
+          next unless match
+
+          name = match[1].to_sym
+          number = Integer(match[2], 10)
+          by_number[number] ||= name
+        end
+
+        by_number.sort_by { |number, _name| number }
+      end
+
+      # Renders a syscall table Ruby source.
+      #
+      # @param module_name [String]
+      # @param entries [Array<(Integer, Symbol)>]
+      # @return [String]
+      def render_table(module_name:, entries:)
+        table_lines = entries.map do |number, name|
+          "        #{number} => Syscall::SyscallInfo.new(number: #{number}, name: :#{name}, arg_names: [], arg_types: [])"
+        end
+
+        <<~RUBY
+          # frozen_string_literal: true
+
+          module Rptrace
+            module SyscallTable
+              module #{module_name}
+                TABLE = {
+          #{table_lines.join(",\n")}
+                }.freeze
+
+                BY_NAME = TABLE.each_with_object({}) do |(_number, info), map|
+                  map[info.name] = info
+                end.freeze
+              end
+            end
+          end
+        RUBY
+      end
+
+      def resolve_header_path(config)
+        env_key = config.fetch(:env_key)
+        env_value = ENV[env_key]
+
+        if env_value && !env_value.empty?
+          expanded = File.expand_path(env_value)
+          return expanded if File.file?(expanded)
+
+          raise HeaderNotFoundError, "header path from #{env_key} does not exist: #{expanded}"
+        end
+
+        config.fetch(:header_candidates).each do |candidate|
+          expanded = File.expand_path(candidate)
+          return expanded if File.file?(expanded)
+        end
+
+        raise HeaderNotFoundError, "no syscall header found. set #{env_key}=<path-to-header>"
+      end
+      private_class_method :resolve_header_path
+    end
+  end
+end

data/lib/rptrace/syscall_table/x86_64.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module Rptrace
+  # Built-in syscall number table modules.
+  module SyscallTable
+    # x86_64 syscall table.
+    module X86_64
+      # @return [Hash{Integer => Rptrace::Syscall::SyscallInfo}]
+      TABLE = {
+        0 => Syscall::SyscallInfo.new(number: 0, name: :read, arg_names: [], arg_types: []),
+        1 => Syscall::SyscallInfo.new(number: 1, name: :write, arg_names: [], arg_types: []),
+        2 => Syscall::SyscallInfo.new(number: 2, name: :open, arg_names: [], arg_types: []),
+        3 => Syscall::SyscallInfo.new(number: 3, name: :close, arg_names: [], arg_types: []),
+        4 => Syscall::SyscallInfo.new(number: 4, name: :stat, arg_names: [], arg_types: []),
+        5 => Syscall::SyscallInfo.new(number: 5, name: :fstat, arg_names: [], arg_types: []),
+        6 => Syscall::SyscallInfo.new(number: 6, name: :lstat, arg_names: [], arg_types: []),
+        7 => Syscall::SyscallInfo.new(number: 7, name: :poll, arg_names: [], arg_types: []),
+        8 => Syscall::SyscallInfo.new(number: 8, name: :lseek, arg_names: [], arg_types: []),
+        9 => Syscall::SyscallInfo.new(number: 9, name: :mmap, arg_names: [], arg_types: []),
+        10 => Syscall::SyscallInfo.new(number: 10, name: :mprotect, arg_names: [], arg_types: []),
+        11 => Syscall::SyscallInfo.new(number: 11, name: :munmap, arg_names: [], arg_types: []),
+        12 => Syscall::SyscallInfo.new(number: 12, name: :brk, arg_names: [], arg_types: []),
+        16 => Syscall::SyscallInfo.new(number: 16, name: :ioctl, arg_names: [], arg_types: []),
+        21 => Syscall::SyscallInfo.new(number: 21, name: :access, arg_names: [], arg_types: []),
+        22 => Syscall::SyscallInfo.new(number: 22, name: :pipe, arg_names: [], arg_types: []),
+        23 => Syscall::SyscallInfo.new(number: 23, name: :select, arg_names: [], arg_types: []),
+        32 => Syscall::SyscallInfo.new(number: 32, name: :dup, arg_names: [], arg_types: []),
+        33 => Syscall::SyscallInfo.new(number: 33, name: :dup2, arg_names: [], arg_types: []),
+        41 => Syscall::SyscallInfo.new(number: 41, name: :socket, arg_names: [], arg_types: []),
+        42 => Syscall::SyscallInfo.new(number: 42, name: :connect, arg_names: [], arg_types: []),
+        43 => Syscall::SyscallInfo.new(number: 43, name: :accept, arg_names: [], arg_types: []),
+        44 => Syscall::SyscallInfo.new(number: 44, name: :sendto, arg_names: [], arg_types: []),
+        45 => Syscall::SyscallInfo.new(number: 45, name: :recvfrom, arg_names: [], arg_types: []),
+        48 => Syscall::SyscallInfo.new(number: 48, name: :shutdown, arg_names: [], arg_types: []),
+        49 => Syscall::SyscallInfo.new(number: 49, name: :bind, arg_names: [], arg_types: []),
+        50 => Syscall::SyscallInfo.new(number: 50, name: :listen, arg_names: [], arg_types: []),
+        56 => Syscall::SyscallInfo.new(number: 56, name: :clone, arg_names: [], arg_types: []),
+        57 => Syscall::SyscallInfo.new(number: 57, name: :fork, arg_names: [], arg_types: []),
+        58 => Syscall::SyscallInfo.new(number: 58, name: :vfork, arg_names: [], arg_types: []),
+        59 => Syscall::SyscallInfo.new(number: 59, name: :execve, arg_names: [], arg_types: []),
+        60 => Syscall::SyscallInfo.new(number: 60, name: :exit, arg_names: [], arg_types: []),
+        61 => Syscall::SyscallInfo.new(number: 61, name: :wait4, arg_names: [], arg_types: []),
+        62 => Syscall::SyscallInfo.new(number: 62, name: :kill, arg_names: [], arg_types: []),
+        72 => Syscall::SyscallInfo.new(number: 72, name: :fcntl, arg_names: [], arg_types: []),
+        73 => Syscall::SyscallInfo.new(number: 73, name: :flock, arg_names: [], arg_types: []),
+        74 => Syscall::SyscallInfo.new(number: 74, name: :fsync, arg_names: [], arg_types: []),
+        231 => Syscall::SyscallInfo.new(number: 231, name: :exit_group, arg_names: [], arg_types: []),
+        257 => Syscall::SyscallInfo.new(number: 257, name: :openat, arg_names: [], arg_types: []),
+        262 => Syscall::SyscallInfo.new(number: 262, name: :newfstatat, arg_names: [], arg_types: []),
+        267 => Syscall::SyscallInfo.new(number: 267, name: :readlinkat, arg_names: [], arg_types: []),
+        269 => Syscall::SyscallInfo.new(number: 269, name: :faccessat, arg_names: [], arg_types: [])
+      }.freeze
+
+      # @return [Hash{Symbol => Rptrace::Syscall::SyscallInfo}]
+      BY_NAME = TABLE.each_with_object({}) do |(_number, info), map|
+        map[info.name] = info
+      end.freeze
+    end
+  end
+end