dtrace is a far more comprehensive tool than strace. The common complaint on MacOS is that SIP by default will not allow you to use it. The same issue occurs on Linux when you're running SELinux or similar.
SIP doesn’t block dtrace. You can use it just fine to e.g. trace dynamic library function calls.
What really is a problem on MacOS is that they stopped shipping kernel syscall symbols. So you can’t trace syscalls anymore in the default setup. I’ve read on some forum that you can download the symbols from some website and it works then, but didn’t bother with it at that point.
Ironically, despite DTrace originally being a Unix tool, I’ve had the most success using it on Windows. On Mac I can’t trace syscalls by default, on FreeBSD for some reason it didn’t notice that processes inside jails were opening files (despite DTrace running on the host)... On Windows on the other hand DTrace works perfectly for me.
» dtrace echo
dtrace: system integrity protection is on, some features will not be available
dtrace: failed to initialize dtrace: DTrace requires additional privileges
You need to use sudo. I have SIP enabled and use DTrace regularly. Trust me, it works. (As long as you use it properly, i.e. not like an alias for strace the way you tried here.)
» sudo dtrace echo hi
dtrace: system integrity protection is on, some features will not be available
dtrace: no probes specified
(last command returned 1.)
» sudo dtruss echo hi
dtrace: system integrity protection is on, some features will not be available
dtrace: failed to execute echo: Operation not permitted
(last command returned 1.)
»
There's a host of problems that come with that, though: how do you then execute the tracee? If your problem is nice & simple and works under root, that's great I suppose, but it always seems like some access to $HOME destroys that possibility for me.
Then there's that, even ignoring all that … I've still yet to figure out a minimal example?
Give me a barebones minimal example. Every article I hit on this tool is right into space shuttle levels of complexity. That's what makes strace the winner.
> As long as you use it properly, i.e. not like an alias for strace the way you tried here.
On the many occasions where I've needed strace in macOS, on a number of them, I have tried to use dtrace. I have never once been successful with it; while I am sure there are dtrace experts merrily debugging anything and everything, the tool is nigh incomprehensible to the new user.
(AFAICT after some quick Googling, Linux strace is patterned after the old SunOS command, truss. SunOS had a trace(1) utility, too, but truss is the successor with features like fork following. So basically Linux strace == SunOS truss, and in the DTrace world strace == dtruss. If I have the history wrong, please correct me.)
… but like, what we (anyone who has used strace on Linux) are looking for is an strace-equivalent to macOS.
I've gone down the "maybe it's dtruss, and not dtrace? what's the difference?" branch in my attempts to get a working strace replacement on macOS, too, also without success.
dtruss, on macOS, emits the same errors as what I put in another comment on this subthread. Even as root, though that would open up a whole 'nother can of worms in attempting to get a working replacement. (And now I've gone down a whole new rabbit hole of "What is SIP? How does it work?" and … I'm still no closer to actually running something that looks like strace. 2024 has got to be the year of the Linux desktop, if macOS's UX is this.)
Is there any alternatives on Mac?