ctrace
Well-formatted and improved trace system calls and signals (when the debugger does not help).
Why?
Awesome tools strace
and dtruss
have only one drawback: too much information which is hard to understand without additional sources of information and various configuration options. ctrace
resolves it.
ctrace
are indispensable in the following cases
- Debugging complex performance issues or not identified unhandled errors and exceptions in own code or someone else's code
- Learning OS kernel
Let's try it!
What do you think how difficult it is to display a hint for using CLI utility, let us say NPM?
> ctrace -c "npm --help"
What we see?! What NPM does to simply display help?
- over 6800 system calls elapsed over 650 msec!
- 7 child processes
๐ฎ - aims to open over 400 files
ะกlearly there is something to improve!
Features
- Supported platforms: OSx (dtruss), Linux (strace)
- Trace command or attach to process (with forks following)
- Syscall details in output (number, description, synonyms, is it platform specific syscall)
pread (preadv), 534 -- read or write data into multiple
- Resolving errno in syscall result
Err#22 -> EINVAL : Invalid argument
(only OSx) - Prints by default only syscall with errors, with
-v
prints all output - Filter output with syscall list
-f "lstat,open"
Installation
$> npm install -g ctrace
$> ctrace --help
Usage: ctrace [options]
ctrace - well-formatted and improved trace system calls and signals
Options:
-h, --help output usage information
-V, --version output the version number
-p, --pid [pid] process id to trace
-c, --cmd [cmd] command to trace
-f, --filter [syscall,] trace syscall only from list
-v, --verbose print all syscalls (by default only with errors)
Examples:
$ ctrace -p 2312 -v
$ ctrace -c "ping google.com"
Troubleshooting
OSx : Dtrace cannot control executables signed with restricted entitlements
As you may know Apple released their new OS X revision 10.11 this year with a great security feature built-in: System Integrity Protection. In a nutshell, this mechanism protects any system data and important filesystem components (like /System or /usr) from being modified by user; even if they are root. SIP also disables any use of code-injection and debugging techniques for third-party software, so some of your favorite hacks may not work anymore. ...
Completely disable SIP
Although not recommended by Apple, you can entirely disable System Integrity Protection on you Mac. Here's how:
Boot your Mac into Recovery Mode: reboot it and hold cmd+R until a progress bar appears. Choose the language and go to Utilities menu. Choose Terminal there. Enter this command to disable System Integrity Protection:
$> csrutil disable
It will ask you to reboot โ do so and you're free from SIP!