strace是一個功能強大的調試,分析診斷工具,主要用來監視系統調用。
1.下載下傳strace-xxx.tar.xz
下載下傳網址是:http://sourceforge.net/project/showfiles.php?group_id=2861&package_id=2819;
2.解壓
$ xz -d ***.tar.xz
$ tar -xvf ***.tar
可以看到這個壓縮包也是打包後再壓縮,外面是xz壓縮方式,裡層是tar打包方式。
補充:目前可以直接使用 tar xvJf ***.tar.xz來解壓
3.配置
./configure
4.編譯
make
5.安裝
make install
6.使用
strace指令的詳細參數如下:
usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]
[-p pid] ... [-s strsize] [-u username] [-E var=val] ...
[command [arg ...]]
or: strace -c [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...
[command [arg ...]]
-c -- count time, calls, and errors for each syscall and report summary
-f -- follow forks, -ff -- with output into separate files
-F -- attempt to follow vforks, -h -- print help message
-i -- print instruction pointer at time of syscall
-q -- suppress messages about attaching, detaching, etc.
-r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs
-T -- print time spent in each syscall, -V -- print version
-v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args
-x -- print non-ascii strings in hex, -xx -- print all strings in hex
-a column -- alignment COLUMN for printing syscall results (default 40)
-e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...
options: trace, abbrev, verbose, raw, signal, read, or write
-o file -- send trace output to FILE instead of stderr
-O overhead -- set overhead for tracing syscalls to OVERHEAD usecs
-p pid -- trace process with process id PID, may be repeated
-s strsize -- limit length of print strings to STRSIZE chars (default 32)
-S sortby -- sort syscall counts by: time, calls, name, nothing (default time)
-u username -- run command as username handling setuid and/or setgid
-E var=val -- put var=val in the environment for command
-E var -- remove var from the environment for command
1. 跟蹤ls指令
# strace ls
execve("/bin/ls", ["ls"], [/* 46 vars */]) = 0
brk(0) = 0x1ab9000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf695fb000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=102786, ...}) = 0
mmap(NULL, 102786, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fcf695e1000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/librt.so.1", O_RDONLY) = 3
(省略)
2. 跟蹤執行中的指令
用p選項指定PID。
# strace -p 42198
當權限不夠時,會出現如下錯誤。
$ strace -p 42198
attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
3. 跟蹤指定的系統調用
用e選項指定open系統調用。
# strace -e open ls
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/librt.so.1", O_RDONLY) = 3
open("/lib/libselinux.so.1", O_RDONLY) = 3
open("/lib/libacl.so.1", O_RDONLY) = 3
open("/lib/libc.so.6", O_RDONLY) = 3
(省略)
可如下指定多個系統調用。
# strace -e trace=open,read ls
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/librt.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220!\0\0\0\0\0\0"..., 832) = 832
open("/lib/libselinux.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20Y\0\0\0\0\0\0"..., 832) = 832
4. 跟蹤結果儲存到檔案
用o選項指定輸出結果的檔案。
# strace -o zabbix.cc.txt ls
5. 添加時間戳
用-t選項的話,會在輸出結果裡追加時間戳。
# strace -t ls
17:43:25 execve("/bin/ls", ["ls"], [/* 47 vars */]) = 0
17:43:25 brk(0) = 0x8ad000
17:43:25 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
17:43:25 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb41137b000
17:43:25 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
6. 添加系統調用所消費的時間
# strace -r ls
0.000000 execve("/bin/ls", ["ls"], [/* 21 vars */]) = 0
0.000298 brk(0) = 0x2237000
0.000063 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcfae0c5000
0.000061 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
0.000075 open("/etc/ld.so.cache", O_RDONLY) = 3
0.000044 fstat(3, {st_mode=S_IFREG|0644, st_size=31171, ...}) = 0
0.000052 mmap(NULL, 31171, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fcfae0bd000
0.000035 close(3) = 0
(省略)
7. 輸出跟蹤結果的摘要
# strace -c ls
(省略)
% time seconds usecs/call calls errors syscall
------ ----------- ----------- --------- --------- ----------------
-nan 0.000000 0 10 read
-nan 0.000000 0 18 write
-nan 0.000000 0 12 open
-nan 0.000000 0 14 close
-nan 0.000000 0 12 fstat
-nan 0.000000 0 28 mmap
-nan 0.000000 0 16 mprotect
-nan 0.000000 0 3 munmap
-nan 0.000000 0 3 brk
-nan 0.000000 0 2 rt_sigaction
-nan 0.000000 0 1 rt_sigprocmask
-nan 0.000000 0 2 ioctl
-nan 0.000000 0 1 1 access
-nan 0.000000 0 1 execve
-nan 0.000000 0 1 fcntl
-nan 0.000000 0 2 getdents
-nan 0.000000 0 1 getrlimit
-nan 0.000000 0 1 statfs
-nan 0.000000 0 1 arch_prctl
-nan 0.000000 0 2 1 futex
-nan 0.000000 0 1 set_tid_address
-nan 0.000000 0 1 set_robust_list
------ ----------- ----------- --------- --------- ----------------
100.00 0.000000 133 2 total