$ strace -h
usage: strace [-CdffhiqrtttTvVwxxy] [-I n] [-e expr]...
[-a column] [-o file] [-s strsize] [-P path]...
-p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]
or: strace -c[dfw] [-I n] [-e expr]... [-O overhead] [-S sortby]
-p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]
Output format:
-a column alignment COLUMN for printing syscall results (default 40)
-i print instruction pointer at time of syscall
-o file send trace output to FILE instead of stderr
-q suppress messages about attaching, detaching, etc.
-r print relative timestamp
-s strsize limit length of print strings to STRSIZE chars (default 32)
-t print absolute timestamp
-tt print absolute timestamp with usecs
-T print time spent in each syscall
-x print non-ascii strings in hex
-xx print all strings in hex
-y print paths associated with file descriptor arguments
-yy print ip:port pairs associated with socket file descriptors
Statistics:
-c count time, calls, and errors for each syscall and report summary
-C like -c but also print regular output
-O overhead set overhead for tracing syscalls to OVERHEAD usecs
-S sortby sort syscall counts by: time, calls, name, nothing (default time)
-w summarise syscall latency (default is system time)
Filtering:
-e expr a qualifying expression: option=[!]all or option=[!]val1[,val2]...
options: trace, abbrev, verbose, raw, signal, read, write
-P path trace accesses to path
Tracing:
-b execve detach on execve syscall
-D run tracer process as a detached grandchild, not as parent
-f follow forks
-ff follow forks with output into separate files
-I interruptible
1: no signals are blocked
2: fatal signals are blocked while decoding syscall (default)
3: fatal signals are always blocked (default if '-o FILE PROG')
4: fatal signals and SIGTSTP (^Z) are always blocked
(useful to make 'strace -o FILE PROG' not stop on ^Z)
Startup:
-E var remove var from the environment for command
-E var=val put var=val in the environment for command
-p pid trace process with process id PID, may be repeated
-u username run command as username handling setuid and/or setgid
Miscellaneous:
-d enable debug output to stderr
-v verbose mode: print unabbreviated argv, stat, termios, etc. args
-h print help message
-V print version
$ sudo cat /proc/550/maps // 실행과 관련된 공유라이브러리 확인
$ sudo cat /proc/550/status // Process 상태확인
$ readelf -h /proc/550/exe // 실행파일 확인
$ readelf -s /proc/550/exe // symbol table 확인
$ strace -p 550 -f -t
...........
[pid 994] 11:25:13 pselect6(0, NULL, NULL, NULL, {0, 10000000}, NULL) = 0 (Timeout)
[pid 994] 11:25:13 openat(AT_FDCWD, "/proc/irq/366/spurious", O_RDONLY) = 31
[pid 994] 11:25:13 fstat(31, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
[pid 994] 11:25:13 fstat(31, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
[pid 994] 11:25:13 read(31, "count 180\nunhandled 0\nlast_unhan"..., 1024) = 42
...............
$ strace -p 550 -f -tt
[pid 994] 11:30:52.563464 fstat(31, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
[pid 994] 11:30:52.563761 fstat(31, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
[pid 994] 11:30:52.564047 read(31, "count 180\nunhandled 0\nlast_unhan"..., 1024) = 42
$ strace -cp 550 -f
strace: Process 550 attached with 4 threads
^Cstrace: Process 550 detached
strace: Process 743 detached
strace: Process 994 detached
strace: Process 995 detached
% time seconds usecs/call calls errors syscall
------ ----------- ----------- --------- --------- ----------------
98.67 0.488000 1132 431 pselect6
0.94 0.004653 12 382 sendto
0.13 0.000666 2 382 openat
0.10 0.000495 1 382 close
0.09 0.000457 1 764 fstat
0.06 0.000310 1 382 read
0.00 0.000000 0 4 2 futex
------ ----------- ----------- --------- --------- ----------------
100.00 0.494581 2727 2 total
http://www.brendangregg.com/perf.html
https://brunch.co.kr/@alden/12
http://linuxspot.tistory.com/253
http://man7.org/linux/man-pages/man1/strace.1.html