Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   strace    ( 1 )

отслеживать системные вызовы и сигналы (trace system calls and signals)

Примечание (Note)

It is a pity that so much tracing clutter is produced by systems
       employing shared libraries.

It is instructive to think about system call inputs and outputs as data-flow across the user/kernel boundary. Because user-space and kernel-space are separate and address-protected, it is sometimes possible to make deductive inferences about process behavior using inputs and outputs as propositions.

In some cases, a system call will differ from the documented behavior or have a different name. For example, the faccessat(2) system call does not have flags argument, and the setrlimit(2) library function uses prlimit64(2) system call on modern (2.6.38+) kernels. These discrepancies are normal but idiosyncratic characteristics of the system call interface and are accounted for by C library wrapper functions.

Some system calls have different names in different architectures and personalities. In these cases, system call filtering and printing uses the names that match corresponding __NR_* kernel macros of the tracee's architecture and personality. There are two exceptions from this general rule: arm_fadvise64_64(2) ARM syscall and xtensa_fadvise64_64(2) Xtensa syscall are filtered and printed as fadvise64_64(2).

On x32, syscalls that are intended to be used by 64-bit processes and not x32 ones (for example, readv(2), that has syscall number 19 on x86_64, with its x32 counterpart has syscall number 515), but called with __X32_SYSCALL_BIT flag being set, are designated with #64 suffix.

On some platforms a process that is attached to with the -p option may observe a spurious EINTR return from the current system call that is not restartable. (Ideally, all system calls should be restarted on strace attach, making the attach invisible to the traced process, but a few system calls aren't. Arguably, every instance of such behavior is a kernel bug.) This may have an unpredictable effect on the process if the process takes no action to restart the system call.

As strace executes the specified command directly and does not employ a shell for that, scripts without shebang that usually run just fine when invoked by shell fail to execute with ENOEXEC error. It is advisable to manually supply a shell as a command with the script as its argument.