Linux程序調試工具工具—strace命令

1、簡介

strace是Linux環境下的一款程序調試工具,用來檢察一個應用程序所使用的系統調用。Strace是一個簡單的跟蹤系統調用執行的工具。在其最簡單的形式中,它可以從開始到結束跟蹤二進制的執行,并在進程的生命周期中輸出一行具有系統調用名稱,每個系統調用的參數和返回值的文本行。

2、安裝

官方網址:http://sourceforge.net/project/showfiles.php?group_id=2861&package_id=2819

[root@RedHat_test ~]# yum install strace

3、strace命令常用格式

[root@RedHat_test ~]# man strace

-tt?:?在每行輸出的前面,顯示毫秒級別的時間

-T?: 顯示每次系統調用所花費的時間

-v?: 對于某些相關調用,把完整的環境變量,文件stat結構等打出來。

-f?: 跟蹤目標進程,以及目標進程創建的所有子進程

-e?: 控制要跟蹤的事件和跟蹤行為,比如指定要跟蹤的系統調用名稱

-o?: 把strace的輸出單獨寫到指定的文件

-s?: 當系統調用的某個參數是字符串時,最多輸出指定長度的內容,默認是32個字節

-p?: 指定要跟蹤的進程pid, 要同時跟蹤多個pid, 重復多次-p選項即可。

4、跟蹤ls命令

[root@RedHat_test opt]# strace ls

execve("/bin/ls", ["ls"], [/*46vars */])=0

brk(0)=0x1ab9000

access("/etc/ld.so.nohwcap", F_OK)=-1ENOENT (No such file or directory)

mmap(NULL,8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,-1,0)=0x7fcf695fb000

access("/etc/ld.so.preload", R_OK)=-1ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)=3

fstat(3,{st_mode=S_IFREG|0644,st_size=102786, ...})=0

mmap(NULL,102786, PROT_READ, MAP_PRIVATE,3,0)=0x7fcf695e1000

close(3)=0

access("/etc/ld.so.nohwcap", F_OK)=-1ENOENT (No such file or directory)

open("/lib/librt.so.1", O_RDONLY)=3

5、尋找被程序讀取的php配置文件

[root@RedHat_test ~]# strace php 2>&1 | grep php.ini

6、跟蹤指定的系統調用

[root@RedHat_test ~]# strace -e open cat dead.letter

open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC)=3

open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC)=3

open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC)=3

open("dead.letter", O_RDONLY)=-1ENOENT (No such file or directory)

cat: dead.letteropen("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC)=3

open("/usr/share/locale/zh_CN.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY)=-1ENOENT (No such file or directory)

open("/usr/share/locale/zh_CN.utf8/LC_MESSAGES/libc.mo", O_RDONLY)=-1ENOENT (No such file or directory)

open("/usr/share/locale/zh_CN/LC_MESSAGES/libc.mo", O_RDONLY)=3

open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY)=3

: 沒有那個文件或目錄

+++exited with1+++

7、跟蹤進程

[root@RedHat_test ~]# strace -p 2208

strace: Process2208attached

restart_syscall(<... resuming interrupted poll ...>

)=1

read(5,"\1\0\0\0\0\0\0\0",16)=8

futex(0x560eaba76640, FUTEX_WAKE_PRIVATE,1)=1

poll([{fd=5,events=POLLIN},{fd=8,events=POLLIN}],2,-1)=1([{fd=5,revents=POLLIN}])

read(5,"\1\0\0\0\0\0\0\0",16)=8

poll([{fd=5,events=POLLIN},{fd=8,events=POLLIN}],2,-1)=1([{fd=5,revents=POLLIN}])

read(5,"\1\0\0\0\0\0\0\0",16)=8

poll([{fd=5,events=POLLIN},{fd=8,events=POLLIN}],2,-1)=1([{fd=8,revents=POLLIN}])

write(5,"\1\0\0\0\0\0\0\0",8)=8

write(7,"\1\0\0\0\0\0\0\0",8)=8

futex(0x560eaba6b9e0, FUTEX_WAKE_PRIVATE,1)=1

futex(0x560eaba861c0, FUTEX_WAKE_PRIVATE,1)=1

futex(0x560eaba6d198, FUTEX_WAKE_PRIVATE,1)=1

poll([{fd=8,events=POLLIN}],1,0)=1([{fd=8,revents=POLLIN}])

read(8,"\2\0\0\0\200\0\0\0}\327\5\0\20\0\0\00018452\0\0\0\0\0\0\0\0\0\0\0"...,2048)=64

----------------------------------------------------------------------------------------

常見使用方法

[root@RedHat_test ~]# strace -T -e access -p 2208

----------------------------------------------------------------------------------------

8、統計跟蹤結果的概要

[root@RedHat_test ~]# strace -c ls

1.pyfile.logscripts tsar

correct jdk-8u91-linux-x64.tar.gz test ? ? yunweimao

% time ? ? seconds usecs/call ? ? calls ? errors syscall

--------------------------------------------------------------

26.430.0003151227mmap

15.520.0001851910open

9.980.000119718mprotect

6.710.000080108read

6.710.000080613close

6.210.000074711fstat

4.450.000053272munmap

3.860.000046232statfs

2.850.000034341stat

2.680.000032162getdents

2.600.000031311openat

2.180.000026132write

2.100.0000251321access

1.850.000022221set_tid_address

1.590.00001963brk

1.260.00001582ioctl

1.010.00001262rt_sigaction

0.590.00000771execve

0.500.00000661getrlimit

0.500.00000661set_robust_list

0.420.00000551rt_sigprocmask

0.000.00000001arch_prctl

--------------------------------------------------------------

100.000.0011921121total

9、保存輸出結果

[root@RedHat_test ~]# strace -o process_strace -p 2208

[root@RedHat_test ~]# ls

process_strace

[root@RedHat_test ~]# tail -f 10 process_strace?

tail: 無法打開"100"讀取數據: 沒有那個文件或目錄

==> process_strace <==

futex(0x560eaba6b9e0, FUTEX_WAKE_PRIVATE,1)=1

futex(0x560eaba861c0, FUTEX_WAKE_PRIVATE,1)=1

futex(0x560eaba6d198, FUTEX_WAKE_PRIVATE,1)=1

poll([{fd=8,events=POLLIN}],1,0)=1([{fd=8,revents=POLLIN}])

read(8,"\2\0\0\0\0\2\0\0\0\0\0\0\20\0\0\00018457\0\0\0\0\0\0\0\0\0\0\0"...,2048)=64

poll([{fd=8,events=POLLIN}],1,0)=0(Timeout)

write(5,"\1\0\0\0\0\0\0\0",8)=8

poll([{fd=5,events=POLLIN},{fd=8,events=POLLIN}],2,-1)=1([{fd=5,revents=POLLIN}])

read(5,"\2\0\0\0\0\0\0\0",16)=8

poll([{fd=5,events=POLLIN},{fd=8,events=POLLIN}],2,-1

10、跟蹤nginx, 看其啟動時都訪問了哪些文件

[root@RedHat_test ~]# strace -tt -T -f -e trace=file -o /data/log/strace.log -s 1024 service nginx restart

[root@RedHat_test ~]# cat /data/log/strace.log

3259713:51:52.873281 execve("/usr/sbin/service", ["service","nginx","restart"], [/*27vars */])=0<0.000319>

3259713:51:52.874064 access("/etc/ld.so.preload", R_OK)=-1ENOENT (No such file or directory) <0.000017>

3259713:51:52.874184 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC)=3<0.000017>

3259713:51:52.874343 open("/lib64/libtinfo.so.5", O_RDONLY|O_CLOEXEC)=3<0.000017>

3259713:51:52.874549 open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC)=3<0.000017>

3259713:51:52.874750 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC)=3<0.000017>

# 每一行輸出的最后尖括號中的數據表示執行耗時,單位是秒

11、顯示時間戳

[root@RedHat_test ~]# strace -t ls

11:48:02 execve("/usr/bin/ls", ["ls"], [/*27vars */])=0

11:48:02 brk(NULL)=0x23ba000

11:48:02 mmap(NULL,4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,-1,0)=0x7fa562bae000

11:48:02 access("/etc/ld.so.preload", R_OK)=-1ENOENT (No such file or directory)

11:48:02 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC)=3

11:48:02 fstat(3,{st_mode=S_IFREG|0644,st_size=35957, ...})=0

11:48:02 mmap(NULL,35957, PROT_READ, MAP_PRIVATE,3,0)=0x7fa562ba5000

11:48:02 close(3)=0

11:48:02 open("/lib64/libselinux.so.1", O_RDONLY|O_CLOEXEC)=3

11:48:02 read(3,"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320i\0\0\0\0\0\0"...,832)=832

11:48:02 fstat(3,{st_mode=S_IFREG|0755,st_size=155784, ...})=0

11:48:02 mmap(NULL,2255184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,3,0)=0x7fa562767000

11:48:02 mprotect(0x7fa56278b000,2093056, PROT_NONE)=0

11:48:02 mmap(0x7fa56298a000,8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE,3, 0x23000)=0x7fa56298a000

11:48:02 mmap(0x7fa56298c000,6480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,-1,0)=0x7fa56298c000

11:48:02 close(3)=0

11:48:02 open("/lib64/libcap.so.2", O_RDONLY|O_CLOEXEC)=3

11:48:02 read(3,"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \26\0\0\0\0\0\0"...,832)=832

11:48:02 fstat(3,{st_mode=S_IFREG|0755,st_size=20032, ...})=0

----------------------------------------------------------------------------------------

-tt?: 展示微秒級別的時間戳

[root@RedHat_test ~]# strace -tt ls

-ttt?: 展示微秒級的時間戳,但是它并不是打印當前時間,而是顯示自從epoch(譯注:1970年1月1日00:00:00 UTC)以來的所經過的秒數

[root@RedHat_test ~]# strace -ttt ls

-r?: 展示相對時間戳

[root@RedHat_test ~]# strace -r ls

----------------------------------------------------------------------------------------

關于運維學習、分享、交流,筆者開通了微信公眾號【運維貓】,感興趣的朋友可以關注下,歡迎加入,建立屬于我們自己的小圈子,一起學運維知識。

?著作權歸作者所有,轉載或內容合作請聯系作者
平臺聲明:文章內容(如有圖片或視頻亦包括在內)由作者上傳并發布,文章內容僅代表作者本人觀點,簡書系信息發布平臺,僅提供信息存儲服務。

推薦閱讀更多精彩內容