Christian WellsThe Linux strace command is a powerful tool that is used to trace the system calls and signals of a program. It can be used to troubleshoot problems with a program, or to monitor the behavior of a program as it runs.
To use the strace command, simply type strace followed by the name of the program that you want to trace. For example, to trace the ls command, you would use the following command:
$ strace ls
execve("/bin/ls", ["ls"], 0x7ffe9cb2e3f8 /* 44 vars */) = 0
brk(NULL) = 0x55f5bf42f000
...
This will execute the ls command and display a detailed trace of the system calls and signals that are made by the ls command as it runs. The output of the strace command can be quite verbose, and it may include a large number of lines, depending on the complexity of the program being traced.
The strace command has a number of options that can be used to control its behavior and the information that is displayed. For example, the -c option can be used to summarize the output, displaying a summary of the system calls that were made by the program and the time that was spent in each system call.
For example, to summarize the output of the strace command for the ls command, you could use the following command:
$ strace -c ls
% time seconds usecs/call calls errors syscall
------ ----------- ----------- --------- --------- ----------------
0.00 0.000000 0 1 read
0.00 0.000000 0 1 write
0.00 0.000000 0 2
The strace command also has options that allow you to filter the output to display only specific types of system calls. For example, the -e option can be used to specify a comma-separated list of system call names or patterns to trace.
For example, to trace only the open and close system calls made by the ls command, you could use the following command:
$ strace -e open,close ls
...
openat(AT_FDCWD, ".", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
getdents(3, /* 8 entries */, 32768) = 200
getdents(3, /* 0 entries */, 32768) = 0
close(3) = 0
...
This will display only the open and close system calls made by the ls command, which can be useful for understanding the specific operations that the command is performing on files and directories.
In addition to tracing system calls, the strace command can also be used to trace signals that are sent to a program. To trace signals, you use the -f option to trace child processes as they are created, and the -s option to specify the maximum size of the strings that are displayed in the output.
For example, to trace signals for the ls command, you could use the following command:
$ strace -f -s 128 ls
...
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, {sa_handler
