strace命令

strace - trace system calls and signals 
usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file] 
              [-p pid] ... [-s strsize] [-u username] [-E var=val] ... 
              [command [arg ...]] 
   or: strace -c [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ... 
              [command [arg ...]] 
    
1。 -c -- count time, calls, and errors for each syscall and report summary 
为每个系统调用计算时间、调用、错误，并报告摘要 

2。 -f -- follow forks, -ff -- with output into separate files 
-f 跟踪fork的进程；-ff 把输出定向到独立的文件 

3。 -F -- attempt to follow vforks, -h -- print help message 
-F 尝试跟踪vfork的进程，当今平台与-f功能相同；-h 打印帮助信息 

4。 -i -- print instruction pointer at time of syscall 
在系统调用时，打印指令指针 

5。 -q -- suppress messages about attaching, detaching, etc. 
抑制附加、分离等信息 

6。 -r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs 
-r 打印相对时间戳；-t 绝对时间戳；-tt 微秒 

7。 -T -- print time spent in each syscall, -V -- print version 
-T 打印每个系统调用的时间花费；-V 打印版本 

8。 -v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args 
-v 详细模式，打印非简略的参数、状态、termio[s]等 

9。 -x -- print non-ascii strings in hex, -xx -- print all strings in hex 
-x 打印非ascii的字符串为16进制；-xx 打印所有的字符串为16进制 

10。-a column -- alignment COLUMN for printing syscall results (default 40) 
对系统调用结果对齐列（默认为40列） 

11。-e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]... 
    options: trace, abbrev, verbose, raw, signal, read, or write 
在-e后附表达式。一个合格的表达式：选项=[!]所有 或者 选项=[!]值1[,值2]....；可选项:跟踪、缩写、冗长、原始的东东、信号、读、写。 
   
12 -o file -- send trace output to FILE instead of stderr 
发送跟踪输出到文件，而不是stderr 

13。-O overhead -- set overhead for tracing syscalls to OVERHEAD usecs 
设置跟踪系统调用的最大时间 

14。-p pid -- trace process with process id PID, may be repeated 
跟踪值为ID的进程，可以重复多个哦(注：最多32个) 

15。-s strsize -- limit length of print strings to STRSIZE chars (default 32) 
限制打印字符串的最大长度，默认为32字节 

16。-S sortby -- sort syscall counts by: time, calls, name, nothing (default time) 
排序，以系统调用过程中的时间、或者调用名等作为排序项。 

17。-u username -- run command as username handling setuid and/or setgid 
以其他用户名或者组名运行命令 

18。-E var=val -- put var=val in the environment for command 
设置环境变量 

19。-E var -- remove var from the environment for command 
清除环境变量 

========================================================

1。查看CPU运行时间 
[guest@localhost tmp]$ strace -c ./b.out         
% time     seconds usecs/call     calls    errors syscall 
------ ----------- ----------- --------- --------- ---------------- 
42.72    0.000692          87         8           open 
38.40    0.000622         622         1           set_thread_area 
16.85    0.000273         137         2           munmap 
   2.04    0.000033           5         7           read 
   0.00    0.000000           0         8           close 
   0.00    0.000000           0         1           execve 
   0.00    0.000000           0         1           access 
   0.00    0.000000           0         3           brk 
   0.00    0.000000           0         4           mprotect 
   0.00    0.000000           0        17           mmap2 
   0.00    0.000000           0         7           fstat64 
------ ----------- ----------- --------- --------- ---------------- 
100.00    0.001620                    59           total 

2。查看相对运行时间 
[guest@localhost tmp]$ strace -r ./b.out 
0.000560 mprotect(0xb91000, 8192, PROT_READ) = 0 
     0.000196 mprotect(0x45c000, 4096, PROT_READ) = 0 
     0.000884 mprotect(0x42a000, 16384, PROT_READ) = 0 
     0.000191 mprotect(0xa4a000, 4096, PROT_READ) = 0 
     0.000144 munmap(0xb7f12000, 45307) = 0 
     0.000577 brk(0)                    = 0x8c2b000 
     0.000171 brk(0x8c4c000)            = 0x8c4c000 
     0.000183 open("sleeper.cpp", O_RDONLY|O_LARGEFILE) = 3 
     0.000225 read(3, "#include <unistd.h> #include <io"..., 8191) = 355 
     0.000372 read(3, "", 8191)         = 0 
     0.000298 close(3)                  = 0 
     0.000192 exit_group(0)             = ? 

3。查看文件变动相关的信号 
[guest@localhost tmp]$ strace -e trace=desc ./b.out 
open("/etc/ld.so.preload", O_RDONLY)    = 3 
fstat64(3, {st_mode=S_IFREG|0444, st_size=17, ...}) = 0 
close(3)                                = 0 
open("/lib/libcwait.so", O_RDONLY)      = 3 
read(3, "177ELF111331203004"..., 512) = 512 
fstat64(3, {st_mode=S_IFREG|0755, st_size=2572, ...}) = 0 
close(3)                                = 0 
open("/etc/ld.so.cache", O_RDONLY)      = 3 
fstat64(3, {st_mode=S_IFREG|0644, st_size=45307, ...}) = 0 
close(3)                                = 0 
open("/usr/lib/libstdc++.so.6", O_RDONLY) = 3 
read(3, "177ELF111331P2348004"..., 512) = 512 
fstat64(3, {st_mode=S_IFREG|0755, st_size=936908, ...}) = 0 
close(3)                                = 0 
open("/lib/libm.so.6", O_RDONLY)        = 3 

4。strace -o output.txt -T -tt -e trace=all -p 28979
上面的含义是 跟踪28979进程的所有系统调用（-e trace=all），并统计系统调用的花费时间，以及开始时间（并以可视化的时分秒格式显示），最后将记录结果存在output.txt文件里面

5。查看进程是否卡住
strace -p 36699
Process 36699 attached - interruptto quit
futex(0x22d8400, FUTEX_WAIT_PRIVATE, 0, NULL
# 到这里没有任何输出 一直挂起

6。寻找被程序读取的配置文件

stracephp 2>&1 | grepphp.ini
open("/usr/bin/php.ini", O_RDONLY) = -1 ENOENT (Nosuchfileor directory)
open("/etc/php.ini", O_RDONLY) = 3
lstat("/etc/php.ini", {st_mode=S_IFREG|0644, st_size=69345, ...}) = 0

7。跟踪指定的系统调用

strace命令的-e选项仅仅被用来展示特定的系统调用（例如，open，write等等）

让我们跟踪一下cat命令的 open 系统调用。

stracecat /tmp/trace.2043925204.012003.xt | head
execve("/bin/cat", ["cat", "/tmp/trace.2043925204.012003.xt"], [/* 35 vars */]) = 0
brk(0) = 0x167f000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb7d8991000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (Nosuchfileor directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=74047, ...}) = 0
mmap(NULL, 74047, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fb7d897e000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "177ELF21133>1p3561"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1920936, ...}) = 0
mmap(NULL, 3750152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb7d83df000
mprotect(0x7fb7d8569000, 2097152, PROT_NONE) = 0
mmap(0x7fb7d8769000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18a000) = 0x7fb7d8769000
...

8。 统计概要

它包括系统调用的概要，执行时间，错误等等。使用-c选项能够以一种整洁的方式展示：

strace -c ls
environments generate githooks hieradata manifests master modules README.md
% time seconds usecs/call calls errors syscall

------ ----------- ----------- --------- --------- ----------------
0.00 0.000000 0 10 read
0.00 0.000000 0 1 write
0.00 0.000000 0 12 open
0.00 0.000000 0 14 close
0.00 0.000000 0 12 fstat
0.00 0.000000 0 28 mmap

9。解决库依赖问题

strace -o whoami-strace.txt whoami

open("/lib/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/i686/mmx/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/i686/mmx", 0xbffff190) = -1 ENOENT (No such file or directory) 
open("/lib/i686/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/i686", 0xbffff190) = -1 ENOENT (No such file or directory)
open("/lib/mmx/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/mmx", 0xbffff190) = -1 ENOENT (No such file or directory) 
open("/lib/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib", {st_mode=S_IFDIR|0755, st_size=2352, ...}) = 0
open("/usr/lib/i686/mmx/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/i686/mmx", 0xbffff190) = -1 ENOENT (No such file or directory) 
open("/usr/lib/i686/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)