7 strace examples to debug the execution of a program in linux
Upcoming SlideShare
Loading in...5
×
 

7 strace examples to debug the execution of a program in linux

on

  • 4,258 views

 

Statistics

Views

Total Views
4,258
Views on SlideShare
4,258
Embed Views
0

Actions

Likes
2
Downloads
37
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

7 strace examples to debug the execution of a program in linux 7 strace examples to debug the execution of a program in linux Document Transcript

  • 7  Strace  Examples  to  Debug  the  ExecuIon  of  a  Program  in  Linux hVp://www.thegeekstuff.com/2011/11/strace-­‐examples/ Home About Free  eBook Archives Best  of  the  Blog Contact 7  Strace  Examples  to  Debug  the  Execu5on  of  a  Program  in  Linux by  Balakrishnan  Mariyappan  on  November  23,  2011 18 Like 13 Tweet 33 Strace  is  a  debugging  tool  that  will  help  you  troubleshoot  issues. Strace  monitors  the  system  calls  and  signals  of  a  specific  program.  It  is  helpful  when  you  do  not  have  the  source  code  and  would  like  to  debug  the  execuIon  of a  program.  strace  provides  you  the  execuIon  sequence  of  a  binary  from  start  to  end. This  arIcle  explains  7  strace  examples  to  get  you  started. 1.  Trace  the  Execu5on  of  an  Executable You  can  use  strace  command  to  trace  the  execuIon  of  any  executable.  The  following  example  shows  the  output  of  strace  for  the  Linux  ls  command. $ strace ls execve("/bin/ls", ["ls"], [/* 21 vars */]) = 0 brk(0) = 0x8c31000 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) mmap2(NULL, 8192, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb78c7000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=65354, ...}) = 0 ... ... ... 2.  Trace  a  Specific  System  Calls  in  an  Executable  Using  Op5on  -­‐e Be  default,  strace  displays  all  system  calls  for  the  given  executable.  To  display  only  a  specific  system  call,  use  the  strace  -­‐e  opIon  as  shown  below. $ strace -e open ls open("/etc/ld.so.cache", O_RDONLY) = 3 open("/lib/libselinux.so.1", O_RDONLY) = 3 open("/lib/librt.so.1", O_RDONLY) = 3 open("/lib/libacl.so.1", O_RDONLY) = 3 open("/lib/libc.so.6", O_RDONLY) = 3 open("/lib/libdl.so.2", O_RDONLY) = 3 open("/lib/libpthread.so.0", O_RDONLY) = 3 open("/lib/libattr.so.1", O_RDONLY) = 3 open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 3 open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3 open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|O_CLOEXEC) = 3 Desktop Documents Downloads examples.desktop libflashplayer.so Music Pictures Public Templates Ubuntu_OS Videos The  above  output  displays  only  the  open  system  call  of  the  ls  command.  At  the  end  of  the  strace  output,  it  also  displays  the  output  of  the  ls  command. If  you  want  to  trace  mulIple  system  calls  use  the  “-­‐e  trace=”  opIon.  The  following  example  displays  both  open  and  read  system  calls.1  of  7 18  Apr  12  7:28  pm
  • 7  Strace  Examples  to  Debug  the  ExecuIon  of  a  Program  in  Linux hVp://www.thegeekstuff.com/2011/11/strace-­‐examples/ $ strace -e trace=open,read ls /home open("/etc/ld.so.cache", O_RDONLY) = 3 open("/lib/libselinux.so.1", O_RDONLY) = 3 read(3, "177ELF111331260G004"..., 512) = 512 open("/lib/librt.so.1", O_RDONLY) = 3 read(3, "177ELF11133130030004"..., 512) = 512 .. open("/lib/libattr.so.1", O_RDONLY) = 3 read(3, "177ELF111331360r004"..., 512) = 512 open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 3 read(3, "nodevtsysfsnnodevtrootfsnnodevtb"..., 1024) = 315 read(3, "", 1024) = 0 open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3 open("/home", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|O_CLOEXEC) = 3 bala 3.  Save  the  Trace  Execu5on  to  a  File  Using  Op5on  -­‐o The  following  examples  stores  the  strace  output  to  output.txt  file. $ strace -o output.txt ls Desktop Documents Downloads examples.desktop libflashplayer.so Music output.txt Pictures Public Templates Ubuntu_OS Videos $ cat output.txt execve("/bin/ls", ["ls"], [/* 37 vars */]) = 0 brk(0) = 0x8637000 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) mmap2(NULL, 8192, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7860000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=67188, ...}) = 0 ... ... 4.  Execute  Strace  on  a  Running  Linux  Process  Using  Op5on  -­‐p You  could  execute  strace  on  a  program  that  is  already  running  using  the  process  id.  First,  idenIfy  the  PID  of  a  program  using  ps  command. For  example,  if  you  want  to  do  strace  on  the  firefox  program  that  is  currently  running,  idenIfy  the  PID  of  the  firefox  program. $ ps -C firefox-bin PID TTY TIME CMD 1725 ? 00:40:50 firefox-bin Use  strace  -­‐p  opIon  as  shown  below  to  display  the  strace  for  a  given  process  id. $ sudo strace -p 1725 -o firefox_trace.txt $ tail -f firefox_trace.txt Now  the  execuIon  trace  of  firefox  process  will  be  logged  into  firefox_trace.txt  text  file.  You  can  tail  this  text  file  to  watch  the  live  trace  of  the  firefox  executable. Strace  will  display  the  following  error  when  your  user  id  does  not  match  the  user  id  of  the  given  process. $ strace -p 1725 -o output.txt attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted Could not attach to process. If your uid matches the uid of the target process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try again as the root user. For more details, see /etc/sysctl.d/10-ptrace.conf 5.  Print  Timestamp  for  Each  Trace  Output  Line  Using  Op5on  -­‐t To  print  the  Imestamp  for  each  strace  output  line,  use  the  opIon  -­‐t  as  shown  below. $ strace -t -e open ls /home 20:42:37 open("/etc/ld.so.cache", O_RDONLY) = 3 20:42:37 open("/lib/libselinux.so.1", O_RDONLY) = 3 20:42:37 open("/lib/librt.so.1", O_RDONLY) = 3 20:42:37 open("/lib/libacl.so.1", O_RDONLY) = 32  of  7 18  Apr  12  7:28  pm
  • 7  Strace  Examples  to  Debug  the  ExecuIon  of  a  Program  in  Linux hVp://www.thegeekstuff.com/2011/11/strace-­‐examples/ 20:42:37 open("/lib/libc.so.6", O_RDONLY) = 3 20:42:37 open("/lib/libdl.so.2", O_RDONLY) = 3 20:42:37 open("/lib/libpthread.so.0", O_RDONLY) = 3 20:42:37 open("/lib/libattr.so.1", O_RDONLY) = 3 20:42:37 open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 3 20:42:37 open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3 20:42:37 open("/home", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|O_CLOEXEC) = 3 bala 6.  Print  Rela5ve  Time  for  System  Calls  Using  Op5on  -­‐r Strace  also  has  the  opIon  to  print  the  execuIon  Ime  for  each  system  calls  as  shown  below. $ strace -r ls 0.000000 execve("/bin/ls", ["ls"], [/* 37 vars */]) = 0 0.000846 brk(0) = 0x8418000 0.000143 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) 0.000163 mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb787b000 0.000119 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) 0.000123 open("/etc/ld.so.cache", O_RDONLY) = 3 0.000099 fstat64(3, {st_mode=S_IFREG|0644, st_size=67188, ...}) = 0 0.000155 mmap2(NULL, 67188, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb786a000 ... ... 7.  Generate  Sta5s5cs  Report  of  System  Calls  Using  Op5on  -­‐c Using  opIon  -­‐c,  strace  provides  useful  staIsIcal  report  for  the  execuIon  trace.  The  “calls”  column  in  the  following  output  indicated  how  many  Imes  that parIcular  system  call  was  executed. $ strace -c ls /home bala % time seconds usecs/call calls errors syscall ------ ----------- ----------- --------- --------- ---------------- -nan 0.000000 0 9 read -nan 0.000000 0 1 write -nan 0.000000 0 11 open -nan 0.000000 0 13 close -nan 0.000000 0 1 execve -nan 0.000000 0 9 9 access -nan 0.000000 0 3 brk -nan 0.000000 0 2 ioctl -nan 0.000000 0 3 munmap -nan 0.000000 0 1 uname -nan 0.000000 0 11 mprotect -nan 0.000000 0 2 rt_sigaction -nan 0.000000 0 1 rt_sigprocmask -nan 0.000000 0 1 getrlimit -nan 0.000000 0 25 mmap2 -nan 0.000000 0 1 stat64 -nan 0.000000 0 11 fstat64 -nan 0.000000 0 2 getdents64 -nan 0.000000 0 1 fcntl64 -nan 0.000000 0 2 1 futex -nan 0.000000 0 1 set_thread_area -nan 0.000000 0 1 set_tid_address -nan 0.000000 0 1 statfs64 -nan 0.000000 0 1 set_robust_list ------ ----------- ----------- --------- --------- ---------------- 100.00 0.000000 114 10 total 18 Tweet 33 Like 13  Share  Comment If  you  enjoyed  this  ar5cle,  you  might  also  like.. 1. 50  Linux  Sysadmin  Tutorials Awk  IntroducIon  –  7  Awk  Print  Examples3  of  7 18  Apr  12  7:28  pm
  • 7  Strace  Examples  to  Debug  the  ExecuIon  of  a  Program  in  Linux hVp://www.thegeekstuff.com/2011/11/strace-­‐examples/ 2. 50  Most  Frequently  Used  Linux  Commands  (With  Examples) Advanced  Sed  SubsItuIon  Examples 3. Top  25  Best  Linux  Performance  Monitoring  and  Debugging  Tools 8  EssenIal  Vim  Editor  NavigaIon  Fundamentals 4. Mommy,  I  found  it!  –  15  PracIcal  Linux  Find  Command  Examples 25  Most  Frequently  Used  Linux  IPTables  Rules  Examples 5. Linux  101  Hacks  2nd  EdiIon  eBook   Turbocharge  PuTTY  with  12  Powerful  Add-­‐Ons {  7  comments…  read  them  below  or  add  one  } 1  dariusz  November  23,  2011  at  4:16  am One  of  the  opIon  I  use  for  process  which  can  spool  many  children  is  “-­‐f  -­‐ff ”  to  ensure  you  follow  all  threads. This  is  the  case  for  example  for  Apache  or  Squid 2  ronik  November  23,  2011  at  6:28  am very  useful..  thanks  a  lot 3  Lakshmanan  November  23,  2011  at  6:45  am Good  one  sir 4  TedSki  November  23,  2011  at  9:02  am Another  opIon  I  find  useful  more  onen  than  not  is  the  –size  switch.  By  default,  strace  only  shows  the  first  32  bytes  of  each  call.  When  debugging writes,  it  is  onen  useful  to  see  more  than  32  bytes.  To  remedy  this,  use: $  strace  -­‐sx  … where  x  is  the  number  of  bytes  you’d  like  to  see. 5  jalal  hajigholamali  November  23,  2011  at  2:58  pm Hi, Thanks  a  lot 6  rakesh  November  23,  2011  at  10:10  pm Good  One 7  sungjin  February  16,  2012  at  1:53  am Very  good,  thanks  a  lot. Leave  a  Comment Name E-­‐mail Website4  of  7 18  Apr  12  7:28  pm
  • 7  Strace  Examples  to  Debug  the  ExecuIon  of  a  Program  in  Linux hVp://www.thegeekstuff.com/2011/11/strace-­‐examples/  NoIfy  me  of  followup  comments  via  e-­‐mail Submit Previous  post:  RAID  2,  RAID  3,  RAID  4,  RAID  6  Explained  with  Diagram Next  post:  How  to  Detect  Memory  Leaks  Using  Valgrind  memcheck  Tool  for  C  /  C++ Sign  up  for  our  free  email  newsleVer   you@address.com           Sign Up            RSS    TwiVer    Facebook   Search EBOOKS5  of  7 18  Apr  12  7:28  pm
  • 7  Strace  Examples  to  Debug  the  ExecuIon  of  a  Program  in  Linux hVp://www.thegeekstuff.com/2011/11/strace-­‐examples/ POPULAR  POSTS 12  Amazing  and  EssenIal  Linux  Books  To  Enrich  Your  Brain  and  Library 50  UNIX  /  Linux  Sysadmin  Tutorials 50  Most  Frequently  Used  UNIX  /  Linux  Commands  (With  Examples) How  To  Be  ProducIve  and  Get  Things  Done  Using  GTD 30  Things  To  Do  When  you  are  Bored  and  have  a  Computer Linux  Directory  Structure  (File  System  Structure)  Explained  with  Examples Linux  Crontab:  15  Awesome  Cron  Job  Examples Get  a  Grip  on  the  Grep!  –  15  PracIcal  Grep  Command  Examples Unix  LS  Command:  15  PracIcal  Examples 15  Examples  To  Master  Linux  Command  Line  History Top  10  Open  Source  Bug  Tracking  System Vi  and  Vim  Macro  Tutorial:  How  To  Record  and  Play Mommy,  I  found  it!  -­‐-­‐  15  PracIcal  Linux  Find  Command  Examples 15  Awesome  Gmail  Tips  and  Tricks 15  Awesome  Google  Search  Tips  and  Tricks RAID  0,  RAID  1,  RAID  5,  RAID  10  Explained  with  Diagrams Can  You  Top  This?  15  PracIcal  Linux  Top  Command  Examples Top  5  Best  System  Monitoring  Tools Top  5  Best  Linux  OS  DistribuIons How  To  Monitor  Remote  Linux  Host  using  Nagios  3.0 Awk  IntroducIon  Tutorial  –  7  Awk  Print  Examples How  to  Backup  Linux?  15  rsync  Command  Examples The  UlImate  Wget  Download  Guide  With  15  Awesome  Examples Top  5  Best  Linux  Text  Editors Packet  Analyzer:  15  TCPDUMP  Command  Examples The  UlImate  Bash  Array  Tutorial  with  15  Examples 3  Steps  to  Perform  SSH  Login  Without  Password  Using  ssh-­‐keygen  &  ssh-­‐copy-­‐id Unix  Sed  Tutorial:  Advanced  Sed  SubsItuIon  Examples UNIX  /  Linux:  10  Netstat  Command  Examples The  UlImate  Guide  for  CreaIng  Strong  Passwords 6  Steps  to  Secure  Your  Home  Wireless  Network Turbocharge  PuTTY  with  12  Powerful  Add-­‐Ons About  The  Geek  Stuff  My  name  is  Ramesh  Natarajan.  I  will  be  posIng  instrucIon  guides,  how-­‐to,  troubleshooIng  Ips  and  tricks  on  Linux,  database, hardware,  security  and  web.  My  focus  is  to  write  arIcles  that  will  either  teach  you  or  help  you  resolve  a  problem.  Read  more  about  Ramesh  Natarajan and  the  blog. Support  Us Support  this  blog  by  purchasing  one  of  my  ebooks. Bash  101  Hacks  eBook Sed  and  Awk  101  Hacks  eBook6  of  7 18  Apr  12  7:28  pm
  • 7  Strace  Examples  to  Debug  the  ExecuIon  of  a  Program  in  Linux hVp://www.thegeekstuff.com/2011/11/strace-­‐examples/ Vim  101  Hacks  eBook Nagios  Core  3  eBook Contact  Us Email  Me  :  Use  this  Contact  Form  to  get  in  touch  me  with  your  comments,  quesIons  or  suggesIons  about  this  site.  You  can  also  simply  drop  me  a  line to  say  hello!. Follow  us  on  TwiVer Become  a  fan  on  Facebook     Copyright  ©  2008–2012  Ramesh  Natarajan.  All  rights  reserved  |  Terms  of  Service  |  AdverIse7  of  7 18  Apr  12  7:28  pm