用于查看用户态程序发出的系统调用和信号,是非常有用的调试和诊断工具。
通常情况下其运行直到程序结束。
常用选项:
-o filename 将输出信息导出到文件。
-f 跟踪进程及其子进程(必须是strace之后创建的,如果先创建子进程再strace,无法跟踪)
-p pid 跟踪指定进程
-V strace版本信息
==================================================================
举例:
当前系统运行进程31141;当前处于阻塞。
31141 pts/6 S 0:00 ./a.out
使用strace跟踪31141 及其子进程,将信息输出到aout.trace文件中
strace -f -o aout.trace -p 31141 &
再触发31141创建子进程31247,之后31141退出
屏幕输出信息:
Process 31247 attached
Process 31141 detached
kill掉31247
查看aout.trace文件,输出内容为:
-bash-3.2$ cat aout.trace
31141 wait4(-1, [{WIFSIGNALED(s) && WTERMSIG(s) == SIGKILL}], 0, NULL) = 31142
31141 --- SIGCHLD (Child exited) @ 0 (0) ---
31141 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x51e97708) = 31247
31141 exit_group(0) = ?
31247 fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 6), ...}) = 0
31247 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x5202a000
31247 rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
31247 rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
31247 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
31247 nanosleep({100, 0},
31247 +++ killed by SIGKILL +++
从中可以看出进程接收到信号以及各种系统调用
==================================================================
附:Fedora中strace帮助信息。
-bash-3.2$ strace -c
usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]
[-p pid] ... [-s strsize] [-u username] [-E var=val] ...
[command [arg ...]]
or: strace -c [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...
[command [arg ...]]
-c -- count time, calls, and errors for each syscall and report summary
-f -- follow forks, -ff -- with output into separate files
-F -- attempt to follow vforks, -h -- print help message
-i -- print instruction pointer at time of syscall
-q -- suppress messages about attaching, detaching, etc.
-r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs
-T -- print time spent in each syscall, -V -- print version
-v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args
-x -- print non-ascii strings in hex, -xx -- print all strings in hex
-a column -- alignment COLUMN for printing syscall results (default 40)
-e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...
options: trace, abbrev, verbose, raw, signal, read, or write
-o file -- send trace output to FILE instead of stderr
-O overhead -- set overhead for tracing syscalls to OVERHEAD usecs
-p pid -- trace process with process id PID, may be repeated
-s strsize -- limit length of print strings to STRSIZE chars (default 32)
-S sortby -- sort syscall counts by: time, calls, name, nothing (default time)
-u username -- run command as username handling setuid and/or setgid
-E var=val -- put var=val in the environment for command
-E var -- remove var from the environment for command
-bash-3.2$
阅读(2925) | 评论(1) | 转发(1) |