strace - TarisMajor/5143-OpSystems GitHub Wiki

Strace

Definition: strace is a diagnostic, debugging, and system monitoring tool in Unix-like operating systems (including Linux and macOS) that traces the system calls and signals made by a program. It intercepts and records the interactions between a program and the operating system kernel, allowing developers to observe the program's execution at a system call level. This tool is especially useful for debugging issues related to system-level operations such as file I/O, network communication, process management, and memory allocation.

Functionality: strace works by attaching itself to a running process or launching a program in a controlled environment. It records every system call made by the process, the parameters passed to these calls, and the return values. This provides insight into how a program interacts with the system, which can help troubleshoot errors or optimize performance.

System Calls Traced: These include file access (open, read, write, close), process management (fork, exec, wait), memory management (mmap, munmap), and network-related system calls (connect, send, recv). Signals: strace can also track signals sent between processes or from the kernel, useful for detecting crashes or unexpected behavior.

Key Features: System Call Logging: Logs every system call made by a process with its arguments and return values. Signal Tracking: Provides insight into signals sent to and from processes. Performance Monitoring: Identifies inefficiencies caused by excessive or redundant system calls. File and Network Troubleshooting: Helps detect issues with file or network operations by tracing specific system calls like open, read, write, send, and recv. Real-time and Post-mortem Debugging: Can trace running processes in real-time or be used to analyze historical logs from a previous execution. Usage: strace is typically used in the command line to trace the execution of a program.