Linux strace command

Introduction

Strace is often used to track system calls and received signals during process execution. In the Linux World, processes cannot directly access hardware devices. When a process needs to access hardware devices (such as reading disk files and receiving network data, you must switch from user mode to kernel mode to access hardware devices through system calls. Strace can trace the system calls generated by a process, including parameters, return values, and execution time.

Output parameter description

Root @ Ubuntu:/usr # strace CAT/dev/ Null  
Execve ( "  /Bin/cat  " ,[ "  Cat  " , "  /Dev/null  " ], [ /*  22 vars  */ ]) = 0 
BRK ( 0 ) = 0xab1000 
Access ( "  /Etc/lD. So. nohwcap  " , F_ OK) =- 1 Enoent (no such file or directory)
MMAP (null, 8192 , Prot_read | prot_write, map_private | map_anonymous ,-1 , 0 ) = 0x7f29213a7000 
Access ( "  /Etc/lD. So. Preload  " , R_ OK) =- 1 Enoent (no such file or directory)
...
BRK ( 0 ) = 0xab1000 
BRK ( 0xad2000 ) = 0xad2000 
Fstat (1 , {St_mode = s_ifchr | 0620 , St_rdev = makedev ( 136 , 0 ),...}) = 0 
Open ( "  /Dev/null  " , O_rdonly) = 3 
Fstat ( 3 , {St_mode = s_ifchr | 0666 , St_rdev = makedev ( 1 , 3 ),...}) = 0 
Read ( 3 , "" , 32768 ) = 0 
Close ( 3 ) = 0 
Close ( 1 ) = 0 
Close ( 2 ) = 0 
Exit_group ( 0 ) =?

Each line is a system call. The function name and its parameters of the system call are on the left of the equal sign, and the return value of the call is on the right.
Strace displays the parameters of these calls and Returns signed values. Strace receives information from the kernel, and does not need to build the kernel in any special way.

Strace Parameters

-C: Calculate the execution time, number of times, and number of errors of each system call.
-D: Output strace debugging information about standard errors.
-F tracks the sub-processes generated by the fork call.
-FF if-O filename is provided, the trace results of all processes are output to the corresponding filename. PID, which is the process number of each process.
-F attempts to trace vfork calls. In-F, vfork is not tracked.
-H outputs brief help information.
-I output the entry pointer of the system call.
-Q: Do not output the message about the disconnection.
-R prints the relative time, which is called by every system.
-T add time information before each row in the output.
-TT adds time information before each row in the output, in microseconds.
-TTT microsecond-level output, expressed in seconds.
-T shows the time consumed by each call.
-V outputs all system calls. Some calls about environment variables, status, input and output are not output by default due to frequent calls.
-V outputs the version information of strace.
-X outputs non-standard strings in hexadecimal format
-Xx all strings are output in hexadecimal format.
-A column
Set the output position of the returned value. The default value is 40.
-E expr
Specify an expression to control how to trace. The format is as follows:
[Qualifier =] [!] Value1 [, value2]...
Qualifier can only be trace, abbrev, verbose, raw, signal, read, or write. value is a symbol or number used to limit. the default qualifier is trace. the exclamation point is a negative sign. for example:
-Eopen is equivalent to-e trace = open, indicating that only open calls are tracked.-etrace! = Open indicates all calls except open. There are two special symbols: All and none.
Note that some shells are used! To execute the commands in the history, so use \\.
-E trace = Set  
Only trace the specified system call. For example,-e trace = open, close, rean, and write indicates that only the four system calls are tracked. The default value is set = All.
-E trace = File
Only system calls related to file operations are tracked.
-E trace = Process
Only system calls related to process control are tracked.
-E trace = Network
Tracks all network-related system calls.
-E strace = Signal
Tracks all system calls related to system signals
-E trace = IPC
Trace all system calls related to process Communication
-E abbrev = Set  
Set the result set of the System Call output by strace, such as-V and abbrev = none. The default value is abbrev = All.
-E raw = Set  
Display the specified system call parameters in hexadecimal format.
-E signal =Set  
System signal of the trail. The default value is all. For example, signal =! Sigio (or signal =! Io), indicating that the sigio signal is not tracked.
-E read = Set  
Output the data read from the specified file. For example:
-E read = 3 , 5  
-E write = Set  
Output data written to the specified file.
-O filename
Write strace output to file filename
-P PID
Trace the specified process PID.
-S strsize
Specify the maximum length of the output string. The default value is 32. The file name is always output.
-U Username
Run the following command with the UID and gid of username.

 

Command instance

General Usage:

 
Strace-O output.txt-T-TT-e trace = All-P28979
 

The preceding description is used to track all system calls of the 28979 process (in the-e workflow file.

 

Strace case

 

Use strace for debuggingProgram

In the ideal world, every time a program cannot normally execute a function, it will give a useful error prompt, telling you enough clues to correct the error. Unfortunately, we do not live in the ideal world, at least not always. Sometimes a program has a problem and you cannot find the cause.
This is why debugging Programs appear. Strace is an essential debugging tool used to monitor system calls. You can debug a new program or a running program (BIND strace to an existing PID ).
First, let's look at a real example: a problem occurs when KDE is started.
Some time ago, I had a problem when I started Kde, And the KDE error message could not help me with any clues.

 
_ Kde_icetranssocketcreatelistener: failed to bind listener
_ Kde_icetranssocketunixcreatelistener:... socketcreatelistener () failed
_ Kde_icetransmakeallcotsserverlisteners: failed to create listenerForLocal

Cannot establish any listening sockets dcopserver self-test failed.
 

This error message does not make much sense for me, but a program that is crucial to KDE for inter-process communication cannot be started. I can also know that this error is related to the ice protocol (Inter client exchange). In addition, I don't know what causes the KDE startup error.

I decided to use strace to check what the program did when I started dcopserver:

 
Strace-f-o ~ /Dcop-strace.txt dcopserver
 

Here, the-f option tells strace to track both the fork and vfork processes. The-O option writes all strace output ~ /Dcop-strace.txt, dcopserver is to start and debug the program.

After another error occurs, I checked the error output file dcop-strace.txt, which contains many system call records. Before an error occurs, the related records are as follows:

 

 27207 Mkdir ( "  /Tmp/. Ice-Unix  " , 0777 ) =- 1 Eexist (file exists)
 27207 Lstat64 ( "  /Tmp/. Ice-Unix  " , {St_mode = s_ifdir | s_isvtx |0755 , St_size = 4096 ,...}) = 0 
 27207 Unlink ( "  /Tmp/. Ice-UNIX/dcop27207-1066844596  " ) =- 1 Enoent (no such file or directory)
 27207 BIND ( 3 , {Sin_family = af_unix, Path = "  /Tmp/. Ice-UNIX/dcop27207-1066844596 " }, 38 ) =- 1 Eacces (permission denied)
 27207 Write ( 2 , "  _ Kde_icetrans  " , 13 ) = 13 
 27207 Write ( 2 , " Socketcreatelistener: failed  " ..., 46 ) = 46 
 27207 Close ( 3 ) = 0   27207 Write ( 2 , "  _ Kde_icetrans  " , 13 ) = 13 
27207 Write ( 2 , "  Socketunixcreatelistener:... SOC  " ..., 59 ) = 59 
 27207 Umask ( 0 ) = 0   27207 Write ( 2 , "  _ Kde_icetrans " , 13 ) = 13 
 27207 Write ( 2 , "  Makeallcotsserverlisteners: fail  " ..., 64 ) = 64 
 27207 Write ( 2 , "  Cannot establish any listening s " ..., 39 ) = 39 

The first line shows that the program attempted to create the/tmp/. Ice-Unix directory with the permission of 0777. This operation failed because the directory already exists. The second system call (lstat64) checks the directory status and shows that the permission for this directory is 0755. Here, the first program running error is reported: The program tries to create a directory with the property of 0777, however, a directory with the attribute 0755 already exists. The third system call (unlink) tries to delete a file, but this file does not exist. This is not surprising, because this operation only attempts to delete old files that may exist.

However, row 4 confirms the error. He tried to bind to the/tmp/. Ice-UNIX/dcop27207-1066844596, but an access denial error occurred .. The users and groups in the ice_unix directory are root and only the owner has the write permission. A non-root user cannot create a file under this directory. If the Directory attribute is changed to 0777, the previous operation may be executed, this is the operation performed when the first error occurs.

So I ran chmod 0777/tmp /. after ice-Unix, Kde can be started normally. The problem is solved. It takes only a few minutes to use strace for tracking and debugging to track the program running, and then check and analyze the output file.

Note: Running chmod 0777 is only a test. Generally, do not set a directory to be readable or writable by all users, and do not Set Sticky Bit ). Setting a sticky position for a directory prevents a user from deleting files of others under the writable directory at will. Generally, you will find that the/tmp directory is set with a sticky bit for this reason. After KDE can be started normally, run chmod + T/tmp/. Ice-Unix to set a sticky bit for. ice_unix.

 

Solve library dependency problems

Another use of starce is to solve problems related to dynamic libraries. When you run LDD on an executable file, it will tell you the dynamic library used by the program and find the location of the dynamic library. However, if you are using an older glibc version (2.2 or earlier), you may have a bug in the LDD program, which may report the discovery of a dynamic library in a directory, however, the dynamic Connection Program (/lib/ld-linux.so.2) might go to another directory to find the dynamic Connection Library. This is usually because the/etc/lD. So. conf and/etc/lD. So. cache files are inconsistent, or/etc/lD. So. cache is damaged. This error will not occur in glibc 2.3.2, And the LD-Linux bug may have been fixed.

In this case, LDD does not list the dynamic libraries that all programs depend on. The system calls dlopen to automatically call the required dynamic libraries as needed, which may not be listed by LDD. The NSS (name server switch) library, part of glibc, is a typical example. NSS is used to tell the application where to find the system account database. Applications do not directly connect to the NSS library, while glibc automatically calls the NSS library through dlopen. If such a database is accidentally lost, you will not be notified that there is a library dependency problem, but such a program will not be able to get the user ID through username resolution. Let's take an example:
The whoami program will give your own user name. This program is very useful in some script programs that need to know the real users who run the program. An example of whoami output is as follows:

 
# Whoami
Root
 

Assume that the NSS database responsible for user name and user ID conversion is lost during the upgrade of glibc for some reason. We can simulate this environment by renaming the NSS database:

 
# Mv/lib/libnss_files.so.2/Lib/libnss_files.so.2. Backup
# Whoami
Whoami: cannot find UsernameForUID0
 

Here you can see that an error occurs when running whoami, and the output of the LDD program does not provide useful help:

# LDD/usr/bin/whoami
Libc. So.6=>/Lib/libc. So.6(0x4001f000)
/Lib/ld-linux.so.2/Lib/ld-linux.so.2(Zero X 40000000)
 

You will only see whoami dependent on libc. so.6 and ld-linux.so.2, it does not give other libraries necessary to run whoami. Here, we use strace to trace the output of whoami:

Strace-O whoami-strace.txt whoami

Open ( "  /Lib/libnss_files.so.2  " , O_rdonly) =- 1 Enoent (no such file or directory)
Open ( " /Lib/i686/MMX/libnss_files.so.2  " , O_rdonly) =- 1 Enoent (no such file or directory)
Stat64 ( "  /Lib/i686/MMX  " , 0xbffff190 ) =- 1 Enoent (no such file or directory)
Open ( "  /Lib/i686/libnss_files.so.2  " , O_rdonly) =- 1 Enoent (no such file or directory)
Stat64 ( "  /Lib/i686  " , 0xbffff190 ) =- 1 Enoent (no such file or directory)
Open ( "  /Lib/MMX/libnss_files.so.2  " , O_rdonly) =- 1 Enoent (no such file or directory)
Stat64 ( "  /Lib/MMX " , 0xbffff190 ) =- 1 Enoent (no such file or directory)
Open ( "  /Lib/libnss_files.so.2  " , O_rdonly) =- 1 Enoent (no such file or directory)
Stat64 ( "  /Lib  " , {St_mode = s_ifdir | 0755 , St_size = 2352 ,...}) =0 
Open ( "  /Usr/lib/i686/MMX/libnss_files.so.2  " , O_rdonly) =- 1 Enoent (no such file or directory)
Stat64 ( "  /Usr/lib/i686/MMX  " , 0xbffff190 ) =- 1 Enoent (no such file or directory)
Open ( "  /Usr/lib/i686/libnss_files.so.2 " , O_rdonly) =- 1 Enoent (no such file or directory)

You can find libnss. so.2 attempts in different directories, but all failed. Without a tool such as strace, it is difficult to find that this error is caused by the lack of dynamic libraries. Now you only need to find libnss. so.2 and put it back to the correct position.

 

Restrict strace to only trace specific system calls

If you already know what you are looking for, you can have strace trace only some types of system calls. For example, you need to check the Program executed in the configure script. The system call you need to monitor is execve. Let strace record only execve calls using this command:

 
Strace-f-o configure-strace.txt-e execve./configure
 

 

References: http://blog.sina.com.cn/s/blog_6e07f1eb0100t7rg.html

Http://blog.csdn.net/zdl1016/article/details/6359598