[evmar]

I recently dove into this area in an attempt to find something like strace that didn't cost as much (as the slides mention, it's hundreds of times slower to run something under strace). It seems like dtrace can likely do what I want, but it doesn't sound reliable under linux yet. Does anyone know if the native linux profiling tools can be used to answer questions like "which files is my process accessing"?

As far as I found, various tools can trace syscalls and count them, but the critical thing strace adds is that it decodes the pointer parameters to syscalls into strings, something that e.g. "perf trace" doesn't seem to do.

[joshbaptiste]

Ktap was recently announced also https://github.com/ktap/ktap

[justincormack]

You could link your library to a passthrough libc that logs calls, if it is dynamically linked. There are various library hijacking solutions to make it easier. ptrace, that strace uses is necessarily slow (ktrace in eg NetBSD is much faster, the kernel does the tracing not userspace).

[noerps]

Try lsof for files accessed by process.

[1amzave]

Correct me if I'm wrong here, but I believe lsof can only display files held open at a given point in time (when you run lsof), no? So if a process opens a file, does something with it, and then immediately closes it, you're unlikely to be able to catch that with lsof unless you happen to run it at exactly the right time.