Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!lucy.swin.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.mel.connect.com.au!news.syd.connect.com.au!phaedrus.kralizec.net.au!news.mel.aone.net.au!grumpy.fl.net.au!news.webspan.net!www.nntp.primenet.com!nntp.primenet.com!enews.sgi.com!news.sgi.com!news.bbnplanet.com!su-news-hub1.bbnplanet.com!csn!nntp-xfer-1.csn.net!ncar!newshost.lanl.gov!corvette.mst6.lanl.gov!nntp.cs.sandia.gov!sloth.swcp.com!ns2.mainstreet.net!nn tp.mainstreet.net!news.walltech.com!samba.rahul.net!rahul.net!a2i!busch.a2i!busch From: Rainer Busch <busch@rahul.net> Newsgroups: comp.unix.bsd.freebsd.misc Subject: strace under FreeBSD Date: 9 Jan 1997 18:24:41 GMT Organization: a2i network Lines: 121 Message-ID: <5b3d59$9ns@samba.rahul.net> NNTP-Posting-Host: waltz.rahul.net NNTP-Posting-User: busch Summary: tracing system calls under FreeBSD ? X-Newsreader: TIN [version 1.2 PL2] Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:33903 Hi ! Is anyone aware of a port of the utility "strace" running under SunOS, Linux etc. ? Did not find it in the ports collection ... If there's another likewise powerful tool like it I'd love to hear about it too ! If you want to take a look, its available at every major Linux site. Now to get the port specialists among you interested, I pasted in the first part of the manual entry of the SunOS implementation : STRACE(1) USER COMMANDS STRACE(1) NAME strace - trace system calls and signals DESCRIPTION In the simplest case strace runs the specified command until it exits. It intercepts and records the system calls which are called by a process and the signals which are received by a process. The name of each system call, its arguments and its return value are printed on standard error or to the file specified with the -o option. strace is a useful diagnositic, instructional, and debugging tool. System adminstrators, diagnosticians and trouble- shooters will find it invaluable for solving problems with programs for which the source is not readily available since they do not need to be recompiled in order to trace them. Students, hackers and the overly-curious will find that a great deal can be learned about a system and its system calls by tracing even ordinary programs. And programmers will find that since system calls and signals are events that happen at the user/kernel interface, a close examina- tion of this boundary is very useful for bug isolation, san- ity checking and attempting to capture race conditions. Each line in the trace contains the system call name, fol- lowed by its arguments in parentheses and its return value. An example from stracing the command ``cat /dev/null'' is: open("/dev/null", O_RDONLY) = 3 Errors (typically a return value of -1) have the errno sym- bol and error string appended. open("/foo/bar", O_RDONLY) = -1 ENOENT (No such file or directory) Signals are printed as a signal symbol and a signal string. An excerpt from stracing and interrupting the command ``sleep 666'' is: sigsuspend([] <unfinished ...> --- SIGINT (Interrupt) --- +++ killed by SIGINT +++ Arguments are printed in symbolic form with a passion. This Sun Release 4.1 Last change: 94/06/21 1 STRACE(1) USER COMMANDS STRACE(1) example shows the shell peforming ``>>xyzzy'' output redirection: open("xyzzy", O_WRONLY|O_APPEND|O_CREAT, 0666) = 3 Here the three argument form of open is decoded by breaking down the flag argument into its three bitwise-OR consti- tuents and printing the mode value in octal by tradition. Where traditional or native usage differs from ANSI or POSIX, the latter forms are preferred. In some cases, strace output has proven to be more readable than the source. Structure pointers are dereferenced and the members are displayed as appropriate. In all cases arguments are for- matted in the most C-like fashion possible. For example, the essence of the command ``ls -l /dev/null'' is captured as: lstat("/dev/null", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 3), ...}) = 0 Notice how the `struct stat' argument is dereferenced and how each member is displayed symbolically. In particular, observe how the st_mode member is carefully decoded into a bitwise-OR of symbolic and numeric values. Also notice in this example that the first argument to lstat is an input to the system call and the second argument is an output. Since output arguments not modified if the system call fails, arguments may not always be dereferenced. For example, retrying the ``ls -l'' example with a non-existent file pro- duces the following line: lstat("/foo/bar", 0xb004) = -1 ENOENT (No such file or directory) In this case the porch light is on but nobody is home. Character pointers are dereferenced and printed as C strings. Non-printing characters in strings are normally represented by ordinary C escape codes. Only the first strsize (32 by default) bytes of strings are printed; longer strings have an ellipsis appended following the closing quote. Here is a line from ``ls -l'' where the getpwuid library routine is reading the password file: read(3, "root::0:0:System Administrator:/"..., 1024) = 422 [...]