First, Strace
The strace command is a set of diagnostic, debugging, statistical and integrated tools that can be used to analyze applications using Strace's tracking results for system calls and signal passing. To solve the problem or to understand the purpose of the application work process.
Of course strace and professional debugging tools such as GDB is not comparable, because it is not a professional debugger.
The simplest use of strace is to execute a specified command, and it exits after the specified command has ended. During the execution of the command, strace records and resolves all system calls to the command process and all the signal values received by the process.
Second, the use of the Strace command
1. Syntax:
# strace [-DFFHIQRTTTTVXX] [-a column] [-e expr] ... [-o file] [-P PID] ...
[-S strsize] [-u username] [-e Var=val] ... [-e var] ... [Command [Arg ...]] strace-c [-e expr] ...
[-O overhead] [-s sortby] [command [Arg ...]]
2. Options:
-C counts the time, number of times, and number of errors that are performed by each system call.
-D Output strace debug information about standard errors.
-F tracks the child processes that are generated by the fork call.
-FF If you provide-o filename, the trace results for all processes are output to the corresponding filename.pid, and the PID is the process number of each process.
-F attempts to trace vfork calls. At-F, vfork is not tracked.
-h outputs a brief help message.
The-I output system calls the entry pointer.
-Q suppresses the output of messages about secession.
-R prints out relative time about, every system call.
-T adds time information before each line in the output.
-tt The time information, in microseconds, before each line in the output.
-TTT microsecond output, in seconds, indicates the time.
-T displays the elapsed time for each call.
-V outputs all system calls. Some calls about environment variables, states, input and output calls due to frequent use, not output by default.
-V Output strace version information.
-X outputs non-standard strings in 16 binary form.
-XX all strings are output in 16 binary form.
-A column sets the output position of the return value. Default is 40.
-
- E expr Specify an expression to control how the trace is tracked.
format: [Qualifier=] [!] Value1[,value2] ... qualifier can only be one of trace,abbrev,verbose,raw,signal,read,write.
for example :
-eopen is equivalent to-e Trace=open, which means that only the open call is tracked. Instead,-etrace!=open indicates that the trace is tracked except open. There are two special symbols all and none. Note that some shells use! To perform commands in the history, so use \\.
-e trace=set tracks only the specified system calls. For example, the-e trace=open,close,rean,write indicates that only the four system calls are tracked. The default is Set=all.
-e Trace=file only tracks system calls about file operations.
-e trace=process only tracks system calls about Process control.
-e trace=network tracks all system calls related to the network.
-e strace=signal tracks all system calls related to system signals.
-e TRACE=IPC tracks all system calls related to process communication.
-e Abbrev=set Sets the result set of the system call of the strace output.-V et abbrev=none. The default is Abbrev=all.
-e Raw=set Displays the parameters of the specified system call in hexadecimal.
-e signal=set Specifies the system signal to be traced. All is the default. such as signal=! SIGIO (or Signal=!io), indicating that the SIGIO signal is not tracked.
-e Read=set outputs the data that is read from the specified file. For example:-E read=3,5
-e write=set output writes data to the specified file.
-o filename writes the output of Strace to the file filename
-p PID tracks the specified process PID.
-S strsize Specifies the maximum length of the output string. The default is 32. The file name is always output.
-u username executes the tracked command with the UID and GID of the username.
Iii. Examples of Strace
1. Tracking System calls
$./test//Direct execution $strace./test//Execute through Strace
2, tracking signal transmission
< Span style= "Color:rgb (45,55,75); Font-family:verdana, Geneva, sans-serif;font-size:12px;line-height:18px;" > first $strace./test, wait until the input screen, do not enter anything, and then open another window, enter the following command $ killall test , you can Observe the condition in which the process receives the signal.
3, System call Statistics
Strace can not only trace the system call, by using the parameter-C, it can also make the process of all system calls to do a statistical analysis of the show.
Strace, execute the strace with the-C parameter: $ strace-c./test
The results show that it is very useful for us to analyze a program by invoking those system functions, the number of calls, the amount of time spent, and so on.
4. Other parameters
(1) The parameter- o is used to output the strace result to a file .
If you do not specify the-o parameter, the default output device is stderr, which means that the result of using "-O filename" and "2>filename" is the same.
# Both commands are output strace results to file Test.txt strace-c-o test.txt./test strace-c./test 2 > Test.txt
(2) timing the system call
Strace can use the parameter- T to print out the time spent on each system call, and the cost of each call is now within the angle brackets at the far right of the call line.
$strace-T./test
(3) time of system call
This is a useful feature that Strace will record the occurrence of each system call, as long as you use the -t/tt/ttt three parameters to see the effect.
Name of parameter |
Output style |
Description |
-T |
10:33:04 Exit_group (0) |
Accurate output to seconds |
-tt |
10:33:48.159682 Exit_group (0) |
Accurate to microsecond output results |
-ttt |
1262169244.788478 Exit_group (0) |
precise to subtle , and time is expressed as a Unix timestamp |
(4) truncated output
The-s parameter is used to specify the length of the string to output for each line of the trace result.
Test program in the- s parameter on the results have any effect, now specify-S is 20, and then in read is very we enter a string of more than 20 characters
$ strace-s./test
Read (0, 2222222222222222222222222//21 of our inputs total 25
"22222222222222222222" ..., 1024) = 26//And the results we see in 2 have 20
(5) trace an existing process
Strace not only can initialize a process to trace, but also to trace the existing process, parameter- p is to take this role.
$ strace-p PID
This article is from the "Flower Open Shore" blog, please be sure to keep this source http://zxtong.blog.51cto.com/10697148/1794717
Linux---strace tools