Using strace for tracing System Calls

There are times when we need to trace what the program is doing. To know about what calls our program makes and what signals it raises or receives. The strace command can prove to be useful when we are tracing a program for which we don’t have the source code for, or for one we don’t want to run gdb. We can use the tool to analyze where the program hangs, or which calls by the program are failing, resulting into an erroneous output. So, let’s take a look at how can we use strace.

A simple example of using strace

strace can be invoked using the strace command in the terminal.

$ strace

Now, let us look at a small example of using strace, let’s trace the system calls for ls command.

$ strace ls

Here is the sample output:

strace

The above image shows all the system calls that were made while generating the output of the ls command. This output contains the name of the system call, what parameters were passed to the call and what was its return status. This can provide a lot of help in debugging the unexpected behavior of the program.

Attaching strace to a running process

strace can also be attached to a running process and can be used to record its system calls. To do this, we must know the PID of the process which we want to debug. We can get this PID using the ps command. When we have the PID, we can pass it to strace using the -p parameter to the command. Let us take a look, how we can do it:

$ strace -p 4724

strace firefox

So, here we see, the output of strace while tracing the firefox process being run by the system. This can be used to analyze the behavior of the process and what it is doing currently.

Getting the execution time for system calls

Sometimes, it is important to understand which system call is taking how much time. This knowledge can be used to identify the bottlenecks in the application. strace can be used to return the execution time for the system calls by passing a simple -T parameter to the command. Let’s take a look:

$ strace -T ls

strace exec time

As we can see, the command is showing the time it took for a particular system call to complete(highlighted part). Use this information to identify where the performance lags.

Generate statistics for System Calls

Sometimes, we only want to look at which system calls were made by the program and how many system calls of same type were made. These statistics can be used to identify the most commonly used system calls by the program. The system call statistics can be generated by passing the -c parameter to the command, like:

$ strace -c ls

strace stats

As we can see, the command displayed us the statistics about each and every system calls. This information contains the name of the system calls, how much time it took to complete the execution of the system call, number of times the call was made and how many errors the call encountered.

Output data to a file

Viewing data in the terminal is one thing, but sometimes we need to record the data to an file so we can analyze it later. Passing the -o parameter followed by the name of the output file to the strace, we can save the data to an external file.

$ strace -o trace.txt ls

strace file

So, here we can see that the data of strace was written to an external file named trace.txt.

This was an overview of the strace command, which we can use to debug our programs or to analyze the system calls made by an application. There are a lot of other options that are provided by the strace command which can be used to format the output or to control the verbosity level of the output being displayed by the command. Go ahead and try the command to analyze the applications.

Leave a Reply

Your email address will not be published. Required fields are marked *