Tracing a computer program is not reserved only for those who have the source code, they can read it and know how to use a debugger. Any Linux user can trace an executable with strace. Find out how!
What is it strace?
strace is a Linux utility that enables you to trace the system calls made by a given application. It will also capture signals and produce a detailed output of all the information it observes..
A new person to crawl and crawl, usually, you might ask why this is useful. A professional IT engineer might ask how much information Strace can truly capture, especially if you know how much information a debugger like GDB can see.
If you are interested in debugging computer codes and programs, see our post Debugging with GDB: introduction.
There is good news in both cases! Tracking all system calls and signals provides a complete picture of a program's operation, and it's a great troubleshooting and even debugging tool. At the same time, runs throughout runtime (as a wrapping procedure), but it can be easily traced in a log file and offers an easy-to-digest overview of a program's actions.
Comparing this with GDB, which is also a wrapping procedure, things are substantially different. As an example, and GDB, one could trace a program step by step (as an example, one line of code at the same time or one logical block of code, or using breakpoints in code). Despite this, these steps are performed during runtime, while strace just runs the program as a whole until some error occurs or until it completes.
The engineer or user can go and analyze the entire record (text-based), look for interesting strings, etc. At the same time, GDB would allow to see signals and calls to the system in addition, even though configuring and analyzing it is much more complex than with strace.
Con strace, you can simply run the program in strace (In other words strace some_program), and even though this is roughly the same as GDB, the operation differs significantly, as previously described.
Regarding the amount of information that can be seen in a trace, it's good to take a step back and remember where most computer problems come from: Full Disk, exhausted memory, no file found, wrong entry, etc.
Especially in disk access areas, strace truly shines. How it records all system calls, every disk access is highly visible in the registry. Again, can search for relevant text strings and file names, even when you keep in mind that, sometimes, chains can be reduced in length, so only partial output can be visible.
In summary, if we had to qualify strace as a debugging tool and / or troubleshooting and assign it a place in a newer or more proficient Linux user toolbox, then, in both cases, the solution is roughly in the middle, even though it leans a bit more towards troubleshooting than debugging. Let's install strace Next.
RELATED: How logic gates work: OR, AND, XOR, NOR, NAND, XNOR y NOT
installing strace
Install strace on your Debian-based Linux distribution / Apt (like Ubuntu and Mint), run the following command in your terminal:
sudo apt install strace
Install strace on your RedHat-based Linux distribution / Yum (like RHEL, Centos and Fedora), run the following command in your terminal:
sudo yum install strace
Using strace
After install strace, it's quite easy to start. We can, as an example, trace the linux sleep command / utility:
strace sleep 1
Immediately, the result proves the above statement. There is a wealth of information on all the actions taken by the (very) simple sleep 1 command, that, after all, just actions sleeping for a single second.
Let's look at some things that we can observe right away:
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
We can see that shortly after starting, the program tried to enter (On the disk) to file /etc/ld.so.preload. We can also see that this failed (-1 status), since the file was not found (ENOENT) with descriptive error message No such file or directory.
Only this single starting line could lead to further investigation. As an example, we can scan our favorite search engine looking for what the file /etc/ld.so.preload it is / does and what happens when a program can't find it, as well as how we can install it.
As you can see, if i run a software / more complex program in strace, it is possible that it discovers that it is trying to enter a file, as an example, a shared file .so library and I can't find it. Easily analyzed and probably easily fixed thanks to strace.
Next, we see the conf.d binary cache that opens successfully as read only (O_RDONLY), with the close-on-exec flag (used in multithreaded programs to avoid race conditions) O_CLOEXEC set of flags:
Open(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
Even if you don't know what each element means, a simple online search will quickly provide information on each specific term or word, which will help you understand the information presented and what is happening.
Also of particular interest is this line towards the end:
+++ exited with 0 +++
This indicates that the program exited successfully with the exit code. 0. An exit code of 0 generally indicates successful execution and termination of Linux programs.
As you can see from the above examples, it's easy to see what a program does using strace. You can parse every line and even every word in every line and, often, it takes a search engine to shed some light. Despite this, even taking a look at the output of a crashing program may be enough to find the exact cause and fix it., and especially when, as an example, a required file is missing, etc.
RELATED: How Linux Runlevels Impact Running Services
Secondary process monitoring
When you use strace, sometimes it will seem that strace it is not correctly tracking all system calls from the program, etc. This could simply be because the program being tracked has started / started several child processes, as an example, when branching child processes.
It's simple to include these child processes in the strace capture: just add the -f command line option (In other words, strace -f your_program), and also all calls to the system will be traced, etc., of all child processes.
Ending
In this post, we discussed the strace tool, which can be used to track any program or application running on a Linux based computer.
After installing the tool, we can start the program simply and directly under strace and enjoy the high level of troubleshooting and debugging information that strace wrapper will present us.
