tracing system calls

Brent Callaghan brent%terra at Sun.COM
Tue Sep 6 03:15:24 AEST 1988 

In article <11966 at andante.UUCP>, raf at andante.UUCP (Roger A. Faulkner) writes:
> Great minds run in the same paths, with some variations.
> AT&T's truss(1) command was developed without any knowledge of Sun's trace(1)
> command's actual or planned existence.  I presume the reverse is also true.
> 

Yes indeed.  Except for the name there are incredible similarities:
both use a -p flag to trace a pid, a -c flag for system call counting,
and a -o flag for trace redirection to a file.

> First and foremost, it must be observed that trace(1) is based on Sun's
> enhanced ptrace(2) system call while truss(1) is based on AT&T's proc(4)
> process filesystem, invented by Tom Killian of Bell Labs research and
> extended and implemented for System V by Ron Gomes, with significant
> input from me.  The deficiencies in trace(1) are largely due to the
> deficiencies in ptrace(2) as compared to proc(4).

I agree, the /proc interface is a much better way to do this sort of thing.

> 1. truss(1) can follow children created by fork(2).  You can trace a shell
>    script of arbitrary complexity.  My favorite is spell(1), which runs
>    an 8-member pipeline.  trace(1) can't do this because the ptrace(2)ed
>    condition is not inherited; proc(4) tracing flags can be inherited.

Yes, this is a nice feature.  We had a "trace through fork" version
running internally but couldn't get it into the release in time.  The
price of being the first... :-)

> 10.truss(1) reports sleeping system calls as "sleeping ..." if they remain
>    asleep for more than 2 seconds.  trace(1) can't do this because of the
>    ptrace(2) interface.

A trace command user can usually assume a sleep if the cursor is sitting
after an "=" waiting for the return value to come back e.g.

	select (256, 0xdfffc24, 0xdfffc04, 0xdfffbe4, 0) = 
                                                           ^
Thanks for the description of truss and it's comparison with trace.
There's no doubt that truss is a better implementation of a system
call tracer.  I look forward to using it in sVr4.

Made in New Zealand -->  Brent Callaghan  @ Sun Microsystems
			 uucp: sun!bcallaghan
			 phone: (415) 336 6188

More information about the Comp.unix.wizards mailing list