Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to interpret strace output?

I need to profile the performance of an application for which I am using strace. However, I do not really know how to interpret the various system calls the strace emits. Examples of a few of them are below:

(A) lseek(3, 1600, SEEK_SET)                = 1600 (B) write(3, "G_DATA    300        0          "..., 800) = 800 (C) close(3)                                = 0 (D) mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b600b179000 (E) munmap(0x2b600b179000, 4096)            = 0 (F) fstat(3, {st_mode=S_IFREG|0644, st_size=1600, ...}) = 0 

I would be grateful if someone could briefly explain in plain English what these lines from (A) to (F) really means in terms of I/O, data transferred, significance on performance etc.

I went through the man pages of strace but still am not very very confident. If you any other pointers for me to read, that would be great.

I have some background on Operating Systems and understand what system calls, memory, virtual memory, Scheduling, etc. are.

like image 891
Ketan Maheshwari Avatar asked Jun 13 '11 18:06

Ketan Maheshwari


People also ask

How do I get strace output to a file?

You can use -o option to specify a file which saves strace 's output: # strace -o log. txt ls log.

What is the meaning of strace?

strace is a diagnostic, debugging and instructional userspace utility for Linux. It is used to monitor and tamper with interactions between processes and the Linux kernel, which include system calls, signal deliveries, and changes of process state.

What can you do with strace?

strace is a powerful command line tool for debugging and trouble shooting programs in Unix-like operating systems such as Linux. It captures and records all system calls made by a process and the signals received by the process.

How does strace call work?

strace works by using the ptrace system call which causes the kernel to halt the program being traced each time it enters or exits the kernel via a system call. The tracing program (in this case strace ) can then inspect the state of the program by using ptrace .


2 Answers

In order to understand these, you have to get familiar with the POSIX system calls. They are the interface a user-space program uses to interact with the kernel.

lseek, write, close, mmap, munmap and fstat are all system calls and are documented in section 2 of the linux manual.

Briefly, lseek moves the internal pointer of the supplied file descriptor to the byte with position pointed to by the second argument, starting from SEEK_SET (the beginning), SEEK_CUR (current position) or SEEK_END (the end). Any consecutive read and write calls on the same descriptor will start their action from this position. Note that lseek is not implemented for all kinds of descriptors - it makes sense for a file on disk, but not for a socket or a pipe.

write copies the supplied buffer to kernelspace and returns the number of bytes actually written. Depending on the kind of the descriptor, the kernel may write the data to disk or send it through the network. This is generally a costly operation because it involves transferring this buffer to the kernel.

close closes the supplied descriptor and any associated resources with it in the kernel are freed. Note that each process has a limit on the number of simultaneously open descriptors, so it's sometimes necessary to close descriptors to not reach this limit.

mmap is a complex system call and is used for many purposes including shared memory. The general usage however is to allocate more memory for the process. The malloc and calloc library functions usually use it internally.

munmap frees the mmap'ped memory.

fstat returns various information that the filesystem keeps about a file - size, last modified, permissions, etc.

like image 54
Blagovest Buyukliev Avatar answered Sep 19 '22 05:09

Blagovest Buyukliev


For each command there is a manual page, you can read it by typing man and the name of C function, e.g. man lseek (also check apropos). They also have description of passed parameters.

Here are short summaries:

  • lseek - reposition read/write file offset of the file descriptor
  • write - write to a file descriptor from the buffer
  • close - delete a descriptor from the per-process object reference table
  • mmap - allocate memory, or map files or devices into memory
  • munmap - remove a mapping for the specified address range
  • fstat - get file status pointed to by path

Please note that interpreting single/random syscals won't be meaningful in terms performance. To test significance on performance of these syscalls, you should use -c parameter which can count time, calls, and errors for each syscall and report the summary. Then you can read more about these which are taking the longest time.

To learn more about output and strace parameters, check man strace.

See also: How to parse strace in shell into plain text?

like image 44
kenorb Avatar answered Sep 22 '22 05:09

kenorb