strace 是一款基于 linux ptrace 系统调用的命令行工具, 对于没有源代码去黑盒 triage 问题很有帮助. 它主要通过拦截分析 进程和系统调用的交互, 产生相应的输出.
常见命令:
strace -p 26380
strace -p 26380 -c
sudo strace -p 4599 -e trace=all
它还可以用来做错误注入 (fault injection)
-e trace=%desc Trace all file descriptor related system calls.
%file Trace all system calls which take a file name as an argument.
%fstat Trace fstat and fstatat syscall variants.
%fstatfs Trace fstatfs, fstatfs64, fstatvfs, osf_fstatfs, and osf_fstatfs64 system calls.
%ipc Trace all IPC related system calls.
%lstat Trace lstat syscall variants.
%memory Trace all memory mapping related system calls.
%network Trace all the network related system calls.
%process Trace all system calls which involve process management.
%pure Trace syscalls that always succeed and have no arguments.
%signal Trace all signal related system calls.
%stat Trace stat syscall variants.
%statfs Trace statfs, statfs64, statvfs, osf_statfs, and osf_statfs64 system calls.
%%stat Trace syscalls used for requesting file status.
%%statfs Trace syscalls related to file system statistics.