Dtruss: Strace for OSX

(I just found this in my drafts, from 2009)

If you’re an old-school Solaris admin like me, you’re be used to running the truss command to see what applications are doing under the hood. Truss shows you what system calls a process is making. This is incredibly useful when you’re trying to diagnose library loading issues or timeouts, because you can see what the errant process is attempting to do.

Linux has strace, and Mac OS X inherited ktrace from the BSD family. They were all different, but incredibly useful to the troubleshooter.

Starting with Solaris 10, Sun upset the applecart by introducing dtrace. Dtrace isn’t a tool, but a complete language. Apple furthered this by nicking it (well, it is open source) and putting it in Mac OS X, while yanking ktruss.

Anyway, if you find yourself on a system that doesn’t have ktrace, don’t panic. This guy wrote an implementation of truss in Dtrace, and it’s part of Darwin:

knox:~ jsimpson$ sudo dtruss ant
SYSCALL(args) = return
madvise(0x7FFF8AD8E000, 0x2000, 0x5) = 0 0
open("/dev/dtracehelper", 0x2, 0x7FFF5FC45348) = 3 0
ioctl(0x3, 0x80086804, 0x7FFF5FBFD460) = 0 0
close(0x3) = 0 0
stat64("/usr/lib/libstdc++.6.dylib", 0x7FFF5FBFC870, 0x7FFF5FBFCEB0) = 0 0
read(0x3, "Darwin\n", 0x80) = 7 0
read(0x3, "", 0x80) = 0 0
wait4(0xFFFFFFFF, 0x7FFF5FBFE32C, 0x1) = 90163 0

All good.

%d bloggers like this: