Trace libc and system call function calls on Linux?

Question

I have a C++ application on Linux. How can I see library calls to functions such as malloc() and then on to system calls such as sbrk(), etc., throughout the execution of the program?

I would like this to show which libc functions occurred and responsible for the subsequent Linux system calls.

NB: I don't wish to intercept any function calls, just to log which C library functions called which system calls.

Answer 1

I would like this to show which libc functions occurred and responsible for the subsequent Linux sys calls.

You may want to use ltrace(1) and/or strace(1).

Of course read syscalls(2) and Advanced Linux Programming. Or use ld.so(8) tricks with dynamic linkers. You could read Linkers and Loaders

I would believe that compiling your application with all warnings and debug info (e.g. g++ -Wall -Wextra -g) should help (notably giving better output). You could even want to install the debugging variant of some system libraries (on Debian or Ubuntu, packages like libstdc++6-4.8-dbg etc...).

Only when you believe to have corrected most bugs recompile your code with optimizations enabled

(that practically means: add -O2 to g++ program options, so configure your build automation tool appropriately, e.g. edit your Makefile if you use GNU make).

If in 2020 you use a recent GCC 10, consider using its static analyzer options. Consider also using Frama-C or the Clang static analyzer.

You should also consider using valgrind and, with recent GCC compilers, use some sanitizing option (e.g. -fsanitize=address) and of course enable all warnings and DWARF debug info (so pass also -Wall -Wextra -g to gcc or g++).

And you could trace semi-automatically some functions using a recent GDB debugger, since gdb may be scriptable in Python or Guile.

Another approach (see this draft report) would be to code your own GCC plugin then use it while compiling some of your or other source code.

BTW, to understand how standard libraries work (i.e. which syscalls they are calling) you could not only strace a program using them, but also, since many libraries on Linux are free software or open source, so download then study their source code. I find the source code of musl-libc very readable. See also the more common Gnu libc. And the C++ standard library is packaged inside GCC.

For a systematic approach, read LinuxFromScratch. With enough patience (weeks of work) you could compile all your Linux software (or use source based distributions like Gentoo).

Answer 2

you can start from:

man ld-linux
export LD_DEBUG=help

Example i woud like to know the ls command what kind of functions uses:

export LD_DEBUG=symbols
export LD_DEBUG_OUTPUT=myoutput.txt
[xxxx@localhost ~]$ ls -l
total 244
-rw-rw-r--   1 xxxxx pppppp    247 Jul 15 12:05 28_29storage.txt

Now in file myoutput.txt.pidnumber i have:

   13419:   symbol=malloc;  lookup in file=ls [0]
   13419:   symbol=malloc;  lookup in file=/lib64/libselinux.so.1 [0]
   13419:   symbol=malloc;  lookup in file=/lib64/libcap.so.2 [0]
   13419:   symbol=malloc;  lookup in file=/lib64/libacl.so.1 [0]
   13419:   symbol=malloc;  lookup in file=/lib64/libc.so.6 [0]