Debugging notes

From Noah.org
Revision as of 04:02, 3 February 2009 by Root (talk | contribs)
Jump to navigationJump to search


This will show what data is written by the process, $PID. 

strace -p $PID -f -e write

The '-f' option tells `strace` to follow children that are forked and execed. Note that this is a best effort and that strace can miss a few system calls of the child while it starts up. This can be significant in the real world.

This will show files created by a process. Note that files can be created and opened for writing using 'creat' as well as 'open'. Here I filter a lot of the open calls. The "-o /proc/self/fd/1" forces output to stdout. 

strace -o /proc/self/fd/1 -p $PID -f -e creat -e open | grep -v O_RDONLY

In theory, you could also force output to stdout with '-o \|cat', but piping through cat seems to take more time, so `strace` misses more child calls when it tried to follow them. It is also slower to use `strace's` own built-in filter option '-e'. It is faster to pipe through grep for later filtering. For example, this will often miss 'open' calls to open files for writing: 

strace -o \|cat -p $PID -f -e creat -e open | grep -v O_RDONLY

But will work a little better: 

strace -o \|cat -p $PID -f | grep -v O_RDONLY | grep open

You might miss a file open or creat when using redirects from the parent shell. If you use this in a command-line pipe stream that the process you trace has the file opened for it already as file descriptor 1. This should be no surprise... 

strace -f -e write echo foo > foo.txt
Retrieved from "https://www.noah.org/mediawiki-1.34.2/index.php?title=Debugging_notes&oldid=5107"