Feature Request: Process Lineage in Filenames.

Eugene Syromyatnikov evgsyr at gmail.com
Fri Sep 1 16:06:03 UTC 2017 

On Sat, Mar 4, 2017 at 12:08 AM, Eugene Syromyatnikov <evgsyr at gmail.com> wrote:
> On Fri, Mar 3, 2017 at 11:54 PM, Ralph Corderoy <ralph at inputplus.co.uk> wrote:
>> Hi,
>>
>> Second request.  I had a bunch of filename.pid outputs from -ff the
>> other day and to better understand what occurred, I examined and renamed
>> them to show their ancestry.
>>
>>     1000.man
>>     1008.man-preconv
>>     1009.man-tbl
>>     1010.man-nroff
>>     1011.man-col
>>     1013.man-nroff-locale
>>     1016.man-nroff-groff
>>     1018.man-nroff-groff-troff
>>     1019.man-nroff-groff-grotty
>>
>> I was thinking something similar could happen automatically.  Not using
>> the name of the program execve()'d, because that comes later, but a list
>> of PIDs starting with the ancestor.  So
>>
>>     strace -o foo -fff /usr/bin/foo
>>
>> might produce
>>
>>     foo.100
>>
>> and as that forks
>>
>>     foo.100-102
>>
>> and forks again
>>
>>     foo.100-102-103
>>
>> foo.100-109 would be 102's sibling.
>>
>> It would make it that bit easier when grep-ing through them all, etc.,
>> to interpret the results.
> Well, something like { echo 'digraph {'; for i in *; do sed -n
> "/clone/s/.* \([0-9]*\)\$/${i#*.} -> \1;/p" $i; done; echo '}'; } |
> dot -Tpng  > pid_graph.png can ease the task, but it is not always
> that easy [1]. Thanks for the sugestion, since strace indeed can track
> this sort of process relations.

As it turns out, PTRACE_EVENT_(CLONE|FORK|VFORK) is delivered only
after new task is run, which results in a race between attach-stop
from the new task (which triggers allocation of the new tcb and
creation of the new file) and this aforementioned ptrace event from
the old one, and using child's proc for deriving parent PID looks even
more racy (imagine parent has been killed while we trying to open
/proc/pid/stat and try to go through it). So, this one is not as easy
as it seemed on the first look.

-- 
Eugene Syromyatnikov
mailto:evgsyr at gmail.com
xmpp:esyr at jabber.{ru|org}

More information about the Strace-devel mailing list