I need to profile the performance of an application for which I am using strace. However, I do not really know how to interpret the various system calls the strace emits. Examples of a few of them are below:
(A) lseek(3, 1600, SEEK_SET) = 1600 (B) write(3, "G_DATA 300 0 "..., 800) = 800 (C) close(3) = 0 (D) mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b600b179000 (E) munmap(0x2b600b179000, 4096) = 0 (F) fstat(3, {st_mode=S_IFREG|0644, st_size=1600, ...}) = 0
I would be grateful if someone could briefly explain in plain English what these lines from (A) to (F) really means in terms of I/O, data transferred, significance on performance etc.
I went through the man pages of strace but still am not very very confident. If you any other pointers for me to read, that would be great.
I have some background on Operating Systems and understand what system calls, memory, virtual memory, Scheduling, etc. are.
You can use -o option to specify a file which saves strace 's output: # strace -o log. txt ls log.
strace is a diagnostic, debugging and instructional userspace utility for Linux. It is used to monitor and tamper with interactions between processes and the Linux kernel, which include system calls, signal deliveries, and changes of process state.
strace is a powerful command line tool for debugging and trouble shooting programs in Unix-like operating systems such as Linux. It captures and records all system calls made by a process and the signals received by the process.
strace works by using the ptrace system call which causes the kernel to halt the program being traced each time it enters or exits the kernel via a system call. The tracing program (in this case strace ) can then inspect the state of the program by using ptrace .
In order to understand these, you have to get familiar with the POSIX system calls. They are the interface a user-space program uses to interact with the kernel.
lseek
, write
, close
, mmap
, munmap
and fstat
are all system calls and are documented in section 2 of the linux manual.
Briefly, lseek
moves the internal pointer of the supplied file descriptor to the byte with position pointed to by the second argument, starting from SEEK_SET
(the beginning), SEEK_CUR
(current position) or SEEK_END
(the end). Any consecutive read
and write
calls on the same descriptor will start their action from this position. Note that lseek
is not implemented for all kinds of descriptors - it makes sense for a file on disk, but not for a socket or a pipe.
write
copies the supplied buffer to kernelspace and returns the number of bytes actually written. Depending on the kind of the descriptor, the kernel may write the data to disk or send it through the network. This is generally a costly operation because it involves transferring this buffer to the kernel.
close
closes the supplied descriptor and any associated resources with it in the kernel are freed. Note that each process has a limit on the number of simultaneously open descriptors, so it's sometimes necessary to close descriptors to not reach this limit.
mmap
is a complex system call and is used for many purposes including shared memory. The general usage however is to allocate more memory for the process. The malloc
and calloc
library functions usually use it internally.
munmap
frees the mmap
'ped memory.
fstat
returns various information that the filesystem keeps about a file - size, last modified, permissions, etc.
For each command there is a manual page, you can read it by typing man
and the name of C function, e.g. man lseek
(also check apropos
). They also have description of passed parameters.
Here are short summaries:
lseek
- reposition read/write file offset of the file descriptorwrite
- write to a file descriptor from the bufferclose
- delete a descriptor from the per-process object reference tablemmap
- allocate memory, or map files or devices into memorymunmap
- remove a mapping for the specified address rangefstat
- get file status pointed to by pathPlease note that interpreting single/random syscals won't be meaningful in terms performance. To test significance on performance of these syscalls, you should use -c
parameter which can count time, calls, and errors for each syscall and report the summary. Then you can read more about these which are taking the longest time.
To learn more about output and strace
parameters, check man strace
.
See also: How to parse strace in shell into plain text?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With