Saturday, May 28, 2011

Get used to work with strace !!


Hi all,
Recently a friend of mine asked me about a problem he had,
I suggested him to resolve the problem using strace tool.
he haven't heard about it before, so today I decided to dedicate this post for him, enjoy it Yoav ;-) .

Strace is a tool which comes with linux, it’s one of the most useful tools out there. It traces the system calls, which interact between a process and the Linux kernel. I would recommend using the strace tool for first investigation or for problems which are related to the operating system.
The strace will help you finding the cause of the problem or help you narrowing down the scope of the problem. It only provides information about the system calls that where invoked by a process. I’ll give an example for a simple short program I wrote:


#include <sys/stat.h>
#include <fcntl.h>

int main()
{
 int fd;
 int i=0;

 fd=open("/tmp/myfile",O_RDONLY);

 if (fd<0) i=5;
 else i=2;
 return i;
}


So lets generate a strace output, simply write in the terminal window:

gil@ubuntu:~$ gcc myExample.c -o myExample
gil@ubuntu:~$ strace -o myExample.strace myExample
gil@ubuntu:~$ cat myExample.strace

see what would be the output of the strace commands, we should see a list of system calls, like this:
execve("/home/gil/myExample", ["myExample"], [/* 37 vars */]) = 0
brk(0)                                  = 0x9070000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77cd000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=57002, ...}) = 0
mmap2(NULL, 57002, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77bf000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/tls/i686/cmov/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000m\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1405508, ...}) = 0
mmap2(NULL, 1415592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x662000
mprotect(0x7b5000, 4096, PROT_NONE)     = 0
mmap2(0x7b6000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x7b6000
mmap2(0x7b9000, 10664, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7b9000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77be000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb77be6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0x7b6000, 8192, PROT_READ)     = 0
mprotect(0x8049000, 4096, PROT_READ)    = 0
mprotect(0x29a000, 4096, PROT_READ)     = 0
munmap(0xb77bf000, 57002)               = 0
open("/tmp/myfile", O_RDONLY)           = 3
exit_group(2)                           = ?

You can see clearly on line 25 the open system call appears, nice!
But do you recognize the 24 lines which came before?

Those lines are systems calls too, although weren't invoked directly by you. Most of those system calls belong to process initialization, such as:

On Line 1: execve call - transforms the calling process into a new process.

On line 2:  brk call - sets the end of the data segment to the value specified by adsress argument.

On line 4:  mmap call - establish a mapping between a process' address space and a file, shared memory object.


On line 21:  mprotect – set protection of memory mapping.

and many more…

For getting a table, which holds the summary of the program use th -c option.

There are a bunch of features to the strace tool, I’ll be covering them on the next posts.
feel free to e-mail me if you would like to add few points ;-)

No comments:

Post a Comment

About