How to use the command strace (with examples)
- Linux
- December 25, 2023
The strace command is a troubleshooting tool that allows you to trace system calls performed by a program or process. It can be used to debug and understand the behavior of an application by providing detailed information about the system calls it makes.
Use case 1: Start tracing a specific process by its PID
Code:
strace -p pid
Motivation:
Sometimes you may need to analyze the behavior of a specific process to identify issues or understand its functionality. To do so, you can use strace to trace the system calls made by the process with the given process ID (PID).
Explanation:
strace: The command itself.-p pid: Specifies the PID of the process you want to trace.
Example output:
strace: Process xyz attached
syscall_1(...)
syscall_2(...)
...
Use case 2: Trace a process and filter output by system call
Code:
strace -p pid -e system_call_name
Motivation:
When tracing a process, you may only be interested in a specific system call that the process makes. Using the -e option allows you to filter the output of strace and focus on the relevant system call.
Explanation:
-e system_call_name: Specifies the name of the system call you want to trace. Replacesystem_call_namewith the actual name of the system call.
Example output:
strace: Process xyz attached
system_call_name(...)
system_call_name(...)
...
Use case 3: Count time, calls, and errors for each system call and report a summary on program exit
Code:
strace -p pid -c
Motivation:
Understanding the performance and behavior of a program often involves analyzing the number of system calls it makes, the time spent in each call, and any errors encountered. This use case provides a summary of these metrics when the traced program exits.
Explanation:
-c: Enables the counting of time, calls, and errors for each system call.
Example output:
% time seconds usecs/call calls errors syscall
------ ----------- ----------- --------- --------- ----------------
97.28 0.005844 53 110 ioctl
2.17 0.000130 13 10 read
0.37 0.000022 11 2 close
Use case 4: Show the time spent in every system call
Code:
strace -p pid -T
Motivation:
To determine where a program may be spending excessive time, it can be useful to trace the time spent in each system call. This can help identify bottlenecks and optimize the program’s performance.
Explanation:
-T: Enables the display of the time spent in each system call.
Example output:
strace: Process xyz attached
syscall_1(...) = 0 <0.000057>
syscall_2(...) = 1 <0.000023>
...
Use case 5: Start tracing a program by executing it
Code:
strace program
Motivation:
Sometimes it is easier to start tracing a program at the moment it is executed rather than attaching to an already running process. This use case allows you to start the strace trace immediately upon executing the target program.
Explanation:
program: The name or path of the program you want to trace.
Example output:
strace: Process xyz attached
syscall_1(...)
syscall_2(...)
...
Use case 6: Start tracing file operations of a program
Code:
strace -e trace=file program
Motivation:
If you want to focus specifically on the file operations performed by a program, you can use this use case. It limits the trace output to only file-related system calls, providing detailed information about the file interactions of the program.
Explanation:
-e trace=file: Specifies that only file-related system calls should be traced.
Example output:
strace: Process xyz attached
open("/path/to/file.txt", O_RDONLY) = 3
read(3, "Hello, world!", 13) = 13
close(3) = 0
Conclusion:
The strace command is a powerful tool for tracing system calls and provides valuable insights into the behavior of programs and processes. By using a variety of options, you can tailor the output to meet your specific needs, whether it’s troubleshooting issues, optimizing performance, or analyzing file operations.
