strace 是一个在日常开发中很有用的命令,可以让你窥探进程的秘密。
下图是我第一次画漫画,也是尝试用图解来写文章的尝试,如果希望看到更多这类图解文章,请多多转发支持;P
觉得好看请关注我的公众号哦,朋友们
下面是我更多的笔记:
Background
strace is a diagnostic, debugging and instructional userspace utility for Linux.
Warning
strace is the system call tracer for Linux. It currently uses the arcane ptrace() (process trace) debugging interface, which operates in a violent manner: pausing the target process for each syscall so that the debugger can read state. And doing this twice: when the syscall begins, and when it ends.
This means strace pauses your application twice for each syscall, and context-switches each time between the application and strace. It’s like putting traffic metering lights on your application.
[strace Wow Much Syscall](http://www.brendangregg.com/blog/2014-05-11/strace-wow-much-syscall.html#:~:text=strace(1) is a great,use lower-cost buffered tracing)
Tips
Strace 可以查看二进制加载了哪些版本的动态链接库
Useful params
-y Print paths associated with file descriptor arguments.
-yy Print ip:port pairs associated with socket file descriptors.
Filter by type of syscall
-e trace=%desc Trace all file descriptor related system calls.
%file Trace all system calls which take a file name as an argument.
%fstat Trace fstat and fstatat syscall variants.
%fstatfs Trace fstatfs, fstatfs64, fstatvfs, osf_fstatfs, and osf_fstatfs64 system calls.
%ipc Trace all IPC related system calls.
%lstat Trace lstat syscall variants.
%memory Trace all memory mapping related system calls.
%network Trace all the network related system calls.
%process Trace all system calls which involve process management.
%pure Trace syscalls that always succeed and have no arguments.
%signal Trace all signal related system calls.
%stat Trace stat syscall variants.
%statfs Trace statfs, statfs64, statvfs, osf_statfs, and osf_statfs64 system calls.
%%stat Trace syscalls used for requesting file status.
%%statfs Trace syscalls related to file system statistics.
Perform a syscall fault injection.
$ strace -e trace=open -e fault=open cat open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = -1 ENOSYS (Function not implemented) (INJECTED) open("/lib/x86_64-linux-gnu/tls/x86_64/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOSYS (Function not implemented) (INJECTED) open("/lib/x86_64-linux-gnu/tls/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOSYS (Function not implemented) (INJECTED) open("/lib/x86_64-linux-gnu/x86_64/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOSYS (Function not implemented) (INJECTED) open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOSYS (Function not implemented) (INJECTED) cat: error while loading shared libraries: libc.so.6: cannot open shared object file: Error 38 +++ exited with 127 +++
Count time, calls, and errors for each system call.
$ strace -c ls > /dev/null
% time seconds usecs/call calls errors syscall
------ ----------- ----------- --------- --------- ----------------
89.76 0.008016 4 1912 getdents
8.71 0.000778 0 11778 lstat
0.81 0.000072 0 8894 write
0.60 0.000054 0 943 open
0.11 0.000010 0 942 close
0.00 0.000000 0 1 read
0.00 0.000000 0 944 fstat
0.00 0.000000 0 8 mmap
0.00 0.000000 0 4 mprotect
0.00 0.000000 0 1 munmap
0.00 0.000000 0 7 brk
0.00 0.000000 0 3 3 access
0.00 0.000000 0 1 execve
0.00 0.000000 0 1 sysinfo
0.00 0.000000 0 1 arch_prctl
------ ----------- ----------- --------- --------- ----------------
100.00 0.008930 25440 3 total
记得好看分享呀。
扫一扫
3万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
