Strace is commonly used to track system calls and received signals when a process executes. In the Linux world, processes cannot directly access hardware devices, and when a process requires access to a hardware device (such as reading a disk file, receiving network data, and so on), it must be switched from user mode to kernel mode and access to the hardware device through system calls. Strace can trace the system calls generated by a process, including parameters, return values, and time spent executing.
The strace command is a tool that integrates diagnostics, debugging, statistics and integration, and we can use Strace to analyze the application's system calls and signal-passing results to solve the problem or to understand the purpose of the application work process . Of course strace and professional debugging tools such as GDB is not comparable, because it is not a professional debugger. The simplest use of strace is to execute a specified command, and it exits after the specified command has ended. During the execution of the command, strace records and resolves all system calls to the command process and all the signal values received by the process.
[Email protected]:/usr# strace cat /dev/ execve (, [, ], []) =  BRK () = access (,  F_OK) = - ENOENT (no such file or directory) mmap (null, , prot_read| prot_write, map_private| map_anonymous, -, ) = access (,  R_OK) = - ENOENT (no such file or directory) BRK () = brk () = fstat ( , {st_mode=s_ifchr|, st_rdev=makedev (, ),  , ...}) = open (, o_rdonly) = fstat (, {st_mode=s_ifchr|, st_rdev=makedev (, ), &NBSP, ...}) = read (, , ) = close () = close () = close () = exit_group () = ?
Each row is a system call, the left side of the equals sign is the function name of the system call and its arguments, and to the right is the return value of the call.
Strace Displays the parameters of these calls and returns the values in the form of symbols. Strace receives information from the kernel and does not need to build the kernel in any particular way.
Strace parameters
-c counts the number of times, times, and errors that are performed by each system call . -d output strace debug information about standard errors . -f traces the child processes that are generated by the fork call. -ff If-o filename is provided, trace results for all processes are output to the corresponding filename.pid, and the PID is the process number of each process . -f attempts to trace Vfork calls. At-F, vfork is not tracked. -h output Brief Help information . -i output system calls the entry pointer . -q suppresses output about the exit message . -r print out relative time about, every system call. -t add time information to each line in the output . -tt the time information before each line in the output, microsecond-level . -ttt microsecond output, in seconds, indicating time . -t Displays the elapsed time of each call . -v output all system calls. Some calls about environment variables, states, input and output, and so on because of the use of frequent, the default output . -v output strace version information. -x Output non-standard strings in 16 binary form -xx all strings output in 16-. -a column sets the output position of the return value. Default for 40. -E expr specifies an expression that controls how the trace is tracked. The format is as follows: [qualifier=][!] Value1[,value2]... qualifier can only be one of the trace,abbrev,verbose,raw,signal,read,write. value is the symbol or number that is used to qualify. Default qualifier is trace. Exclamation marks are negative symbols. For example, -eopen is equivalent to -e trace=open, which means that only the open call is tracked. and-etrace!= Open means that you are tracking other calls except open. There are two special symbols all and none. Note some shells use! To perform historyThe command in the record, so use \\. -e trace= to track only the specified system call. For example:-e trace=open,close,rean, Write indicates that only the four system calls are tracked. The default is set=all. -e trace=file only to track system calls about file operations . -e trace=process Track only system calls about Process Control . -e trace=network trace all system calls related to the network . -e strace=signal track all system-related signals System calls -e trace=ipc tracks all system calls related to process communication -e abbrev= sets the result set of system calls to the strace output.-V et abbrev=none. The default is abbrev=all. -e raw= to refer to the parameters for the system call in hexadecimal. -e signal= Specifies the system signal for the trace. The default is all. such as signal=! SIGIO (or Signal=!io), which means that the SIGIO signal is not traced . -e read= output reads data from the specified file. For example:  -E READ=, -E write= output writes data to the specified file . -o filename writes the output of Strace to a file filename -p pid Tracks the specified process pid. -s strsize the maximum length of the string that specifies the output. Default is 32. FileName is always output . -u username to username UID and GID execution of tracked commands
Full usage of general:
Strace-o output.txt-t-tt-e trace=all-p 28979
The above meaning is to trace all system calls (-e Trace=all) of the 28979 process, and to count the time spent on the system call, as well as the start time (and display in the visual hour-in-seconds format), and finally the recorded result exists in the Output.txt file.
Grammar
Strace [-DFFHIQRTTTTVXX] [-acolumn] [-eexpr] ... [-ofile] [-ppid] ... [-sstrsize] [-uusername] [-evar=val] ... [-evar] ... [Command [Arg ...]]
strace-c [-eexpr] ... [-ooverhead] [-ssortby] [Command [Arg ...]]
Tracking system Calls
Now we do a very simple program to demonstrate the basic usage of strace. The C language code for this program is as follows:
This article is from the "Small Stop" blog, please be sure to keep this source http://10541556.blog.51cto.com/10531556/1793898
strace command _linux strace Command usage explained: Tracking system calls and signals