From Wikipedia, the free encyclopedia
Jump to: navigation, search
Strace logo.svg
Original author(s) Paul Kranenburg
Developer(s) Dmitry Levin
Stable release
4.18[1] / July 5, 2017; 49 days ago (2017-07-05)
Written in C
Operating system Linux
Type Debugging
License BSD

strace is a diagnostic, debugging and instructional userspace utility for Linux. It is used to monitor and tamper with interactions between processes and the Linux kernel, which include system calls, signal deliveries, and changes of process state. The operation of strace is made possible by the kernel feature known as ptrace.

Some Unix-like systems provide other diagnostic tools similar to strace, such as truss.


Strace was originally written for SunOS by Paul Kranenburg in 1991, according to its copyright notice, and published early in 1992, in the volume three of comp.sources.sun. The initial README file contained the following:[2]

strace(1) is a system call tracer for Sun(tm) systems much like the Sun supplied program trace(1). strace(1) is a useful utility to sort of debug programs for which no source is available which unfortunately includes almost all of the Sun supplied system software.

Later, Branko Lankester ported this version to Linux, releasing his version in November 1992 with the second release following in 1993.[3][4] Richard Sladkey combined these separate versions of strace in 1993, and ported the program to SVR4 and Solaris in 1994,[5] resulting in strace 3.0 that was announced in comp.sources.misc in mid-1994.[6]

The last version of strace that had some (evidently dead)[7] code for non-Linux operating systems was 4.6, released in March 2011.[8] In strace version 4.7, released in May 2012,[9] all non-Linux code had been removed.[10]


The most common use is to start a program using strace, which prints a list of system calls made by the program. This is useful if the program continually crashes, or does not behave as expected; for example using strace may reveal that the program is attempting to access a file which does not exist or cannot be read.

An alternative application is to use the -p flag to attach to a running process. This is useful if a process has stopped responding, and might reveal, for example, that the process is blocking whilst attempting to make a network connection.

As strace only details system calls, it cannot be used to detect as many problems as a code debugger such as GNU Debugger (gdb). It is, however, easier to use than a code debugger, and is an extremely useful tool for system administrators. It is also used by researchers to generate system call traces for later system call replay.[11][12][13]


The following is an example of typical output of the strace command:

fstat64(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
fcntl64(3, F_GETFD)                     = 0x1 (flags FD_CLOEXEC)
getdents64(3, /* 18 entries */, 4096)   = 496
getdents64(3, /* 0 entries */, 4096)    = 0
close(3)                                = 0
fstat64(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f2c000
write(1, "autofs\nbackups\ncache\nflexlm\ngames"..., 86autofsA

The above fragment is only a small part of the output of strace when run on the 'ls' command. It shows that the current working directory is opened, inspected and its contents retrieved. The resulting list of file names is written to standard output.

Similar tools[edit]

Different operating systems feature other similar or related instrumentation tools, offering similar or more advanced features; some of the tools (although using the same or a similar name) may use completely different work mechanisms, resulting in different feature sets or results. Such tools include the following:

See also[edit]


  1. ^ "strace 4.18 released". (Mailing list). 2017-07-05. Retrieved 2017-07-07. 
  2. ^ Paul Kranenburg (March 2, 1992). "Strace - an alternative syscall tracer". Newsgroupcomp.sources.sun. 
  3. ^ Branko Lankester (November 5, 1992). "first Linux release of strace". 
  4. ^ Branko Lankester (June 18, 1993). "second Linux release of strace". 
  5. ^ "strace". June 21, 1994. 
  6. ^ "SUNET's Index of /pub/usenet/". Retrieved January 14, 2015. 
  7. ^ Denys Vlasenko (February 7, 2012). "How about removing non-Linux code?". 
  8. ^ Dmitry V. Levin (March 16, 2011). "strace 4.6 released". 
  9. ^ Dmitry V. Levin (May 2, 2012). "strace 4.7 released". 
  10. ^ Dmitry V. Levin (April 20, 2012). "Noteworthy changes in release 4.7". 
  11. ^ Horky, Jiri (2013). "The ioapps IO profiler and IO traces replayer". Retrieved 2013-09-16. 
  12. ^ Waterland, Amos (2007). "The sreplay system call replayer". Retrieved 2013-09-16. 
  13. ^ Burton, Ariel (1998). "Workload characterization using lightweight system call tracing and reexecution" (PDF). Retrieved 2013-09-16. 
  14. ^ "XTrace - trace X protocol connections". Retrieved 2014-08-12. 
  15. ^ "dtrace(1) Mac OS X Manual Page". Retrieved 2014-07-23. 
  16. ^ "IntellectualHeaven - Strace For Windows". Retrieved 29 January 2015. 

External links[edit]