[daily] 查看linux程序或操作的kernel内核调用栈

[classic_tong @ https://www.cnblogs.com/hugetong/p/12198122.html]

查看一个命令或程序,都调用了什么系统API的方法,

可以是用strace

[root@T9 OUTPUT_nginx]# strace echo
execve("/usr/bin/echo", ["echo"], [/* 22 vars */]) = 0
brk(NULL)                               = 0x1311000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10f71d4000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=53652, ...}) = 0
mmap(NULL, 53652, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f10f71c6000
close(3)                                = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340$\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2151672, ...}) = 0
mmap(NULL, 3981792, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f10f6be7000
mprotect(0x7f10f6da9000, 2097152, PROT_NONE) = 0

 

查看一个正在运行的程序的调用栈

在红帽系的话,可以用红帽给gdb打的补丁,gstack:https://src.fedoraproject.org/rpms/gdb/blob/master/f/gdb-6.3-gstack-20050411.patch

[root@T9 OUTPUT_nginx]# gstack 1
#0  0x00007f5924fad483 in epoll_wait () from /lib64/libc.so.6
#1  0x00005582a86c3ae9 in sd_event_wait ()
#2  0x00005582a86c45fd in sd_event_run ()
#3  0x00005582a86250c3 in manager_loop ()
#4  0x00005582a86195fb in main ()

其他地方,还可以用pstack https://code.lm7.fr/robotux/pstack

┬─[tong@T7:~/Src/go/src/github.com/cmpxchg16/gobench]─[05:58:39 PM]
╰─>$ sudo pstack 1

1: /usr/lib/systemd/systemd --switched-root --system --deserialize 28
(No symbols found)
0x7f09c0b0060e: ???? (55d405e91340, 0, 7ffd04515c90, 55d4057163a7, 7ffd04515d80, 7ffd04515d7a) + ffffd5d70197beb0
0x7f09c084444c: ???? (55d405e8eab0, 55d405f0e920, 3500000002, 55d405f07130, 55d405f27da0, 59c2fce020610) + ffffaa2ffa16e55b
crawl: Input/output error
Error tracing through process 1
0xffffffff: ????⏎                      

 

现在进入正题,查看一个程序或操作的内核调用栈

使用trace-cmd,如他自己所说,是ftrace的用户态前端:user-space front-end command-line tool for Ftrace

ftrace是内核的调试手段,用法稍有些复杂:详见:

https://www.kernel.org/doc/Documentation/trace/ftrace.txt

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Developer_Guide/ftrace.html

trace-cmd就相对非常简单,如下:

分两步,先record,可以针对正运行的程序,或一次性运行的程序。

trace-cmd record -p function -P 10493
或
trace-cmd record -p functon -F cat /sys/class/net/lan0/statistics/rx_bytes

他们会在本地存储一个文件,trace.dat

如下命令,可以查看在内核中的调用栈

trace-cmd report

 

[classic_tong @ https://www.cnblogs.com/hugetong/p/12198122.html]

posted on 2020-01-15 18:14  toong  阅读(1620)  评论(0编辑  收藏  举报