Get started with strace and debug faster

Bug bumper

© Stuart Monk, Fotolia

© Stuart Monk, Fotolia

Article from Issue 103/2009

Get started with strace by examining a pair of "Hello World" programs. Next month, in the second part of this two-part series, I'll take a deeper look at strace output.

Strace is a useful little program – installed by default on most Linux systems – that allows you to take a look at the system calls used by an application. Don't be misled by the name: strace doesn't provide a stack trace – it just reports on system calls.

If you are having problems with a homegrown application – or with any application that offers you access to the source code – you can use strace to help determine where a program is crashing or what problems it is having. Even if you are not tracing a problem, strace is useful because it can help you find out more about what your system is doing, which can sometimes help with performance tuning and resource management.

In this article, I'll help you get started with strace by examining a pair of "Hello World" programs – one in Perl (a scripting language) and one in C (a compiled language). Next month, I'll cover some more advanced situations and take a deeper look into the strace output.

The Command

The basic strace command is:

strace program_name

However, this outputs everything straight to standard error (i.e., to the screen), and, as I'll show, there can be quite a lot of output. Thus, it's usually best to use the -o option to specify an output file:

strace -o outputfile.txt program_name

Some editors, such as vim, are able to do syntax highlighting of strace output. The syntax highlighting feature will display different parts of the file – and different parts of each line – in different colors. When you are trying to make sense of strace output, which can look a little confusing, this technique is particularly useful, and I strongly recommend you use an editor that offers syntax highlighting.

Strace on Perl

Consider the "Hello World" Perl script shown in Listing 1. In case you're not familiar with Perl, the first line tells the shell what program to use to run this script and, in this case, also sets the -w flag, which turns warnings on. The use strict statement turns the strict module on; use strict, which lets you see what output you get when loading a module, and -w are not really necessary in this script, but they are good habits. Finally, the last line prints the string "Hello, Perl!" with a newline at the end.

Listing 1


After you've saved this script, change to the directory that it's in, make the script executable with chmod u+x, and then, before you start looking at it with strace, run ./ to make sure the script contains no typos. Once you know the script is working, run strace on it with:

strace -o strace_perl.out ./

Next, open up the strace output file in an editor (Figure 1). The output might look a little intimidating, but don't worry about the details yet. Instead, look at the basic structure of each line. Strace outputs each system call as a single line, with the call name at the start of the line, its arguments in brackets, and the return value after the equals sign at the end of the line. Listing 2 shows the first lines of strace output.

Figure 1: Strace output in vim.

Listing 2

Example strace Output Lines


In your Perl strace, you'll first see a line stating what script you're executing. The next line (Listing 2) is a call to uname, showing the details of your system. What uname actually returns is a pointer to the data structure; strace fills this information in for you. (By default, it only prints some of the information, but you can also request more detailed information.)

Whenever strace encounters a pointer to a data structure, it gives you the information pointed at rather than the pointer itself.

Access Calls

Next you'll see some access calls, which attempt to access information in specific files (see Listing 3). The access call shows what file the program is trying to access (e.g., /etc/ and whether the attempt was successful. The -1 means unsuccessful, and the notice of failure is often accompanied with an error code (E  *: or in this case, ENOENT). Then the error code is translated into plain English; ENOENT means "no such file or directory."

If the file does exist, access checks to see whether the program is allowed to access it (e.g., if the permissions are correctly set).

Listing 3

Access Calls


Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Practical strace

    After "Hello World," you really need to look at system calls in more detail. In this second of two articles, we'll look at debugging in the real world.

  • strace and Firejail

    Software from unknown sources always poses some risks. With the strace analysis tool and the Firejail sandbox, you can monitor and isolate unknown applications to safeguard your system.

  • Debugging for Admins

    Whether you’re the sys admin of a home network or of a company-wide network of dozens or even hundreds of machines, some basic principles of debugging will come in handy.


    A little C code and the LD_PRELOAD variable let you customize library functions to modify program behavior.

  • Optimizing Shell Scripts

    Shell scripts are often written for simplicity rather than efficiency. A closer look at the processes can lead to easy optimization.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More