From Helpful
Jump to: navigation, search

Shell, admin, and both:

Shell - command line and bash notes · shell login - profiles and scripts ·· find and xargs and parallel · screen and tmux
Linux admin - disk and filesystem · users and permissions · Debugging · security enhanced linux · health and statistics · kernel modules · YP notes · unsorted and muck
Logging and graphing - Logging · RRDtool and munin notes
Network admin - Firewalling and other packet stuff ·

Remote desktops
VNC notes
XDMCP notes

This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)

What-does-it-spit-out debugging

print statements

For simple bugs this is simple, effective, though you should later either take them out or turn them into filterable logging instead.


Live debugging

From the IDE


  • Step into: Go into the called function's workings. (does the same as 'over' if not a call)
  • Step over: Perform evaluation/call, but don't go into it, and don't display ("I trust this, give me the next thing at the current level")
  • Step out: "I've seen enough of this function's guts, go (back) to its caller."

Note: while 'over' may suggest skipping code execution, none of the options skip execution - it just means skipping its debugger display.

Debug and performance inspection tools


This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)

(On solaris, see truss)

finds syscalls a program makes, prints to stderr.

Great for debugging when programs don't say enough, and for workload characterization for things that seem slow.

strace can run a command for you, or attach to a running process via its PID (-p)

For things that fork off, you'll want -f

To compare time spent in each syscall, use

You can filter what syscalls are reported using their names, and with a few existing categorizations:

  • file: any file-related calls (access, state, read, write, etc.)
  • desc: file descriptor related
  • process: process management, e.g. fork, wait,l exec
  • network
  • signal
  • ipc
  • memory

For example:

# only mention open() calls
strace -eopen ls     
# see whether there are a bulk of stat()s done (for how many, use -c)
strace -estat,fstat,lstat,newfstatat  find /tmp
# see what progrms are invoked
strace -f -eprocess  service apache2 status 
# summarize time spent in each syscall
strace -c  ls -l /proc

# comparing e.g. ls on small and large dirs
strace -c ls -l /data/largedir
For example, say you notice that
ls -l
seems to do a lot of lgetxattr()s.
would show that for large directories getdents dwarfs everything, and in general it's nearly free assuming that you've just lstat()ted.


An execution shim that shows calls into shared libraries.


Page Cache statistics

For individual files, find how much is in the page cache

See also :

echo l > /proc/sysrq-trigger the backtrace for what's on each CPU.

Writes it to dmesg, which often also goes to something like kern.log, syslog / messages

kernel profiler sources


(kernel functions)

kernel tracepoints


userspace profiler sources


(userspace functions)

USDT (Userland Statically Defined Tracing)

A way of embedding dtrace probes into an app

LTTng userspace

profiler tools / frontends

(Note that some basic things can be gotten from /proc)

dtrace (solaris, also freebsd, linux, osx, smartos)

Very cool tools originating on Solaris.

The rest are ports, some close to the Solaris version, some further away.

perf (linux)

a.k.a. perf_events

systemtap (linux)

systemtap seems to imitate dtrace decently


BPF (linux, bsd, more?)

extended Berkeley Packet Filter (eBPF, also just BPF) originated in network packet filtering, but grew so flexible that it is also very useful for system tracing (so now needs a new name).

The thing that allows it to be safe, flexible, and fast is that it compiles user requests into sandboxed bytecode in the kernel.




Instruments (osx)

Xperf (windows)

flame graphs

This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)

Flame graphs are geared to show how common a particular stack is.

It serves a similar function to a profiler that shows time spent per function, but adds the call path.

Note it does not show things over time, and relies on specific stacks being commonly sampled to show it as taking more time (and approximate the time spent).

Since it came from Brendan Gregg, who specializes in digging into the system itself, there are various sources of these things that dig into kernel use, like syscalls or network efficiency - basically scripts that use dtrace, perf, SystemTap, and whatnot and reformat their output. Various runtimes can also output things useful for these.

The file format is basically just lines of

stackpart;stackpart;stackpart count

The count is technically optional, but can make these files a lot shorter.

The original tool is [1], and see also [2], and there are various that imitate it, like [ stackvis]

It's somewhat associated with statistical profiling -- that is, sampling only sort-of-often (and preferably a bit more randomly), so you don't need profiling hooks, and you see less bias from the presence of said hooks.

Chrome has Flame Charts, which does use uses time


NVidia profiler tools

Post-mortem debugging

Debug symbols

GNU debugger