Strace is a diagnostic, debugging, and teaching tool for Linux that helps analyze problems by intercepting system calls when a program runs and outputting detailed information. Its core principle is to use the ptrace() system call to control the target process and pause the process every time the system call is to record the call details. Common uses include debugging applications, identifying dependencies, performance analysis, and security auditing. Typical scenarios include failed opening of the location configuration file, blocking network connections, or memory mapping errors. When using it, you can use strace -f mycommand to start a new process, or use strace -p PID to attach to an existing process; common options include -o output to a file, -tt add timestamp, -T display call time, -s increase string display length, and -e trace=xxx specify the tracked system call type. It should be noted that strace will bring performance overhead and is not suitable for long-term operation in production environments.
Strace is a powerful diagnostic, debugging, and instructional tool for Linux. It lets you see what system calls a program is making while it runs — which can be super helpful when trying to understand why something isn't working as expected.
What Happens When You Run strace
When you run a program with strace, it attaches to that process and intercepts all the system calls it makes. These include things like opening files, reading from or writing to sockets, memory allocations, and more. Strace then prints out each call, along with its arguments and return values.
This works by using the ptrace() system call under the hood — a special interface provided by the Linux kernel that allows one process (like strace) to control another (like your application). So every time the traced process tries to make a system call, the kernel pauses it and hands control over to strace so it can log what's happening.
You'll typically see output like this:
execve("./myprogram", ["./myprogram"], 0x7ffec13c020) = 0
brk(NULL) = 0x55d6e9a0d000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3Each line shows the system call name, the arguments passed, and the result.
Common Use Cases for Strace
- Debugging applications : If a program crashes or hangs without clear logs, strace helps pinpoint where it's getting stuck.
- Understanding dependencies : You can see which files or libraries a program opens at runtime.
- Performance analysis : Spot slow operations like repeated disk reads or network calls.
- Security audits : Check if a binary is accessing unexpected files or resources.
Some typical scenarios include:
- A script fails to open a config file — strace shows it's looking in the wrong directory.
- A network app hangs — strace reveals it's waiting on a socket connection that never comes.
- A binary segfaults — strace might show it's failing to mmap memory properly.
How to Use Strace Effectively
Start simple:
strace -f mycommand
The -f flag tells strace to follow forks, which is important because many programs spawn child processes.
If you're dealing with an already running process, use:
strace -p PID
That attaches strace to the process ID you specify.
Other useful flags:
-
-o filename: Save output to a file instead of printing to screen. -
-tt: Add timestamps to each line. -
-T: Show how much time was spent in each system call. -
-s: Increase the string size displayed (default is short, sometimes not enough).
For example, to trace a long-running service and save output:
strace -f -o debug.log -p 1234
One thing to keep in mind: strace adds overhead. Programs will run slower under tracing, especially if they make lots of system calls. So don't rely on it in performance-critical environments unless you really need to dig deep.
Also, some system calls are easy to miss if you're not filtering correctly. That's where options like -e trace=open,read,write come in handy — you can focus only on specific calls relevant to your issue.
Basically that's it. Once you get used to reading the output and knowing which flags to reach for, strace becomes a go-to tool for figuring out what's really going on behind the scenes.
The above is the detailed content of How does the strace command work?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Install LXC (Linux Containers) in RHEL, Rocky & AlmaLinux
Jul 05, 2025 am 09:25 AM
LXD is described as the next-generation container and virtual machine manager that offers an immersive for Linux systems running inside containers or as virtual machines. It provides images for an inordinate number of Linux distributions with support
How to troubleshoot DNS issues on a Linux machine?
Jul 07, 2025 am 12:35 AM
When encountering DNS problems, first check the /etc/resolv.conf file to see if the correct nameserver is configured; secondly, you can manually add public DNS such as 8.8.8.8 for testing; then use nslookup and dig commands to verify whether DNS resolution is normal. If these tools are not installed, you can first install the dnsutils or bind-utils package; then check the systemd-resolved service status and configuration file /etc/systemd/resolved.conf, and set DNS and FallbackDNS as needed and restart the service; finally check the network interface status and firewall rules, confirm that port 53 is not
How would you debug a server that is slow or has high memory usage?
Jul 06, 2025 am 12:02 AM
If you find that the server is running slowly or the memory usage is too high, you should check the cause before operating. First, you need to check the system resource usage, use top, htop, free-h, iostat, ss-antp and other commands to check CPU, memory, disk I/O and network connections; secondly, analyze specific process problems, and track the behavior of high-occupancy processes through tools such as ps, jstack, strace; then check logs and monitoring data, view OOM records, exception requests, slow queries and other clues; finally, targeted processing is carried out based on common reasons such as memory leaks, connection pool exhaustion, cache failure storms, and timing task conflicts, optimize code logic, set up a timeout retry mechanism, add current limit fuses, and regularly pressure measurement and evaluation resources.
Install Guacamole for Remote Linux/Windows Access in Ubuntu
Jul 08, 2025 am 09:58 AM
As a system administrator, you may find yourself (today or in the future) working in an environment where Windows and Linux coexist. It is no secret that some big companies prefer (or have to) run some of their production services in Windows boxes an
How to Burn CD/DVD in Linux Using Brasero
Jul 05, 2025 am 09:26 AM
Frankly speaking, I cannot recall the last time I used a PC with a CD/DVD drive. This is thanks to the ever-evolving tech industry which has seen optical disks replaced by USB drives and other smaller and compact storage media that offer more storage
How to find my private and public IP address in Linux?
Jul 09, 2025 am 12:37 AM
In Linux systems, 1. Use ipa or hostname-I command to view private IP; 2. Use curlifconfig.me or curlipinfo.io/ip to obtain public IP; 3. The desktop version can view private IP through system settings, and the browser can access specific websites to view public IP; 4. Common commands can be set as aliases for quick call. These methods are simple and practical, suitable for IP viewing needs in different scenarios.
How to Install NodeJS 14 / 16 & NPM on Rocky Linux 8
Jul 13, 2025 am 09:09 AM
Built on Chrome’s V8 engine, Node.JS is an open-source, event-driven JavaScript runtime environment crafted for building scalable applications and backend APIs. NodeJS is known for being lightweight and efficient due to its non-blocking I/O model and
How to Setup MySQL Replication in RHEL, Rocky and AlmaLinux
Jul 05, 2025 am 09:27 AM
Data replication is the process of copying your data across multiple servers to improve data availability and enhance the reliability and performance of an application. In MySQL replication, data is copied from a database from the master server to ot
