strace常用来跟踪进程执行时的系统调用和所接收的信号。 在Linux世界,进程不能直接访问硬件设备,当进程需要访问硬件设备(比如读取磁盘文件,接收网络数据等等)时,必须由用户态模式切换至内核态模式,通 过系统调用访问硬件设备。strace可以跟踪到一个进程产生的系统调用,包括参数,返回值,执行消耗的时间。
输出参数含义
复制代码
root@ubuntu:/usr# strace cat /dev/null
execve(“/bin/cat”, [“cat”, “/dev/null”], [/* 22 vars */]) = 0
brk(0) = 0xab1000
access(“/etc/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f29379a7000
access(“/etc/ld.so.preload”, R_OK) = -1 ENOENT (No such file or directory)
…
brk(0) = 0xab1000
brk(0xad2000) = 0xad2000
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), …}) = 0
open(“/dev/null”, O_RDONLY) = 3
fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 3), …}) = 0
read(3, “”, 32768) = 0
close(3) = 0
close(1) = 0
close(2) = 0
exit_group(0) = ?
复制代码
每一行都是一条系统调用,等号左边是系统调用的函数名及其参数,右边是该调用的返回值。
strace 显示这些调用的参数并返回符号形式的值。strace 从内核接收信息,而且不需要以任何特殊的方式来构建内核。
https://linux.cn/article-3935-1.html
http://www.cnblogs.com/bangerlee/archive/2012/02/20/2356818.html
strace 命令是一个有力工具, 显示所有的用户空间程序发出的系统调用. 它不仅显示调用, 还以符号形式显示调用的参数和返回值. 当一个系统调用失败, 错误的符号值(例如,
ENOMEM)和对应的字串(Out of memory) 都显示. strace 有很多命令行选项; 其中最有用的是 -t 来显示每个调用执行的时间, -T 来显示调用中花费的时间, -e 来限制被跟踪调用的类型, 以及-o 来重定向输出到一个文件. 缺省地, strace 打印调用信息到 stderr.strace 从内核自身获取信息.
这意味着可以跟踪一个程序, 不管它是否带有调试支持编译(对 gcc 是 -g 选项)以及不管它是否 strip 过. 你也可以连接追踪到一个运行中的进程, 类似于一个调试器的方式连接到一个运行中的进程并控制它.跟踪信息常用来支持发给应用程序开发者的故障报告, 但是对内核程序员也是很有价值的.我们已经看到驱动代码运行如何响应系统调用; strace 允许我们检查每个调用的输入和输出数据的一致性.
weiqifa@weiqifa-Inspiron-3847:~/weiqifa/new_tm100/tm100$ strace --help
strace: invalid option -- '-'
usage: strace [-CdffhiqrtttTvVxxy] [-I n] [-e expr]...
[-a column] [-o file] [-s strsize] [-P path]...
-p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]
or: strace -c[df] [-I n] [-e expr]... [-O overhead] [-S sortby]
-p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]
-c -- count time, calls, and errors for each syscall and report summary
-C -- like -c but also print regular output
-d -- enable debug output to stderr
-D -- run tracer process as a detached grandchild, not as parent
-f -- follow forks, -ff -- with output into separate files
-i -- print instruction pointer at time of syscall
-q -- suppress messages about attaching, detaching, etc.
-r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs
-T -- print time spent in each syscall
-v -- verbose mode: print unabbreviated argv, stat, termios, etc. args
-x -- print non-ascii strings in hex, -xx -- print all strings in hex
-y -- print paths associated with file descriptor arguments
-h -- print help message, -V -- print version
-a column -- alignment COLUMN for printing syscall results (default 40)
-b execve -- detach on this syscall
-e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...
options: trace, abbrev, verbose, raw, signal, read, write
-I interruptible --
1: no signals are blocked
2: fatal signals are blocked while decoding syscall (default)
3: fatal signals are always blocked (default if '-o FILE PROG')
4: fatal signals and SIGTSTP (^Z) are always blocked
(useful to make 'strace -o FILE PROG' not stop on ^Z)
-o file -- send trace output to FILE instead of stderr
-O overhead -- set overhead for tracing syscalls to OVERHEAD usecs
-p pid -- trace process with process id PID, may be repeated
-s strsize -- limit length of print strings to STRSIZE chars (default 32)
-S sortby -- sort syscall counts by: time, calls, name, nothing (default time)
-u username -- run command as username handling setuid and/or setgid
-E var=val -- put var=val in the environment for command
-E var -- remove var from the environment for command
-P path -- trace accesses to path
如下是实例:
1|root@mid713l_lp_lvds:/ # strace -T /dev/input/event4
execve("/dev/input/event4", ["/dev/input/event4"], [/* 25 vars */]) = -1 EACCES (Permission denied) <0.000954>
write(2, "strace: exec", 12strace: exec) = 12 <0.005100>
write(2, ": ", 2: ) = 2 <0.001029>
write(2, "Permission denied", 17Permission denied) = 17 <0.000269>
write(2, "\n", 1
) = 1 <0.002202>
exit_group(1) = ?
1|root@mid713l_lp_lvds:/ # strace -T /dev/input/event4
1
2
3
4
5
6
7
8
9
strace -ttt system/xbi/busybox 查看busybox的使用调用情况 列表如下
strace -ttt system/xbi/busybox <
1357029942.164145 execve("system/xbin/busybox", ["system/xbin/busybox"], [/* 25 vars */]) = 0
1357029942.178440 brk(0) = 0x93c000
1357029942.182622 brk(0x93c4b8) = 0x93c4b8
1357029942.185678 set_tls(0x93c490, 0x11e464, 0, 0x1212d4, 0x121a50) = 0
1357029942.191336 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
1357029942.195093 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
1357029942.202561 getuid32() = 0
1357029942.208745 ioctl(0, TIOCGWINSZ, {ws_row=0, ws_col=0, ws_xpixel=0, ws_ypixel=0}) = 0
1357029942.213450 dup2(1, 2) = 2
1357029942.218086 write(2, "BusyBox v1.21.1 (2013-07-08 10:2"..., 41BusyBox v1.21.1 (2013-07-08 10:26:30 CDT)) = 41
1357029942.223062 write(2, " multi-call binary.\n", 20 multi-call binary.
) = 20
1357029942.227870 write(2, "BusyBox is copyrighted by many a"..., 539BusyBox is copyrighted by many authors between 1998-2012.
Licensed under GPLv2. See source distribution for detailed
copyright notices.
Usage: busybox [function [arguments]...]
or: busybox --list[-full]
or: busybox --install [-s] [DIR]
or: function [arguments]...
BusyBox is a multi-call binary that combines many common Unix
utilities into a single executable. Most people will create a
link to busybox for each function they wish to use and BusyBox
will act like whatever it was invoked as.
Currently defined functions:
) = 539
1357029942.236050 write(2, "\t", 1 ) = 1
1357029942.240429 write(2, "[", 1[) = 1
1357029942.241966 write(2, ", ", 2, ) = 2
1357029942.244555 write(2, "[[", 2[[) = 2
1357029942.245292 write(2, ", ", 2, ) = 2
1357029942.246183 write(2, "acpid", 5acpid) = 5
1357029942.247706 write(2, ", ", 2, ) = 2
1357029942.248437 write(2, "add-shell", 9add-shell) = 9
1357029942.252078 write(2, ", ", 2, ) = 2
1357029942.252936 write(2, "addgroup", 8addgroup) = 8
1357029942.253986 write(2, ", ", 2, ) = 2
1357029942.255638 write(2, "adduser", 7adduser) = 7
1357029942.256660 write(2, ", ", 2, ) = 2
1357029942.258274 write(2, "adjtimex", 8adjtimex) = 8
1357029942.259147 write(2, ", ", 2, ) = 2
1357029942.262591 write(2, "arp", 3arp) = 3
1357029942.264350 write(2, ", ", 2, ) = 2
1357029942.266202 write(2, "arping", 6arping) = 6
1357029942.268030 write(2, ", ", 2, ) = 2
1357029942.271160 write(2, "ash", 3ash) = 3
1357029942.273002 write(2, ",\n", 2,
) = 2
1357029942.274807 write(2, "\t", 1 ) = 1
1357029942.275769 write(2, "awk", 3awk) = 3
1357029942.277461 write(2, ", ", 2, ) = 2
1357029942.279009 write(2, "base64", 6base64) = 6
1357029942.282269 write(2, ", ", 2, ) = 2
1357029942.283981 write(2, "basename", 8basename) = 8
1357029942.285709 write(2, ", ", 2, ) = 2
1357029942.287381 write(2, "beep", 4beep) = 4
1357029942.289075 write(2, ", ", 2, ) = 2
1357029942.292113 write(2, "blkid", 5blkid) = 5
1357029942.293823 write(2, ", ", 2, ) = 2
1357029942.295509 write(2, "blockdev", 8blockdev) = 8
1357029942.297266 write(2, ", ", 2, ) = 2
1357029942.298931 write(2, "bootchartd", 10bootchartd) = 10
1357029942.302217 write(2, ", ", 2, ) = 2
1357029942.303743 write(2, "brctl", 5brctl) = 5
1357029942.305639 write(2, ",\n", 2,
) = 2
1357029942.307332 write(2, "\t", 1 ) = 1
1357029942.309011 write(2, "bunzip2", 7bunzip2) = 7
1357029942.312026 write(2, ", ", 2, ) = 2
1357029942.313707 write(2, "bzcat", 5bzcat) = 5
1357029942.315428 write(2, ", ", 2, ) = 2
1357029942.317106 write(2, "bzip2", 5bzip2) = 5
1357029942.318821 write(2, ", ", 2, ) = 2
1357029942.323463 write(2, "cal", 3cal) = 3
1357029942.325169 write(2, ", ", 2, ) = 2
1357029942.326848 write(2, "cat", 3cat) = 3
1357029942.328519 write(2, ", ", 2, ) = 2
1357029942.331470 write(2, "catv", 4catv) = 4
1357029942.333238 write(2, ", ", 2, ) = 2
1357029942.334950 write(2, "chat", 4chat) = 4
1357029942.336668 write(2, ", ", 2, ) = 2
1357029942.337607 write(2, "chattr", 6chattr) = 6
1357029942.340726 write(2, ", ", 2, ) = 2
1357029942.342281 write(2, "chgrp", 5chgrp) = 5
1357029942.343967 write(2, ", ", 2, ) = 2
1357029942.345622 write(2, "chmod", 5chmod) = 5
1357029942.347408 write(2, ",\n", 2,
) = 2
1357029942.349119 write(2, "\t", 1 ) = 1
1357029942.352351 write(2, "chown", 5chown) = 5
1357029942.354056 write(2, ", ", 2, ) = 2
1357029942.355118 write(2, "chpasswd", 8chpasswd) = 8
1357029942.356883 write(2, ", ", 2, ) = 2
1357029942.362810 write(2, "chpst", 5chpst) = 5
1357029942.364715 write(2, ", ", 2, ) = 2
1357029942.366292 write(2, "chroot", 6chroot) = 6
1357029942.368063 write(2, ", ", 2, ) = 2
1357029942.370988 write(2, "chrt", 4chrt) = 4
1357029942.372698 write(2, ", ", 2, ) = 2
1357029942.374392 write(2, "chvt", 4chvt) = 4
1357029942.376113 write(2, ", ", 2, ) = 2
1357029942.377788 write(2, "cksum", 5cksum) = 5
1357029942.381052 write(2, ", ", 2, ) = 2
1357029942.382598 write(2, "clear", 5clear) = 5
1357029942.384305 write(2, ", ", 2, ) = 2
1357029942.385996 write(2, "cmp", 3cmp) = 3
1357029942.387659 write(2, ", ", 2, ) = 2
1357029942.390869 write(2, "comm", 4comm) = 4
1357029942.392656 write(2, ",\n", 2,
) = 2
1357029942.394381 write(2, "\t", 1 ) = 1
1357029942.396071 write(2, "conspy", 6conspy) = 6
1357029942.397044 write(2, ", ", 2, ) = 2
1357029942.398727 write(2, "cp", 2cp) = 2
1357029942.401569 write(2, ", ", 2, ) = 2
1357029942.403275 write(2, "cpio", 4cpio) = 4
1357029942.404976 write(2, ", ", 2, ) = 2
1357029942.406659 write(2, "crond", 5crond) = 5
1357029942.408353 write(2, ", ", 2, ) = 2
1357029942.411464 write(2, "crontab", 7crontab) = 7
1357029942.413264 write(2, ", ", 2, ) = 2
1357029942.414967 write(2, "cryptpw", 7cryptpw) = 7
1357029942.416708 write(2, ", ", 2, ) = 2
1357029942.418405 write(2, "cttyhack", 8cttyhack) = 8
1357029942.421579 write(2, ", ", 2, ) = 2
1357029942.423337 write(2, "cut", 3cut) = 3
1357029942.425098 write(2, ", ", 2, ) = 2