DTrace report uncorrect value when I tracing "malloc:return" in MacOS

Question

I want to get the return value of malloc, my DTrace command is:

sudo dtrace -n 'pid32519::malloc:return {printf("%p %p %p %p %p %p %p %p %p %p %s\n",arg0,arg1,arg2,arg3,arg4,arg5,arg6,arg7,arg8,arg9,probefunc);}'

and the pid of provider is a tiny program as follow:

printf("%d\n",getpid());
getchar();
int cnt=50;
void* a = malloc(1000);
printf("%llx\n",a);
a = malloc(1000);
printf("%llx\n",a);
a = malloc(1000);
printf("%llx\n",a);
a = malloc(1000);
printf("%llx\n",a);
getchar();
return 0;

I found some documentation that say "arg1 holds return value", but the result is:

CPU     ID                    FUNCTION:NAME
  8  10499                    malloc:return f a 1 0 0 0 0 0 0 60000000a malloc

  8  10499                    malloc:return f f 1 0 0 0 0 0 f00000000 60000000a malloc

  8  10499                    malloc:return f 10 1 0 0 0 0 0 f00000010 60000000a malloc

  8  10499                    malloc:return f 10 1 0 0 0 0 1000000000 f00000010 60000000a malloc

There is none of args equaled the return value of malloc and where is it?

Answer 1

Per the DTrace Guide, FBT provider:

20.2.2. return probes

While a given function only has a single point of entry, it may have many different points where it returns to its caller. You are usually interested in either the value that a function returned or the fact that the function returned at all rather than the specific return path taken. FBT therefore collects a function's multiple return sites into a single return probe. If the exact return path is of interest, you can examine the return probe args[0] value, which indicates the offset (in bytes) of the returning instruction in the function text.

If the function has a return value, the return value is stored in args[1]. If a function does not have a return value, args[1] is not defined.

Note the use of args[0] and args[1] instead of args0 and args1. That might be significant to your dTrace implementation.