Using strace
I started the chapter with a simple and ubiquitous tool, top, and I will finish with another: strace. It is a very simple tracer that captures system calls made by a program and, optionally, its children. You can use it to do the following:
- Learn which system calls a program makes.
- Find those system calls that fail, together with the error code. I find this useful if a program fails to start but doesn’t print an error message or if the message is too general.
- Find which files a program opens.
- Find out which
syscallsa running program is making, for example, to see whether it is stuck in a loop.
There are many more examples online. Just search for strace tips and tricks. Everybody has a favorite strace story, for example, https://alexbilson.dev/plants/technology/debug-a-program-with-strace/.
strace uses the ptrace(2) function to hook calls as they are made from user space to the kernel. If you want to know more about how...
