strace 用法

strace 命令

用途：打印 STREAMS 跟蹤消息。
語法：strace [ mid sid level ] ...
 描述：沒有參數的 strace 命令將所有的驅動程序和模塊中的所有 STREAMS 事件跟蹤消息寫到它的標準輸出中。 這些消息是從 STREAMS 日誌驅動程序中獲取的。如果提供參數，它們必須是在三元組中。每個三元組表明跟蹤消息要從給定的模塊或驅動程序、子標識（通常表明次要設備）以及優先級別 等於或小於給定級別的模塊或驅動程序中接收。all 標記可由任何成員使用，以表明對該屬性沒有限制。
參數：mid---指定 STREAMS 模塊的標識號 sid---指定子標識號 level----指定跟蹤優先級別
輸出格式：每個跟蹤消息輸出的格式是：
 跟蹤序列號
 消息時間（格式爲 hh:mm:ss）
 系統啓動後，以機器滴答信號表示消息的時間
 跟蹤優先級別
 有以下值之一：
E
 消息也在錯誤日誌中
F
 表示一個致命錯誤
N
 郵件已發送給系統管理員
 源的模塊標識號
 源的子標識號
 跟蹤消息的格式化文本
在多處理器系統上， 由兩部分組成：消息所有者發送處的處理器號碼，格式化文本本身。
一旦啓動，strace 命令將繼續執行，直到用戶終止該命令。

注：由於性能的考慮，所以一次只允許一個 strace 命令來打開 STREAMS 日誌驅動程序。
 日誌驅動程序有一個三元組的列表（該列表在命令調用中指定），並且程序會根據該列表比較每個潛在的跟蹤消息，以決定是否要格式化和發送這個信息到 strace 進程中。因此，長的三元組列表會對 STREAMS 的總體性能的影響更大。 運行 strace 命令對於某些模塊和驅動程序（生成要發送給 strace 進程的跟蹤消息的模塊和驅動程序）的定時的影響最大。 如果跟蹤消息生成過快，以至 strace 進程無法處理，那麼就會丟失一些消息。 最後的情況可以通過檢查跟蹤消息輸出上的序列號來確定。

示例
要輸出模塊標識爲 41 的模塊或驅動程序中的所有跟蹤消息，請輸入：

strace 41 all all
要輸出模塊標識爲 41，子標識爲 0、1 或 2 的模塊或驅動程序中的跟蹤消息:

strace 41 0 1 41 1 1 41 2 0
 子標識爲 0 和 1 的模塊或驅動程序中的消息必須具有小於或等於 1 的跟蹤級別。子標識爲 2 的模塊或驅動程序中的消息必須具有跟蹤級別 0。

strace: option requires an argument -- e
usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]
 [-p pid] ... [-s strsize] [-u username] [-E var=val] ...
 [command [arg ...]]
 or: strace -c [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...
 [command [arg ...]]
-c -- count time, calls, and errors for each syscall and report summary
-f -- follow forks, -ff -- with output into separate files
-F -- attempt to follow vforks, -h -- print help message
-i -- print instruction pointer at time of syscall
-q -- suppress messages about attaching, detaching, etc.
-r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs
-T -- print time spent in each syscall, -V -- print version
-v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args
-x -- print non-ascii strings in hex, -xx -- print all strings in hex
-a column -- alignment COLUMN for printing syscall results (default 40)
-e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...
 options: trace, abbrev, verbose, raw, signal, read, or write
-o file -- send trace output to FILE instead of stderr
-O overhead -- set overhead for tracing syscalls to OVERHEAD usecs
-p pid -- trace process with process id PID, may be repeated
-s strsize -- limit length of print strings to STRSIZE chars (default 32)
-S sortby -- sort syscall counts by: time, calls, name, nothing (default time)
-u username -- run command as username handling setuid and/or setgid
-E var=val -- put var=val in the environment for command
-E var -- remove var from the environment for command


strace - 跟蹤系統調用和信號

usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] [-o file]
[-p pid] [-s strsize] [-u username] [command [arg]]
strace -c [-e expr] [-O overhead] [-S sortby] [command [arg]]

-a column
 指定顯示返回值的列位置，默認是40(從0開始計數)，就是說"="出現在40列的位
 置。

-c 產生類似下面的統計信息

 strace -c -p 14653 (Ctrl-C)
 % time seconds usecs/call calls errors syscall
 ------ ----------- ----------- --------- --------- ----------------
 53.99 0.012987 3247 4 2 wait4
 42.16 0.010140 2028 5 read
 1.78 0.000429 61 7 write
 0.76 0.000184 10 18 ioctl
 0.50 0.000121 2 52 rt_sigprocmask
 0.48 0.000115 58 2 fork
 0.18 0.000043 2 18 rt_sigaction
 0.06 0.000014 14 1 1 stat
 0.03 0.000008 4 2 sigreturn
 0.02 0.000006 2 3 time
 0.02 0.000006 3 2 1 setpgid
 ------ ----------- ----------- --------- --------- ----------------
 100.00 0.024053 114 4 total

 -d 輸出一些strace自身的調試信息到標準輸出

 strace -c -p 14653 -d (Ctrl-C)
 [wait(0x137f) = 14653]
 pid 14653 stopped, [SIGSTOP]
 [wait(0x57f) = 14653]
 pid 14653 stopped, [SIGTRAP]
 cleanup: looking at pid 14653
 % time seconds usecs/call calls errors syscall
 ------ ----------- ----------- --------- --------- ----------------
 ------ ----------- ----------- --------- --------- ----------------
 100.00 0.000000 0 total

 -e expr
 A qualifying expression which modifies which events to trace or how to trace
 them. The format of the expression is:

 [qualifier=][!]value1[,value2]...

 這裏qualifier可以是trace、abbrev、verbose、raw、signal、read或者write。
 value是qualifier相關的符號或數值。缺省qualifier是trace。!表示取反。
 -eopen等價於-e trace=open，表示只跟蹤open系統調用。-etrace=!open意思是
 跟蹤除open系統調用之外的其他所有系統調用。此外value還可以取值all和none。

 某些shell用!表示重複歷史指令，此時可能需要引號、轉義符號(/)的幫助。

 -e trace=set
 只跟蹤指定的系統調用列表。決定跟蹤哪些系統調用時，-c選項很有用。
 trace=open,close,read,write意即只跟蹤這四種系統調用，缺省是trace=all

 -e trace=file
 跟蹤以指定文件名做參數的所有系統調用。

 -e trace=process
 Trace all system calls which involve process management. This is
 useful for watching the fork, wait, and exec steps of a process.

 -e trace=network
 跟蹤所有和網絡相關的系統調用

 -e trace=signal
 Trace all signal related system calls.

 -e trace=ipc
 Trace all IPC related system calls.

 -e abbrev=set
 Abbreviate the output from printing each member of large structures.
 缺省是abbrev=all，-v選項等價於abbrev=none

 -e verbose=set
 Dereference structures for the specified set of system calls.
 The default is verbose=all.

 -e raw=set
 Print raw, undecoded arguments for the specifed set of system calls.
 This option has the effect of causing all arguments to be printed in
 hexadecimal. This is mostly useful if you don"t trust the decoding or
 you need to know the actual numeric value of an argument.

 -e signal=set
 只跟蹤指定的信號列表，缺省是signal=all。signal=!SIGIO (or signal=!io)
 導致 SIGIO 信號不被跟蹤

 -e read=set
 Perform a full hexadecimal and ASCII dump of all the data read from
 file descriptors listed in the specified set. For example, to see all
 input activity on file descriptors 3 and 5 use -e read=3,5. Note that
 this is independent from the normal tracing of the read(2) system call
 which is controlled by the option -e trace=read.

 -e write=set
 Perform a full hexadecimal and ASCII dump of all the data written to
 file descriptors listed in the specified set. For example, to see all
 output activity on file descriptors 3 and 5 use -e write=3,5. Note
 that this is independent from the normal tracing of the write(2)
 system call which is controlled by the option -e trace=write.

 -f
 follow forks，跟隨子進程？

 Trace child processes as they are created by currently traced
 processes as a result of the fork(2) system call. The new process
 is attached to as soon as its pid is known (through the return value
 of fork(2) in the parent process). This means that such children may
 run uncontrolled for a while (especially in the case of a vfork(2)),
 until the parent is scheduled again to complete its (v)fork(2)
 call. If the parent process decides to wait(2) for a child that is
 currently being traced, it is suspended until an appropriate child
 process either terminates or incurs a signal that would cause it to
 terminate (as determined from the child"s current signal disposition).

 意思應該是說跟蹤某個進程時，如果發生fork()調用，則選擇跟蹤子進程
 可以參考gdb的set follow-fork-mode設置

 -F
 attempt to follow vforks
 (On SunOS 4.x, this is accomplished with some dynamic linking trickery.
 On Linux, it requires some kernel functionality not yet in the
 standard kernel.) Otherwise, vforks will not be followed even if -f
 has been given.

 類似-f選項

 -ff
 如果-o file選項有效指定，則跟蹤過程中新產生的其他相關進程的信息分別寫
 入file.pid，這裏pid是各個進程號。

 -h
 顯示幫助信息

 -i
 顯示發生系統調用時的IP寄存器值
 strace -p 14653 -i

 -o filename
 指定保存strace輸出信息的文件，默認使用標準錯誤輸出stderr

 Use filename.pid if -ff is used. If the argument begins with `|" or
 with `!" then the rest of the argument is treated as a command and all
 output is piped to it. This is convenient for piping the debugging
 output to a program without affecting the redirections of executed
 programs.

 -O overhead
 Set the overhead for tracing system calls to overhead microseconds.
 This is useful for overriding the default heuristic for guessing how
 much time is spent in mere measuring when timing system calls using
 the -c option. The acuracy of the heuristic can be gauged by timing
 a given program run without tracing (using time(1)) and comparing
 the accumulated system call time to the total produced using -c.

 好象是用於確定哪些系統調用耗時多

 -p pid

 指定待跟蹤的進程號，可以用Ctrl-C終止這種跟蹤而被跟蹤進程繼續運行。可以
 指定多達32個-p參數同時進行跟蹤。

 比如 strace -ff -o output -p 14653 -p 14117

 -q
 Suppress messages about attaching, detaching etc. This happens
 automatically when output is redirected to a file and the command is
 run directly instead of attaching.

 -r
 Print a relative timestamp upon entry to each system call. This
 records the time difference between the beginning of successive
 system calls.

 strace -p 14653 -i -r

 -s strsize
 指定字符串最大顯示長度，默認32。但文件名總是顯示完整。
 -S sortby
 Sort the output of the histogram printed by the -c option by the
 specified critereon. Legal values are time, calls, name, and nothing
 (default time).

 -t
 與-r選項類似，只不過-r採用相對時間戳，-t採用絕對時間戳(當前時鐘)

 -tt
 與-t類似，絕對時間戳中包含微秒

 -ttt
 If given thrice, the time printed will include the microseconds and
 the leading portion will be printed as the number of seconds since
 the epoch.

 -T
 這個選項顯示單個系統調用耗時

 -u username
 用指定用戶的UID、GID以及輔助組身份運行待跟蹤程序

 -v
 冗餘顯示模式
 Print unabbreviated versions of environment, stat, termios, etc. calls.
 These structures are very common in calls and so the default behavior
 displays a reasonable subset of structure members. Use this option to
 get all of the gory details.

 -V
 顯示strace版本信息

 -x 以16進制字符串格式顯示非ascii碼，比如"/x08"，默認採用8進制，比如"/10"

 -xx 以16進制字符串格式顯示所有字節