跟踪以附加到多线程进程 [英] Stracing to attach to a multi-threaded process

问题描述

如果我要跟踪(所有线程的)多线程进程，该怎么办?

If I want to strace a multi-threaded process (of all of its threads), how should I do it?

我知道可以执行strace -f来执行分叉的过程吗?但是，当我开始跟踪时，如何附加到已经是多线程的进程呢?是一种告诉strace跟踪属于该进程的所有线程的所有系统调用的方法吗?

I know that one can do strace -f to follow forked process? But how about attaching to a process which is already multi-threaded when I start stracing? Is a way to tell strace to trace all of system calls of all the threads which belong to this process?

推荐答案

2021更新

strace -fp PID 在我的系统上做的正确(Ubuntu 20.04.1 LTS). strace 手册页指出了这一点:

2021 update

strace -fp PID just does the right thing on my system (Ubuntu 20.04.1 LTS). The strace manual page points this out:

       -f          Trace  child  processes  as  they are created by currently traced processes as a result of the fork(2), vfork(2) and clone(2) system
                   calls.  Note that -p PID -f will attach all threads of process PID if it is multi-threaded, not only thread with thread_id = PID.

像这样的文本是在2013年添加的.如果当时 -f 在我的系统上有此行为，我没有意识到.现在可以了！

Looks like this text was added back in 2013. If -f had this behavior on my system at the time, I didn't realize it. It does now, though!

我只是通过列出要跟踪的所有提示以一种笨拙的方式做到了这一点.

I just did this in a kludgy way, by listing each tid to be traced.

您可以通过 ps 找到它们:

$ ps auxw -T | fgrep program_to_trace
me pid tid1 ...
me pid tid2 ...
me pid tid3 ...
me pid tid4 ...

，然后根据 man strace ，您可以一次附加到多个pid:

and then, according to man strace, you can attach to multiple pids at once:

   -p pid      Attach to the process with the process ID pid and begin tracing.  The trace may be terminated at any time by a  keyboard  interrupt
               signal  (CTRL-C).  strace will respond by detaching itself from the traced process(es) leaving it (them) to continue running.  Mul‐
               tiple -p options can be used to attach to up to 32 processes in addition to command (which is optional if at least one -p option is
               given).

它说 pid ，但是在Linux上的iirc pid和tid共享相同的名称空间，这似乎可以工作:

It says pid, but iirc on Linux the pid and tid share the same namespace, and this appeared to work:

$ strace -f -p tid1 -p tid2 -p tid3 -p tid4

我认为这可能是您目前可以做的最好的事情.但我想有人可以用标记来扩展 strace 来扩展tid.在找到流程并附加到流程之间可能仍会存在竞赛，这将错过新开始的流程.它符合关于 strace -f 的现有警告:

I think that might be the best you can do for now. But I suppose someone could extend strace with a flag for expanding tids. There would probably still be a race between finding the processes and attaching to them in which a freshly started one would be missed. It'd fit in with the existing caveat about strace -f:

   -f          Trace child processes as they are created by currently traced processes as a result of the fork(2) system call.

               On non-Linux platforms the new process is attached to as soon as its pid is known (through the return value of fork(2) in the  par‐
               ent process). This means that such children may run uncontrolled for a while (especially in the case of a vfork(2)), until the par‐
               ent is scheduled again to complete its (v)fork(2) call.  On Linux the child is traced from its first instruction with no delay.  If
               the  parent  process  decides  to  wait(2)  for  a child that is currently being traced, it is suspended until an appropriate child
               process either terminates or incurs a signal that would cause it to terminate (as determined from the child's current signal dispo‐
               sition).

               On SunOS 4.x the tracing of vforks is accomplished with some dynamic linking trickery.

这篇关于跟踪以附加到多线程进程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！