Strace

Last updated
strace
Original author(s) Paul Kranenburg
Developer(s) Dmitry Levin
Stable release
6.7 [1]   OOjs UI icon edit-ltr-progressive.svg / 29 January 2024;32 days ago (29 January 2024)
Repository
Written in C [2]
Operating system Linux
Platform AArch64, DEC Alpha, ARC, ARM EABI/OABI, AVR32, Blackfin, C-SKY, HP PA-RISC, IA-32, IA-64, LoongArch, Motorola 68k, Imagination META, MicroBlaze, MIPS, Nios II, OpenRISC, Power ISA 32/64 bit, RISC-V, System/390/z/Architecture, SuperH 32/64 bit, SPARC 32/64 bit, TILE, TILEPro, TILE-Gx, x86-64, x32 ABI, Xtensa
Available in English [note 1]
Type Debugging
License LGPL v2.1+ [note 2] [4]
Website strace.io   OOjs UI icon edit-ltr-progressive.svg

strace is a diagnostic, debugging and instructional userspace utility for Linux. It is used to monitor and tamper with interactions between processes and the Linux kernel, which include system calls, signal deliveries, and changes of process state. The operation of strace is made possible by the kernel feature known as ptrace.

Contents

Some Unix-like systems provide other diagnostic tools similar to strace, such as truss.

History

Strace was originally written for SunOS by Paul Kranenburg in 1991, according to its copyright notice, and published early in 1992, in volume three of comp.sources.sun. The initial README file contained the following: [5]

strace(1) is a system call tracer for Sun(tm) systems much like the Sun supplied program trace(1). strace(1) is a useful utility to sort of debug programs for which no source is available which unfortunately includes almost all of the Sun supplied system software.

Later, Branko Lankester ported this version to Linux, releasing his version in November 1992 with the second release following in 1993. [6] [7] Richard Sladkey combined these separate versions of strace in 1993, and ported the program to SVR4 and Solaris in 1994, [8] resulting in strace 3.0 that was announced in comp.sources.misc in mid-1994. [9]

Beginning in 1996, strace was maintained by Wichert Akkerman. During his tenure, strace development migrated to CVS; ports to FreeBSD and many architectures on Linux (including ARM, IA-64, MIPS, PA-RISC, PowerPC, s390, SPARC) were introduced. In 2002, the burden of strace maintainership was transferred to Roland McGrath. Since then, strace gained support for several new Linux architectures (AMD64, s390x, SuperH), bi-architecture support for some of them, and received numerous additions and improvements in syscalls decoders on Linux; strace development migrated to git during that period. Since 2009, strace is actively maintained by Dmitry Levin. strace gained support for AArch64, ARC, AVR32, Blackfin, Meta, Nios II, OpenSISC 1000, RISC-V, Tile/TileGx, Xtensa architectures since that time.

The last version of strace that had some (evidently dead) [10] code for non-Linux operating systems was 4.6, released in March 2011. [11] In strace version 4.7, released in May 2012, [12] all non-Linux code had been removed; [13] since strace 4.13, [14] the project follows Linux kernel's release schedule, and with the version 5.0, [15] it follows Linux's versioning scheme as well.

In 2012 strace also gained support for path tracing and file descriptor path decoding. [16] In August 2014, strace 4.9 was released, [17] [18] where support for stack traces printing was added. In December 2016, [19] [20] syscall fault injection feature was implemented.

Version history

Version Release date Notable changes
6.226 February 2023 [21] Implemented collision resolution for overlapping terminal/sound ioctl commands
6.112 December 2022 [22] Enhanced decoding of statx syscall and terminal ioctl commands
6.029 October 2022 [23] Enhanced decoding of setns syscall and PTP_* ioctl commands
5.1912 August 2022 [24] The "(deleted)" marker of unlinked file descriptor paths is no longer interpreted as a part of a path; enhanced decoding of arch_prctl, io_uring_register, and prctl syscalls; enhanced decoding of siginfo_t structure
5.1818 June 2022 [25]
5.1726 March 2022 [26] Added support for a new set_mempolicy_home_node syscall on Linux
5.1610 January 2022 [27] Added support for printing SELinux context mismatches (--secontext=mismatch option); added support for a new futex_waitv syscall on Linux
5.151 December 2021 [28]
5.142 September 2021 [29] Added support for the new memfd_secret and quotactl_fd syscalls decoding
5.1318 July 2021 [30] Implemented System Call Vectored ABI support on the IBM POWER architecture
5.1226 April 2021 [31] Added support for the new mount_setattr syscall decoding
5.1117 February 2021 [32] Added option for injecting data on syscall entry/exit (poke_enter= and poke_exit= parameters of the --inject option); added support for the new epoll_pwait2 syscall decoding; imlemented decoding of FS_IOC_FS[GS]ETXATTR, FS_IOC{,32}_[GS]ETFLAGS, GPIO_*, SIOCADDMULTI, SIOCDELMULTI, SIOCGIFENCAP, SIOCOUTQNSD, SIOCSIFENCAP, SIOCSIFHWBROADCAST, UBI_IOCRPEB, UBI_IOCSPEB, V4L2_BUF_TYPE_META_CAPTURE, V4L2_BUF_TYPE_META_OUTPUT, and VIDIOC_QUERY_EXT_CTRL ioctl commands
5.1014 December 2020 [33] Stack tracing is supported for non-native personalities when compiled with libdw; added support for process_madvise syscall decoding
5.924 September 2020 [34] Added support for close_range syscall decoding; added support for TEE_* ioctl decoding; implemented decoding of {msg,msq,sem}info and {msg,msq,sem}id_ds structures used in the respective System V IPC syscalls commands
5.86 August 2020 [35] Changed the list of syscalls covered by the %process group to contain syscalls associated with process lifecycle: kill, tkill, tgkill, pidfd_send_signal, and rt_sigqueueinfo were added, arch_prctl and unshare were removed; added support for faccessat2 syscall decoding; added support for LOOP_CONFIGURE ioctl decoding
5.71 June 2020 [36]
5.67 April 2020 [37] Added long option aliases along with possibilities for more precise option specifications via -e quiet/--quiet, -e decode-fds/--decode-fds, --absolute-timestamps, --relative-timestamps, and --syscall-times options; implemented various syscall statistics improvements
5.56 February 2020 [38]
5.428 November 2019 [39]
5.325 September 2019 [40]
5.212 July 2019 [41]
5.122 May 2019 [42]
5.019 March 2019 [43]
4.2626 December 2018 [44]
4.2530 October 2018 [45]
4.2414 August 2018 [46]
4.2314 June 2018 [47]
4.225 April 2018 [48]
4.2113 February 2018 [49]
4.2013 November 2017 [50]
4.195 September 2017 [51]
4.185 July 2017 [52]
4.1724 May 2017 [53]
4.1614 February 2017 [54]
4.1514 December 2016 [55]
4.144 October 2016 [56]
4.1326 July 2016 [57]
4.1231 May 2016 [58]
4.1121 December 2015 [59]
4.106 March 2015 [60]
4.915 August 2014 [61]
4.83 June 2013 [62]
4.72 May 2012 [63] All non-Linux code had been removed
4.615 March 2011 [64]
4.5.2013 April 2010Added support for new inotify_init1, perf_event_open, preadv, pwritev, recvmmsg, rt_tgsigqueueinfo syscalls on Linux; -C option added, that combines regular and summary output; added Tile architecture support on Linux
4.5.1921 October 2009Maintainership passed to Dmitry Levin; strace now terminates with the same exit code/signal as the traced program (if it was started by strace); added support for new accept4, dup3, epoll_create1, eventfd2, inotify_init1, pipe2, signalfd4 syscalls on Linux; added Blackfin, AVR32, and CRIS architedcture support on Linux
4.5.1828 August 2008Added support for subpage_prot POWER-specific syscall on Linux
4.5.1721 July 2008-F flag is deprecated, as -f traces vfork on Linux since long time
4.5.163 August 2007
4.5.1516 January 2007Added support for new *at, inotify*, pselect6, ppoll and unshare syscalls on Linux
4.5.1416 January 2007System call number can be supplied in -e specification
4.5.133 August 2005Add desc syscall group support to -e trace=
4.5.128 June 2005
4.5.1122 March 2005
4.5.1013 March 2005
4.5.94 February 2004
4.5.819 October 2004Decode mbind, [sg]et_mempolicy, waitid, fadvise64{,_64}, and epoll_* syscalls, RTC_* ioctls on Linux
4.5.731 August 2004
4.5.612 July 2004Added support for 64-bit SPARC architecture on Linux.
4.5.527 June 2004
4.5.43 June 2004-p attaches to all NPTL threads on Linux only when -f is supplied
4.5.316 April 2004Added support for mq_* syscalls on Linux; -p now attaches to all NPTL threads on Linux
4.5.21 March 2004
4.5.113 November 2003
4.524 September 2003Maintainership passed to Roland McGrath; added x86-64 support on Linux with support of tracing of compat processes; added support for SH and SH64 architectures on Linux; -E option added
4.419 August 2001
4.3.17 April 2001
4.31 April 2001Added support for HP PA/RISC and IA-64 architectures on Linux; added support for 32-bit UID/GID syscalls on Linux; added support for FreeBSD on x86
4.221 January 2000Added support for IBM Z architecture on Linux
4.126 November 1999Added support for MIPS architecture on Linux; strace-graph script added
4.0.125 July 1999
4.09 July 1999Fixed 64-bit struct stat decoding on Linux; Irix 64 updates; Solaris updates
3.99.19 June 1999
3.9927 April 1999New maintainer, Wichert Akkerman; added support for IBM POWER, SPARC, and ARM architectures on Linux; added support for many syscalls on Linux
3.11 June 1996Added support for the Irix OS, m68k and DEC Alpha architectures on Linux; added support for -o! option syntax; added support for syscall classes (file, process); added support for IPC syscalls on Sun OS
3.09 July 1994 [65] Initial cross-platform version by Richard Sladkey. Includes support for -x, -q, -e (trace, abbrev, verbose, raw, signal, read, and write qualifiers), -c, -i options

Usage and features

The most common use is to start a program using strace, which prints a list of system calls made by the program. This is useful if the program continually crashes, or does not behave as expected; for example using strace may reveal that the program is attempting to access a file which does not exist or cannot be read.

An alternative application is to use the -p flag to attach to a running process. This is useful if a process has stopped responding, and might reveal, for example, that the process is blocking whilst attempting to make a network connection.

Among other features, strace allows the following:

strace supports decoding of arguments of some classes of ioctl commands, such as BTRFS_*, V4L2_*, DM_*, NSFS_*, MEM*, EVIO*, KVM_*, and several others; it also supports decoding of various netlink protocols.

As strace only details system calls, it cannot be used to detect as many problems as a code debugger such as GNU Debugger (gdb). It is, however, easier to use than a code debugger, and is a very useful tool for system administrators. It is also used by researchers to generate system call traces for later system call replay. [66] [67] [68]

Examples

The following is an example of typical output of the strace command:

user@server:~$ stracels ...open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|O_CLOEXEC) = 3fstat64(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0fcntl64(3, F_GETFD)                     = 0x1 (flags FD_CLOEXEC)getdents64(3, /* 18 entries */, 4096)   = 496getdents64(3, /* 0 entries */, 4096)    = 0close(3)                                = 0fstat64(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f2c000write(1, "autofs\nbackups\ncache\nflexlm\ngames"..., 86autofsA

The above fragment is only a small part of the output of strace when run on the 'ls' command. It shows that the current working directory is opened, inspected and its contents retrieved. The resulting list of file names is written to standard output.

Similar tools

Different operating systems feature other similar or related instrumentation tools, offering similar or more advanced features; some of the tools (although using the same or a similar name) may use completely different work mechanisms, resulting in different feature sets or results. Such tools include the following:

See also

Notes

  1. Decoding of system error messages, however, is performed in accordance with the current locale since strace 4.22. [3]
  2. The test suite is licensed under GPL v2.0+.
  3. Its shorthand for showing only successful calls, -z option, was originally added in strace 4.5, but was never documented as it did not work properly.

Related Research Articles

<span class="mw-page-title-main">Executable and Linkable Format</span> Standard file format for executables, object code, shared libraries, and core dumps.

In computing, the Executable and Linkable Format, is a common standard file format for executable files, object code, shared libraries, and core dumps. First published in the specification for the application binary interface (ABI) of the Unix operating system version named System V Release 4 (SVR4), and later in the Tool Interface Standard, it was quickly accepted among different vendors of Unix systems. In 1999, it was chosen as the standard binary file format for Unix and Unix-like systems on x86 processors by the 86open project.

<span class="mw-page-title-main">GNU Debugger</span> Source-level debugger

The GNU Debugger (GDB) is a portable debugger that runs on many Unix-like systems and works for many programming languages, including Ada, Assembly, C, C++, D, Fortran, Haskell, Go, Objective-C, OpenCL C, Modula-2, Pascal, Rust, and partially others.

<span class="mw-page-title-main">Scroll Lock</span> Computer key

Scroll Lock is a lock key on most IBM-compatible computer keyboards.

<span class="mw-page-title-main">System call</span> Way for programs to access kernel services

In computing, a system call is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services, creation and execution of new processes, and communication with integral kernel services such as process scheduling. System calls provide an essential interface between a process and the operating system.

ls Command to list files and directories in Unix and Unix-like operating systems

In computing, ls is a command to list computer files and directories in Unix and Unix-like operating systems. It is specified by POSIX and the Single UNIX Specification.

<span class="mw-page-title-main">Valgrind</span> Programming tool for profiling, memory debugging and memory leak detection

Valgrind is a programming tool for memory debugging, memory leak detection, and profiling.

The GNU Assembler, commonly known as gas or as, is the assembler developed by the GNU Project. It is the default back-end of GCC. It is used to assemble the GNU operating system and the Linux kernel, and various other software. It is a part of the GNU Binutils package.

<span class="mw-page-title-main">DTrace</span> Dynamic tracing framework for kernel and applications

DTrace is a comprehensive dynamic tracing framework originally created by Sun Microsystems for troubleshooting kernel and application problems on production systems in real time. Originally developed for Solaris, it has since been released under the free Common Development and Distribution License (CDDL) in OpenSolaris and its descendant illumos, and has been ported to several other Unix-like systems.

seccomp is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit , sigreturn , read and write to already-open file descriptors. Should it attempt any other system calls, the kernel will either just log the event or terminate the process with SIGKILL or SIGSYS. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.

<span class="mw-page-title-main">GNU Binutils</span> Software development tools

The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code.

truss is a system tool available on some Unix-like operating systems. When invoked with an additional executable command-line argument, truss makes it possible to print out the system calls made by and the signals received by this executable command-line argument. As of version IEEE Std 1003.1-2008, truss is not part of the Single UNIX Specification (POSIX).

<span class="mw-page-title-main">SystemTap</span> Scripting language and tool

In computing, SystemTap is a scripting language and tool for dynamically instrumenting running production Linux-based operating systems. System administrators can use SystemTap to extract, filter and summarize data in order to enable diagnosis of complex performance or functional problems.

ltrace is a debugging utility in Linux, used to display the calls a userspace application makes to shared libraries. It does this by hooking into the dynamic loading system, allowing it to insert shims which display the parameters which the applications uses when making the call, and the return value which the library call reports. ltrace can also trace Linux system calls. Because it uses the dynamic library hooking mechanism, ltrace cannot trace calls to libraries which are statically linked directly to the target binary. Since 0.7.3, ltrace can also trace calls to libraries which are loaded using dlopen.

ktrace is a utility included with certain versions of BSD Unix and Mac OS X that traces kernel interaction with a program and dumps it to disk for the purposes of debugging and analysis. Traced kernel operations include system calls, name translations, signal processing, and I/O.

Video Decode and Presentation API for Unix (VDPAU) is a royalty-free application programming interface (API) as well as its implementation as free and open-source library distributed under the MIT License. VDPAU is also supported by Nvidia.

ProbeVue is IBM's implementation of a lightweight dynamic tracing environment introduced in AIX version 6.1. ProbeVue provides the ability to probe running processes in order to provide statistical analysis as well as retrieve data from the probed process. The dynamic nature of ProbeVue allows it to be used as a global system performance tool while retaining the ability to drill into very specific events on a single process or thread.

LTTng is a system software package for correlated tracing of the Linux kernel, applications and libraries. The project was originated by Mathieu Desnoyers with an initial release in 2005. Its predecessor is the Linux Trace Toolkit.

ptrace is a system call found in Unix and several Unix-like operating systems. By using ptrace one process can control another, enabling the controller to inspect and manipulate the internal state of its target. ptrace is used by debuggers and other code-analysis tools, mostly as aids to software development.

ftrace is a tracing framework for the Linux kernel. Although its original name, Function Tracer, came from ftrace's ability to record information related to various function calls performed while the kernel is running, ftrace's tracing capabilities cover a much broader range of kernel's internal operations.

Entropy-supplying system calls are system calls in Unix-like operating system kernels through which processes can obtain entropic or random data. The first of these was getentropy, introduced to the OpenBSD operating system in release 5.6, as a refactoring of the sysctl(3) KERN_ARND approach used since 1997. Linux offers a very similar system call, getrandom, which was based on getentropy. It was first available in Linux 3.17, released in October 2014. In July 2015, Solaris introduced slightly modified versions of getentropy and getrandom. In August 2015, FreeBSD introduced the read_random system call for obtaining random data from the kernel.

References

  1. "Release 6.7". 29 January 2024. Retrieved 2 February 2024.
  2. "The strace Open Source Project on Open Hub". Openhub.net. Retrieved 2021-11-23.
  3. Dmitry V. Levin (2018-04-01). "[PATCH] Add i18n support" (Mailing list). Retrieved 2021-09-02.
  4. Dmitry V. Levin (2018-12-15). "I: changing the license of strace to a copyleft license" (Mailing list). Retrieved 2021-09-02.
  5. Paul Kranenburg (March 2, 1992). "Strace - an alternative syscall tracer". Newsgroup:  comp.sources.sun.
  6. Branko Lankester (November 5, 1992). "first Linux release of strace".
  7. Branko Lankester (June 18, 1993). "second Linux release of strace".
  8. "strace". manned.org. June 21, 1994.
  9. "SUNET's Index of /pub/usenet/ftp.uu.net/comp.sources.misc/volume43/strace". Archived from the original on September 11, 2007. Retrieved January 14, 2015.
  10. Denys Vlasenko (February 7, 2012). "How about removing non-Linux code?".
  11. Dmitry V. Levin (March 16, 2011). "strace 4.6 released".
  12. Dmitry V. Levin (May 2, 2012). "strace 4.7 released".
  13. Dmitry V. Levin (April 20, 2012). "Noteworthy changes in release 4.7".
  14. Dmitry V. Levin (October 4, 2016). "strace 4.14 released".
  15. Dmitry V. Levin (March 19, 2019). "strace 5.0 released".
  16. Dmitry V. Levin (May 1, 2012). "Noteworthy changes in release 4.7". GitHub .
  17. Dmitry V. Levin (August 15, 2014). "strace 4.9 released".
  18. Dmitry V. Levin (August 15, 2014). "Noteworthy changes in release 4.9". GitHub .
  19. Dmitry V. Levin (December 14, 2016). "strace 4.15 released".
  20. Dmitry V. Levin (December 14, 2016). "Noteworthy changes in release 4.15". GitHub .
  21. Dmitry V. Levin (2023-02-26). "strace 6.2 released".
  22. Dmitry V. Levin (2022-12-12). "strace 6.1 released".
  23. Dmitry V. Levin (2022-10-29). "strace 6.0 released".
  24. Dmitry V. Levin (2022-08-12). "strace 5.19 released".
  25. Dmitry V. Levin (2022-06-18). "strace 5.18 released".
  26. Dmitry V. Levin (2022-03-27). "strace 5.17 released".
  27. Dmitry V. Levin (2022-01-10). "strace 5.16 released".
  28. Dmitry V. Levin (2021-12-01). "strace 5.15 released".
  29. Dmitry V. Levin (2021-09-02). "strace 5.14 released".
  30. Dmitry V. Levin (2021-07-18). "strace 5.13 released".
  31. Dmitry V. Levin (2021-04-26). "strace 5.12 released".
  32. Dmitry V. Levin (2021-02-17). "strace 5.11 released".
  33. Dmitry V. Levin (2020-12-14). "strace 5.10 released".
  34. Dmitry V. Levin (2020-09-24). "strace 5.9 released".
  35. Dmitry V. Levin (2020-08-06). "strace 5.8 released".
  36. Dmitry V. Levin (2020-06-01). "strace 5.7 released".
  37. Dmitry V. Levin (2020-04-07). "strace 5.6 released".
  38. Dmitry V. Levin (2020-02-06). "strace 5.5 released".
  39. Dmitry V. Levin (2019-11-28). "strace 5.4 released".
  40. Dmitry V. Levin (2019-09-25). "strace 5.3 released".
  41. Dmitry V. Levin (2019-07-12). "strace 5.2 released".
  42. Dmitry V. Levin (2019-05-22). "strace 5.1 released".
  43. Dmitry V. Levin (2019-03-19). "strace 5.0 released".
  44. Dmitry V. Levin (2018-12-26). "strace 4.26 released".
  45. Dmitry V. Levin (2018-10-30). "strace 4.25 released".
  46. Dmitry V. Levin (2018-08-14). "strace 4.24 released".
  47. Dmitry V. Levin (2018-06-14). "strace 4.23 released".
  48. Dmitry V. Levin (2018-04-05). "strace 4.22 released".
  49. Dmitry V. Levin (2018-02-13). "strace 4.21 released".
  50. Dmitry V. Levin (2017-11-13). "strace 4.20 released".
  51. Dmitry V. Levin (2017-09-05). "strace 4.19 released".
  52. Dmitry V. Levin (2017-07-05). "strace 4.18 released".
  53. Dmitry V. Levin (2017-05-24). "strace 4.17 released".
  54. Dmitry V. Levin (2017-02-14). "strace 4.16 released".
  55. Dmitry V. Levin (2016-12-14). "strace 4.15 released".
  56. Dmitry V. Levin (2016-10-04). "strace 4.14 released".
  57. Dmitry V. Levin (2016-07-26). "strace 4.13 released".
  58. Dmitry V. Levin (2016-05-31). "strace 4.12 released".
  59. Dmitry V. Levin (2015-12-21). "strace 4.11 released".
  60. Dmitry V. Levin (2015-03-06). "strace 4.10 released".
  61. Dmitry V. Levin (2014-08-15). "strace 4.9 released".
  62. Dmitry V. Levin (2013-06-03). "strace 4.8 released".
  63. Dmitry V. Levin (2012-05-02). "strace 4.7 released".
  64. Dmitry V. Levin (2011-03-15). "strace 4.6 released".
  65. Rick Sladkey (1994-07-09). "v43i075: strace - system call tracer for sunos, linux, svr4, solaris2, Part01/10".
  66. Horky, Jiri (2013). "The ioapps IO profiler and IO traces replayer" . Retrieved 2013-09-16.
  67. Waterland, Amos (2007). "The sreplay system call replayer" . Retrieved 2013-09-16.
  68. Burton, Ariel (1998). "Workload characterization using lightweight system call tracing and reexecution" (PDF). Retrieved 2013-09-16.
  69. "XTrace - trace X protocol connections". xtrace.alioth.debian.org. Archived from the original on 2014-08-05. Retrieved 2014-08-12.
  70. "dtrace(1) Mac OS X Manual Page". Developer.apple.com. Retrieved 2014-07-23.
  71. "IntellectualHeaven - Strace For Windows". intellectualheaven.com. Archived from the original on 5 March 2016. Retrieved 29 January 2015.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.