Using strace to show system calls
I started the chapter with the simple and ubiquitous tool, top
, and I will finish with another: strace
. It is a very simple tracer that captures system calls made by a program and, optionally, its children. You can use it to do the following:
Learn which system calls a program makes.
Find those system calls that fail together with the error code. I find this useful if a program fails to start but doesn't print an error message or if the message is too general.
strace
shows the failing syscall.Find which files a program opens.
Find out what syscalls a running program is making, for example to see if it is stuck in a loop.
There are many more examples online, just search for strace
tips and tricks. Everybody has their own favorite story, for example, http://chadfowler.com/blog/2014/01/26/the-magic-of-strace
strace
uses the ptrace(2)
function to hook calls from user space to the kernel. If you want to know more about how ptrace
works, the man page is detailed and...