strace.1

linux进程跟踪的工具和源代码

is one of
.BR trace ,
.BR abbrev ,
.BR verbose ,
.BR raw ,
.BR signal ,
.BR read ,
or
.B write
and
.I value
is a qualifier-dependent symbol or number.  The default
qualifier is
.BR trace .
Using an exclamation mark negates the set of values.  For example,
.B \-eopen
means literally
.B "\-e trace=open"
which in turn means trace only the
.B open
system call.  By contrast,
.B "\-etrace=!open"
means to trace every system call except
.BR open .
In addition, the special values
.B all
and
.B none
have the obvious meanings.
.IP
Note that some shells use the exclamation point for history
expansion even inside quoted arguments.  If so, you must escape
the exclamation point with a backslash.
.TP
.BI "\-e trace=" set
Trace only the specified set of system calls.  The
.B \-c
option is useful for determining which system calls might be useful
to trace.  For example,
.B trace=open,close,read,write
means to only
trace those four system calls.  Be careful when making inferences
about the user/kernel boundary if only a subset of system calls
are being monitored.  The default is
.BR trace=all .
.TP
.B "\-e trace=file"
Trace all system calls which take a file name as an argument.  You
can think of this as an abbreviation for
.BR "\-e\ trace=open,stat,chmod,unlink," ...
which is useful to seeing what files the process is referencing.
Furthermore, using the abbreviation will ensure that you don't
accidentally forget to include a call like
.B lstat
in the list.  Betchya woulda forgot that one.
.TP
.B "\-e trace=process"
Trace all system calls which involve process management.  This
is useful for watching the fork, wait, and exec steps of a process.
.TP
.B "\-e trace=network"
Trace all the network related system calls.
.TP
.B "\-e trace=signal"
Trace all signal related system calls.
.TP
.B "\-e trace=ipc"
Trace all IPC related system calls.
.TP
.BI "\-e abbrev=" set
Abbreviate the output from printing each member of large structures.
The default is
.BR abbrev=all .
The
.B \-v
option has the effect of
.BR abbrev=none .
.TP
.BI "\-e verbose=" set
Dereference structures for the specified set of system calls.  The
default is
.BR verbose=all .
.TP
.BI "\-e raw=" set
Print raw, undecoded arguments for the specifed set of system calls.
This option has the effect of causing all arguments to be printed
in hexadecimal.  This is mostly useful if you don't trust the
decoding or you need to know the actual numeric value of an
argument.
.TP
.BI "\-e signal=" set
Trace only the specified subset of signals.  The default is
.BR signal=all .
For example,
.B signal=!SIGIO
(or
.BR signal=!io )
causes SIGIO signals not to be traced.
.TP
.BI "\-e read=" set
Perform a full hexadecimal and ASCII dump of all the data read from
file descriptors listed in the specified set.  For example, to see
all input activity on file descriptors 3 and 5 use
.BR "\-e read=3,5" .
Note that this is independent from the normal tracing of the
.BR read (2)
system call which is controlled by the option
.BR "\-e trace=read" .
.TP
.BI "\-e write=" set
Perform a full hexadecimal and ASCII dump of all the data written to
file descriptors listed in the specified set.  For example, to see
all output activity on file descriptors 3 and 5 use
.BR "\-e write=3,5" .
Note that this is independent from the normal tracing of the
.BR write (2)
system call which is controlled by the option
.BR "\-e trace=write" .
.TP
.BI "\-o " filename
Write the trace output to the file
.I filename
rather than to stderr.
Use
.I filename.pid
if
.B \-ff
is used.
If the argument begins with `|' or with `!' then the rest of the
argument is treated as a command and all output is piped to it.
This is convenient for piping the debugging output to a program
without affecting the redirections of executed programs.
.TP
.BI "\-O " overhead
Set the overhead for tracing system calls to
.I overhead
microseconds.
This is useful for overriding the default heuristic for guessing
how much time is spent in mere measuring when timing system calls using
the
.B \-c
option.  The acuracy of the heuristic can be gauged by timing a given
program run without tracing (using
.BR time (1))
and comparing the accumulated
system call time to the total produced using
.BR \-c .
.TP
.BI "\-p " pid
Attach to the process with the process
.SM ID
.I pid
and begin tracing.
The trace may be terminated
at any time by a keyboard interrupt signal (\c
.SM CTRL\s0-C).
.B strace
will respond by detaching itself from the traced process(es)
leaving it (them) to continue running.
Multiple
.B \-p
options can be used to attach to up to 32 processes in addition to
.I command
(which is optional if at least one
.B \-p
option is given).
.TP
.BI "\-s " strsize
Specify the maximum string size to print (the default is 32).  Note
that filenames are not considered strings and are always printed in
full.
.TP
.BI "\-S " sortby
Sort the output of the histogram printed by the
.B \-c
option by the specified critereon.  Legal values are
.BR time ,
.BR calls ,
.BR name ,
and
.B nothing
(default
.BR time ).
.TP
.BI "\-u " username
Run command with the user \s-1ID\s0, group \s-2ID\s0, and
supplementary groups of
.IR username .
This option is only useful when running as root and enables the
correct execution of setuid and/or setgid binaries.
Unless this option is used setuid and setgid programs are executed
without effective privileges.
.SH "SETUID INSTALLATION"
If
.B strace
is installed setuid to root then the invoking user will be able to
attach to and trace processes owned by any user.
In addition setuid and setgid programs will be executed and traced
with the correct effective privileges.
Since only users trusted with full root privileges should be allowed
to do these things,
it only makes sense to install
.B strace
as setuid to root when the users who can execute it are restricted
to those users who have this trust.
For example, it makes sense to install a special version of
.B strace
with mode `rwsr-xr--', user
.B root
and group
.BR trace ,
where members of the
.B trace
group are trusted users.
If you do use this feature, please remember to install
a non-setuid version of
.B strace
for ordinary lusers to use.
.SH "SEE ALSO"
.BR ptrace (2),
.BR proc (4),
.BR time (1),
.BR trace (1),
.BR truss (1)
.SH NOTES
It is a pity that so much tracing clutter is produced by systems
employing shared libraries.
.LP
It is instructive to think about system call inputs and outputs
as data-flow across the user/kernel boundary.  Because user-space
and kernel-space are separate and address-protected, it is
sometimes possible to make deductive inferences about process
behavior using inputs and outputs as propositions.
.LP
In some cases, a system call will differ from the documented behavior
or have a different name.  For example, on System V-derived systems
the true
.BR time (2)
system call does not take an argument and the
.B stat
function is called
.B xstat
and takes an extra leading argument.  These
discrepancies are normal but idiosyncratic characteristics of the
system call interface and are accounted for by C library wrapper
functions.
.LP
On some platforms a process that has a system call trace applied
to it with the
.B \-p
option will receive a
.BR \s-1SIGSTOP\s0 .
This signal may interrupt a system call that is not restartable.
This may have an unpredictable effect on the process
if the process takes no action to restart the system call.
.SH BUGS
Programs that use the
.I setuid
bit do not have
effective user
.SM ID
privileges while being traced.
.LP
A traced process ignores
.SM SIGSTOP
except on SVR4 platforms.
.LP
A traced process which tries to block SIGTRAP will be sent a SIGSTOP
in an attempt to force continuation of tracing.
.LP
A traced process runs slowly.
.LP
Traced processes which are descended from
.I command
may be left running after an interrupt signal (\c
.SM CTRL\s0-C).
.LP
On Linux, exciting as it would be, tracing the init process is forbidden.
.LP
The
.B \-i
option is weakly supported.
.SH HISTORY
.B strace
The original
.B strace
was written by Paul Kranenburg
for SunOS and was inspired by its trace utility.
The SunOS version of
.B strace
was ported to Linux and enhanced
by Branko Lankester, who also wrote the Linux kernel support.
Even though Paul released
.B strace
2.5 in 1992,
Branko's work was based on Paul's
.B strace
1.5 release from 1991.
In 1993, Rick Sladkey merged
.B strace
2.5 for SunOS and the second release of
.B strace
for Linux, added many of the features of
.BR truss (1)
from SVR4, and produced an
.B strace
that worked on both platforms.  In 1994 Rick ported
.B strace
to SVR4 and Solaris and wrote the
automatic configuration support.  In 1995 he ported
.B strace
to Irix
and tired of writing about himself in the third person.
.SH PROBLEMS
Problems with
.B strace
should be reported to the current
.B strace
maintainer, Wichert Akkerman, at <wakkerma@debian.org>.