strace
1、简介
strace是Linux环境下的一款程序调试工具,用来检察一个应用程序所使用的系统调用。Strace是一个简单的跟踪系统调用执行的工具。在其最简单的形式中,它可以从开始到结束跟踪二进制的执行,并在进程的生命周期中输出一行具有系统调用名称,每个系统调用的参数和返回值的文本行。
2、安装
官方网址:http://sourceforge.net/project/showfiles.php?group_id=2861&package_id=2819
[root@RedHat_test ~]yum install strace3、strace命令常用格式
[root@RedHat_test ~]man strace -tt : 在每行输出的前面,显示毫秒级别的时间 -T : 显示每次系统调用所花费的时间 -v : 对于某些相关调用,把完整的环境变量,文件stat结构等打出来。 -f : 跟踪目标进程,以及目标进程创建的所有子进程 -e : 控制要跟踪的事件和跟踪行为,比如指定要跟踪的系统调用名称 -o : 把strace的输出单独写到指定的文件 -s : 当系统调用的某个参数是字符串时,最多输出指定长度的内容,默认是32个字节 -p : 指定要跟踪的进程pid, 要同时跟踪多个pid, 重复多次-p选项即可。4、跟踪ls命令
[root@RedHat_test opt] strace ls execve("/bin/ls", ["ls"], [/* 46vars */]) =0brk(0) =0x1ab9000access("/etc/ld.so.nohwcap", F_OK) =-1ENOENT (No such file or directory) mmap(NULL,8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,0) =0x7fcf695fb000access("/etc/ld.so.preload", R_OK) =-1ENOENT (No such file or directory)open("/etc/ld.so.cache", O_RDONLY) =3fstat(3, {st_mode=S_IFREG|0644, st_size=102786, ...}) =0mmap(NULL,102786, PROT_READ, MAP_PRIVATE,3,0) =0x7fcf695e1000close(3) =0access("/etc/ld.so.nohwcap", F_OK) =-1ENOENT (No such file or directory)open("/lib/librt.so.1", O_RDONLY) =35、寻找被程序读取的php配置文件
[root@RedHat_test ~]strace php 2>&1 | grep php.ini6、跟踪指定的系统调用
[root@RedHat_test ~] strace -eopencat dead.letteropen("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) =3open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) =3open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) =3open("dead.letter", O_RDONLY) =-1ENOENT (No such file or directory) cat: dead.letteropen("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) =3open("/usr/share/locale/zh_CN.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) =-1ENOENT (No such file or directory)open("/usr/share/locale/zh_CN.utf8/LC_MESSAGES/libc.mo", O_RDONLY) =-1ENOENT (No such file or directory)open("/usr/share/locale/zh_CN/LC_MESSAGES/libc.mo", O_RDONLY) =3open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) =3: 没有那个文件或目录 +++exited with1+++7、跟踪进程
[root@RedHat_test~]strace-p2208strace:Process2208attachedrestart_syscall(<...resuminginterruptedpoll...>)=1read(5,"\1\0\0\0\0\0\0\0",16)=8futex(0x560eaba76640,FUTEX_WAKE_PRIVATE,1)=1poll([{fd=5,events=POLLIN},{fd=8,events=POLLIN}],2,-1)=1([{fd=5,revents=POLLIN}])read(5,"\1\0\0\0\0\0\0\0",16)=8poll([{fd=5,events=POLLIN},{fd=8,events=POLLIN}],2,-1)=1([{fd=5,revents=POLLIN}])read(5,"\1\0\0\0\0\0\0\0",16)=8poll([{fd=5,events=POLLIN},{fd=8,events=POLLIN}],2,-1)=1([{fd=8,revents=POLLIN}])write(5,"\1\0\0\0\0\0\0\0",8)=8write(7,"\1\0\0\0\0\0\0\0",8)=8futex(0x560eaba6b9e0,FUTEX_WAKE_PRIVATE,1)=1futex(0x560eaba861c0,FUTEX_WAKE_PRIVATE,1)=1futex(0x560eaba6d198,FUTEX_WAKE_PRIVATE,1)=1poll([{fd=8,events=POLLIN}],1,0)=1([{fd=8,revents=POLLIN}])read(8,"\2\0\0\0\200\0\0\0}\327\5\0\20\0\0\00018452\0\0\0\0\0\0\0\0\0\0\0"...,2048)=64----------------------------------------------------------------------------------------常见使用方法[root@RedHat_test~]strace-T-eaccess-p2208----------------------------------------------------------------------------------------8、统计跟踪结果的概要
[root@RedHat_test~]strace-cls1.pyfile.logscriptstsarcorrectjdk-8u91-linux-x64.tar.gztestyunweimao%timesecondsusecs/callcallserrorssyscall--------------------------------------------------------------26.430.0003151227mmap15.520.0001851910open9.980.000119718mprotect6.710.000080108read6.710.000080613close6.210.000074711fstat4.450.000053272munmap3.860.000046232statfs2.850.000034341stat2.680.000032162getdents2.600.000031311openat2.180.000026132write2.100.0000251321access1.850.000022221set_tid_address1.590.00001963brk1.260.00001582ioctl1.010.00001262rt_sigaction0.590.00000771execve0.500.00000661getrlimit0.500.00000661set_robust_list0.420.00000551rt_sigprocmask0.000.00000001arch_prctl--------------------------------------------------------------100.000.0011921121total9、保存输出结果
[root@RedHat_test~]strace-oprocess_strace-p2208[root@RedHat_test~]lsprocess_strace[root@RedHat_test~]tail-f10process_stracetail:无法打开"100"读取数据:没有那个文件或目录==>process_strace<==futex(0x560eaba6b9e0,FUTEX_WAKE_PRIVATE,1)=1futex(0x560eaba861c0,FUTEX_WAKE_PRIVATE,1)=1futex(0x560eaba6d198,FUTEX_WAKE_PRIVATE,1)=1poll([{fd=8,events=POLLIN}],1,0)=1([{fd=8,revents=POLLIN}])read(8,"\2\0\0\0\0\2\0\0\0\0\0\0\20\0\0\00018457\0\0\0\0\0\0\0\0\0\0\0"...,2048)=64poll([{fd=8,events=POLLIN}],1,0)=0(Timeout)write(5,"\1\0\0\0\0\0\0\0",8)=8poll([{fd=5,events=POLLIN},{fd=8,events=POLLIN}],2,-1)=1([{fd=5,revents=POLLIN}])read(5,"\2\0\0\0\0\0\0\0",16)=8poll([{fd=5,events=POLLIN},{fd=8,events=POLLIN}],2,-1...> 10、跟踪nginx, 看其启动时都访问了哪些文件
[root@RedHat_test ~] strace -tt -T -f -e trace=file -o /data/log/strace.log -s1024service nginx restart [root@RedHat_test ~] cat /data/log/strace.log3259713:51:52.873281execve("/usr/sbin/service", ["service","nginx","restart"], [/* 27vars */]) =0<0.000319>3259713:51:52.874064access("/etc/ld.so.preload", R_OK) =-1ENOENT (No such file or directory) <0.000017>3259713:51:52.874184open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) =3<0.000017>3259713:51:52.874343open("/lib64/libtinfo.so.5", O_RDONLY|O_CLOEXEC) =3<0.000017>3259713:51:52.874549open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) =3<0.000017>3259713:51:52.874750open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) =3<0.000017> 每一行输出的最后尖括号中的数据表示执行耗时,单位是秒11、显示时间戳
[root@RedHat_test~]strace-tls11:48:02execve("/usr/bin/ls",["ls"],[/*27vars*/])=011:48:02brk(NULL)=0x23ba00011:48:02mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0)=0x7fa562bae00011:48:02access("/etc/ld.so.preload",R_OK)=-1ENOENT(Nosuchfileordirectory)11:48:02open("/etc/ld.so.cache",O_RDONLY|O_CLOEXEC)=311:48:02fstat(3,{st_mode=S_IFREG|0644,st_size=35957,...})=011:48:02mmap(NULL,35957,PROT_READ,MAP_PRIVATE,3,0)=0x7fa562ba500011:48:02close(3)=011:48:02open("/lib64/libselinux.so.1",O_RDONLY|O_CLOEXEC)=311:48:02read(3,"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320i\0\0\0\0\0\0"...,832)=83211:48:02fstat(3,{st_mode=S_IFREG|0755,st_size=155784,...})=011:48:02mmap(NULL,2255184,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_DENYWRITE,3,0)=0x7fa56276700011:48:02mprotect(0x7fa56278b000,2093056,PROT_NONE)=011:48:02mmap(0x7fa56298a000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE,3,0x23000)=0x7fa56298a00011:48:02mmap(0x7fa56298c000,6480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,-1,0)=0x7fa56298c00011:48:02close(3)=011:48:02open("/lib64/libcap.so.2",O_RDONLY|O_CLOEXEC)=311:48:02read(3,"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \26\0\0\0\0\0\0"...,832)=83211:48:02fstat(3,{st_mode=S_IFREG|0755,st_size=20032,...})=0-----------------------------------------------------------------------------------------tt:展示微秒级别的时间戳[root@RedHat_test~]strace-ttls-ttt:展示微秒级的时间戳,但是它并不是打印当前时间,而是显示自从epoch(译注:1970年1月1日00:00:00UTC)以来的所经过的秒数[root@RedHat_test~]strace-tttls-r:展示相对时间戳[root@RedHat_test~]strace-rls----------------------------------------------------------------------------------------关于运维学习、分享、交流,笔者开通了微信公众号【运维猫】,感兴趣的朋友可以关注下,欢迎加入,建立属于我们自己的小圈子,一起学运维知识。
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
