How to trace system calls of a program in Mac OS X?

MacosStraceTrussDtruss

Macos Problem Overview

I wanted to trace the system calls made by the find command to debug some performance issues however I could not figure out how to do this on Mac OS X Yosemite. How can I trace system calls for an arbitrary program similarly to what strace does on FreeBSD? I am especially interested in tracing file-system related calls.

Macos Solutions

Solution 1 - Macos

Under current versions of macOS, executables under paths covered by SIP (like /usr/bin) cannot be traced.

You can bypass this by making a copy of the executable in your home directory and tracing the copy:

cp /usr/bin/find find
codesign --remove-signature ./find
sudo dtruss ./find …

You needed to remove the code signature from the new find executable, otherwise SIP still notices that a system file is being accessed (credit: @Anmol Singh Jaggi).

Solution 2 - Macos

You can use dtruss like in

sudo dtruss find ~/repo -depth 2 -type d -name '.git'

The manual page of that utility will help you to tailor the use of the tool to your needs.

Categories
Recommended Macos Solutions
Recommended Strace Solutions

Previous Solution:

What benefits does ES2015 (ES6) `class` syntax provide?

JavascriptEcmascript 6

Next Solution:

PHP: Call to undefined function: simplexml_load_string()

PhpXmlFunctionCurl

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionMichaël Le BarbierView Question on Stackoverflow
Solution 1 - Macosuser149341View Answer on Stackoverflow
Solution 2 - MacosjspcalView Answer on Stackoverflow