Browse files


  • Loading branch information...
1 parent deb9f4d commit 6e007e1d3b473711261e61ae05efc44a55e91e37 @jvns committed Feb 27, 2014
@@ -48,3 +48,7 @@ I'm trying to put together more examples of when understanding how
system calls work is useful in everyday non-kernel-hacking
programming. If you have suggestions, tell me on Twitter! I'm
[@b0rk]( (or by email!)
+(**edit**: [Greg Price]( suggested using
+`strace -e process` instead of `strace -e trace=execve`. It's shorter,
+and it also shows you other process-related system calls.)
@@ -0,0 +1,79 @@
+layout: post
+title: "More practical uses for strace!"
+date: 2014-02-27 07:25:36 -0800
+comments: true
+categories: coding kernel
+In yesterday's blog post on
+[using strace to avoid reading Ruby code](
+I asked the Internet for some more suggestions of practical uses for
+There were so many excellent suggestions that I couldn't not share!
+[Mike English]( pointed me to this
+blog post
+[Tools for Debugging Running Ruby Processes](
+he wrote about using strace, lsof, and gdb to debug a running Ruby
+processes. He remarks that some of the things are like open-heart
+surgery -- you can go into a running Ruby process and execute code
+using gdb, but you might kill the process. Super cool and definitely
+worth a read.
+Some more great suggestions of what to do with strace:
+Look for the 'open' system call!
+<blockquote class="twitter-tweet" lang="en"><p><a
+href="">@mjdominus</a> <a
+href="">@b0rk</a> Also invaluable when
+sandboxing programs and trying to figure out where they are loading
+shared libraries from.</p>&mdash; Eiríkr Åsheim (@d6) <a
+href="">February 27,
+<blockquote class="twitter-tweet" data-conversation="none"
+lang="en"><p><a href="">@b0rk</a> While
+looking at git performance, I&#39;ve used strace -c as well as <a
+strace-plus.</p>&mdash; David Turner (@NovalisDMT) <a
+27, 2014</a></blockquote>
+A suggestion to also use ltrace:
+<blockquote class="twitter-tweet" data-conversation="none"
+lang="en"><p><a href="">@b0rk</a> all I know
+is that I usually start with strace, get annoyed with it, then
+remember to use ltrace instead. :-)</p>&mdash; Brian Mastenbrook
+(@bmastenbrook) <a
+27, 2014</a></blockquote>
+<blockquote class="twitter-tweet" data-conversation="none"
+lang="en"><p><a href="">@b0rk</a> check out
+syscall tracing on Linux, it&#39;s like strace for the whole system,
+handy if you want to know which process is doing something.</p>&mdash;
+Michael Ellerman (@michaelellerman) <a
+27, 2014</a></blockquote> <script async
+src="//" charset="utf-8"></script> I
+didn't know syscall tracing was a thing! This seems very worthy of
+<script async src="//"
+Here are some
+[slides by Greg Price]( with a
+bunch of great suggestions for fixing various problems, as well as his
+blog post
+[Strace - The Sysadmin's Microscope](
+from the wonderful ksplice blog.
+Alex Clemmer wrote a super cool post on using dtruss (strace, but for
+OS X/BSD) to try to better understand concurrency primitives:
+[The unfamiliar world of OS X syscalls](

0 comments on commit 6e007e1

Please sign in to comment.