发布时间: 更新时间: 总字数:664 阅读时间:2m 作者: 分享 复制网址

strace 来跟踪进程执行时系统调用所接收的信号strace 底层使用内核的 ptrace 特性来实现其功能


yum install -y strace


$ strace -h
usage: strace [-CdffhiqrtttTvVwxxy] [-I n] [-e expr]...
              [-a column] [-o file] [-s strsize] [-P path]...
              -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]
   or: strace -c[dfw] [-I n] [-e expr]... [-O overhead] [-S sortby]
              -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]

Output format:
  -a column      alignment COLUMN for printing syscall results (default 40)
  -i             print instruction pointer at time of syscall
  -k             obtain stack trace between each syscall
  -o file        send trace output to FILE instead of stderr
  -q             suppress messages about attaching, detaching, etc.
  -r             print relative timestamp
  -s strsize     limit length of print strings to STRSIZE chars (default 32)
  -t             print absolute timestamp
  -tt            print absolute timestamp with usecs
  -T             print time spent in each syscall
  -x             print non-ascii strings in hex
  -xx            print all strings in hex
  -X format      set the format for printing of named constants and flags
  -y             print paths associated with file descriptor arguments
  -yy            print protocol specific information associated with socket file descriptors

  -c             count time, calls, and errors for each syscall and report summary
  -C             like -c but also print regular output
  -O overhead    set overhead for tracing syscalls to OVERHEAD usecs
  -S sortby      sort syscall counts by: time, calls, name, nothing (default time)
  -w             summarise syscall latency (default is system time)

  -e expr        a qualifying expression: option=[!]all or option=[!]val1[,val2]...
     options:    trace, abbrev, verbose, raw, signal, read, write, fault, inject, kvm
  -P path        trace accesses to path

  -b execve      detach on execve syscall
  -D             run tracer process as a detached grandchild, not as parent
  -f             follow forks
  -ff            follow forks with output into separate files
  -I interruptible
     1:          no signals are blocked
     2:          fatal signals are blocked while decoding syscall (default)
     3:          fatal signals are always blocked (default if '-o FILE PROG')
     4:          fatal signals and SIGTSTP (^Z) are always blocked
                 (useful to make 'strace -o FILE PROG' not stop on ^Z)

  -E var         remove var from the environment for command
  -E var=val     put var=val in the environment for command
  -p pid         trace process with process id PID, may be repeated
  -u username    run command as username handling setuid and/or setgid

  -d             enable debug output to stderr
  -v             verbose mode: print unabbreviated argv, stat, termios, etc. args
  -h             print help message
  -V             print version
  • -c 统计每个系统调用执行的时间,执行次数和出错次数
  • -f 跟踪由fork调用生成的子进程
  • -t 在输出的每一行前面加上时间信息
  • -e trace=set 只跟踪指定的系统调用如,-e trace=open, close, read等
  • -e trace=file 只跟踪文件操作相关的系统调用
  • -e trace=network 只跟踪网络相关的系统调用
  • -o 将结果输出到文件
  • -p pid指定进程


$ strace -c -p <pid>  # ctrl-c 终止
$ strace -p <pid> -t -e trace=all
$ strace ping
$ strace -c -p 128949
strace: Process 128949 attached
^Cstrace: Process 128949 detached
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
100.00    0.000018           0       294           poll
  0.00    0.000000           0         7           process_vm_readv
------ ----------- ----------- --------- --------- ----------------
100.00    0.000018                   301           total


  • -c: 计数选项,提供了一些性能上的诊断信息,可以从 syscall 的CPU时间来查看
Home Archives Categories Tags