Strace – My Favourite Secret Weapon (2011)

Re. <i>My Library Is Not Loading!</i>, a pretty useful trick to find what files are missing is to extend your path env var with an empty directory and then grep strace output for its occurrences, e.g.<p><pre><code> mkdir &#x2F;tmp&#x2F;empty LD_LIBRARY_PATH+=:&#x2F;tmp&#x2F;empty # or PATH, or PERL5LIB, etc. strace -f program |&amp; grep &#x2F;tmp&#x2F;empty </code></pre> I had a need to track what files are used by what processes spawned by a program (to infer dependencies between the processes), and it seemed (and probably was) simpler to use ptrace directly rather than to parse strace output, so I wrote <a href="https:&#x2F;&#x2F;github.com&#x2F;orivej&#x2F;fptrace&#x2F;" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;orivej&#x2F;fptrace&#x2F;</a> . Soon it turned out useful to dump its data into shell scripts that reflect the tree of spawned processes and let you rerun an arbitrary subtree. I mostly use it to debug build systems, for example to trace <i>configure</i> and examine what env var affected a certain check in a strange way, or to trace <i>make</i> and rerun the C compiler with <i>-dD -E</i> to inspect an unexpected interference between includes.

No mention of overhead. strace can bring down your production environment -- it is not safe. This is why I wrote this: <a href="http:&#x2F;&#x2F;www.brendangregg.com&#x2F;blog&#x2F;2014-05-11&#x2F;strace-wow-much-syscall.html" rel="nofollow">http:&#x2F;&#x2F;www.brendangregg.com&#x2F;blog&#x2F;2014-05-11&#x2F;strace-wow-much-...</a><p>&quot;perf trace&quot; has improved since I wrote that, and may well be mostly strace-equivalent (but without crippling overhead) in the latest Linux.

Nice to see something I wrote 7 years ago hasn&#x27;t gone entirely to waste. Spot the &#x27;ancient&#x27; technologies like Solaris and perl mentioned there...

Strace and Wireshark. If a program&#x27;s output doesn&#x27;t immediately tell me what the hell its issue is, I&#x27;ll just dive into this depending on the kind of trouble.<p>The only thing I&#x27;d still like to have is something like strace but for general function calls. Often, the issue is within the application and does not show in syscalls. I guess this should be possible with gdb, but I haven&#x27;t looked into it yet, also because any meaningful names are often stripped from the binaries.

The secret weapon has a (serious) flaw on Linux though: you can&#x27;t run strace on programs that use strace. That&#x27;s because the Linux ptrace call is not re-entrant.

A good complement to strace is ltrace(1):<p><pre><code> ltrace is a program that simply runs the specified command until it exits. It intercepts and records the dynamic library calls which are called by the executed process and the signals which are received by that process. It can also intercept and print the system calls executed by the program. </code></pre> Also noteworthy is that you can simply press <i>s</i> key in <i>htop</i> to immediately attach a process and inspect it, which was handy many times for me.

I was in awe when I first used strace. The world of tracing is vast these days and filled with wonders. I can&#x27;t possibly say it better than this this guy so I&#x27;ll just include a link.<p><a href="http:&#x2F;&#x2F;www.brendangregg.com&#x2F;blog&#x2F;2016-03-05&#x2F;linux-bpf-superpowers.html" rel="nofollow">http:&#x2F;&#x2F;www.brendangregg.com&#x2F;blog&#x2F;2016-03-05&#x2F;linux-bpf-superp...</a>

Is there a substitute for mac&#x2F;osx?

Here&#x27;s my strace hack from 2008: <a href="https:&#x2F;&#x2F;chris-lamb.co.uk&#x2F;posts&#x2F;can-you-get-cp-to-give-a-progress-bar-like-wget" rel="nofollow">https:&#x2F;&#x2F;chris-lamb.co.uk&#x2F;posts&#x2F;can-you-get-cp-to-give-a-prog...</a>

This is my favorite strace resource: <a href="https:&#x2F;&#x2F;jvns.ca&#x2F;strace-zine-v3.pdf" rel="nofollow">https:&#x2F;&#x2F;jvns.ca&#x2F;strace-zine-v3.pdf</a>

strace is great. There are times this feels like the modern equivalent of printf() debugging, because working out why a syscall is failing involves a fair amount of back tracing to context sometimes. But, as a foot in the door? its ace.

If you want to listen on a port under 1024 you require superuser access or special privileges.<p><a href="https:&#x2F;&#x2F;www.w3.org&#x2F;Daemon&#x2F;User&#x2F;Installation&#x2F;PrivilegedPorts.html" rel="nofollow">https:&#x2F;&#x2F;www.w3.org&#x2F;Daemon&#x2F;User&#x2F;Installation&#x2F;PrivilegedPorts....</a>

Is there a strace equivalent for windows?

As I said in a comment on the OP, lsof (LiSt Open Files - it does more than its name suggests) is pretty useful too.<p>fuser is useful too, and available on many Unixen. I&#x27;ve used &quot;fuser -k&quot; many times to find and kill rogue processes.<p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Lsof" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Lsof</a><p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Fuser_(Unix)" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Fuser_(Unix)</a><p>Edited for grammar.