之前使用ftrace的时候需要一系列的配置,使用起来有点繁琐,这里推荐一个ftrace的一个前端工具,它就是trace-cmd
trace-cmd安装教程
安装trace-cmd及其依赖库
git clone https://git.kernel.org/pub/scm/libs/libtrace/libtraceevent.git/
cd libtraceevent
make
sudo make installgit clone https://git.kernel.org/pub/scm/libs/libtrace/libtracefs.git/
cd libtracefs
make
sudo make installgit clone https://git.kernel.org/pub/scm/linux/kernel/git/rostedt/trace-cmd.git
make
make libs
sudo make install
sudo make install_libs
安装 kernelshark 依赖
sudo apt-get install build-essential git cmake libjson-c-dev -y
sudo apt-get install freeglut3-dev libxmu-dev libxi-dev -y
sudo apt-get install flex bison -y
sudo apt-get install fonts-freefont-ttf -y
sudo apt-get install qtbase5-dev -y
下载kernelshark并安装
git clone git://git.kernel.org/pub/scm/utils/trace-cmd/kernel-shark.git
cd kernel-shark/build
cmake ../
make
sudo ./install_gui.sh
注意:禁止使用
sudo apt-get install kernelshark
安装!cmake 版本必须在3.12以上。cmake版本更新方法参考:https://blog.csdn.net/qq_27350133/article/details/121994229
trace-cmd使用方法
可以使用trace-cmd -h
看下支持那些命令。
trace-cmd COMMAND清单
trace-cmd version 3.1.6 ()usage:trace-cmd [COMMAND] ...commands:record - record a trace into a trace.dat fileset - set a ftrace configuration parameterstart - start tracing without recording into a fileextract - extract a trace from the kernelstop - stop the kernel from recording trace datarestart - restart the kernel trace data recordingshow - show the contents of the kernel tracing bufferreset - disable all kernel tracing and clear the trace buffersclear - clear the trace buffersreport - read out the trace stored in a trace.dat filestream - Start tracing and read the output directlyprofile - Start profiling and read the output directlyhist - show a histogram of the trace.dat informationstat - show the status of the running tracing (ftrace) systemsplit - parse a trace.dat file into smaller file(s)options - list the plugin options available for trace-cmd reportlisten - listen on a network socket for trace clientsagent - listen on a vsocket for trace clientssetup-guest - create FIFOs for tracing guest VMslist - list the available events, plugins or optionsrestore - restore a crashed recordsnapshot - take snapshot of running tracestack - output, enable or disable kernel stack tracingcheck-events - parse trace event formatsdump - read out the meta data from a trace fileconvert - convert trace file to different version
record
记录trace信息到trace.dat 。
trace-cmd record ['OPTIONS'] ['command']
跟踪ls进程函数调用过程
# trace-cmd record -p function -e sched_switch ls > /dev/null# trace-cmd reportls-13587 [002] 106467.860310: function: hrtick_start_fair <-- pick_next_task_fairls-13587 [002] 106467.860313: sched_switch: prev_comm=trace-cmd prev_pid=13587 prev_prio=120 prev_state=R ==> next_comm=trace-cmd next_pid=13583 next_prio=120trace-cmd-13585 [001] 106467.860314: function: native_set_pte_at <-- __do_faulttrace-cmd-13586 [003] 106467.860314: function: up_read <-- do_page_faultls-13587 [002] 106467.860317: function: __phys_addr <-- scheduletrace-cmd-13585 [001] 106467.860318: function: _raw_spin_unlock <-- __do_faultls-13587 [002] 106467.860320: function: native_load_sp0 <-- __switch_totrace-cmd-13586 [003] 106467.860322: function: down_read_trylock <-- do_page_fault
使用function_graph
跟踪irq_handler_entry
跟踪点的do_IRQ
函数。
# trace-cmd record -p function_graph -e irq_handler_entry -l do_IRQ sleep 10# trace-cmd report<idle>-0 [000] 157412.933969: funcgraph_entry: | do_IRQ() {<idle>-0 [000] 157412.933974: irq_handler_entry: irq=48 name=eth0<idle>-0 [000] 157412.934004: funcgraph_exit: + 36.358 us | }<idle>-0 [000] 157413.895004: funcgraph_entry: | do_IRQ() {<idle>-0 [000] 157413.895011: irq_handler_entry: irq=48 name=eth0<idle>-0 [000] 157413.895026: funcgraph_exit: + 24.014 us | }<idle>-0 [000] 157415.891762: funcgraph_entry: | do_IRQ() {<idle>-0 [000] 157415.891769: irq_handler_entry: irq=48 name=eth0<idle>-0 [000] 157415.891784: funcgraph_exit: + 22.928 us | }<idle>-0 [000] 157415.934869: funcgraph_entry: | do_IRQ() {<idle>-0 [000] 157415.934874: irq_handler_entry: irq=48 name=eth0<idle>-0 [000] 157415.934906: funcgraph_exit: + 37.512 us | }<idle>-0 [000] 157417.888373: funcgraph_entry: | do_IRQ() {<idle>-0 [000] 157417.888381: irq_handler_entry: irq=48 name=eth0<idle>-0 [000] 157417.888398: funcgraph_exit: + 25.943 us | }
OPTIONS
和 command
可以使用 trace-cmd record --h
列出。
set
设置ftrace参数配置。
trace-cmd set ['OPTIONS'] ['command']
使能所有的跟踪事件
trace-cmd set -e all
设置function tracer
trace-cmd set -p function
start
开始跟踪,但并不记录信息到文件。
trace-cmd start ['OPTIONS']
extract
从tracer中提取跟踪信息,一般用在start 和stop之后。也可以将跟踪信息从ring buffer 提取到trace.dat。
trace-cmd extract ['OPTIONS']
stop
停止向ring buffer写入跟踪信息。
restart
重新开始记录跟踪信息
show
显示tracing buffer中的信息(trace, snapshot, trace_pipe)。类似于 cat /sys/kernel/debug/tracing/trace
。
trace-cmd show ['OPTIONS']
reset
对ftrace的设置和ring buffer复位。
trace-cmd reset ['OPTIONS']
设置每个cpu的buffer大小为1024
trace-cmd reset -b 1024
删除实例buffer,并重置顶层实例,
trace-cmd reset -t -a -d
clear
清空ring buffer。
trace-cmd clear ['OPTIONS']
清空所有buffer,包括top level
trace-cmd clear -a
清空指定buffer
trace-cmd clear -B buffer-name
report
读取trace的信息,并存储在trace.dat。
trace-cmd report ['OPTIONS'] ['input-file']
# trace-cmd reporttrace-cmd-16129 [002] 158126.498411: function: __mutex_unlock_slowpath <-- mutex_unlocktrace-cmd-16131 [000] 158126.498411: kmem_cache_alloc: call_site=811223c5 ptr=0xffff88003ecf2b40 bytes_req=272 bytes_alloc=320 gfp_flags=GFP_KERNEL|GFP_ZEROtrace-cmd-16130 [003] 158126.498411: function: do_splice_to <-- sys_splicesleep-16133 [001] 158126.498412: function: inotify_inode_queue_event <-- vfs_writetrace-cmd-16129 [002] 158126.498420: lock_release: 0xffff88003f1fa4f8 &sb->s_type->i_mutex_keytrace-cmd-16131 [000] 158126.498421: function: security_file_alloc <-- get_empty_filpsleep-16133 [001] 158126.498422: function: __fsnotify_parent <-- vfs_writetrace-cmd-16130 [003] 158126.498422: function: rw_verify_area <-- do_splice_totrace-cmd-16131 [000] 158126.498424: function: cap_file_alloc_security <-- security_file_alloctrace-cmd-16129 [002] 158126.498425: function: syscall_trace_leave <-- int_check_syscall_exit_worksleep-16133 [001] 158126.498426: function: inotify_dentry_parent_queue_event <-- vfs_writetrace-cmd-16130 [003] 158126.498426: function: security_file_permission <-- rw_verify_areatrace-cmd-16129 [002] 158126.498428: function: audit_syscall_exit <-- syscall_trace_leave
记录除function traces 之外的所有跟踪信息
# trace-cmd report -v -F 'function'trace-cmd-16131 [000] 158126.498411: kmem_cache_alloc: call_site=811223c5 ptr=0xffff88003ecf2b40 bytes_req=272 bytes_alloc=320 gfp_flags=GFP_KERNEL|GFP_ZEROtrace-cmd-16129 [002] 158126.498420: lock_release: 0xffff88003f1fa4f8 &sb->s_type->i_mutex_keytrace-cmd-16130 [003] 158126.498436: lock_acquire: 0xffffffff8166bf78 read all_cpu_access_locktrace-cmd-16131 [000] 158126.498438: lock_acquire: 0xffff88003df5b520 read &fs->locktrace-cmd-16129 [002] 158126.498446: kfree: call_site=810a7abb ptr=0x0trace-cmd-16130 [003] 158126.498448: lock_acquire: 0xffff880002250a80 &per_cpu(cpu_access_lock, cpu)trace-cmd-16129 [002] 158126.498450: sys_exit_splice: 0xfffffff5trace-cmd-16131 [000] 158126.498454: lock_release: 0xffff88003df5b520 &fs->locksleep-16133 [001] 158126.498456: kfree: call_site=810a7abb ptr=0x0sleep-16133 [001] 158126.498460: sys_exit_write: 0x1trace-cmd-16130 [003] 158126.498462: kmalloc: call_site=810bf95b ptr=0xffff88003dedc040 bytes_req=24 bytes_alloc=32 gfp_flags=GFP_KERNEL|GFP_ZERO
只记录kmalloc系统调用中大于1000 bytes 的信息
#trace-cmd report -F 'kmalloc: bytes_req > 1000'<idle>-0 [000] 158128.126641: kmalloc: call_site=81330635 ptr=0xffff88003c2fd000 bytes_req=2096 bytes_alloc=4096 gfp_flags=GFP_ATOMIC
stream
实时在shell中显式ftrace结果。
trace-cmd stream ['OPTIONS'] ['command']
profile
类似于trace-cmd record - profile
命令,但profile不会将跟踪内容写入文件,可以节省磁盘空间,适用于长时间跟踪。
trace-cmd profile ['OPTIONS'] ['command']
hist
对trace.dat显式统计信息。
trace-cmd hist ['OPTIONS']['input-file']
stat
显示当前ftrace的events、ring buffer等情况。
*Instances:* List all configured ftrace instances.*Tracer:* if one of the tracers (like function_graph) is active. Otherwisenothing is displayed.*Events:* Lists the events that are enable.*Event filters:* Shows any filters that are set for any events*Function filters:* Shows any filters for the function tracers*Graph functions:* Shows any functions that the function graph tracer should graph*Buffers:* Shows the trace buffer size if they have been expanded.By default, tracing buffers are in a compressed format until they are used.If they are compressed, the buffer display will not be shown.*Trace clock:* If the tracing clock is anything other than the default "local"it will be displayed.*Trace CPU mask:* If not all available CPUs are in the tracing CPU mask, thenthe tracing CPU mask will be displayed.*Trace max latency:* Shows the value of the trace max latency if it is other than zero.*Kprobes:* Shows any kprobes that are defined for tracing.*Uprobes:* Shows any uprobes that are defined for tracing.*Error log:* Dump the content of ftrace error_log file.
trace-cmd stat ['OPTIONS']
split
以start-time和end-time将trace.dat分为更小的文件。
trace-cmd split ['OPTIONS'] ['start-time' ['end-time']]
options
列出trace-cmd可用的插件。
listen
设置一个端口等待远程连接。连接上后,如果远程主机发来信息,则创建一个trace.HOST:PORT.dat
文件记录信息。
trace-cmd listen -p 'port' ['OPTIONS']
agent
trace-cmd agent通过vsocket或TCP端口侦听连接,以控制对计算机的跟踪。然后,agent将在本地计算机上开始跟踪,并将数据传递给控制连接。
trace-cmd agent ['OPTIONS']
setup-guest
创建用于跟踪虚拟机的fifos
list
显示当前ftrace支持的events、tracers、options。
trace-cmd list ['OPTIONS']
restore
恢复崩溃的trace-cmd-record
文件。
trace-cmd restore ['OPTIONS'] ['command'] cpu-file [cpu-file ...]
snapshot
抓取tracing过程中的快照。
*trace-cmd snapshot* ['OPTIONS']
stack
内核的堆栈跟踪
trace-cmd stack [--start][--stop][--reset]
check-events
解析所有events的格式字符串,有助于检查任何跟踪事件格式字符串
trace-cmd check-events ['OPTIONS']
dump
展示 trace-cmd record
记录的元数据
# trace-cmd dump --summary -i trace.datTracing meta data in file trace.dat:[Initial format]6 [Version]0 [Little endian]8 [Bytes in a long]4096 [Page size, bytes][Header info, 205 bytes][Header event, 205 bytes][Ftrace format, 15 events][Events format, 2 systems][Kallsyms, 7144493 bytes][Trace printk, 2131 bytes][Saved command lines, 117 bytes]8 [CPUs with tracing data][12 options][Flyrecord tracing data]
# trace-cmd dump --summary --systems -i trace.datTracing meta data in file trace.dat:[Initial format]6 [Version]0 [Little endian]8 [Bytes in a long]4096 [Page size, bytes][Header info, 205 bytes][Header event, 205 bytes][Ftrace format, 15 events][Events format, 3 systems]sched 23 [system, events]irq 5 [system, events]kvm 70 [system, events][Kallsyms, 7144493 bytes][Trace printk, 2131 bytes][Saved command lines, 157 bytes]8 [CPUs with tracing data][11 options][Flyrecord tracing data]
convert
将trace file
转换为不同格式。
trace-cmd convert ['OPTIONS'] ['output-file']
将trace file
选择合适的压缩算法,压缩为trace_compress.dat
,
trace-cmd convert --compression any trace_compress.dat
更详细的使用方法详见 https://github.com/rostedt/trace-cmd/tree/master/Documentation/trace-cmd
trace-cmd使用举例
function && function_graph跟踪
列出可用的追踪器
root@firefly:~# trace-cmd list -t
blk function_graph wakeup_dl wakeup_rt wakeup irqsoff function nop
查看可被追踪的函数
root@firefly:~# trace-cmd list -f | grep do_sys_open
do_sys_open
调整函数调用中追踪深度:
root@firefly:~# trace-cmd start -p function_graph --max-graph-depth 5
启用function跟踪并查看输出
root@firefly:~# trace-cmd start -p functionplugin 'function'
root@firefly:~# trace-cmd show | head -20
# tracer: function
#
# entries-in-buffer/entries-written: 231316/448381 #P:6
#
# _-----=> irq / _----= | / _---=> hardirq/softir || / _--=> preempt-depth
# ||| / delay
# TIMESTAMP FUNCTION
# | | |||| | |<idle>-0 [005]607.424217: hrtimer_start_range_ick_nohz_restart<idl-0 [005] dn.. 607.424218: rtimer_base.isra.1 <-hrtimer_start_range_ns<idle>-0 [005] dn.. 607.424219: _raw_spck_irqsave <-lock_hrtimer_base.ia.1<idle>-0 [005n.. 607.424219: do_raw_spin_lock <-_raw_spin_lock_irqsave<idle>-0 [005] dn.. 607.424220: ktime_add_safe <-hrtimer_start_range_ns<idle>-0 [005] dn.. 607.424222: enqueue_hrtimer <-hrtimer_start_range_ns<idle>-0 [005] dn.. 607.424223: tick_program_event <-hrtimer_start_range_ns<idle>-0 [005] dn.. 607.424224: clockevents_program_event <-tick_program_event<idle>-0 [005] dn.. 607.424224: ktime_get <-clockevents_program_event
root@firefly:~#
停止跟踪并清空缓冲区
trace-cmd stop
trace-cmd clear
追踪特定函数
root@firefly:~# trace-cmd start -p function -l do_sys_openplugin 'function'
root@firefly:~# trace-cmd show | head -20
# tracer: function
#
# entries-in-buffer/entries-written: 49/49 #P:6
#
# off
# | / _--- || / _--=> preempt-depth
# ||| / delay
# TASK-PID CPU# |||| IMESTAMP FUNCTION
# | | | |||| | |lxqt-panel-1100 [002] .... 1342.237668: do_sys_open <-SyS_openatsystemd-1 [000] .... 1343.172830: do_sys_open <-SyS_openatsd-resolve-683 [002] .... 1343.173117: do_sys_open <-SyS_openatlxqt-panel-1100 [002] .... 1343.237235: do_sys_open <-SyS_openatlxqt-panel-1100 [002] .... 1344.237580: do_sys_open <-SyS_openatlxqt-panel-1100 [002] .... 1345.237314: do_sys_open <-SyS_openatlxqt-panel-1100 [002] .... 1346.237657: do_sys_open <-SyS_openatlxqt-panel-1100 [002] .... 1347.237311: do_sys_open <-SyS_openathead-1289 [004] .... 1348.034549: do_sys_open <-SyS_openat
不追踪某个函数
root@firefly:~# trace-cmd start -p function -n do_sys_open
追踪特定PID
trace-cmd record -P 10885 -p function_graph
trace-cmd start
和trace-cmd record
参数类似,trace-cmd record
会记录追踪内容到trace.dat。
追踪指定的进程
root@firefly:~# trace-cmd record -p function -F ls
root@firefly:~# trace-cmd report trace.dat | head -20
cpus=6ls-1286 [005] 650.095974: function: mutex_unlockls-1286 [005] 650.095976 function: __mutewpathls-1286 [005] 650.095977: function: _raw_spin_lockls-1286 [005] 650.095977: function: n_lockls-1286 [ 650.095978: function: wake_q_adds-1286 [005] 650.095979: function: _raw_spin_unlockls-1286 [005] 650.095979: function: do_raw_spin_unlockls-1286 [005] 650.095980: function: wake_up_qls-1286 [005] 650.095980: function: try_to_wake_upls-1286 [005] 650.095981: function: _raw_spin_lock_irqsavels-1286 [005] 650.095981: function: do_raw_spin_lockls-1286 [005] 650.095982: function: _raw_spin_lockls-1286 [005] 650.095983: function: do_raw_spin_lockls-1286 [005] 650.095984: function: _raw_spin_unlockls-1286 [005] 650.095984: function: do_raw_spin_unlockls-1286 [005] 650.095984: function: task_waking_fairls-1286 [005] 650.095985: function: record_wakeels-1286 [005] 650.095986: function: select_task_rq_fairls-1286 [005] 650.095986: function: record_wakee
event跟踪
查看所有这些事件的列表:
cat /sys/kernel/debug/tracing/available_events
事件跟踪模板
trace-cmd record -e 'subsystem:event-name'
追踪sched
子系统的sched_switch
事件
root@firefly:~# trace-cmd record -e sched:sched_switch
Hit Ctrl^C to stop recording
^C^C^C^C^CCPU0 data recorded at offset=0x117000214 bytes in size (4096 uncompressed)
CPU1 data recoed at offset=0x118000293 bytes in size (4096 uncompressed)rded at offset=0x119000260096 uncompressed)
CPU3 data recorded at offset=0x11a00011 uncompressed)
CPU4 data recordset=0x11b000260 bytes in sncompressed)
CPU5 data recordedffset=0x11c000914 bytes in size (12288 uncompressed)
root@firefly:~# trace-cmd report trace.dat | head -20
cpus=6trace-cmd-1298 [000] 857.010582: sched_switch: trace-cmd:1298 [120] S 004] 857.010631: sched_switch::1299 [120]<idle>-0 pper/5:0 [120] R ==> trace-cmd:1857.010704: sched_switch: race-cmd:1304 [120]trac sched_switch: trace-cmd==> swapper/4:0 [120]tr [005] 857.010744: sched_switrace-cmd:1304 [120] S ==> swappe0]<idle>-0 [001] swapper/1:0 [120] R ==> [120]<idle>-0 [005] 857.011293: sched_switch: swapper/5:0 [120] R ==> trace-cmd:1300 [120]trace-cmd-1300 [005] 857.011342 trace-cmd:1300 [120] S ==> 120]rcu_sched-7 [00 857.011358: sched_switch: rcu_sched:7 [120] S ==> swapper/1:0 [120]<idle>-0 [001] 857.014074: sched_switch: swapper/1:0 [120] R ==> rcu_sched:7 [120]rcu_sched-7 [001] 857.014150: sched_switch: rcu_sched:7 [120] S ==> swapper/1:0 [120]<idle>-0 [005] 857.014948: sched_switch: swapper/5:0 [120] R ==> kworker/5:2:136 [120]kworker/5:2-136 [005] 857.014971: sched_switch: kworker/5:2:136 [120] S ==> swapper/5:0 [120]<idle>-0 [001] 857.017159: sched_switch: swapper/1:0 [120] R ==> rcu_sched:7 [120]rcu_sched-7 [001] 857.017267: sched_switch: rcu_sched:7 [120] S ==> swapper/1:0 [120]<idle>-0 [001] 857.020239: sched_switch: swapper/1:0 [120] R ==> rcu_sched:7 [120]rcu_sched-7 [001] 857.020336: sched_switch: rcu_sched:7 [120] S ==> swapper/1:0 [120]<idle>-0 [005] 857.058091: sched_switch: swapper/5:0 [120] R ==> kworker/5:2:136 [120]
只打印下一个进程ID大于800的跟踪结果
root@firefly:~# trace-cmd report -F 'sched_switch: next_pid > 800'
cpus=6trace-cmd-1375 [005] 1891.087860: sched_switch: trace-cmd:1375 [120] R 1891.087913: sched_switch: 5 [120]trace-cmd-1376 trace-cmd:1376 [120] R idle>-0 [005] 1891.088014: apper/5:0 [120] R ==> trace-cmd:371 [004] 1891.088048: sched_sh: trace-cmd:1371 [120] 376 [120]<idle>-0 91.090580: sched_switch: r/4:0 [120] R ==> trace-cmd:1373 <idle>-0 [000] 1891.371 swapper/0:0 [120] R ==> kw1342 [120]<idle>-0 1] 1891.403968: sched_switch: swapper/1:0 [120] R ==> gvfs-afc-volume:1161 [120]<idle>-0 [000] 1891.586038: sched_switch: swapper/0:0 [120] R ==> kworker/u12:0:1342 [120]<idle>-0 [001] 1891.586262: sched_switch: swapper/1:0 [120] R ==> trace-cmd:1370 [120]
事件打印格式可参考format
root@firefly:~# cat /sys/kernel/debug/tracing/events/sched/sched_switch/format
name: sched_switch
ID: 250
format:field:unsigned short common_type; offset:0; size:2; signed:0;field:unsigned char common_flags; offset:2; size:1; signed:0;field:unsigned char common_preempt_count; offset:3; size:1; signed:0;field:int common_pid; offset:4; size:4; signed:1;field:char prev_comm[16]; offset:8; size:16; signed:0;field:pid_t prev_pid; offset:24; size:4; signed:1;field:int prev_prio; offset:28; size:4; signed:1;field:long prev_state; offset:32; size:8; signed:1;field:char next_comm[16]; offset:40; size:16; signed:0;field:pid_t next_pid; offset:56; size:4; signed:1;field:int next_prio; offset:60; size:4; signed:1;print fmt: "prev_comm=%s prev_pid=%d prev_prio=%d prev_state=%s%s ==> next_comm=%s next_pid=%d next_prio=%d", REC->prev_comm, REC->prev_pid, REC->prev_prio, REC->prev_state & (4096-1) ? __print_flags(REC->prev_state & (4096-1), "|", { 1, "S"} , { 2, "D" }, { 4, "T" }, { 8, "t" }, { 16, "Z" }, { 32, "X" }, { 64, "x" }, { 128, "K" }, { 256, "W" }, { 512, "P" }, { 1024, "N" }) : "R", REC->prev_state & 4096 ? "+" : "", REC->next_comm, REC->next_pid, REC->next_prio
kernelshark的使用
kernelshark记录事件
通过在命令行输出kernelshark
可以启动kernelshark。通过菜单栏执行Tools->Record,会弹出Capture对话框。
常用的设置有Events和Plugin,比如这里设置了sched_switch和sched_wakeup两个事件,选择了function_graph插件。
然后点击apply应用配置,capture开始捕获。ctrl+c可以停止捕获。
Close关闭后,可以在Kenelshark中查看细节。
可以看出这里不光显示了sched_switch和sched_wakeup事件,同时还显示了function_graph函数调用。
数据过滤
通常获取的数据需要进行一些过滤,才能发现问题。
filter提供了丰富的过滤功能,比如过滤事件,CPU,Tasks等。
也可以使用高级过滤功能,可以
如果想清除所有过滤信息,点击clear all filters 即可。
图表过滤
Plots提供了CPU和Tasks的过滤,如下所示,我们选择只展示CPU0的nautilus进程。
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-sl34jTy7-1680877394097)(C:\Users\39580\AppData\Roaming\Typora\typora-user-images\image-20230204214745791.png)]
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Zh2FNyDh-1680877394097)(C:\Users\39580\AppData\Roaming\Typora\typora-user-images\image-20230204214800081.png)]
最后筛选结果
其它功能
还有一些其它有用的功能,比如搜索功能,选定要搜索的Column,文本框中输入字符串即可。
如下,我们筛选出PDI为3038的进程,总共找到44831个,当前是第1937个。
本文参考
https://git.kernel.org/pub/scm/utils/trace-cmd/kernel-shark.git/about/
https://git.kernel.org/pub/scm/linux/kernel/git/rostedt/trace-cmd.git/about/
https://github.com/rostedt/trace-cmd/tree/master/Documentation/trace-cmd
https://www.cnblogs.com/arnoldlu/p/9014365.html
https://cloud.tencent.com/developer/article/1876479
https://simpleiot.blog.csdn.net/article/details/103587609