strace

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
strace
Strace logo.svg
Original author(s)Paul Kranenburg
Developer(s)Dmitry Levin
Stable release
5.18[1] / June 18, 2022; 14 days ago (2022-06-18)
Repository
Written inC[2]
Operating systemLinux
PlatformAArch64, DEC Alpha, ARC, ARM EABI/OABI, AVR32, Blackfin, C-SKY, HP PA-RISC, IA-32, IA-64, LoongArch, Motorola 68k, Imagination META, MicroBlaze, MIPS, Nios II, OpenRISC, Power ISA 32/64 bit, RISC-V, System/390/z/Architecture, SuperH 32/64 bit, SPARC 32/64 bit, TILE, TILEPro, TILE-Gx, x86-64, x32 ABI, Xtensa
Available inEnglish[note 1]
TypeDebugging
LicenseLGPL v2.1+[note 2][4]
Websitestrace.io Edit this on Wikidata

strace is a diagnostic, debugging and instructional userspace utility for Linux. It is used to monitor and tamper with interactions between processes and the Linux kernel, which include system calls, signal deliveries, and changes of process state. The operation of strace is made possible by the kernel feature known as ptrace.

Some Unix-like systems provide other diagnostic tools similar to strace, such as truss.

History[edit]

Strace was originally written for SunOS by Paul Kranenburg in 1991, according to its copyright notice, and published early in 1992, in the volume three of comp.sources.sun. The initial README file contained the following:[5]

strace(1) is a system call tracer for Sun(tm) systems much like the Sun supplied program trace(1). strace(1) is a useful utility to sort of debug programs for which no source is available which unfortunately includes almost all of the Sun supplied system software.

Later, Branko Lankester ported this version to Linux, releasing his version in November 1992 with the second release following in 1993.[6][7] Richard Sladkey combined these separate versions of strace in 1993, and ported the program to SVR4 and Solaris in 1994,[8] resulting in strace 3.0 that was announced in comp.sources.misc in mid-1994.[9]

Beginning in 1996, strace was maintained by Wichert Akkerman. During his tenure, strace development migrated to CVS; ports to FreeBSD and many architectures on Linux (including ARM, IA-64, MIPS, PA-RISC, PowerPC, s390, SPARC) were introduced. In 2002, the burden of strace maintainership was transferred to Roland McGrath. Since then, strace gained support for several new Linux architectures (AMD64, s390x, SuperH), bi-architecture support for some of them, and received numerous additions and improvements in syscalls decoders on Linux; strace development migrated to git during that period. Since 2009, strace is actively maintained by Dmitry Levin. strace gained support for AArch64, ARC, AVR32, Blackfin, Meta, Nios II, OpenSISC 1000, RISC-V, Tile/TileGx, Xtensa architectures since that time.

The last version of strace that had some (evidently dead)[10] code for non-Linux operating systems was 4.6, released in March 2011.[11] In strace version 4.7, released in May 2012,[12] all non-Linux code had been removed;[13] since strace 4.13,[14] the project follows Linux kernel's release schedule, and with the version 5.0,[15] it follows Linux's versioning scheme as well.

In 2012 strace also gained support for path tracing and file descriptor path decoding.[16] In August 2014, strace 4.9 was released,[17][18] where support for stack traces printing was added. In December 2016,[19][20] syscall fault injection feature was implemented.

Version history[edit]

Version Release date Notable changes
5.18 18 June 2022[21] Added --tips option to print strace tips, tricks, and tweaks; enhanced decoding of bpf and io_uring_register syscalls.
5.17 26 March 2022[22] Added 64-bit LoongArch architecture support; extended personality designation syntax; added support for a new set_mempolicy_home_node syscall on Linux
5.16 10 January 2022[23] Added support for printing SELinux context mismatches (--secontext=mismatch option); added support for a new futex_waitv syscall on Linux
5.15 1 December 2021[24] Added --decode-pids=comm/-Y option for printing command names for PIDs; implemented printing of current working directory along the AT_FDCWD usage when --decode-fds=path option is enabled; added support for process_mrelease syscall decoding; implemented decoding of HDIO_*, KD*, and SECCOMP_* ioctl commands
5.14 2 September 2021[25] Added support for the new memfd_secret and quotactl_fd syscalls decoding
5.13 18 July 2021[26] Implemented System Call Vectored ABI support on the IBM POWER architecture; added support for the new landlock_add_rule, landlock_create_ruleset, and landlock_restrict_self syscalls decoding
5.12 26 April 2021[27] Implemented --secontext[=full] option to display SELinux contexts; added support for the new mount_setattr syscall decoding
5.11 17 February 2021[28] Added option for injecting data on syscall entry/exit (poke_enter= and poke_exit= parameters of the --inject option); added support for the new epoll_pwait2 syscall decoding; imlemented decoding of FS_IOC_FS[GS]ETXATTR, FS_IOC{,32}_[GS]ETFLAGS, GPIO_*, SIOCADDMULTI, SIOCDELMULTI, SIOCGIFENCAP, SIOCOUTQNSD, SIOCSIFENCAP, SIOCSIFHWBROADCAST, UBI_IOCRPEB, UBI_IOCSPEB, V4L2_BUF_TYPE_META_CAPTURE, V4L2_BUF_TYPE_META_OUTPUT, and VIDIOC_QUERY_EXT_CTRL ioctl commands
5.10 14 December 2020[29]
5.9 24 September 2020[30]
5.8 6 August 2020[31]
5.7 1 June 2020[32]
5.6 7 April 2020[33]
5.5 6 February 2020[34]
5.4 28 November 2019[35]
5.3 25 September 2019[36]
5.2 12 July 2019[37]
5.1 22 May 2019[38]
5.0 19 March 2019[39]
4.26 26 December 2018[40]
4.25 30 October 2018[41]
4.24 14 August 2018[42]
4.23 14 June 2018[43]
4.22 5 April 2018[44]
4.21 13 February 2018[45]
4.20 13 November 2017[46]
4.19 5 September 2017[47]
4.18 5 July 2017[48]
4.17 24 May 2017[49]
4.16 14 February 2017[50]
4.15 14 December 2016[51]
4.14 4 October 2016[52]
4.13 26 July 2016[53]
4.12 31 May 2016[54]
4.11 21 December 2015[55]
4.10 6 March 2015[56]
4.9 15 August 2014[57]
4.8 3 June 2013[58]
4.7 2 May 2012[59]
4.6 15 March 2011[60]
4.5.20 13 April 2010 Added support for new inotify_init1, perf_event_open, preadv, pwritev, recvmmsg, rt_tgsigqueueinfo syscalls on Linux; -C option added, that combines regular and summary output; added Tile architecture support on Linux
4.5.19 21 October 2009 Maintainership passed to Dmitry Levin; strace now terminates with the same exit code/signal as the traced program (if it was started by strace); added support for new accept4, dup3, epoll_create1, eventfd2, inotify_init1, pipe2, signalfd4 syscalls on Linux; added Blackfin, AVR32, and CRIS architedcture support on Linux
4.5.18 28 August 2008 Added support for subpage_prot POWER-specific syscall on Linux
4.5.17 21 July 2008 -F flag is deprecated, as -f traces vfork on Linux since long time
4.5.16 3 August 2007 Added support for new move_pages, utimensat, signalfd, timerfd, eventfd, getcpu, epoll_pwait syscalls on Linux
4.5.15 16 January 2007 Added support for new *at, inotify*, pselect6, ppoll and unshare syscalls on Linux
4.5.14 16 January 2007 System call number can be supplied in -e specification
4.5.13 3 August 2005 Add desc syscall group support to -e trace=
4.5.12 8 June 2005
4.5.11 22 March 2005
4.5.10 13 March 2005
4.5.9 4 February 2004
4.5.8 19 October 2004 Decode mbind, [sg]et_mempolicy, waitid, fadvise64{,_64}, and epoll_* syscalls, RTC_* ioctls on Linux
4.5.7 31 August 2004
4.5.6 12 July 2004 Added support for 64-bit SPARC architecture on Linux.
4.5.5 27 June 2004
4.5.4 3 June 2004 -p attaches to all NPTL threads on Linux only when -f is supplied
4.5.3 16 April 2004 Added support for mq_* syscalls on Linux; -p now attaches to all NPTL threads on Linux
4.5.2 1 March 2004
4.5.1 13 November 2003
4.5 24 September 2003 Maintainership passed to Roland McGrath; added x86-64 support on Linux with support of tracing of compat processes; added support for SH and SH64 architectures on Linux; -E option added
4.4 19 August 2001
4.3.1 7 April 2001
4.3 1 April 2001 Added support for HP PA/RISC and IA-64 architectures on Linux; added support for 32-bit UID/GID syscalls on Linux; added support for FreeBSD on x86
4.2 21 January 2000 Added support for IBM Z architecture on Linux
4.1 26 November 1999 Added support for MIPS architecture on Linux; strace-graph script added
4.0.1 25 July 1999
4.0 9 July 1999 Fixed 64-bit struct stat decoding on Linux; Irix 64 updates; Solaris updates
3.99.1 9 June 1999
3.99 27 April 1999 New maintainer, Wichert Akkerman; added support for IBM POWER, SPARC, and ARM architectures on Linux; added support for many syscalls on Linux
3.1 1 June 1996 Added support for the Irix OS, m68k and DEC Alpha architectures on Linux; added support for -o! option syntax; added support for syscall classes (file, process); added support for IPC syscalls on Sun OS
3.0 9 July 1994[61] Initial cross-platform version by Richard Sladkey. Includes support for -x, -q, -e (trace, abbrev, verbose, raw, signal, read, and write qualifiers), -c, -i options

Usage and features[edit]

The most common use is to start a program using strace, which prints a list of system calls made by the program. This is useful if the program continually crashes, or does not behave as expected; for example using strace may reveal that the program is attempting to access a file which does not exist or cannot be read.

An alternative application is to use the -p flag to attach to a running process. This is useful if a process has stopped responding, and might reveal, for example, that the process is blocking whilst attempting to make a network connection.

Among other features, strace allows the following:

  • Specifying a filter of syscall names that should be traced (via the -e trace= option): by name, like clone,fork,vfork; using one of the predefined groups, like %ipc or %file; or (since strace 4.17) using regular expression syntax, like -e trace=/clock_.*.
  • Specifying a list of paths to be traced (-P /etc/ld.so.cache, for example).
  • Specifying a list of file descriptors whose I/O should be dumped (-e read= and -e write= options).
  • Counting syscall execution time and count (-T, -c, -C, and -w options; -U option enables printing of additional information, like minimum and maximum syscall execution time).
  • Printing relative or absolute time stamps (-t and -r options).
  • Tampering with the syscalls being executed (-e inject=syscall specification:tampering specification option): modifying return (:retval=; since strace 4.16) and error code (:error=; since strace 4.15) of the specified syscalls, inject signals (:signal=; since strace 4.16), delays (:delay_enter= and :delay_exit=; since strace 4.22), and modify data pointed by syscall arguments (:poke_enter= and :poke_exit=; since strace 5.11) upon their execution.
  • Extracting information about file descriptors (including sockets, -y option; -yy option provides some additional information, like endpoint addresses for sockets, paths and device major/minor numbers for files).
  • Printing stack traces, including (since strace 4.21) symbol demangling (-k option).
  • Filtering by syscall return status (-e status= option; since strace 5.2[note 3]).
  • Perform translation of thread, process, process group, and session IDs appearing in the trace into strace's PID namespace (--pidns-translation option; since strace 5.9).
  • Decoding SELinux context information associated with processes, files, and descriptors (--secontext option; since strace 5.12).

strace supports decoding of arguments of some classes of ioctl commands, such as BTRFS_*, V4L2_*, DM_*, NSFS_*, MEM*, EVIO*, KVM_*, and several others; it also supports decoding of various netlink protocols.

As strace only details system calls, it cannot be used to detect as many problems as a code debugger such as GNU Debugger (gdb). It is, however, easier to use than a code debugger, and is a very useful tool for system administrators. It is also used by researchers to generate system call traces for later system call replay.[62][63][64]

Examples[edit]

The following is an example of typical output of the strace command:

user@server:~$ strace ls
...
open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
fcntl64(3, F_GETFD)                     = 0x1 (flags FD_CLOEXEC)
getdents64(3, /* 18 entries */, 4096)   = 496
getdents64(3, /* 0 entries */, 4096)    = 0
close(3)                                = 0
fstat64(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f2c000
write(1, "autofs\nbackups\ncache\nflexlm\ngames"..., 86autofsA

The above fragment is only a small part of the output of strace when run on the 'ls' command. It shows that the current working directory is opened, inspected and its contents retrieved. The resulting list of file names is written to standard output.

Similar tools[edit]

Different operating systems feature other similar or related instrumentation tools, offering similar or more advanced features; some of the tools (although using the same or a similar name) may use completely different work mechanisms, resulting in different feature sets or results. Such tools include the following:

See also[edit]

Notes[edit]

  1. ^ System error messages, however, are printed in accordance with the current locale since strace 4.22.[3]
  2. ^ The test suite is licensed under GPL v2.0+.
  3. ^ Its shorthand for showing only successful calls, -z option, was originally added in strace 4.5, but was never documented as it did not work properly.

References[edit]

  1. ^ "strace 5.18 released" (Mailing list). 2022-06-18. Retrieved 2022-06-18.
  2. ^ "The strace Open Source Project on Open Hub". Openhub.net. Retrieved 2021-11-23.
  3. ^ Dmitry V. Levin (2018-04-01). "[PATCH] Add i18n support" (Mailing list). Retrieved 2021-09-02.
  4. ^ Dmitry V. Levin (2018-12-15). "I: changing the license of strace to a copyleft license" (Mailing list). Retrieved 2021-09-02.
  5. ^ Paul Kranenburg (March 2, 1992). "Strace - an alternative syscall tracer". Newsgroupcomp.sources.sun.
  6. ^ Branko Lankester (November 5, 1992). "first Linux release of strace".
  7. ^ Branko Lankester (June 18, 1993). "second Linux release of strace".
  8. ^ "strace". manned.org. June 21, 1994.
  9. ^ "SUNET's Index of /pub/usenet/ftp.uu.net/comp.sources.misc/volume43/strace". Retrieved January 14, 2015.
  10. ^ Denys Vlasenko (February 7, 2012). "How about removing non-Linux code?".
  11. ^ Dmitry V. Levin (March 16, 2011). "strace 4.6 released".
  12. ^ Dmitry V. Levin (May 2, 2012). "strace 4.7 released".
  13. ^ Dmitry V. Levin (April 20, 2012). "Noteworthy changes in release 4.7".
  14. ^ Dmitry V. Levin (October 4, 2016). "strace 4.14 released".
  15. ^ Dmitry V. Levin (March 19, 2019). "strace 5.0 released".
  16. ^ Dmitry V. Levin (May 1, 2012). "Noteworthy changes in release 4.7". GitHub.
  17. ^ Dmitry V. Levin (August 15, 2014). "strace 4.9 released".
  18. ^ Dmitry V. Levin (August 15, 2014). "Noteworthy changes in release 4.9". GitHub.
  19. ^ Dmitry V. Levin (December 14, 2016). "strace 4.15 released".
  20. ^ Dmitry V. Levin (December 14, 2016). "Noteworthy changes in release 4.15". GitHub.
  21. ^ Dmitry V. Levin (2022-06-18). "strace 5.18 released".
  22. ^ Dmitry V. Levin (2022-03-27). "strace 5.17 released".
  23. ^ Dmitry V. Levin (2022-01-10). "strace 5.16 released".
  24. ^ Dmitry V. Levin (2021-12-01). "strace 5.15 released".
  25. ^ Dmitry V. Levin (2021-09-02). "strace 5.14 released".
  26. ^ Dmitry V. Levin (2021-07-18). "strace 5.13 released".
  27. ^ Dmitry V. Levin (2021-04-26). "strace 5.12 released".
  28. ^ Dmitry V. Levin (2021-02-17). "strace 5.11 released".
  29. ^ Dmitry V. Levin (2020-12-14). "strace 5.10 released".
  30. ^ Dmitry V. Levin (2020-09-24). "strace 5.9 released".
  31. ^ Dmitry V. Levin (2020-08-06). "strace 5.8 released".
  32. ^ Dmitry V. Levin (2020-06-01). "strace 5.7 released".
  33. ^ Dmitry V. Levin (2020-04-07). "strace 5.6 released".
  34. ^ Dmitry V. Levin (2020-02-06). "strace 5.5 released".
  35. ^ Dmitry V. Levin (2019-11-28). "strace 5.4 released".
  36. ^ Dmitry V. Levin (2019-09-25). "strace 5.3 released".
  37. ^ Dmitry V. Levin (2019-07-12). "strace 5.2 released".
  38. ^ Dmitry V. Levin (2019-05-22). "strace 5.1 released".
  39. ^ Dmitry V. Levin (2019-03-19). "strace 5.0 released".
  40. ^ Dmitry V. Levin (2018-12-26). "strace 4.26 released".
  41. ^ Dmitry V. Levin (2018-10-30). "strace 4.25 released".
  42. ^ Dmitry V. Levin (2018-08-14). "strace 4.24 released".
  43. ^ Dmitry V. Levin (2018-06-14). "strace 4.23 released".
  44. ^ Dmitry V. Levin (2018-04-05). "strace 4.22 released".
  45. ^ Dmitry V. Levin (2018-02-13). "strace 4.21 released".
  46. ^ Dmitry V. Levin (2017-11-13). "strace 4.20 released".
  47. ^ Dmitry V. Levin (2017-09-05). "strace 4.19 released".
  48. ^ Dmitry V. Levin (2017-07-05). "strace 4.18 released".
  49. ^ Dmitry V. Levin (2017-05-24). "strace 4.17 released".
  50. ^ Dmitry V. Levin (2017-02-14). "strace 4.16 released".
  51. ^ Dmitry V. Levin (2016-12-14). "strace 4.15 released".
  52. ^ Dmitry V. Levin (2016-10-04). "strace 4.14 released".
  53. ^ Dmitry V. Levin (2016-07-26). "strace 4.13 released".
  54. ^ Dmitry V. Levin (2016-05-31). "strace 4.12 released".
  55. ^ Dmitry V. Levin (2015-12-21). "strace 4.11 released".
  56. ^ Dmitry V. Levin (2015-03-06). "strace 4.10 released".
  57. ^ Dmitry V. Levin (2014-08-15). "strace 4.9 released".
  58. ^ Dmitry V. Levin (2013-06-03). "strace 4.8 released".
  59. ^ Dmitry V. Levin (2012-05-02). "strace 4.7 released".
  60. ^ Dmitry V. Levin (2011-03-15). "strace 4.6 released".
  61. ^ Rick Sladkey (1994-07-09). "v43i075: strace - system call tracer for sunos, linux, svr4, solaris2, Part01/10".
  62. ^ Horky, Jiri (2013). "The ioapps IO profiler and IO traces replayer". Retrieved 2013-09-16.
  63. ^ Waterland, Amos (2007). "The sreplay system call replayer". Retrieved 2013-09-16.
  64. ^ Burton, Ariel (1998). "Workload characterization using lightweight system call tracing and reexecution" (PDF). Retrieved 2013-09-16.
  65. ^ "XTrace - trace X protocol connections". xtrace.alioth.debian.org. Retrieved 2014-08-12.
  66. ^ "dtrace(1) Mac OS X Manual Page". Developer.apple.com. Retrieved 2014-07-23.
  67. ^ "IntellectualHeaven - Strace For Windows". intellectualheaven.com. Retrieved 29 January 2015.

External links[edit]