LLMpediaThe first transparent, open encyclopedia generated by LLMs

strace

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: systemd Hop 5
Expansion Funnel Raw 70 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted70
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
strace
Namestrace
AuthorPaul Kranenburg
DeveloperThe strace developers
Released1991
Programming languageC (programming language)
Operating systemLinux kernel, NetBSD, FreeBSD, OpenBSD
GenreSystem administration, Debugging (software)
LicenseGNU General Public License

strace strace is a diagnostic, debugging and instructional utility for monitoring interactions between user-space programs and the Linux kernel via system calls. It records and displays the system calls invoked by a process and the signals received by that process, aiding developers, system administrators and researchers working with Linux kernel internals, glibc behavior and program troubleshooting. strace is widely used alongside tools such as gdb, perf (Linux) and Valgrind in workflows involving performance tuning, compatibility investigation and security analysis.

Overview

strace attaches to a running process or launches a new process to intercept kernel-level interactions, exposing calls such as open, read, write, ioctl and execve and their arguments and return values. Practitioners from projects like Linux Foundation, Debian, Ubuntu (operating system), Red Hat and SUSE employ strace to diagnose file descriptor leaks, permission errors and library loader behavior involving ld.so and glibc. The utility interoperates with kernel tracing primitives like ptrace and interfaces with development environments used by contributors to GNOME, KDE, systemd and X.Org.

Usage and examples

Typical usage scenarios include launching an application under observation (for example, a web server such as Apache HTTP Server or Nginx (web server)) and attaching to daemons like sshd to inspect authentication-related calls. Common command-line invocations demonstrate flags for following forks, tracing child processes spawned by fork (system call), and filtering by syscall name to focus on interactions with files managed under ext4 or XFS. Examples shown in documentation for distributions like Fedora (operating system), Arch Linux, and Gentoo Linux illustrate diagnosing missing shared libraries referenced by programs such as Python (programming language), Ruby (programming language), or Node.js (JavaScript runtime). Integrations with continuous integration systems operated by organizations like Jenkins (software), GitLab and Travis CI help capture runtime failures in automated test suites.

System call tracing mechanisms

strace relies primarily on the ptrace system call provided by the Linux kernel and compatible kernels like those in NetBSD and FreeBSD to intercept system calls and single-step processes. On modern kernels, strace may leverage specific ABI support such as audit (Linux kernel) or in-kernel probes via kprobes for advanced tracing scenarios, and cooperates with kernel facilities used by eBPF tooling like BPF Compiler Collection and bcc (tools) for complementary observability. strace must handle architecture-specific syscall conventions for platforms supported by the Linux kernel such as x86_64, ARM, PowerPC, and MIPS; these differences affect argument passing, return registers and syscall numbers.

Options and output interpretation

Command-line options allow selection of syscall classes, process ID attachment, and output formatting suitable for human analysis or machine parsing used by projects like SystemTap or Fluentd. Output lines typically include a timestamp, the syscall name, argument list, return value and error codes from errno. Interpreting that output requires familiarity with runtime libraries such as glibc and kernel error semantics defined in headers maintained by groups like the GNU Project and contributors associated with the Linux kernel mailing list. Advanced formatting options mirror features in tools used by BSD developers and by vendors such as IBM and Intel for performance and correctness diagnostics in enterprise deployments.

Implementation and development history

Initial development traces to early UNIX and Linux debugging practices; the utility evolved in public contributions from maintainers and community members including Paul Kranenburg and others within the open source community. Over time, the codebase received patches and enhancements from contributors affiliated with organizations like Red Hat, SUSE, Canonical (company), and independent maintainers who addressed support for additional architectures and syscalls introduced by kernel releases. The project coordinates via mailing lists and repositories in the style of other open source efforts such as Git, with release practices influenced by distribution maintainers of Debian and Fedora packaging policies.

Limitations and alternatives

Because strace operates via process-level interception, it cannot directly inspect in-kernel state unreachable from syscall interfaces, and its overhead can perturb timing-sensitive applications such as real-time operating system workloads or high-frequency trading systems used in financial firms. Alternatives and complementary tools include ltrace for library call tracing, SystemTap and DTrace for kernel-level instrumentation, and perf (Linux) or eBPF-based tools for low-overhead profiling. For containerized environments orchestrated by Docker, Kubernetes, and systemd, operators may combine strace with container-debugging workflows employed by projects like CRI-O and containerd to isolate issues across namespaces and cgroups.

Category:Unix software Category:Debuggers Category:Linux administration