How to identify which system call is used by a command in Linux ?

In this article, we will see a quick tip, how to identify what all system calls are used by a command in Linux.

To know about system calls, we can use the command strace to trace the command execution.

Identify all System calls

[root@nglinux ~]# strace /bin/ls | more
statfs64("/selinux", 84, {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096, f_flags=4128}) = 0
stat64("/selinux", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
brk(0)                                  = 0x8b9b000
brk(0x8bbc000)                          = 0x8bbc000
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=99174416, ...}) = 0
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=99174416, ...}) = 0
mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7593000
close(3)                                = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, 0xbfba1c48) = -1 EINVAL (Invalid argument)
ioctl(1, TIOCGWINSZ, 0xbfba1db8)        = -1 EINVAL (Invalid argument)
open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|O_CLOEXEC) = 3
fcntl64(3, F_GETFD)                     = 0x1 (flags FD_CLOEXEC)
getdents64(3, /* 88 entries */, 32768)  = 3040
getdents64(3, /* 0 entries */, 32768)   = 0
close(3)                                = 0
fstat64(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0

In the above command, we can see statfs, fstat, etc system calls used by the system.

Similarly on analyzing complete output, you can understand how system executes an instruction/program.

strace is very useful command when we want to debug a program execution to identify any runtime bugs.

Leave a Reply

Your email address will not be published.