October 15, 2018

Linux Server Troubleshooting With strace - page 2

Interpreting the output

  • November 22, 2010
  • By Juliet Kemp

The next couple of lines relate to memory management. brk changes the data segment size, and mmap is used to return a memory location for the process to use. (For more information, try man 2 mmap.)

The next line is a call to uname, showing the details of your system. What uname returns is a pointer to the data structure where this information is stored. System calls quite often return a pointer: this is a memory reference which tells the system where to look for the information. This is great if you're a computer, but not so useful if you're a human; so to speed things along, when __strace__ sees a pointer, it does the lookup for you, and returns (some of) the contents of that pointer. This is what's happened in the uname call above.

If you go on through the strace output, you'll see quite a few access and open calls. access looks for a file (and returns -1 with an error code if it's not found), then checks whether the program has the permissions to access it. open tries to open a file, and if successful, attaches it to a filehandle (starting with number 3, because 0-2 are used by STDIN, STDOUT, and STDERR) and returns the filehandle. fstat then gets information about the file attached to the filehandle passed in as its first argument, which looks like this (note the pointer in the second argument!):

fstat(3, {st_mode=S_IFREG|0644, st_size=53482, ...}) = 0
After another mmap call, the file will be closed. In the ls output, you'll see this sequence repeated for lots of library files, after which there are calls to lstat, lgetxattr, and getxattr for each file in the listing. These all get information about each file. Finally, each filename is written out with this:
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3661, ...}) = 0
write(1, "-rw-------  1 juliet juliet    10"..., 72) = 72
The 1 and 2 filehandles (STDOUT and STDERR) are closed down, and we're done.


This is only a very quick introduction to reading strace output. For a deeper understanding, the best bet is to use the manpages for each system call (man 2 callname), and to try strace out on various programs. Running strace on 'Hello, World' programs in various languages is fascinating. Or check out what processes you already have running and then attach strace to one of them in realtime using the -p PID option. Have fun delving deeper into the guts of your programs and system with strace!

Most Popular LinuxPlanet Stories