1 .\" Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
2 .\" Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
3 .\" Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
4 .\" Copyright (c) 1996-2017 The strace developers.
5 .\" All rights reserved.
7 .\" Redistribution and use in source and binary forms, with or without
8 .\" modification, are permitted provided that the following conditions
10 .\" 1. Redistributions of source code must retain the above copyright
11 .\" notice, this list of conditions and the following disclaimer.
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
15 .\" 3. The name of the author may not be used to endorse or promote products
16 .\" derived from this software without specific prior written permission.
18 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
40 .\" Like .OP, but with ellipsis at the end in order to signify that option
41 .\" can be provided multiple times. Based on .OP definition in groff's
45 . RI "[\fB\\$1\fP" "\ \\$2" "]...\&"
47 . RB "[" "\\$1" "]...\&"
52 . RI "\fB\\$1\fP" "\ \\$2"
56 .TH STRACE 1 "@MANPAGE_DATE@" "strace @VERSION@"
58 strace \- trace system calls and signals
61 .OP \-ACdffhikqrtttTvVxxy
75 .OM \-E var\fR[=\fIval\fR]
77 .IR command " [" args ]
94 .OM \-E var\fR[=\fIval\fR]
96 .IR command " [" args ]
101 .IX "strace command" "" "\fLstrace\fR command"
108 It intercepts and records the system calls which are called
109 by a process and the signals which are received by a process.
110 The name of each system call, its arguments and its return value
111 are printed on standard error or to the file specified with the
116 is a useful diagnostic, instructional, and debugging tool.
117 System administrators, diagnosticians and trouble-shooters will find
118 it invaluable for solving problems with
119 programs for which the source is not readily available since
120 they do not need to be recompiled in order to trace them.
121 Students, hackers and the overly-curious will find that
122 a great deal can be learned about a system and its system calls by
123 tracing even ordinary programs. And programmers will find that
124 since system calls and signals are events that happen at the user/kernel
125 interface, a close examination of this boundary is very
126 useful for bug isolation, sanity checking and
127 attempting to capture race conditions.
129 Each line in the trace contains the system call name, followed
130 by its arguments in parentheses and its return value.
131 An example from stracing the command "cat /dev/null" is:
133 open("/dev/null", O_RDONLY) = 3
135 Errors (typically a return value of \-1) have the errno symbol
136 and error string appended.
138 open("/foo/bar", O_RDONLY) = \-1 ENOENT (No such file or directory)
140 Signals are printed as signal symbol and decoded siginfo structure.
141 An excerpt from stracing and interrupting the command "sleep 666" is:
143 sigsuspend([] <unfinished ...>
144 --- SIGINT {si_signo=SIGINT, si_code=SI_USER, si_pid=...} ---
145 +++ killed by SIGINT +++
147 If a system call is being executed and meanwhile another one is being called
148 from a different thread/process then
150 will try to preserve the order of those events and mark the ongoing call as
153 When the call returns it will be marked as
156 [pid 28772] select(4, [3], NULL, NULL, NULL <unfinished ...>
157 [pid 28779] clock_gettime(CLOCK_REALTIME, {1130322148, 939977000}) = 0
158 [pid 28772] <... select resumed> ) = 1 (in [3])
160 Interruption of a (restartable) system call by a signal delivery is processed
161 differently as kernel terminates the system call and also arranges its
162 immediate reexecution after the signal handler completes.
164 read(0, 0x7ffff72cf5cf, 1) = ? ERESTARTSYS (To be restarted)
166 rt_sigreturn(0xe) = 0
169 Arguments are printed in symbolic form with passion.
170 This example shows the shell performing ">>xyzzy" output redirection:
172 open("xyzzy", O_WRONLY|O_APPEND|O_CREAT, 0666) = 3
174 Here, the third argument of
176 is decoded by breaking down the
177 flag argument into its three bitwise-OR constituents and printing the
178 mode value in octal by tradition. Where the traditional or native
179 usage differs from ANSI or POSIX, the latter forms are preferred.
182 output is proven to be more readable than the source.
184 Structure pointers are dereferenced and the members are displayed
185 as appropriate. In most cases, arguments are formatted in the most C-like
187 For example, the essence of the command "ls \-l /dev/null" is captured as:
189 lstat("/dev/null", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 3), ...}) = 0
191 Notice how the 'struct stat' argument is dereferenced and how each member is
192 displayed symbolically. In particular, observe how the
194 member is carefully decoded into a bitwise-OR of symbolic and numeric values.
195 Also notice in this example that the first argument to
197 is an input to the system call and the second argument is an output.
198 Since output arguments are not modified if the system call fails, arguments may
199 not always be dereferenced. For example, retrying the "ls \-l" example
200 with a non-existent file produces the following line:
202 lstat("/foo/bar", 0xb004) = \-1 ENOENT (No such file or directory)
204 In this case the porch light is on but nobody is home.
208 are printed raw, with the unknown system call number printed in hexadecimal form
209 and prefixed with "syscall_":
211 syscall_0xbad(0xfedcba9876543210, 0xfedcba9876543211, 0xfedcba9876543212,
212 0xfedcba9876543213, 0xfedcba9876543214, 0xfedcba9876543215) = -1 (errno 38)
215 Character pointers are dereferenced and printed as C strings.
216 Non-printing characters in strings are normally represented by
217 ordinary C escape codes.
220 (32 by default) bytes of strings are printed;
221 longer strings have an ellipsis appended following the closing quote.
222 Here is a line from "ls \-l" where the
224 library routine is reading the password file:
226 read(3, "root::0:0:System Administrator:/"..., 1024) = 422
228 While structures are annotated using curly braces, simple pointers
229 and arrays are printed using square brackets with commas separating
230 elements. Here is an example from the command "id" on a system with
231 supplementary group ids:
233 getgroups(32, [100, 0]) = 2
235 On the other hand, bit-sets are also shown using square brackets
236 but set elements are separated only by a space. Here is the shell,
237 preparing to execute an external command:
239 sigprocmask(SIG_BLOCK, [CHLD TTOU], []) = 0
241 Here, the second argument is a bit-set of two signals,
242 .BR SIGCHLD " and " SIGTTOU .
243 In some cases, the bit-set is so full that printing out the unset
244 elements is more valuable. In that case, the bit-set is prefixed by
247 sigprocmask(SIG_UNBLOCK, ~[], NULL) = 0
249 Here, the second argument represents the full set of all signals.
254 Align return values in a specific column (default column 40).
257 Print the instruction pointer at the time of the system call.
260 Print the execution stack trace of the traced processes after each system call.
261 This option is available only if
263 is built using \-\-enable\-stacktrace configure option.
266 Write the trace output to the file
268 rather than to stderr.
273 If the argument begins with '|' or '!', the rest of the
274 argument is treated as a command and all output is piped to it.
275 This is convenient for piping the debugging output to a program
276 without affecting the redirections of executed programs.
277 The latter is not compatible with
282 Open the file provided in the
284 option in append mode.
287 Suppress messages about attaching, detaching etc. This happens
288 automatically when output is redirected to a file and the command
289 is run directly instead of attaching.
292 If given twice, suppress messages about process exit status.
295 Print a relative timestamp upon entry to each system call. This
296 records the time difference between the beginning of successive
300 option uses the monotonic clock time for measuring time difference and not the
301 wall clock time, its measurements can differ from the difference in time
307 Specify the maximum string size to print (the default is 32). Note
308 that filenames are not considered strings and are always printed in
312 Prefix each line of the trace with the wall clock time.
315 If given twice, the time printed will include the microseconds.
318 If given thrice, the time printed will include the microseconds
319 and the leading portion will be printed as the number
320 of seconds since the epoch.
323 Show the time spent in system calls. This records the time
324 difference between the beginning and the end of each system call.
327 Print all non-ASCII strings in hexadecimal string format.
330 Print all strings in hexadecimal string format.
333 Set the format for printing of named constants and flags.
340 Raw number output, without decoding.
343 Output a named constant or a set of flags instead of the raw number if they are
350 Output both the raw value and the decoded string (as a comment).
354 Print paths associated with file descriptor arguments.
357 Print protocol specific information associated with socket file descriptors,
358 and block/character device number associated with device file descriptors.
362 Count time, calls, and errors for each system call and report a summary on
363 program exit, suppressing the regular output.
364 This attempts to show system time (CPU time spent running
365 in the kernel) independent of wall clock time. If
369 only aggregate totals for all traced processes are kept.
374 but also print regular output while processes are running.
377 Set the overhead for tracing system calls to
380 This is useful for overriding the default heuristic for guessing
381 how much time is spent in mere measuring when timing system calls using
384 option. The accuracy of the heuristic can be gauged by timing a given
385 program run without tracing (using
387 and comparing the accumulated
388 system call time to the total produced using
392 Sort the output of the histogram printed by the
394 option by the specified criterion. Legal values are
404 Summarise the time difference between the beginning and end of
405 each system call. The default is to summarise the system time.
409 A qualifying expression which modifies which events to trace
410 or how to trace them. The format of the expression is:
413 [\,\fIqualifier\/\fB=\fR][\fB!\fR][\fB?\fR]\,\fIvalue1\/\fR[\fB,\fR[\fB?\fR]\,\fIvalue2\/\fR]...
431 is a qualifier-dependent symbol or number. The default
434 Using an exclamation mark negates the set of values. For example,
437 .BR \-e "\ " trace = open
438 which in turn means trace only the
440 system call. By contrast,
441 .BR \-e "\ " trace "=!" open
442 means to trace every system call except
444 Question mark before the syscall qualification allows suppression of error
445 in case no syscalls matched the qualification provided.
446 In addition, the special values
450 have the obvious meanings.
452 Note that some shells use the exclamation point for history
453 expansion even inside quoted arguments. If so, you must escape
454 the exclamation point with a backslash.
456 \fB\-e\ trace\fR=\,\fIset\fR
457 Trace only the specified set of system calls. The
459 option is useful for determining which system calls might be useful
460 to trace. For example,
461 .BR trace = open,close,read,write
463 trace those four system calls. Be careful when making inferences
464 about the user/kernel boundary if only a subset of system calls
465 are being monitored. The default is
468 \fB\-e\ trace\fR=/\,\fIregex\fR
469 Trace only those system calls that match the
473 Extended Regular Expression syntax (see
476 .BR "\-e\ trace" = %file
478 .BR "\-e\ trace" = file " (deprecated)"
479 Trace all system calls which take a file name as an argument. You
480 can think of this as an abbreviation for
481 .BR "\-e\ trace" = open , stat , chmod , unlink ,...
482 which is useful to seeing what files the process is referencing.
483 Furthermore, using the abbreviation will ensure that you don't
484 accidentally forget to include a call like
486 in the list. Betchya woulda forgot that one.
488 .BR "\-e\ trace" = %process
490 .BR "\-e\ trace" = process " (deprecated)"
491 Trace all system calls which involve process management. This
492 is useful for watching the fork, wait, and exec steps of a process.
494 .BR "\-e\ trace" = %network
496 .BR "\-e\ trace" = network " (deprecated)"
497 Trace all the network related system calls.
499 .BR "\-e\ trace" = %signal
501 .BR "\-e\ trace" = signal " (deprecated)"
502 Trace all signal related system calls.
504 .BR "\-e\ trace" = %ipc
506 .BR "\-e\ trace" = ipc " (deprecated)"
507 Trace all IPC related system calls.
509 .BR "\-e\ trace" = %desc
511 .BR "\-e\ trace" = desc " (deprecated)"
512 Trace all file descriptor related system calls.
514 .BR "\-e\ trace" = %memory
516 .BR "\-e\ trace" = memory " (deprecated)"
517 Trace all memory mapping related system calls.
519 .BR "\-e\ trace" = %stat
520 Trace stat syscall variants.
522 .BR "\-e\ trace" = %lstat
523 Trace lstat syscall variants.
525 .BR "\-e\ trace" = %fstat
526 Trace fstat and fstatat syscall variants.
528 .BR "\-e\ trace" = %%stat
529 Trace syscalls used for requesting file status (stat, lstat, fstat, fstatat,
530 statx, and their variants).
532 .BR "\-e\ trace" = %statfs
533 Trace statfs, statfs64, statvfs, osf_statfs, and osf_statfs64 system calls.
534 The same effect can be achieved with
535 .BR "\-e\ trace" = /^(.*_)?statv?fs
538 .BR "\-e\ trace" = %fstatfs
539 Trace fstatfs, fstatfs64, fstatvfs, osf_fstatfs, and osf_fstatfs64 system calls.
540 The same effect can be achieved with
541 .BR "\-e\ trace" = /fstatv?fs
544 .BR "\-e\ trace" = %%statfs
545 Trace syscalls related to file system statistics (statfs-like, fstatfs-like,
546 and ustat). The same effect can be achieved with
547 .BR "\-e\ trace" = /statv?fs|fsstat|ustat
550 .BR "\-e\ trace" = %pure
551 Trace syscalls that always succeed and have no arguments.
552 Currently, this list includes
553 .BR arc_gettls "(2), " getdtablesize "(2), " getegid "(2), " getegid32 "(2),"
554 .BR geteuid "(2), " geteuid32 "(2), " getgid "(2), " getgid32 "(2),"
555 .BR getpagesize "(2), " getpgrp "(2), " getpid "(2), " getppid "(2),"
556 .BR get_thread_area (2)
557 (on architectures other than x86),
558 .BR gettid "(2), " get_tls "(2), " getuid "(2), " getuid32 "(2),"
559 .BR getxgid "(2), " getxpid "(2), " getxuid "(2), " kern_features "(2), and"
560 .BR metag_get_tls "(2)"
563 \fB\-e\ abbrev\fR=\,\fIset\fR
564 Abbreviate the output from printing each member of large structures.
569 option has the effect of
572 \fB\-e\ verbose\fR=\,\fIset\fR
573 Dereference structures for the specified set of system calls. The
577 \fB\-e\ raw\fR=\,\fIset\fR
578 Print raw, undecoded arguments for the specified set of system calls.
579 This option has the effect of causing all arguments to be printed
580 in hexadecimal. This is mostly useful if you don't trust the
581 decoding or you need to know the actual numeric value of an
584 \fB\-e\ signal\fR=\,\fIset\fR
585 Trace only the specified subset of signals. The default is
588 .BR signal "=!" SIGIO
593 signals not to be traced.
595 \fB\-e\ read\fR=\,\fIset\fR
596 Perform a full hexadecimal and ASCII dump of all the data read from
597 file descriptors listed in the specified set. For example, to see
598 all input activity on file descriptors
603 \fB\-e\ read\fR=\,\fI3\fR,\fI5\fR.
604 Note that this is independent from the normal tracing of the
606 system call which is controlled by the option
607 .BR -e "\ " trace = read .
609 \fB\-e\ write\fR=\,\fIset\fR
610 Perform a full hexadecimal and ASCII dump of all the data written to
611 file descriptors listed in the specified set. For example, to see
612 all output activity on file descriptors
617 \fB\-e\ write\fR=\,\fI3\fR,\,\fI5\fR.
618 Note that this is independent from the normal tracing of the
620 system call which is controlled by the option
621 .BR -e "\ " trace = write .
623 \fB\-e\ inject\fR=\,\fIset\/\fR[:\fBerror\fR=\,\fIerrno\/\fR|:\fBretval\fR=\,\fIvalue\/\fR][:\fBsignal\fR=\,\fIsig\/\fR][:\fBdelay_enter\fR=\,\fIusecs\/\fR][:\fBdelay_exit\fR=\,\fIusecs\/\fR][:\fBwhen\fR=\,\fIexpr\/\fR]
624 Perform syscall tampering for the specified set of syscalls.
633 options has to be specified.
637 are mutually exclusive.
639 If :\fBerror\fR=\,\fIerrno\/\fR option is specified,
640 a fault is injected into a syscall invocation:
641 the syscall number is replaced by -1 which corresponds to an invalid syscall,
642 and the error code is specified using a symbolic
646 or a numeric value within 1..4095 range.
648 If :\fBretval\fR=\,\fIvalue\/\fR option is specified,
649 success injection is performed: the syscall number is replaced by -1,
650 but a bogus success value is returned to the callee.
652 If :\fBsignal\fR=\,\fIsig\/\fR option is specified with either a symbolic value
655 or a numeric value within 1..\fBSIGRTMAX\fR range,
656 that signal is delivered on entering every syscall specified by the
659 If :\fBdelay_enter\fR=\,\fIusecs\/\fR or :\fBdelay_exit\fR=\,\fIusecs\/\fR
660 options are specified, delay injection is performed: the tracee is delayed
663 microseconds on entering or exiting the syscall.
665 If :\fBsignal\fR=\,\fIsig\/\fR option is specified without
666 :\fBerror\fR=\,\fIerrno\/\fR, :\fBretval\fR=\,\fIvalue\/\fR or
667 :\fBdelay_{enter,exit}\fR=\,\fIusecs\/\fR options,
670 is delivered without a syscall fault or delay injection.
671 Conversely, :\fBerror\fR=\,\fIerrno\/\fR or
672 :\fBretval\fR=\,\fIvalue\/\fR option without
673 :\fBdelay_enter\fR=\,\fIusecs\/\fR,
674 :\fBdelay_exit\fR=\,\fIusecs\/\fR or
675 :\fBsignal\fR=\,\fIsig\/\fR options injects a fault without delivering a signal
676 or injecting a delay, etc.
678 If both :\fBerror\fR=\,\fIerrno\/\fR or :\fBretval\fR=\,\fIvalue\/\fR
679 and :\fBsignal\fR=\,\fIsig\/\fR options are specified, then both
680 a fault or success is injected and a signal is delivered.
682 Unless a :\fBwhen\fR=\,\fIexpr\fR subexpression is specified,
683 an injection is being made into every invocation of each syscall from the
686 The format of the subexpression is one of the following:
691 For every syscall from the
693 perform an injection for the syscall invocation number
700 For every syscall from the
702 perform injections for the syscall invocation number
704 and all subsequent invocations.
707 \fIfirst\/\fB+\fIstep\fR
709 For every syscall from the
711 perform injections for syscall invocations number
714 .IR first + step + step ,
719 For example, to fail each third and subsequent chdir syscalls with
722 \fB\-e\ inject\fR=\,\fIchdir\/\fR:\fBerror\fR=\,\fIENOENT\/\fR:\fBwhen\fR=\,\fI3\/\fB+\fR.
724 The valid range for numbers
730 An injection expression can contain only one
734 specification, and only one
736 specification. If an injection expression contains multiple
738 specifications, the last one takes precedence.
740 Accounting of syscalls that are subject to injection
741 is done per syscall and per tracee.
743 Specification of syscall injection can be combined
744 with other syscall filtering options, for example,
745 \fB\-P \fI/dev/urandom \fB\-e inject\fR=\,\fIfile\/\fR:\fBerror\fR=\,\fIENOENT\fR.
748 \fB\-e\ fault\fR=\,\fIset\/\fR[:\fBerror\fR=\,\fIerrno\/\fR][:\fBwhen\fR=\,\fIexpr\/\fR]
749 Perform syscall fault injection for the specified set of syscalls.
751 This is equivalent to more generic
752 \fB\-e\ inject\fR= expression with default value of
759 Trace only system calls accessing
763 options can be used to specify several paths.
766 Print unabbreviated versions of environment, stat, termios, etc.
767 calls. These structures are very common in calls and so the default
768 behavior displays a reasonable subset of structure members. Use
769 this option to get all of the gory details.
773 If specified syscall is reached, detach from traced process.
776 syscall is supported. This option is useful if you want to trace
777 multi-threaded process and therefore require -f, but don't want
778 to trace its (potentially very complex) children.
781 Run tracer process as a detached grandchild, not as parent of the
782 tracee. This reduces the visible effect of
784 by keeping the tracee a direct child of the calling process.
787 Trace child processes as they are created by currently traced
788 processes as a result of the
793 system calls. Note that
797 will attach all threads of process PID if it is multi-threaded,
798 not only thread with thread_id = PID.
804 option is in effect, each processes trace is written to
806 where pid is the numeric process id of each process.
807 This is incompatible with
809 since no per-process counts are kept.
811 One might want to consider using
812 .BR strace-log-merge (1)
813 to obtain a combined strace log view.
815 .BI "\-I " interruptible
816 When strace can be interrupted by signals (such as pressing ^C).
817 1: no signals are blocked; 2: fatal signals are blocked while decoding syscall
818 (default); 3: fatal signals are always blocked (default if '-o FILE PROG');
819 4: fatal signals and SIGTSTP (^Z) are always blocked (useful to make
820 strace -o FILE PROG not stop on ^Z).
823 \fB\-E\ \fIvar\fR=\,\fIval\fR
826 in its list of environment variables.
831 from the inherited list of environment variables before passing it on to
835 Attach to the process with the process
839 The trace may be terminated
840 at any time by a keyboard interrupt signal (\c
843 will respond by detaching itself from the traced process(es)
844 leaving it (them) to continue running.
847 options can be used to attach to many processes in addition to
849 (which is optional if at least one
853 "`pidof PROG`" syntax is supported.
856 Run command with the user \s-1ID\s0, group \s-2ID\s0, and
857 supplementary groups of
859 This option is only useful when running as root and enables the
860 correct execution of setuid and/or setgid binaries.
861 Unless this option is used setuid and setgid programs are executed
862 without effective privileges.
866 Show some debugging output of
868 itself on the standard error.
871 This option is deprecated. It is retained for backward compatibility only
872 and may be removed in future releases.
873 Usage of multiple instances of
875 option is still equivalent to a single
877 and it is ignored at all if used along with one or more instances of
882 Print the help summary.
885 Print the version number of
892 exits with the same exit status.
895 is terminated by a signal,
897 terminates itself with the same signal, so that
899 can be used as a wrapper process transparent to the invoking parent process.
900 Note that parent-child relationship (signal stop notifications,
901 getppid() value, etc) between traced process and its parent are not preserved
912 is zero unless no processes has been attached or there was an unexpected error
913 in doing the tracing.
914 .SH "SETUID INSTALLATION"
917 is installed setuid to root then the invoking user will be able to
918 attach to and trace processes owned by any user.
919 In addition setuid and setgid programs will be executed and traced
920 with the correct effective privileges.
921 Since only users trusted with full root privileges should be allowed
923 it only makes sense to install
925 as setuid to root when the users who can execute it are restricted
926 to those users who have this trust.
927 For example, it makes sense to install a special version of
929 with mode 'rwsr-xr--', user
935 group are trusted users.
936 If you do use this feature, please remember to install
937 a regular non-setuid version of
939 for ordinary users to use.
940 .SH "MULTIPLE PERSONALITY SUPPORT"
941 On some architectures,
943 supports decoding of syscalls for processes that use different ABI rather than
947 Specifically, in addition to decoding native ABI,
949 can decode the following ABIs on the following architectures:
954 Architecture ABIs supported
955 x86_64 i386, x32 (when built as an x86_64 application); i386 (when built as an x32 application)
956 AArch64 ARM 32-bit EABI
957 PowerPC 64-bit PowerPC 32-bit
958 RISC-V 64-bit RISC-V 32-bit
960 SPARC 64-bit SPARC 32-bit
961 TILE 64-bit TILE 32-bit
964 This support is optional and relies on ability to generate and parse structure
965 definitions during the build time.
966 Please refer to the output of the
968 command in order to figure out what support is available in your strace build
969 ("non-native" refers to an ABI that differs from the ABI strace has):
973 can trace and properly decode non-native 32-bit binaries.
977 can trace, but cannot properly decode non-native 32-bit binaries.
981 can trace and properly decode non-native 32-on-64-bit binaries.
985 can trace, but cannot properly decode non-native 32-on-64-bit binaries.
987 If the output contains neither
991 then decoding of non-native 32-bit binaries is not implemented at all
994 Likewise, if the output contains neither
998 then decoding of non-native 32-on-64-bit binaries is not implemented at all
1001 It is a pity that so much tracing clutter is produced by systems
1002 employing shared libraries.
1004 It is instructive to think about system call inputs and outputs
1005 as data-flow across the user/kernel boundary. Because user-space
1006 and kernel-space are separate and address-protected, it is
1007 sometimes possible to make deductive inferences about process
1008 behavior using inputs and outputs as propositions.
1010 In some cases, a system call will differ from the documented behavior
1011 or have a different name. For example, the
1013 system call does not have
1017 library function uses
1019 system call on modern (2.6.38+) kernels. These
1020 discrepancies are normal but idiosyncratic characteristics of the
1021 system call interface and are accounted for by C library wrapper
1024 Some system calls have different names in different architectures and
1025 personalities. In these cases, system call filtering and printing
1026 uses the names that match corresponding
1028 kernel macros of the tracee's architecture and personality.
1029 There are two exceptions from this general rule:
1030 .BR arm_fadvise64_64 (2)
1032 .BR xtensa_fadvise64_64 (2)
1033 Xtensa syscall are filtered and printed as
1034 .BR fadvise64_64 (2).
1036 On x32, syscalls that are intended to be used by 64-bit processes and not x32
1039 that has syscall number 19 on x86_64, with its x32 counterpart has syscall
1040 number 515), but called with
1041 .B __X32_SYSCALL_BIT
1042 flag being set, are designated with "#64" suffix.
1044 On some platforms a process that is attached to with the
1046 option may observe a spurious EINTR return from the current
1047 system call that is not restartable. (Ideally, all system calls
1048 should be restarted on strace attach, making the attach invisible
1049 to the traced process, but a few system calls aren't.
1050 Arguably, every instance of such behavior is a kernel bug.)
1051 This may have an unpredictable effect on the process
1052 if the process takes no action to restart the system call.
1056 executes the specified
1058 directly and does not employ a shell for that, scripts without shebang
1059 that usually run just fine when invoked by shell fail to execute with
1062 It is advisable to manually supply a shell as a
1064 with the script as its argument.
1066 Programs that use the
1071 privileges while being traced.
1073 A traced process runs slowly.
1075 Traced processes which are descended from
1077 may be left running after an interrupt signal (\c
1082 was written by Paul Kranenburg
1083 for SunOS and was inspired by its
1086 The SunOS version of
1088 was ported to Linux and enhanced
1089 by Branko Lankester, who also wrote the Linux kernel support.
1090 Even though Paul released
1093 Branko's work was based on Paul's
1095 1.5 release from 1991.
1096 In 1993, Rick Sladkey merged
1098 2.5 for SunOS and the second release of
1100 for Linux, added many of the features of
1102 from SVR4, and produced an
1104 that worked on both platforms. In 1994 Rick ported
1106 to SVR4 and Solaris and wrote the
1107 automatic configuration support. In 1995 he ported
1110 and tired of writing about himself in the third person.
1112 Beginning with 1996,
1114 was maintained by Wichert Akkerman.
1117 development migrated to CVS; ports to FreeBSD and many architectures on Linux
1118 (including ARM, IA-64, MIPS, PA-RISC, PowerPC, s390, SPARC) were introduced.
1119 In 2002, the burden of
1121 maintainership was transferred to Roland McGrath.
1124 gained support for several new Linux architectures (AMD64, s390x, SuperH),
1125 bi-architecture support for some of them, and received numerous additions and
1126 improvements in syscalls decoders on Linux;
1128 development migrated to
1133 is actively maintained by Dmitry Levin.
1135 gained support for AArch64, ARC, AVR32, Blackfin, Meta, Nios II, OpenSISC 1000,
1136 RISC-V, Tile/TileGx, Xtensa architectures since that time.
1137 In 2012, unmaintained and apparently broken support for non-Linux operating
1138 systems was removed.
1141 gained support for path tracing and file descriptor path decoding.
1142 In 2014, support for stack traces printing was added.
1143 In 2016, syscall fault injection was implemented.
1145 For the additional information, please refer to the
1149 repository commit log.
1153 should be reported to the
1155 mailing list at <strace\-devel@lists.strace.io>.
1157 .BR strace-log-merge (1),