Lines Matching +full:system +full:- +full:observe

4 .\" Copyright (c) 1996-2017 The strace developers.
42 .\" an-ext.tmac.
44 . ie \\n(.$-1 \
51 . ie \\n(.$-1 \
56 .TH STRACE 1 "2018-07-07" "strace 4.25"
58 strace \- trace system calls and signals
62 .OP \-ACdffhikqrtttTvVxxy
65 .OP \-ACdffhiqrtttTvVxxy
67 .OP \-I n
68 .OP \-b execve
69 .OM \-e expr
70 .OP \-a column
71 .OP \-o file
72 .OP \-s strsize
73 .OP \-X format
74 .OM \-P path
75 .OM \-p pid
77 .OR \-p pid
79 .OP \-D
80 .OM \-E var\fR[=\fIval\fR]
81 .OP \-u username
86 .B \-c
87 .OP \-df
88 .OP \-I n
89 .OP \-b execve
90 .OM \-e expr
91 .OP \-O overhead
92 .OP \-S sortby
93 .OM \-P path
94 .OM \-p pid
96 .OR \-p pid
98 .OP \-D
99 .OM \-E var\fR[=\fIval\fR]
100 .OP -u username
113 It intercepts and records the system calls which are called
115 The name of each system call, its arguments and its return value
117 .B \-o
122 System administrators, diagnosticians and trouble-shooters will find
126 Students, hackers and the overly-curious will find that
127 a great deal can be learned about a system and its system calls by
129 since system calls and signals are events that happen at the user/kernel
134 Each line in the trace contains the system call name, followed
140 Errors (typically a return value of \-1) have the errno symbol
143 open("/foo/bar", O_RDONLY) = \-1 ENOENT (No such file or directory)
149 --- SIGINT {si_signo=SIGINT, si_code=SI_USER, si_pid=...} ---
152 If a system call is being executed and meanwhile another one is being called
165 Interruption of a (restartable) system call by a signal delivery is processed
166 differently as kernel terminates the system call and also arranges its
170 --- SIGALRM ... ---
182 flag argument into its three bitwise-OR constituents and printing the
190 as appropriate. In most cases, arguments are formatted in the most C-like
192 For example, the essence of the command "ls \-l /dev/null" is captured as:
197 displayed symbolically. In particular, observe how the
199 member is carefully decoded into a bitwise-OR of symbolic and numeric values.
202 is an input to the system call and the second argument is an output.
203 Since output arguments are not modified if the system call fails, arguments may
204 not always be dereferenced. For example, retrying the "ls \-l" example
205 with a non-existent file produces the following line:
207 lstat("/foo/bar", 0xb004) = \-1 ENOENT (No such file or directory)
213 are printed raw, with the unknown system call number printed in hexadecimal form
216 syscall_0xbad(0x1, 0x2, 0x3, 0x4, 0x5, 0x6) = -1 ENOSYS (Function not implemented)
220 Non-printing characters in strings are normally represented by
226 Here is a line from "ls \-l" where the
230 read(3, "root::0:0:System Administrator:/"..., 1024) = 422
234 elements. Here is an example from the command "id" on a system with
239 On the other hand, bit-sets are also shown using square brackets
245 Here, the second argument is a bit-set of two signals,
247 In some cases, the bit-set is so full that printing out the unset
248 elements is more valuable. In that case, the bit-set is prefixed by
257 .BI "\-a " column
260 .B \-i
261 Print the instruction pointer at the time of the system call.
264 .B \-k
265 Print the execution stack trace of the traced processes after each system call.
268 .BI "\-o " filename
274 .B \-ff
281 .B \-ff
284 .B \-A
286 .B \-o
289 .B \-q
294 .B \-qq
297 .B \-r
298 Print a relative timestamp upon entry to each system call. This
300 system calls.
302 .B \-r
306 .B \-t
309 .BI "\-s " strsize
314 .B \-t
317 .B \-tt
320 .B \-ttt
325 .B \-T
326 Show the time spent in system calls. This records the time
327 difference between the beginning and the end of each system call.
329 .B \-x
330 Print all non-ASCII strings in hexadecimal string format.
332 .B \-xx
335 .BI "\-X " format
356 .B \-y
359 .B \-yy
364 .B \-c
365 Count time, calls, and errors for each system call and report a summary on
367 This attempts to show system time (CPU time spent running
369 .B \-c
374 .B \-C
376 .B \-c
379 .BI "\-O " overhead
380 Set the overhead for tracing system calls to
384 how much time is spent in mere measuring when timing system calls using
386 .B \-c
391 system call time to the total produced using
394 .BI "\-S " sortby
396 .B \-c
406 .B \-w
408 each system call. The default is to summarise the system time.
411 .BI "\-e " expr
435 is a qualifier-dependent symbol or number. The default
444 system call. By contrast,
446 means to trace every system call except
451 allows specifying syscalls only for the 64-bit, 32-bit, or 32-on-64-bit
463 \fB\-e\ trace\fR=\,\fIset\fR
464 Trace only the specified set of system calls. The
465 .B \-c
466 option is useful for determining which system calls might be useful
470 trace those four system calls. Be careful when making inferences
471 about the user/kernel boundary if only a subset of system calls
475 \fB\-e\ trace\fR=/\,\fIregex\fR
476 Trace only those system calls that match the
486 Trace all system calls which take a file name as an argument. You
498 Trace all system calls which involve process management. This
504 Trace all the network related system calls.
509 Trace all signal related system calls.
514 Trace all IPC related system calls.
519 Trace all file descriptor related system calls.
524 Trace all memory mapping related system calls.
540 Trace statfs, statfs64, statvfs, osf_statfs, and osf_statfs64 system calls.
546 Trace fstatfs, fstatfs64, fstatvfs, osf_fstatfs, and osf_fstatfs64 system calls.
552 Trace syscalls related to file system statistics (statfs-like, fstatfs-like,
570 \fB\-e\ abbrev\fR=\,\fIset\fR
575 .B \-v
579 \fB\-e\ verbose\fR=\,\fIset\fR
580 Dereference structures for the specified set of system calls. The
584 \fB\-e\ raw\fR=\,\fIset\fR
585 Print raw, undecoded arguments for the specified set of system calls.
591 .B \-X raw
594 \fB\-e\ signal\fR=\,\fIset\fR
605 \fB\-e\ read\fR=\,\fIset\fR
613 \fB\-e\ read\fR=\,\fI3\fR,\fI5\fR.
616 system call which is controlled by the option
619 \fB\-e\ write\fR=\,\fIset\fR
627 \fB\-e\ write\fR=\,\fI3\fR,\,\fI5\fR.
630 system call which is controlled by the option
633 \fB\-e\ inject\fR=\,\fIset\/\fR[:\fBerror\fR=\,\fIerrno\/\fR|:\fBretval\fR=\,\fIvalue\/\fR][:\fBsig…
651 the syscall number is replaced by -1 which corresponds to an invalid syscall
660 success injection is performed: the syscall number is replaced by -1,
694 with no side effects is injected instead of -1.
739 \fB\-e\ inject\fR=\,\fIchdir\/\fR:\fBerror\fR=\,\fIENOENT\/\fR:\fBwhen\fR=\,\fI3\/\fB+\fR.
762 \fB\-P \fI/dev/urandom \fB\-e inject\fR=\,\fIfile\/\fR:\fBerror\fR=\,\fIENOENT\fR.
765 \fB\-e\ fault\fR=\,\fIset\/\fR[:\fBerror\fR=\,\fIerrno\/\fR][:\fBwhen\fR=\,\fIexpr\/\fR]
769 \fB\-e\ inject\fR= expression with default value of
780 .BI "\-P " path
781 Trace only system calls accessing
784 .B \-P
787 .B \-v
794 .BI "\-b " syscall
799 multi-threaded process and therefore require -f, but don't want
802 .B \-D
808 .B \-f
815 system calls. Note that
816 .B \-p
818 .B \-f
819 will attach all threads of process PID if it is multi-threaded,
822 .B \-ff
824 .B \-o
831 since no per-process counts are kept.
837 .BI "\-I " interruptible
840 (default); 3: fatal signals are always blocked (default if '-o FILE PROG');
842 strace -o FILE PROG not stop on ^Z).
845 \fB\-E\ \fIvar\fR=\,\fIval\fR
850 .BI "\-E " var
856 .BI "\-p " pid
863 .SM CTRL\s0-C).
868 .B \-p
872 .B \-p
874 .B \-p
877 .BI "\-u " username
878 Run command with the user \s-1ID\s0, group \s-2ID\s0, and
887 .B \-d
892 .B \-F
896 .B \-F
900 .B \-f
903 .B \-h
906 .B \-V
922 Note that parent-child relationship (signal stop notifications,
925 .B \-D
929 .B \-p
951 with mode 'rwsr-xr--', user
959 a regular non-setuid version of
978 AArch64 ARM 32-bit EABI
979 PowerPC 64-bit PowerPC 32-bit
980 RISC-V 64-bit RISC-V 32-bit
982 SPARC 64-bit SPARC 32-bit
983 TILE 64-bit TILE 32-bit
989 .B strace \-V
991 ("non-native" refers to an ABI that differs from the ABI strace has):
993 .B m32-mpers
995 can trace and properly decode non-native 32-bit binaries.
997 .B no-m32-mpers
999 can trace, but cannot properly decode non-native 32-bit binaries.
1001 .B mx32-mpers
1003 can trace and properly decode non-native 32-on-64-bit binaries.
1005 .B no-mx32-mpers
1007 can trace, but cannot properly decode non-native 32-on-64-bit binaries.
1010 .B m32-mpers
1013 then decoding of non-native 32-bit binaries is not implemented at all
1017 .B mx32-mpers
1020 then decoding of non-native 32-on-64-bit binaries is not implemented at all
1026 It is instructive to think about system call inputs and outputs
1027 as data-flow across the user/kernel boundary. Because user-space
1028 and kernel-space are separate and address-protected, it is
1032 In some cases, a system call will differ from the documented behavior
1035 system call does not have
1041 system call on modern (2.6.38+) kernels. These
1043 system call interface and are accounted for by C library wrapper
1046 Some system calls have different names in different architectures and
1047 personalities. In these cases, system call filtering and printing
1058 On x32, syscalls that are intended to be used by 64-bit processes and not x32
1067 .B \-p
1068 option may observe a spurious EINTR return from the current
1069 system call that is not restartable. (Ideally, all system calls
1071 to the traced process, but a few system calls aren't.
1074 if the process takes no action to restart the system call.
1100 .SM CTRL\s0-C).
1140 (including ARM, IA-64, MIPS, PA-RISC, PowerPC, s390, SPARC) were introduced.
1147 bi-architecture support for some of them, and received numerous additions and
1158 RISC-V, Tile/TileGx, Xtensa architectures since that time.
1159 In 2012, unmaintained and apparently broken support for non-Linux operating
1177 mailing list at <strace\-devel@lists.strace.io>.