Using truss (with examples)
- Sunos
- November 5, 2023
1: Start tracing a program by executing it, following all child processes
Code:
truss -f program
Motivation:
This use case is helpful when we want to trace the system calls made by a program and all its child processes. By using the -f option with truss, we can trace not only the main program but also any subprocesses it spawns.
Explanation:
truss: The command itself.-f: Follows all child processes and traces them as well.program: The name or path of the program we want to trace.
Example Output: The output of this command will display a detailed log of all system calls made by the traced program and its child processes.
2: Start tracing a specific process by its PID
Code:
truss -p pid
Motivation:
In some cases, we may want to trace only a specific process instead of starting a new process. Using the -p option with truss, we can attach to an existing process and monitor its system calls.
Explanation:
truss: The command itself.-p: Attaches to a specific process by its process ID (PID).pid: The process ID of the process we want to trace.
Example Output: The output of this command will show the system calls made by the traced process.
3: Start tracing a program by executing it, showing arguments and environment variables
Code:
truss -a -e program
Motivation:
In some debugging scenarios, it can be useful to see the arguments and environment variables passed to a program during its execution. By using the -a and -e options with truss, we can capture this information along with the system calls.
Explanation:
truss: The command itself.-a: Shows the arguments passed to the traced program.-e: Shows the environment variables used by the traced program.program: The name or path of the program we want to trace.
Example Output: The output of this command will include the arguments and environment variables passed to the traced program, along with the system calls it makes.
4: Count time, calls, and errors for each system call and report a summary on program exit
Code:
truss -c -p pid
Motivation:
When analyzing system call behavior, it can be helpful to gather statistics such as the total time spent, the number of calls made, and any errors encountered for each system call. By using the -c option with truss, we can obtain this summary information.
Explanation:
truss: The command itself.-c: Enables counting of time, calls, and errors for each system call.-p: Attaches to a specific process by its process ID (PID).pid: The process ID of the process we want to trace.
Example Output: When the traced program exits, the output of this command will display a summary that includes the total time, number of calls, and any errors encountered for each system call made by the program.
5: Trace a process filtering output by system call
Code:
truss -p pid -t system_call_name
Motivation:
In situations where we are specifically interested in monitoring a particular system call, it can be useful to filter the output of truss to only show the relevant information related to that system call. By using the -t option with truss, we can narrow down the output to a specific system call.
Explanation:
truss: The command itself.-p: Attaches to a specific process by its process ID (PID).pid: The process ID of the process we want to trace.-t: Filters the output to only show information related to a specific system call.system_call_name: The name of the system call we want to trace.
Example Output: The output of this command will display the specific information related to the traced system call made by the process. This can help in isolating and analyzing the behavior of that particular system call.
