Home

strace

Strace is a diagnostic, debugging, and instructional userspace utility for Linux and other Unix-like operating systems. It monitors the system calls made by a program and the signals it receives, providing detailed information about how the program interacts with the kernel. This makes it a valuable tool for diagnosing failures, understanding program behavior, and debugging permission or configuration issues.

It operates by using the ptrace system call to attach to a running process or to start

Output typically lists the system call name, its arguments, the result, and any errors. This can be

Limitations include that strace reports kernel interactions rather than user-space logic, can generate very large outputs

a
new
process
under
tracing.
It
records
each
system
call
entry
and
exit,
along
with
the
arguments
and
the
return
value.
It
can
trace
almost
any
executable,
including
scripts
that
invoke
interpreters,
and
it
can
follow
child
processes
if
requested.
Common
options
include
-p
to
attach
to
an
existing
process,
-e
to
filter
which
system
calls
are
traced,
-f
to
follow
forked
processes,
-s
to
set
the
maximum
string
size
printed,
-c
to
produce
a
summary
of
call
counts,
-T
to
report
timing,
and
-o
to
write
output
to
a
file.
used
to
identify
missing
libraries,
permission
denials,
path
errors,
or
unexpected
kernel
interactions.
Strace
can
also
reveal
library
and
file
descriptor
activity
and
network-related
syscalls,
depending
on
what
the
traced
program
actually
executes.
for
verbose
runs,
and
may
slow
down
the
traced
program.
It
relies
on
appropriate
privileges
and
kernel
support,
and
not
all
environments
allow
tracing.
Strace
is
often
complemented
by
other
tracing
or
debugging
tools
as
needed.
See
also:
ltrace,
dtrace,
SystemTap,
perf.