Using the truss command on Solaris
truss is used to trace the system/library calls (not user calls) and signals made/received by a new or existing process. It sends the output to stderr.
truss traces library and system calls and signal activity for a given process. This can be very useful in seeing where a program is choking.
Note: trussing a process throttles that process to your display speed. Use -wall and -rall sparingly.
Usage
# truss -a -e -f -rall -wall -p # truss -a -e -f -rall -wall
-a Show arguments passed to the exec system calls
-e Show environment variables passed to the exec system calls
-f Show forked processes
(they will have a different pid: in column 1)
-rall Show all read data (default is 32 bytes)
-wall Show all written data (default is 32 bytes)
-p Hook to an existing process (must be owner or root)
<program> Specify a program to run
truss examples
# truss -rall -wall -f -p <PID> # truss -rall -wall lsnrctl start # truss -aef lsnrctl dbsnmp_start
Running Example
Using the date command
# truss -d date
Base time stamp: 1066157908.5731 [ Tue Oct 14 14:58:28 EDT 2003 ]
0.0000 execve("/usr/bin/date", 0xFFBEF29C, 0xFFBEF2A4) argc = 1
0.0449 mmap(0x00000000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC,MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFF3A0000
0.0453 resolvepath("/usr/lib/ld.so.1", "/usr/lib/ld.so.1", 1023) = 16
0.0457 open("/var/ld/ld.config", O_RDONLY) Err#2 ENOENT
0.0460 open("/usr/lib/libc.so.1", O_RDONLY) = 3
0.0463 fstat(3, 0xFFBEE9C4) = 0
0.0464 mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF390000
0.0466 mmap(0x00000000, 794624, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF280000
0.0470 mmap(0xFF33A000, 24652, PROT_READ|PROT_WRITE|PROT_EXEC,MAP_PRIVATE|MAP_FIXED, 3, 696320) = 0xFF33A000
0.0474 munmap(0xFF32A000, 65536) = 0
0.0479 memcntl(0xFF280000, 113332, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
0.0481 close(3) = 0
0.0483 open("/usr/lib/libdl.so.1", O_RDONLY) = 3
0.0485 fstat(3, 0xFFBEE9C4) = 0
0.0487 mmap(0xFF390000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED,3, 0) = 0xFF390000
0.0490 close(3) = 0
0.0493 open("/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1", O_RDONLY) = 3
0.0496 fstat(3, 0xFFBEE854) = 0
0.0497 mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF380000
0.0500 mmap(0x00000000, 16384, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF370000
0.0502 close(3) = 0
0.0514 munmap(0xFF380000, 8192) = 0
0.0521 brk(0x00022420) = 0
0.0523 brk(0x00024420) = 0
0.0526 time() = 1066157908
0.0531 open("/usr/share/lib/zoneinfo/US/Eastern", O_RDONLY) = 3
0.0533 read(3, " T Z i f\0\0\0\0\0\0\0\0".., 8192) = 1250
0.0536 close(3) = 0
0.0542 ioctl(1, TCGETA, 0xFFBEEFDC) = 0
Tue Oct 14 14:58:28 EDT 2003
0.0545 write(1, " T u e O c t 1 4 1".., 29) = 29
0.0547 llseek(0, 0, SEEK_CUR) = 1829
0.0549 _exit(0)
In order to be able to use truss output, it is important to understand some basic vocabulary:
| brk() | requests memory during execution. |
|---|---|
| exec() | opens a program. |
| fcntl() | performs control functions on open files. |
| fstat() | obtains information about open files. |
| getdents64() | reads directory information. |
| ioctl() | performs terminal I/O. |
| lstat() | obtains file attributes. |
| mmap() | maps the program image into memory. |
| open() | opens a file. It returns a number which is referenced when the file is used. |
| write() | writes to an open file/device. |
Obviously, this is only a subset of the system calls seen in truss output, but this subset is usually sufficient to figure out what is going on.
In most cases we will be looking for error messages in the truss output. These entries will contain the string "Err" in the last column of the output.
System call errors can be interpreted by looking at the man page of the specific system call or examining the file /usr/include/sys/errno.h.