|Part of a series on|
In software engineering, tracing involves a specialized use of logging to record information about a program's execution. This information is typically used by programmers for debugging purposes, and additionally, depending on the type and detail of information contained in a trace log, by experienced system administrators or technical-support personnel and by software monitoring tools to diagnose common problems with software. Tracing is a cross-cutting concern.
There is not always a clear distinction between tracing and other forms of logging, except that the term tracing is almost never applied to logging that is a functional requirement of a program (therefore excluding logging of data from an external source, such as data acquisition in a high-energy physics experiment, and write-ahead logging). Logs that record program usage (such as a server log) or operating-system events primarily of interest to a system administrator (see for example Event Viewer) fall into a terminological gray area.
This article deals primarily with tracing for debugging or diagnostic purposes.
Event logging versus tracing
Difficulties in making a clear distinction between event logging and software tracing arise from the fact that some of the same technologies are used for both, and further because many of the criteria that distinguish between the two are continuous rather than discrete. The following table lists some important, but by no means precise or universal, distinctions that are used by developers to select technologies for each purpose, and that guide the separate development of new technologies in each area:
|Event logging||Software tracing|
|Consumed primarily by system administrators||Consumed primarily by developers|
|Logs "high level" information (e.g. failed installation of a program)||Logs "low level" information (e.g. a thrown exception)|
|Must not be too "noisy" (containing many duplicate events or information that is not helpful for its intended audience)||Can be noisy|
|A standards-based output format is often desirable, sometimes even required||Few limitations on output format|
|Event log messages are often localized||Localization is rarely a concern|
|Addition of new types of events, as well as new event messages, need not be agile||Addition of new tracing messages must be agile|
Event logging provides system administrators with information useful for diagnostics and auditing. The different classes of events that will be logged, as well as what details will appear in the event messages, are often considered early in the development cycle. Many event logging technologies allow or even require each class of event to be assigned a unique "code", which is used by the event logging software or a separate viewer (e.g., Event Viewer) to format and output a human-readable message. This facilitates localization and allows system administrators to more easily obtain information on problems that occur.
Because event logging is used to log high-level information (often failure information), performance of the logging implementation is often less important.
A special concern, preventing duplicate events from being recorded "too often" is taken care of through event throttling.
Software tracing provides developers with information useful for debugging. This information is used both during development cycles and after the release of the software. Unlike event logging, software tracing usually does not have the concept of a "class" of event or an "event code". Other reasons why event-logging solutions based on event codes are inappropriate for software tracing include:
- Because software tracing is low-level, there are often many more types of messages that would need to be defined, many of which would only be used at one place in the code. The event-code paradigm introduces significant development overhead for these "one-shot" messages.
- The types of messages that are logged are often less stable through the development cycle than for event logging.
- Because the tracing output is intended to be consumed by the developer, the messages don't need to be localized. Keeping tracing messages separate from other resources that need to be localized (such as event messages) is therefore important.
- There are messages that should never be seen.
- Tracing messages should be kept in the code, because they can add to the readability of the code. This is not always possible or feasible with event-logging solutions.
Another important consideration for software tracing is performance. Because software tracing is low-level, the possible volume of trace messages is much higher. To address performance concerns, it often must be possible to turn off software tracing, either at compile-time or run-time.
Other special concerns:
- In proprietary software, tracing data may include sensitive information about the product's source code.
- If tracing is enabled or disabled at run-time, many methods of tracing require the inclusion of a significant amount of additional data in the binary, which can indirectly hurt performance even when tracing is disabled.
- If tracing is enabled or disabled at compile-time, getting trace data for a problem on a customer machine depends on the customer being willing and able to install a special, tracing-enabled version of the software and then duplicating the problem.
- Many uses of tracing have very stringent robustness requirements. This is both in the robustness of the trace output but also in that the use-case being traced should not be disrupted.
- In operating systems, tracing is sometimes useful in situations (such as booting) where some of the technologies used to provide event logging may not be available.
- in embedded software, tracing requires special techniques.
- Tracing macros
- Output to debugger
- Aspect-oriented programming and related instrumentation techniques
- Windows software trace preprocessor (aka WPP)
- FreeBSD and SmartOS tracing with DTrace - traces the kernel and the userland
- Linux kernel tracing with ftrace
- Linux system-level and user-level tracing with kernel markers and LTTng
- Linux application tracing with UST - part of the same project as LTTng
- Linux C/C++ application tracing with cwrap
- Tracing with GNU Debugger's trace command
- syslog (see article for specific implementations)
Appropriate for both:
Trace analysis consists of extracting knowledge from executions of software systems. One kind of trace analysis is trace alignment, it consists of identifying parts in the traces that are common, that correspond to the same behavior. Trace alignment is a complex problem, because of the size of the traces, as well as because of the non-determinism and noise in real-world traces.
- "The Tracing Book". Archived from the original on 2009-02-24.
- Kraft, Johan; Wall, Anders; Kienle, Holger (2010), "Trace Recording for Embedded Systems: Lessons Learned from Five Industrial Projects", Runtime Verification, Springer Berlin Heidelberg, pp. 315–329, doi:10.1007/978-3-642-16612-9_24, ISBN 9783642166112
- "Tracepoints (Debugging with GDB)". sourceware.org. Retrieved 2022-06-24.
- Weber, Matthias; Brendel, Ronny; Brunst, Holger (2012). "Trace File Comparison with a Hierarchical Sequence Alignment Algorithm". 2012 IEEE 10th International Symposium on Parallel and Distributed Processing with Applications. IEEE: 247–254. doi:10.1109/ispa.2012.40. ISBN 978-1-4673-1631-6.