Xref: utzoo comp.unix.wizards:10929 comp.os.misc:500
Path: utzoo!attcan!uunet!husc6!mailrus!ames!oliveb!sun!terra!brent
From: brent%terra@Sun.COM (Brent Callaghan)
Newsgroups: comp.unix.wizards,comp.os.misc
Subject: Re: tracing system calls
Keywords: truss trace syscall
Message-ID: <66893@sun.uucp>
Date: 5 Sep 88 17:15:24 GMT
References: <21606@ccicpg.UUCP> <7622@boring.cwi.nl> <2040@cuuxb.ATT.COM> <11966@andante.UUCP>
Sender: news@sun.uucp
Lines: 44

In article <11966@andante.UUCP>, raf@andante.UUCP (Roger A. Faulkner) writes:
> Great minds run in the same paths, with some variations.
> AT&T's truss(1) command was developed without any knowledge of Sun's trace(1)
> command's actual or planned existence.  I presume the reverse is also true.
> 

Yes indeed.  Except for the name there are incredible similarities:
both use a -p flag to trace a pid, a -c flag for system call counting,
and a -o flag for trace redirection to a file.

> First and foremost, it must be observed that trace(1) is based on Sun's
> enhanced ptrace(2) system call while truss(1) is based on AT&T's proc(4)
> process filesystem, invented by Tom Killian of Bell Labs research and
> extended and implemented for System V by Ron Gomes, with significant
> input from me.  The deficiencies in trace(1) are largely due to the
> deficiencies in ptrace(2) as compared to proc(4).

I agree, the /proc interface is a much better way to do this sort of thing.

> 1. truss(1) can follow children created by fork(2).  You can trace a shell
>    script of arbitrary complexity.  My favorite is spell(1), which runs
>    an 8-member pipeline.  trace(1) can't do this because the ptrace(2)ed
>    condition is not inherited; proc(4) tracing flags can be inherited.

Yes, this is a nice feature.  We had a "trace through fork" version
running internally but couldn't get it into the release in time.  The
price of being the first... :-)

> 10.truss(1) reports sleeping system calls as "sleeping ..." if they remain
>    asleep for more than 2 seconds.  trace(1) can't do this because of the
>    ptrace(2) interface.

A trace command user can usually assume a sleep if the cursor is sitting
after an "=" waiting for the return value to come back e.g.

	select (256, 0xdfffc24, 0xdfffc04, 0xdfffbe4, 0) = 
                                                           ^
Thanks for the description of truss and it's comparison with trace.
There's no doubt that truss is a better implementation of a system
call tracer.  I look forward to using it in sVr4.

Made in New Zealand -->  Brent Callaghan  @ Sun Microsystems
			 uucp: sun!bcallaghan
			 phone: (415) 336 6188