truss(1) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨 페이지 이름
검색(S)

truss(1)

truss(1)                         User Commands                        truss(1)



NAME
       truss - trace system calls and signals

SYNOPSIS
       truss [-fcaeilAdDEGIN] [-d]  [-D]  [-E]  [-G] [- [tTvx] [!] syscall ,...]
             [- [sS] [!] signal ,...] [- [mM] [!] fault ,...]
             [- [rw] [!] fd ,...]
             [- [uU] [!] lib ,... : [:] [!] func ,...]
             [-o outfile] command | -p pid[/lwps]...

DESCRIPTION
       The  truss  utility executes the specified command and produces a trace
       of the system calls it performs,  the  signals  it  receives,  and  the
       machine  faults it incurs. Each line of the trace output reports either
       the fault or signal name or the system call name with its arguments and
       return  value(s). System call arguments are displayed symbolically when
       possible using defines from relevant system headers. For any path  name
       pointer argument, the pointed-to string is displayed. Error returns are
       reported using the error code names described in Intro(3). If,  in  the
       case  of  an error, the kernel reports a missing privilege, a privilege
       name as described in privileges(7) is reported in square brackets ([ ])
       after  the  error  code  name.  See NOTES for more information on error
       reporting.


       Optionally (see the -u option), truss also produce an entry/exit  trace
       of  user-level  function calls executed by the traced process, indented
       to indicate nesting.

OPTIONS
       For those options that take a list argument, the name all can  be  used
       as a shorthand to specify all possible members of the list. If the list
       begins with a !, the meaning of the option  is  negated  (for  example,
       exclude rather than trace). Multiple occurrences of the same option can
       be specified. For the same name in a list, subsequent options (those to
       the right) override previous ones (those to the left).


       The following options are supported:

       -a

           Shows  the  argument  strings  that  are  passed  in each exec() or
           spawn() system call.


       -A

           Includes a time stamp on each line of trace output. The time  stamp
           represents  the  time  of the day and appears as a field containing
           hours:minutes:seconds.microseconds. The  truss  command  determines
           the  time  values  using the gettimeofday() and asctime() functions
           and prints in 24 hour format. The times that are reported  are  the
           times  that  the  event in question occurred. For all system calls,
           the event is the completion of the system call, not the start.  For
           more  information,  see  the  gettimeofday(3C)  and asctime(3C) man
           pages.


       -c

           Counts traced system calls, faults, and signals  rather  than  dis‐
           playing  the trace line-by-line. A summary report is produced after
           the traced command terminates or when truss is interrupted.  If  -f
           is  also  specified,  the  counts  include all traced system calls,
           faults, and signals for child processes.


       -d

           Includes a time stamp on each line of trace output. The time  stamp
           appears  as a field containing seconds.fraction at the start of the
           line. This represents a time in seconds relative to  the  beginning
           of  the  trace.  The  first line of the trace output shows the base
           time from which the individual time stamps are  measured,  both  as
           seconds  since  the  epoch  (see time(2)) and as a date string (see
           ctime(3C) and date(1)). The times that are reported are  the  times
           that  the  event  in  question  occurred. For all system calls, the
           event is the completion of the system call, not the  start  of  the
           system call.


       -D

           Includes  a  time  delta  on  each  line of trace output. The value
           appears as a field containing seconds.fraction and  represents  the
           elapsed  time  for  the  LWP that incurred the event since the last
           reported event incurred  by  that  LWP.  Specifically,  for  system
           calls, this is not the time spent within the system call.


       -e

           Shows  the  environment  strings that are passed in each exec() and
           spawn() system call.


       -E

           Includes a time delta on each  line  of  trace  output.  The  value
           appears  as  a field containing seconds.fraction and represents the
           difference in time elapsed between the beginning and end of a  sys‐
           tem call(wall clock time).

           In  contrast  to  the  -D  option, this is the amount of time spent
           within the system call.


       -G

           Includes a time delta on each  line  of  trace  output.  The  value
           appears  as  a field containing seconds.fraction and represents the
           system time accumulated between the beginning and end of  a  system
           call.


       -f

           Follows  all  children  created by fork(), vfork(), and spawn() and
           then includes their signals, faults, and system calls in the  trace
           output.  Normally,  only  the  first-level  command  or  process is
           traced. When -f is specified, the process-id is included with  each
           line of trace output to indicate which process executed system call
           or received the signal.


       -i

           Does not display interruptible sleeping system calls. Certain  sys‐
           tem  calls, such as open() and read() on terminal devices or pipes,
           can sleep for indefinite periods and are  interruptible.  Normally,
           truss  reports such sleeping system calls if they remain asleep for
           more than one second. The system call is reported  again  a  second
           time  when  it completes. The -i option causes such system calls to
           be reported only once, when they complete.


       -I

           Displays interpreted system calls when  possible.  Many  historical
           system  call  traps have been replaced by their more general modern
           counterparts. For example, the open() system call is implemented in
           libc as a call to the general openat() system call trap.



             int
             open(path, oflag, mode)
             {
                  return (openat(AT_FDCWD, path, oflag, mode));
             }

           The  truss  command normally reports the underlying openat() system
           call trap, even if the application's source code calls  the  open()
           function.  The -I option causes truss to guess what the application
           actually called. Therefore, in this case, since the first  argument
           to openat() function is AT_FDCWD, the system call reports as open()
           even if the application actually calls openat(AT_FDCWD, ...).


       -l

           Includes the id of the responsible lightweight process  (LWP)  with
           each  line  of  trace  output.  If  -f  is also specified, both the
           process-id and the LWP-id are included.


       -m [!]fault,...

           Machine faults to trace or exclude. Those faults specified  in  the
           comma-separated list are traced. Faults can be specified by name or
           number (see <sys/fault.h>). If the list begins with a !, the speci‐
           fied  faults  are  excluded from the trace output. Default is -mall
           -m  !fltpage.


       -M [!]fault,...

           Machine faults that stop the  process.  The  specified  faults  are
           added to the set specified by -m. If one of the specified faults is
           incurred, truss leaves the process stopped and abandoned  (see  the
           -T option). Default is -M!all.


       -o outfile

           File  to  be used for the trace output. By default, the output goes
           to standard error.


       -p

           Interprets the command arguments to truss as a list of  process-ids
           for  existing  processes (see ps(1)) rather than as a command to be
           executed. truss takes control of each process and begins tracing it
           provided  that the userid and groupid of the process match those of
           the user or that the user is a privileged  user.  Users  can  trace
           only  selected  threads  by appending /thread-id to the process-id.
           Multiple threads can be selected using the - and , delimiters.  For
           example  /1,2,7-9  traces  threads 1, 2, 7, 8, and 9. Processes can
           also be specified by their names in the /proc directory, for  exam‐
           ple, /proc/12345.


       -r [!]fd,...

           Shows the full contents of the I/O buffer for each read() on any of
           the specified file descriptors. The output is  formatted  32  bytes
           per line and shows each byte as an ASCII character (preceded by one
           blank) or as a 2-character C language escape sequence  for  control
           characters  such  as horizontal tab (\t) and newline (\n). If ASCII
           interpretation is not possible, the byte is  shown  in  2-character
           hexadecimal  representation.  (The first 12 bytes of the I/O buffer
           for each traced print >read() are shown even in the absence of -r.)
           Default is -r!all.


       -s [!]signal,...

           Signals  to trace or exclude. Those signals specified in the comma-
           separated list are traced. The trace output reports the receipt  of
           each  specified  signal,  even  if the signal is being ignored (not
           blocked).  (Blocked  signals  are  not  received  until  they   are
           unblocked.)  Signals  can  be  specified  by  name  or  number (see
           <sys/signal.h>). If the list begins with a !, the specified signals
           are excluded from the trace output. Default is -sall.


       -N

           Report only system calls which have returned an error.


       -S [!]signal,...

           Signals  that  stop the process. The specified signals are added to
           the set specified by  -s.  If  one  of  the  specified  signals  is
           received,  truss  leaves the process stopped and abandoned (see the
           -T option). Default is -S!all.


       -t [!]syscall,...

           System calls to trace or exclude. Those system calls  specified  in
           the  comma-separated  list are traced. If the list begins with a !,
           the specified system calls are  excluded  from  the  trace  output.
           Default is -tall.


       -T [!]syscall,...

           Specifies  system calls that stop the process. The specified system
           calls are added to the set specified by -t. If one of the specified
           system  calls  is encountered, truss leaves the process stopped and
           abandoned. That is, truss releases the process and exits but leaves
           the  process  in the stopped state at completion of the system call
           in question. A debugger  or  other  process  inspection  tool  (see
           proc(1))  can  then be applied to the stopped process. truss can be
           reapplied to the stopped process with the same or different options
           to continue tracing. Default is -T!all.

           A  process  left  stopped in this manner cannot be restarted by the
           application of kill  -CONT because it is stopped  on  an  event  of
           interest  via /proc, not by the default action of a stopping signal
           (see signal.h(3HEAD)). The prun(1) command described in proc(1) can
           be used to set the stopped process running again.


       -u [!]lib,...:[:][!]func,...

           User-level function call tracing. lib,... is a comma-separated list
           of dynamic library names, excluding the '.so.n' suffix. func,... is
           a  comma-separated  list of function names. In both cases the names
           can include name-matching metacharacters *,?,[] with the same mean‐
           ings  as those of sh(1) but as applied to the library/function name
           spaces, not to files. An empty library or function list defaults to
           *,  trace  all  libraries or functions in a library. A leading ! on
           either list specifies an exclusion  list,  names  of  libraries  or
           functions  not to be traced. Excluding a library excludes all func‐
           tions in that library; any function list following a library exclu‐
           sion list is ignored.

           A single : separating the library list from the function list means
           to trace calls into the libraries from outside the  libraries,  but
           omit  calls  made to functions in a library from other functions in
           the same library. A double :: means to trace all calls,  regardless
           of origin.

           Library  patterns  do  not  match either the executable file or the
           dynamic linker unless there is an exact match (l*  does  not  match
           ld.so.1).  To trace functions in either of these objects, the names
           must be specified exactly, as in:


             truss -u a.out -u ld ...

           a.out is the literal name to be used for this purpose; it does  not
           stand  for  the name of the executable file. Tracing a.out function
           calls implies all calls (default is ::).

           Multiple -u options can be specified and they are honored  left-to-
           right.  The id of the lightweight process and id of the thread that
           performed the function call is included in the trace output for the
           call,  separated  by  a  slash  (/)  and  an at-sign (@) character,
           respectively.


       -U [!]lib,...:[:][!]func,...

           User-level function calls that  stop  the  process.  The  specified
           functions are added to the set specified by -u. If one of the spec‐
           ified functions is called, truss leaves  the  process  stopped  and
           abandoned (see the -T option).


       -v [!]syscall,...

           Verbose.  Displays the contents of any structures passed by address
           to the specified system calls (if traced by -t).  Input  values  as
           well  as values returned by the operating system are shown. For any
           field used as both input and  output,  only  the  output  value  is
           shown. Default is -v!all.


       -w [!]fd,...

           Shows the contents of the I/O buffer for each write() on any of the
           specified file descriptors (see the -r option). Default is -w!all.


       -x [!]syscall,...

           Displays the arguments to the specified system calls (if traced  by
           -t)  in  raw  form,  usually hexadecimal, rather than symbolically.
           This is for unredeemed hackers who must see  the  raw  bits  to  be
           happy. Default is -x!all.



       See man pages section 2: System Calls for system call names accepted by
       the -t, -T, -v, and -x options. System call numbers are also accepted.


       If truss is used to initiate and trace a specified command and  if  the
       -o  option is used or if standard error is redirected to a non-terminal
       file, then truss runs with hangup, interrupt, and quit signals ignored.
       This  facilitates  tracing of interactive programs that catch interrupt
       and quit signals from the terminal.


       If the trace output remains directed to the terminal,  or  if  existing
       processes  are  traced  (the -p option), then truss responds to hangup,
       interrupt, and quit signals by releasing all traced processes and exit‐
       ing.  This  enables the user to terminate excessive trace output and to
       release previously-existing processes. Released processes continue nor‐
       mally, as though they had never been touched.


       When tracing existing processes, truss releases processes and sets them
       running when truss exits. This includes exiting due to signals, such as
       SIGINT,  SIGHUP,  or SIGQUIT. This enables the user to terminate exces‐
       sive  trace  output  and  to  release  previously-existing   processes.
       Released  processes  continue  normally,  as though they had never been
       touched.

EXAMPLES
       Example 1 Tracing a Command



       The following example produces a trace of the find(1)  command  on  the
       terminal:


         example$ truss find . -print >find.out



       Example 2 Tracing Common System Calls



       The  following example shows only a trace of the open, close, read, and
       write system calls:


         example$ truss -t open,close,read,write find . -print >find.out




       Example 3 Tracing a Shell Script



       The following example produces a trace of the spell(1) command  on  the
       file truss.out:


         example$ truss -f -o truss.out spell document




       spell is a shell script, so the -f flag is needed to trace not only the
       shell but also the processes created by the shell.  (The  spell  script
       runs a pipeline of eight processes.)


       Example 4 Abbreviating Output



       The following example abbreviates output:


         example$ truss nroff -mm document >nroff.out





       because  97%  of the output reports lseek(), read(), and write() system
       calls. To abbreviate it:


         example$ truss -t !lseek,read,write nroff -mm document >nroff.out



       Example 5 Tracing Library Calls From Outside the C Library



       The following example traces all user-level calls made to any  function
       in the C library from outside the C library:


         example$ truss -u libc ...



       Example 6 Tracing library calls from within the C library



       The following example includes calls made to functions in the C library
       from within the C library itself:


         example$ truss -u libc:: ...



       Example 7 Tracing Library Calls Other Than the C Library



       The following example traces all user-level calls made to  any  library
       other than the C library:


         example$ truss -u '*' -u !libc ...



       Example 8 Tracing printf and scanf Function Calls



       The  following  example traces all user-level calls to functions in the
       printf and scanf family contained in the C library:


         example$ truss -u 'libc:*printf,*scanf' ...



       Example 9 Tracing Every User-level Function Call



       The following example traces every user-level function call  from  any‐
       where to anywhere:


         example$ truss -u a.out -u ld:: -u :: ...



       Example 10 Tracing a System Call Verbosely



       The  following  example  verbosely  traces  the system call activity of
       process #1, init(8) (if you are a privileged user):


         example# truss -p -v all 1




       Interrupting truss returns init to normal operation.


       Example 11 Displaying Time of Day of a Trace



       The following example shows the current  time  stamp  of  every  system
       call:


         example$ truss -A a.out



       Example 12 Displaying system time consumed during a system call



       The  -E example shows wall clock time accumulated by the nanosleep sys‐
       tem call:


         example$ truss -E -t nanosleep /bin/sleep 1
         1.000241    nanosleep(0xFFFFFE9F63C05E00, 0xFFFFFE9F63C05DF0) = 0





       The -G example shows system time (time executing in kernel) accumulated
       by the nanosleep system call:


         example$ truss -G -t nanosleep /bin/sleep 1
         nanosleep(0xFFFFFED318188A60, 0xFFFFFED318188A50) (sleeping...)
         0.002761    nanosleep(0xFFFFFED318188A60, 0xFFFFFED318188A50) = 0



FILES
       /proc/*    Process files


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       tab()  box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
       TRIBUTE VALUE _ Availabilitysystem/core-os


SEE ALSO
       date(1), find(1), proc(1), ps(1), sh(1),  spell(1),  exec(2),  fork(2),
       lseek(2),  open(2),  read(2),  spawn(2),  time(2),  vfork(2), write(2),
       ctime(3C), signal.h(3HEAD), Intro(3), proc(5), attributes(7),  mwac(7),
       privileges(7), threads(7), tpd(7), init(8)


       man pages section 2: System Calls

NOTES
       Some of the system calls described in man pages section 2: System Calls
       differ from the actual operating system interfaces. Do not be surprised
       by  minor  deviations of the trace output from the descriptions in that
       document.


       Every machine fault (except a page fault) results in the posting  of  a
       signal  to the LWP that incurred the fault. A report of a received sig‐
       nal immediately follows each report of a machine fault (except  a  page
       fault) unless that signal is being blocked.


       The  operating  system  enforces  certain  security restrictions on the
       tracing of processes. In particular,  any  command  whose  object  file
       (a.out)  cannot be read by a user cannot be traced by that user; setuid
       and setgid commands can be traced only by a privileged user. Unless  it
       is  run  by  a privileged user, truss loses control of any process that
       performs an exec() of a set-id or unreadable  object  file;  such  pro‐
       cesses continue normally, though independently of truss, from the point
       of the exec() or spawn().


       To avoid collisions with other controlling processes,  truss  does  not
       trace  a process that it detects is being controlled by another process
       via  the  /proc  interface.  This  allows  truss  to  be   applied   to
       proc(5)-based debuggers as well as to another instance of itself.


       The  trace  output  contains  tab  characters under the assumption that
       standard tab stops are set (every eight positions).


       The trace output for multiple processes or for a multithreaded  process
       (one  that  contains  more than one LWP) is not produced in strict time
       order. For example, a read() on a pipe can be reported before the  cor‐
       responding  write().  For  any  one LWP (a traditional process contains
       only one), the output is strictly time-ordered.


       When tracing more than one  process,  truss  runs  as  one  controlling
       process  for  each  process  being traced. For the example of the spell
       command shown above, spell itself uses 9 process  slots,  one  for  the
       shell  and 8 for the 8-member pipeline, while truss adds another 9 pro‐
       cesses, for a total of 18.


       Not all possible structures passed in all  possible  system  calls  are
       displayed under the -v option.


       Multiple -d, -D, -E and -G options are printed in the order -d, -D, -E,
       -G irrespective of the order that they are entered on the command line.


       When truss reports on errors returned by system calls that  are  caused
       by  missing  privilege, truss displays either the simple privilege name
       after the error-code or  a  complex  privilege  description.  For  more
       information,  see  the privileges(7) man page. This complex description
       can consist of:

       [ALL]          The process needs all privileges for the requested oper‐
                      ation.


       [MULTIPLE]     The process lacks multiple privileges.


       [ZONE]         The process lacks one of the available privileges in the
                      zone (zone-local variant of ALL).


       [GLOBAL]       The requested operation requires  that  the  process  is
                      running in the global zone.


       [MWAC]         The  requested  operation violates a mwac(7) policy that
                      is in place for the process.


       [TPD]          The requested operation violated the tpd(7) policy.


       [CLEARANCE]    The process clearance is insufficient for the  requested
                      operation.




Oracle Solaris 11.4               12 Oct 2019                         truss(1)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3