Strace
Encyclopedia
strace is a debugging utility for Linux
and some other Unix-like
systems to monitor the system call
s used by a program and all the signals it receives, similar to "truss
" utility in other Unix systems. This is made possible by a kernel feature known as ptrace
.
A similar utility is provided by Cygwin
.
An alternative application is to use the -p flag to attach to a running process. This is useful if a process has stopped responding, and might reveal, for example, that the process is blocking whilst attempting to make a network connection.
As strace only details system calls it cannot be used to detect as many problems as a code debugger such as GNU Debugger
(gdb). It is, however, easier to use than a code debugger, and is an extremely useful tool for system administrators.
The above fragment is only a small part of the output of strace when run on the 'ls
' command. It shows that the current working directory is opened, inspected and its contents retrieved. The resulting list of file names is written to standard output.
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
and some other Unix-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
systems to monitor the system call
System call
In computing, a system call is how a program requests a service from an operating system's kernel. This may include hardware related services , creating and executing new processes, and communicating with integral kernel services...
s used by a program and all the signals it receives, similar to "truss
Truss (Unix)
truss is a system tool available on some Unix-like operating systems. When invoked with an additional executable command-line argument, truss makes it possible to print out the system calls made by and the signals received by this executable command-line argument...
" utility in other Unix systems. This is made possible by a kernel feature known as ptrace
Ptrace
ptrace is a system call found in several Unix and Unix-like operating systems. By using ptrace one process can control another, enabling the controller to inspect and manipulate the internal state of its target...
.
A similar utility is provided by Cygwin
Cygwin
Cygwin is a Unix-like environment and command-line interface for Microsoft Windows. Cygwin provides native integration of Windows-based applications, data, and other system resources with applications, software tools, and data of the Unix-like environment...
.
Usage
The most common usage is to start a program using strace, which prints a list of system calls made by the program. This is useful if the program continually crashes, or does not behave as expected; for example using strace may reveal that the program is attempting to access a file which does not exist or cannot be read.An alternative application is to use the -p flag to attach to a running process. This is useful if a process has stopped responding, and might reveal, for example, that the process is blocking whilst attempting to make a network connection.
As strace only details system calls it cannot be used to detect as many problems as a code debugger such as GNU Debugger
GNU Debugger
The GNU Debugger, usually called just GDB and named gdb as an executable file, is the standard debugger for the GNU software system. It is a portable debugger that runs on many Unix-like systems and works for many programming languages, including Ada, C, C++, Objective-C, Free Pascal, Fortran, Java...
(gdb). It is, however, easier to use than a code debugger, and is an extremely useful tool for system administrators.
Example strace output
The following is an example of typical output of the strace command :
open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
fcntl64(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
getdents64(3, /* 18 entries */, 4096) = 496
getdents64(3, /* 0 entries */, 4096) = 0
close(3) = 0
fstat64(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f2c000
write(1, "autofs\nbackups\ncache\nflexlm\ngames"..., 86autofsA
The above fragment is only a small part of the output of strace when run on the 'ls
Ls
In computing, ls is a command to list files in Unix and Unix-like operating systems. ls is specified by POSIX and the Single UNIX Specification.- History :An ls utility appeared in the original version of AT&T UNIX...
' command. It shows that the current working directory is opened, inspected and its contents retrieved. The resulting list of file names is written to standard output.
Other Tools
There are other similar, and sometimes more powerful, instrumentation tools on other platforms.- LinuxLinuxLinux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
has ltraceLtraceltrace is a debugging utility in Linux to monitor the library calls used by a program and all the signals it receives. It can also show system calls, used by a program.- See also :* strace - system call tracer for linux* ktrace - system call tracer for *BSD...
, which can trace library and system calls - LinuxLinuxLinux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
distributions after 2006 have SystemTapSystemTapIn computing, SystemTap is the primary scripting language and tool for dynamically instrumenting running production Linux operating systems... - Linux also has trace-cmd and KernelShark, which are built on top of ftrace
- Solaris has TrussTruss (Unix)truss is a system tool available on some Unix-like operating systems. When invoked with an additional executable command-line argument, truss makes it possible to print out the system calls made by and the signals received by this executable command-line argument...
and DTraceDTraceDTrace is a comprehensive dynamic tracing framework created by Sun Microsystems for troubleshooting kernel and application problems on production systems in real time... - AIX provides TrussTruss (Unix)truss is a system tool available on some Unix-like operating systems. When invoked with an additional executable command-line argument, truss makes it possible to print out the system calls made by and the signals received by this executable command-line argument...
command - HP-uxHP-UXHP-UX is Hewlett-Packard's proprietary implementation of the Unix operating system, based on UNIX System V and first released in 1984...
offers the Tusc command - FreeBSDFreeBSDFreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...
provides the TrussTruss (Unix)truss is a system tool available on some Unix-like operating systems. When invoked with an additional executable command-line argument, truss makes it possible to print out the system calls made by and the signals received by this executable command-line argument...
command, ktraceKtracektrace is a utility included with certain versions of BSD Unix and Mac OS X that traces kernel interaction with a program and dumps it to disk for debugging and analysis...
and DTraceDTraceDTrace is a comprehensive dynamic tracing framework created by Sun Microsystems for troubleshooting kernel and application problems on production systems in real time... - NetBSDNetBSDNetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,...
provides ktraceKtracektrace is a utility included with certain versions of BSD Unix and Mac OS X that traces kernel interaction with a program and dumps it to disk for debugging and analysis...
and DTraceDTraceDTrace is a comprehensive dynamic tracing framework created by Sun Microsystems for troubleshooting kernel and application problems on production systems in real time... - OpenBSDOpenBSDOpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995...
uses ktraceKtracektrace is a utility included with certain versions of BSD Unix and Mac OS X that traces kernel interaction with a program and dumps it to disk for debugging and analysis...
and kdump - Mac OS XMac OS XMac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
provides ktrace (10.4 and earlier) and DTraceDTraceDTrace is a comprehensive dynamic tracing framework created by Sun Microsystems for troubleshooting kernel and application problems on production systems in real time...
(from Solaris) in 10.5 and later. http://docs.info.apple.com/article.html?artnum=305893 - MS WindowsMicrosoft WindowsMicrosoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
has a similar tool called StraceNT created by Pankaj Garg. http://www.intellectualheaven.com/default.asp?BH=projects&H=strace.htm
See also
- ktraceKtracektrace is a utility included with certain versions of BSD Unix and Mac OS X that traces kernel interaction with a program and dumps it to disk for debugging and analysis...
- ltraceLtraceltrace is a debugging utility in Linux to monitor the library calls used by a program and all the signals it receives. It can also show system calls, used by a program.- See also :* strace - system call tracer for linux* ktrace - system call tracer for *BSD...
- lsofLsoflsof is a command meaning "list open files", which is used in many Unix-like systems to report a list of all open files and the processes that opened them. This open source utility was developed and supported by Vic Abell, the retired Associate Director of the Purdue University Computing Center...
- gdb
- List of Unix programs