Strace is a tool for monitoring the "system-call conversation" that takes place between applications and the Linux kernel. At the simplest level, it can be used to display the entire conversation, and--crucially--that conversation is displayed symbolically (without the need for application source code). Thus, one sees the names of system calls, the symbolic representation of each of bit-mask argument (using the names shown in the manual pages), structure arguments broken out into individual fields, and so on.
In this presentation, we'll examine the output produced by strace (including some subtle details) and look at the rich set of options it provides for limiting the trace to specific systems calls and signals, as well as accesses to specific files.
Michael Kerrisk is a trainer, author, and programmer who has a passion for investigating and explaining software systems. He is the author of "The Linux Programming Interface", a widely acclaimed book on Linux (and UNIX) system programming. He has been actively involved in the Linux development community since 2000, operating mainly in the area of testing, design review, and documentation of kernel-user-space interfaces. Since 2004, he has maintained the Linux "man-pages" project, which provides the primary documentation for Linux system calls and C library functions. Michael is a New Zealander, living in Munich, Germany, from where he operates a training business (man7.org) providing low-level Linux programming courses in Europe, North America, and occasionally further afield.