LINUX下重量级的命令strace使用介绍(原创)
作者:余超 Email:yuchao86@gmail.com
经常使用LINUX的朋友或许经常会疑问:linux是怎么样执行一条命令并得到正确输出结果的呢?
比如你输入一个pwd,得到的是当前路径,输入一个env显示的是系统环境变量等等,
那你想知道他们是怎么样执行的吗?
go ahead!!
首先:
我们先看下一个重量级的系统调用函数execve(),具体的参数和返回值请大家使用man execve命令来查询吧。
如下程序就是来自实例文档:
[yuchao@yuchao-Latitude-E5410 scons]$cat yuexe.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int
main(int argc, char *argv[])
{
char *newargv[] = { NULL, "hello", "world", NULL };
char *newenviron[] = { NULL };
if (argc != 2) {
fprintf(stderr, "Usage: %s <file-to-exec>\n", argv[0]);
exit(EXIT_FAILURE);
}
newargv[0] = argv[1];
execve(argv[1], newargv, newenviron);
perror("execve"); /* execve() only returns on error */
exit(EXIT_FAILURE);
}
编译成功后可以得到可执行文件:yuexe
[yuchao@yuchao-Latitude-E5410 scons]$ls
grap.c Hello helloscons.c helloscons.o helloSina.h SConstruct weibo.h yuexe yuexe.c yuexe.o
查看命令yuexe执行Hello程序的内核调用过程如下:
[yuchao@yuchao-Latitude-E5410 scons]$sudo strace ./yuexe Hello
[sudo] password for yuchao:
execve("./yuexe", ["./yuexe", "Hello"], [/* 17 vars */]) = 0
brk(0) = 0x84e3000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77b6000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=103314, ...}) = 0
mmap2(NULL, 103314, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb779c000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@n\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1421892, ...}) = 0
mmap2(NULL, 1427880, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x45f000
mmap2(0x5b6000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x157) = 0x5b6000
mmap2(0x5b9000, 10664, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x5b9000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb779b000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb779b6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0x5b6000, 8192, PROT_READ) = 0
mprotect(0x8049000, 4096, PROT_READ) = 0
mprotect(0xd3f000, 4096, PROT_READ) = 0
munmap(0xb779c000, 103314) = 0
execve("Hello", ["Hello", "hello", "world"], [/* 0 vars */]) = 0
brk(0) = 0x8cf0000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77fb000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=103314, ...}) = 0
mmap2(NULL, 103314, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77e1000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@n\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1421892, ...}) = 0
mmap2(NULL, 1427880, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb3c000
mmap2(0xc93000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x157) = 0xc93000
mmap2(0xc96000, 10664, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xc96000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77e0000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb77e06c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xc93000, 8192, PROT_READ) = 0
mprotect(0x8049000, 4096, PROT_READ) = 0
mprotect(0xb1c000, 4096, PROT_READ) = 0
munmap(0xb77e1000, 103314) = 0
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 5), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77fa000
write(1, "Hell Scons,I'm YuChao\n", 22Hell Scons,I'm YuChao
) = 22
write(1, "Hello SINA,I'm YuChao\n", 22Hello SINA,I'm YuChao
) = 22
write(1, "Hell weibo,I'm YuChao\n", 22Hell weibo,I'm YuChao
) = 22
exit_group(0) = ?
[yuchao@yuchao-Latitude-E5410 scons]$
到这里可以看得很清楚,美国系统调用的过程,由于linux内核不允许用户态进程直接访问硬件资源,
当用户进程需要访问系统硬件资源时采用系统调用,美国系统调用都有调用参数和返回值,
如果想了解系统调用的具体含义请man 之。。
如上可以看到:write(1,“Hell Scons,I'm YuChao\n",22 Hell Scons.....等等
另外,这个命令还可以用于优化系统网络时候使用,用于调用时候的效率考虑,用参数:strace -c ***可以看到具体的进程调用统计情况。
比如我查看我的本地web服务器的启动执行的内核调用过程:
$sudo strace -i -q -r -f -F -v -T -o strace_start strace /opt/lampp/lampp start
通过strace -c统计监控你的优化是否生效:
$sudo strace -c -o count_file /opt/lampp/lampp start
最后,当发生个http请求的时候,很多时候希望得到这个http请求发生了多少次数据库SELECT操作,是否在同一个mysql connection连接里面完成。
命令使用如下:
//-10321是mysqld的进程号,为了看到整条SQL语句,我们通过-s 1024希望输出更多内容
#strace -f -F -ff -o strace-mysqld -s 1024 -p 10321
#find . -name "strace-mysqld*" -type f -print |xargs grep -n "SELECT.*FROM wp_"
./strace-mysqld.19203:64:
read(19, "\3SELECT option_name, option_value FROM wp_options WHERE autoload = 'yes'", 72) = 72
./strace-mysqld.19203:165:
read(19, "\3SELECT * FROM wp_users WHERE user_login = 'admin'", 50) = 50
./strace-mysqld.19203:184:
read(19, "\3SELECT meta_key, meta_value FROM wp_usermeta WHERE user_id = 1", 63) = 63
./strace-mysqld.19203:295:
read(19, "\3SELECT option_value FROM wp_options WHERE option_name = 'rewrite_rules' LIMIT 1", 80) = 80
./strace-mysqld.19203:311:
read(19, "\3 SELECT wp_posts.* FROM wp_posts WHERE 1=1 AND wp_posts.ID = 501
AND wp_posts.post_type = 'post' ORDER BY wp_posts.post_date DESC ", 136) = 136
... (这里省去了一些)
通过如上的演示,你或许也看到了这个命令的厉害了,只能说linux是open的,你喜欢怎么做就怎么做,
作者:余超 Email:yuchao86@gmail.com
经常使用LINUX的朋友或许经常会疑问:linux是怎么样执行一条命令并得到正确输出结果的呢?
比如你输入一个pwd,得到的是当前路径,输入一个env显示的是系统环境变量等等,
那你想知道他们是怎么样执行的吗?
go ahead!!
首先:
我们先看下一个重量级的系统调用函数execve(),具体的参数和返回值请大家使用man execve命令来查询吧。
如下程序就是来自实例文档:
[yuchao@yuchao-Latitude-E5410 scons]$cat yuexe.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int
main(int argc, char *argv[])
{
char *newargv[] = { NULL, "hello", "world", NULL };
char *newenviron[] = { NULL };
if (argc != 2) {
fprintf(stderr, "Usage: %s <file-to-exec>\n", argv[0]);
exit(EXIT_FAILURE);
}
newargv[0] = argv[1];
execve(argv[1], newargv, newenviron);
perror("execve"); /* execve() only returns on error */
exit(EXIT_FAILURE);
}
编译成功后可以得到可执行文件:yuexe
[yuchao@yuchao-Latitude-E5410 scons]$ls
grap.c Hello helloscons.c helloscons.o helloSina.h SConstruct weibo.h yuexe yuexe.c yuexe.o
查看命令yuexe执行Hello程序的内核调用过程如下:
[yuchao@yuchao-Latitude-E5410 scons]$sudo strace ./yuexe Hello
[sudo] password for yuchao:
execve("./yuexe", ["./yuexe", "Hello"], [/* 17 vars */]) = 0
brk(0) = 0x84e3000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77b6000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=103314, ...}) = 0
mmap2(NULL, 103314, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb779c000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@n\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1421892, ...}) = 0
mmap2(NULL, 1427880, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x45f000
mmap2(0x5b6000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x157) = 0x5b6000
mmap2(0x5b9000, 10664, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x5b9000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb779b000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb779b6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0x5b6000, 8192, PROT_READ) = 0
mprotect(0x8049000, 4096, PROT_READ) = 0
mprotect(0xd3f000, 4096, PROT_READ) = 0
munmap(0xb779c000, 103314) = 0
execve("Hello", ["Hello", "hello", "world"], [/* 0 vars */]) = 0
brk(0) = 0x8cf0000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77fb000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=103314, ...}) = 0
mmap2(NULL, 103314, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77e1000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@n\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1421892, ...}) = 0
mmap2(NULL, 1427880, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb3c000
mmap2(0xc93000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x157) = 0xc93000
mmap2(0xc96000, 10664, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xc96000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77e0000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb77e06c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xc93000, 8192, PROT_READ) = 0
mprotect(0x8049000, 4096, PROT_READ) = 0
mprotect(0xb1c000, 4096, PROT_READ) = 0
munmap(0xb77e1000, 103314) = 0
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 5), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77fa000
write(1, "Hell Scons,I'm YuChao\n", 22Hell Scons,I'm YuChao
) = 22
write(1, "Hello SINA,I'm YuChao\n", 22Hello SINA,I'm YuChao
) = 22
write(1, "Hell weibo,I'm YuChao\n", 22Hell weibo,I'm YuChao
) = 22
exit_group(0) = ?
[yuchao@yuchao-Latitude-E5410 scons]$
到这里可以看得很清楚,美国系统调用的过程,由于linux内核不允许用户态进程直接访问硬件资源,
当用户进程需要访问系统硬件资源时采用系统调用,美国系统调用都有调用参数和返回值,
如果想了解系统调用的具体含义请man 之。。
如上可以看到:write(1,“Hell Scons,I'm YuChao\n",22 Hell Scons.....等等
另外,这个命令还可以用于优化系统网络时候使用,用于调用时候的效率考虑,用参数:strace -c ***可以看到具体的进程调用统计情况。
比如我查看我的本地web服务器的启动执行的内核调用过程:
$sudo strace -i -q -r -f -F -v -T -o strace_start strace /opt/lampp/lampp start
通过strace -c统计监控你的优化是否生效:
$sudo strace -c -o count_file /opt/lampp/lampp start
最后,当发生个http请求的时候,很多时候希望得到这个http请求发生了多少次数据库SELECT操作,是否在同一个mysql connection连接里面完成。
命令使用如下:
//-10321是mysqld的进程号,为了看到整条SQL语句,我们通过-s 1024希望输出更多内容
#strace -f -F -ff -o strace-mysqld -s 1024 -p 10321
#find . -name "strace-mysqld*" -type f -print |xargs grep -n "SELECT.*FROM wp_"
./strace-mysqld.19203:64:
read(19, "\3SELECT option_name, option_value FROM wp_options WHERE autoload = 'yes'", 72) = 72
./strace-mysqld.19203:165:
read(19, "\3SELECT * FROM wp_users WHERE user_login = 'admin'", 50) = 50
./strace-mysqld.19203:184:
read(19, "\3SELECT meta_key, meta_value FROM wp_usermeta WHERE user_id = 1", 63) = 63
./strace-mysqld.19203:295:
read(19, "\3SELECT option_value FROM wp_options WHERE option_name = 'rewrite_rules' LIMIT 1", 80) = 80
./strace-mysqld.19203:311:
read(19, "\3 SELECT wp_posts.* FROM wp_posts WHERE 1=1 AND wp_posts.ID = 501
AND wp_posts.post_type = 'post' ORDER BY wp_posts.post_date DESC ", 136) = 136
... (这里省去了一些)
通过如上的演示,你或许也看到了这个命令的厉害了,只能说linux是open的,你喜欢怎么做就怎么做,
不行你就去修改linux kernel来打造自己的版本吧,如果你再配合gdb来使用,就更high了。。
471
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
