Home  »  Linux  »  Building strace-plus

by comment

Building strace-plusstrace+ is an improved version of strace that collects stack traces associated with each system call. Since system calls require an expensive user-kernel context switch, they are often sources of performance bottlenecks. strace+ allows programmers to do more detailed system call profiling and determine, say, which call sites led to costly syscalls and thus have potential for optimization.

strace vs strace+

strace vs strace+

Build Pre-requisites

  • binutils
  • autoconf
  • gdb
  • make
  • gcc-c++
  • gcc
  • gcc-x86_64-linux-gnu
  • glibc-static
  • python

Compile and Build strace+

  1. Check out the source code from Git (requires git >= 1.6.6)
    $ git clone
  2. Compile strace+
    $ cd strace-plus/
    $ autoreconf -f -i
    $ ./configure
    $ make
    $ cp strace strace+

Compile a "hello world" test program

  1. Create a file named hello.c. hello.c is a simple program that makes four write system calls via printf statements:
    #include <stdio.h>
    void bar() {
      printf("bar again\n");
    void foo() {
    int main() {
      printf("Hello world\n");
      return 0;
  2. Compile it:
    $ gcc hello.c -o hello
  3. Test:
    $ ./hello
  4. Run strace+ on the hello executable to generate a trace file named hello.out.
    $ ./strace+ -o hello.out ./hello
  5. Post-process hello.out to print out a list of system calls each augmented with stack traces
    python scripts/ hello.out --trace

Build Statically

I like to always try and compile tools statically if possible. Especially in a case like this where you don't want strace+ to replace strace.

$ cd strace-plus/
$ export CFLAGS="-Os -fomit-frame-pointer -static -static-libgcc -ffunction-sections -fdata-sections -falign-functions=1 -falign-jumps=1 -falign-labels=1 -falign-loops=1 -fno-unwind-tables -fno-asynchronous-unwind-tables -Wl,--gc-sections -Wl,-Map=strace.mapfile"
$ autoreconf -i -f
$ ./configure
$ cp strace strace+
# Normal strace
$ file /usr/bin/strace
/usr/bin/strace: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
# Static strace-plus
$ file strace+
strace+: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, not stripped

Bash Aliases Functions

Useful to stick in your .bash_profile

Alias: enhanced strace

alias strace='command strace -fq -s1000  -e trace=all 2>&1'

Alias: trace file calls

alias stracef='command strace -fq -s1000  -e trace=file 2>&1'

Function: tputtrace

function tputtrace ()
  ( 2>&2 strace -s5000 -e write tput $1 2>&1 )  | tee -a /dev/stderr | grep --color=always -o '"[^"]*"';

See Also

vistrace: a visualization of strace


June 26th, 2013

Comments Welcome

My Online Tools
WordPress Sites

My Picks

Related Articles
Newest Posts

  • The Hacker Playbook - very nice high level overview of attacks 
  • Clean Code - A Handbook of Agile Software Craftsmanship 
  • Secrets of the JavaScript Ninja - By my absolute favorite JS hacker John Resig! 
  • Hacking Exposed 7: Network Security Secrets & SolutionsMy all time favorite, basic but thorough and accurate. 
  • Empty words will be no surrogate for cold resolve. Pain is nothing. 
  • REVERSING: Secrets of Reverse Engineering 
  • "The Shockwave Rider", by John Brunner (1975 hacker sci-fi) 
  • The Rootkit ARSENAL - Escape and Evasion in the Dark Corners of the System 
  • "We Are Anonymous - Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency" better be good! 
  • The Datacenter as a Computer -- Urs Holzle 
  • Now by Steven Levy, "IN THE PLEX" 
  • Dreaming in code.... So far, a little boring, but worth the read 

Friends and Recommends
Hacking and Hackers

The use of "hacker" to mean "security breaker" is a confusion on the part of the mass media. We hackers refuse to recognize that meaning, and continue using the word to mean someone who loves to program, someone who enjoys playful cleverness, or the combination of the two. See my article, On Hacking.
-- Richard M. Stallman


It's very simple - you read the protocol and write the code. -Bill Joy

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd.
UNIX ® is a registered Trademark of The Open Group. POSIX ® is a registered Trademark of The IEEE.

| Google+ | askapache

Site Map | Contact Webmaster | License and Disclaimer | Terms of Service

↑ TOPMain