strace command

 

strace (System Trace)

Purpose

The strace command in Linux is used to trace system calls and signals made by a process.
It helps in understanding how a program interacts with the operating system kernel — for example, when it opens files, reads input, writes output, or creates new processes.

This command is very useful for:

  • Debugging programs

  • Learning how system calls work

  • Finding out why a program fails or behaves unexpectedly

๐Ÿงฉ Basic Syntax

strace [options] command [arguments]

or

strace -p <pid>

⚙️ What It Does

Every program running on Linux ultimately communicates with the kernel through system calls.
strace intercepts and records these calls, showing what the process is requesting from the operating system.

๐Ÿ“˜ Examples

1. Trace a Simple Command

strace ls

This will run the ls command, but instead of showing only the directory listing, it will print all the system calls ls makes — for example:

execve("/bin/ls", ["ls"], 0x7ffd8d0a9a70 /* 52 vars */) = 0
brk(NULL)                               = 0x55eb8f502000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, ".", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
...
write(1, "Desktop\nDocuments\nDownloads\n", 29) = 29

Here you can see calls like:

  • openat() – opening a directory

  • write() – writing output to the terminal

  • close() – closing file descriptors

2. Trace an Existing Process

strace -p 1234

This attaches strace to an existing process with process ID (PID) 1234 and shows its system calls in real time.

Use this carefully — the process will pause briefly while being attached.

3. Save Output to a File

strace -o trace_output.txt ls

This saves all system call logs to a file (trace_output.txt) instead of printing them on the screen.

4. Count System Calls

strace -c ls

This summarizes how many times each system call was made and how much time was spent in each call.

Example Output:

% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
 55.12    0.000088           1        88           openat
 25.33    0.000040           0        72           fstat
 12.34    0.000020           0        33           close
  7.21    0.000012           0        12           write
------ ----------- ----------- --------- --------- ----------------
100.00    0.000160                   205           total

This is very useful for teaching how frequently different system calls are made by user-level commands.

5. Trace Only Specific System Calls

strace -e open,read,write ls

This will show only the open(), read(), and write() system calls — filtering out the rest.

6. Trace a Program and Its Child Processes

strace -f ./myprogram

-f ensures that any processes created using fork() or exec() are also traced.

๐Ÿงพ Commonly Seen System Calls

System CallDescription
open()            Open a file
read()            Read from a file descriptor
write()            Write to a file descriptor
close()            Close a file descriptor
execve()            Execute a program
fork()            Create a new process
mmap()            Map files or devices into memory
brk()            Change data segment size (for memory allocation)

๐Ÿ’ก Useful for Students

  • Helps understand the bridge between user space and kernel space.

  • Demonstrates that even simple commands (like ls, cat, or echo) rely on many system calls.

  • Great for linking theory (system calls, process states, file handling) with practical observation.

๐Ÿงช Simple Lab Exercise

Task:

  1. Run:

    strace -c ls

  2. Note which system call is invoked most frequently.

  3. Then run:

    strace -c cat sample.txt

  4. Compare the number and types of system calls between ls and cat.

Comments

Post a Comment

Popular posts from this blog

Operating Systems OS Lab PCCSL407 Semester 4 KTU BTech CS 2024 Scheme - Dr Binu V P

 About Me Scheme and Syllabus Learn about the Linux Operating system Before You Start Learn The Operating System Theory Experiments 1.Familiarisation of Basic commands for OS programming     ps      top     strace      fuser      time     gdb     strings     objdump     nm     file     od     xxd 2.Use /proc file system to gather basic information about your machine: (a) Number of CPU cores (b) Total memory and the fraction of free memory (c) Number of processes currently running. (d) Number of processes in the running and blocked states. (e) Number of processes forked since the last bootup. How do you compare this value with the one in (c) above? (f) The number of context switches performed since the last bootup for a particular process. 3. Measuring process execution time Write a simple program to print the system time and exe...
Read more

Exploring the /proc file system

  Experiment: Exploring the /proc Filesystem ๐ŸŽฏ Aim: To use the /proc virtual filesystem to gather system information related to CPU, memory, and process statistics . Theory: The /proc directory is a virtual filesystem that provides an interface to kernel data structures . It does not contain real files on disk — instead, it provides real-time system information such as: CPU details Memory usage Process states Kernel parameters Each running process has its own directory under /proc (e.g., /proc/1 , /proc/2 , etc.), containing files that describe its current status. Tasks and Commands (a) Number of CPU Cores Command: grep -c ^processor /proc/cpuinfo Explanation: /proc/cpuinfo lists details of each logical CPU. Each CPU entry starts with the line processor : <number> . grep -c counts how many lines match processor , i.e., how many cores/logical CPUs are available. Sample Output: 4 ➡️ Means the system has 4 CPU cores . (b) Tot...
Read more

ps command

  ps (Process Status) Purpose The ps command is used to display information about the currently running processes on a system. It shows details such as process ID (PID) , terminal association , CPU usage , memory usage , and the command that started the process . Basic Syntax ps [options] If used without any options, ps displays only the processes running in the current terminal session . Common Examples 1. Basic Usage ps Output Example: PID TTY TIME CMD 1234 pts/0 00 :00:00 bash 1456 pts/0 00 :00:01 ps Explanation: PID: Process ID — unique number assigned to each process TTY: Terminal type (e.g., pts/0 → pseudo terminal) TIME: Total CPU time used by the process CMD: Command that started the process 2. View All Processes ps -e or ps -A Shows all processes running on the system (not just your terminal). 3. Detailed Information ps -f Output Example: UID PID PPID C STIME TTY TIME CMD u...
Read more