Clone this repo:
  1. 6a8a87a Fix formatting, exit on error by Tamir Duberstein · 1 year, 10 months ago main
  2. 68866c0 Pass fifo as absolute path by Tamir Duberstein · 1 year, 10 months ago
  3. ba8ca0b Add missing include to fix build on Mac by Jay Zhuang · 2 years, 2 months ago
  4. d4b55ee Use mkstemp instead of tmpnam by Jay Zhuang · 2 years, 2 months ago
  5. b0738cc Improves error logging by Jay Zhuang · 2 years, 2 months ago

Filesystem Access Tracer

This tool injects code into other applications in order to trace file accesses.


This can be useful for things like build systems, since it allows to automatically generate dependencies in a toolchain-agnostic way or to ensure declared dependencies match the real ones.


On Unix, type make to generate the fsatrace executable and the shared library.

On Windows, you'll need recent 64-bit and 32-bit versions of mingw. You can either adapt the Makefile to point to your compilers or, alternatively, install and run the following sequence to get the required compilers:

stack setup --resolver ghc-8.6.5 --arch=x86_64
stack setup --resolver ghc-8.6.5 --arch=i386
stack exec -- pacman -S make

After that, invoke:

stack exec -- make

That should generate fsatrace.exe, fsatracehelper.exe, fsatrace32.dll and fsatrace64.dll.


Make sure the .dll or .so files are in the same path as the fsatrace executable and run:

fsatrace <options> <output-file> -- <command>

Options is a combination of the following characters:

  • v: print args vector
  • r: dump read operations
  • w: dump write operations
  • m: dump file move operations
  • d: dump file delete operations
  • q: dump file stat operations
  • t: dump touch operations

Environment Variables

  • FSAT_BUF_SIZE: when set, overwrites size of buffer for trace output.

macOS usage

In order to use fsatrace on systems newer than OS X 10.10, System Integrity Protection must be disabled as detailed in

Use at your own risk!

Output format

Newline-separated sequence with the following possibilities:

  • r|path-to-file-opened-for-write
  • w|path-to-file-opened-for-read
  • m|path-to-destination-of-move|path-to-source-of-move
  • d|path-to-deleted-file
  • q|path-to-queried-file
  • t|path-to-touched-file