Date: Tue, 11 May 2010 09:15:17 -0500 From: Dan McNulty <dkmcnulty@gmail.com> To: Dan Nelson <dnelson@allantgroup.com> Cc: freebsd-questions@freebsd.org Subject: Re: Finding out when a child process forks or calls exec Message-ID: <AANLkTimmWvlfD0UHJdqeC20OJg2ovEX6mL_I03azAdMJ@mail.gmail.com> In-Reply-To: <20100503213936.GL14572@dan.emsphone.com> References: <i2i1efdac3e1005031339zb359cc7bseca1556bf80615@mail.gmail.com> <20100503213936.GL14572@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all, I have been experimenting with ptrace to determine when a child process forks or calls exec. Particularly, I have explored tracing every system call entry and exit similar to what the truss utility does, and for my case, the performance impact of tracing every system call is too great. Is there a more efficient way than tracing every system call entry and exit to determine when a child process forks, calls exec, or creates a new LWP? Thanks a lot for your help! -Dan On Mon, May 3, 2010 at 4:39 PM, Dan Nelson <dnelson@allantgroup.com> wrote: > In the last episode (May 03), Dan McNulty said: >> I am trying to port a debugging tool that uses the ptrace interface from >> Linux to FreeBSD. =A0From what I can tell, the ptrace interface on FreeB= SD >> is pretty similar to the Linux interface; however, it doesn't appear tha= t >> the FreeBSD interface generate events when the child process forks, call= s >> exec, creates a new LWP, etc. =A0My question then is: >> >> Does FreeBSD provide any way to determine from a parent/tracing >> process if a child process has called fork, exec, exit, or created a >> new LWP? > > /usr/bin/truss watches for syscalls named "fork", "rfork", and "vfork", a= nd > when they return it forks another copy of itself to watch the child. =A0S= ee > /usr/src/usr.bin/truss/i386-fbsd.c and main.c (search for "in_fork"). > > You can tell when a new lwp is created because lwpid changes. =A0In setup= .c > the waitevent() function calls ptrace(PT_LWPINFO...) on every syscall > entry/exit so it's easy to track; it then calls the find_thread() functio= n > which allocates a new helper struct every time a new lwp appears. > > -- > =A0 =A0 =A0 =A0Dan Nelson > =A0 =A0 =A0 =A0dnelson@allantgroup.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTimmWvlfD0UHJdqeC20OJg2ovEX6mL_I03azAdMJ>