Summary of Linux kernel debugging methods Strace

Strace

Use

Strace is a powerful debugging, analysis, and diagnostic tool that tracks system calls and received signals when a program or process executes. The name, parameters, and return values of the called system call can be output to the standard output or to the file specified by-O.

"Command Format"

Strace [-DFFHIQRTTTTVXX] [-a column] [-e expr] ...

[-o file] [-P PID] ... [-S strsize] [-u username] [Command [Arg ...]]

strace-c [-e expr] ... [-O overhead] [-S SortBy] [Command [Arg ...]]

"Parameter description"

-C counts the time, number of times, and number of errors that are performed by each system call.

-D Output strace debug information about standard errors.

-F tracks the child processes that are generated by the fork call.

-FF If you provide-o filename, the trace results for all processes are output to the corresponding filename.pid, and the PID is the process number of each process.

-F attempts to trace vfork calls. At-F, vfork is not tracked.

-h outputs a brief help message.

The-I output system calls the entry pointer.

-Q suppresses the output of messages about secession.

-R prints out the relative time of each system call.

-T adds time information before each line in the output.

-tt The time information, in microseconds, before each line in the output.

-TTT microsecond output, in seconds, indicates the time.

-T displays the elapsed time for each call.

-V outputs all system calls. Some calls about environment variables, states, input and output calls due to frequent use, not output by default.

-V Output strace version information.

-X outputs non-standard strings in 16 binary form

-XX all strings are output in 16 binary form.

-A column

Sets the output location of the return value. Default is 40.

-E Expr

Specifies an expression that controls how to trace. The format is as follows:

[Qualifier=] [!] Value1[,value2] ...

Qualifier can only be one of the trace,abbrev,verbose,raw,signal,read,write. value is the symbol or number that is used to qualify. The default qualifier is trace. An exclamation point is a negative symbol. For example:

-eopen is equivalent to-e Trace=open, which means that only the open call is tracked. Instead of-etrace!=open, the trace is tracked except for open calls. There are two special symbols all and none.

Note that some shells use! To perform commands in the history, so use \\\\.

-E Trace=set

Only the specified system calls are tracked. For example, the-e trace=open,close,rean,write indicates that only the four system calls are tracked. The default is Set=all.

-E Trace=file

Only system calls about file operations are tracked.

-E trace=process

Only system calls about process control are tracked.

-E Trace=network

Tracks all system calls related to the network.

-E strace=signal

Track all system calls related to system signals

-E TRACE=IPC

Track all system calls related to process communication

-E Abbrev=set

Sets the result set of the system call for the strace output.-V et abbrev=none. Default is Abbrev=all.

-E Raw=set

Displays the parameters of the specified system call in hexadecimal.

-E Signal=set

Specifies the system signal for the trace. The default is all. such as signal=! SIGIO (or Signal=!io), indicating that the SIGIO signal is not tracked.

-E Read=set

Outputs the data that is read from the specified file. For example:

-E read=3,5

-E Write=set

The output is written to the data in the specified file.

-O filename

Writes the output of the strace to the file filename

-P PID

Tracks the specified process PID.

-S Strsize

Specifies the maximum length of the output string. The default is 32. The file name is always output.

-u username

Executes the tracked command with the UID and GID of the username.

Summary of Linux kernel debugging methods strace