Probe a process

tux_compIt is possible to get full information of a process by digging into its directory under /proc. However, it’s not so easy for newbies to understand the data. What if some tools which could present the information in a comprehensible way? This article explores three such utilities.

We will track a process by its PID on Ubuntu. The easiest way to get the PID of a running process by its name is:

$ pidof yandex-browser-beta
21906 21887 21880

The instance with PID 21880 is our pick.

1. Statistics of a process

prtstat shows the CPU affinity, threads, state, process, group and sessions ID, page faults, CPU times, memory and scheduling information of a process.

$ sudo prtstat 21880
Process: yandex_browser		State: S (sleeping)
  CPU#:  0  		TTY: 0:0	Threads: 1
Process, Group and Session IDs
  Process ID: 21880		  Parent ID: 21879
    Group ID: 1086		 Session ID: 1086
  T Group ID: -1

Page Faults
  This Process    (minor major):     4481         0
  Child Processes (minor major):      113         0
CPU Times
  This Process    (user system guest blkio):   0.02   0.01   0.00   0.00
  Child processes (user system guest):         0.00   0.00   0.00
Memory
  Vsize:       378 MB    
  RSS:         44 MB      		 RSS Limit: 18446744073709 MB
  Code Start:  0x7f2b4f372000		 Code Stop:  0x7f2b548d4210
  Stack Start: 0x7fffcb779250
  Stack Pointer (ESP): 0x7fffcb778618	 Inst Pointer (EIP): 0x7f2b48a27c3b
Scheduling
  Policy: normal
  Nice:   0 		 RT Priority: 0 (non RT)

prtstat is installed by default on Ubuntu. Otherwise, run:

$ sudo apt-get install psmisc

2. Files opened by a process

lsof will show all the files a running process has opened. That includes regular files, directories, block special files, character special files, executing text references, libraries, stream or network files (Internet socket, NFS file or UNIX domain socket).

$ lsof -a -p 21880
yandex_br 21880 neo rtd DIR 0,4 0 651549 /proc/21881/fdinfo
yandex_br 21880 neo txt REG 8,2 94290504 131695 /opt/yandex/browser-beta/yandex_browser
yandex_br 21880 neo mem REG 8,2 17354336 132390 /usr/lib/pepperflashplugin-nonfree/libpepflashplayer.so
yandex_br 21880 neo mem REG 8,2 14223936 132619 /opt/yandex/browser-beta/libyapdf.so
...
yandex_br 21880 neo 0r CHR 1,3 0t0 1029 /dev/null
yandex_br 21880 neo 1w FIFO 0,9 0t0 650715 pipe
yandex_br 21880 neo 2w FIFO 0,9 0t0 650717 pipe
yandex_br 21880 neo 3u unix 0x0000000000000000 0t0 651540 socket
yandex_br 21880 neo 4r REG 8,2 10456832 132611 /opt/yandex/browser-beta/icudtl.dat
yandex_br 21880 neo 5u sock 0,8 0t0 649878 can't identify protocol
yandex_br 21880 neo 6u unix 0x0000000000000000 0t0 651536 socket

lsof is installed by default on Ubuntu. Otherwise, run:

$ sudo apt-get install lsof

 3. Stack trace of a process

pstack shows the stack trace of a running process. Note that the debugging symbols have to be enabled in the binary to make any sense of the output. The binary should not be stripped. Another limitation is it supports only 32-bit ELF binaries at the time of writing.

$ pstack 21880

21880: /opt/yandex/browser-beta/yandex_browser --type=zygote --user-id=9C458564-5009-A49F-B1C9-5FF0676BFBD5 --user-data-dir=/home/a...
(No symbols found)
crawl: Input/output error
Error tracing through process 21880

To install pstack on Ubuntu:

$ sudo apt-get install pstack

For 64-bit, another option is to check the stack information directly from /proc:

$ cat /proc/21880/stack
[<0000000000000000>] do_wait+0x1e8/0x260
[<0000000000000000>] SyS_waitid+0x85/0x190
[<0000000000000000>] system_call_fastpath+0x16/0x1b
[<0000000000000000>] 0xffffffffffffffff

Tip

To check the stack of the running kernel:

$ cat /proc/self/stack
[<0000000000000000>] save_stack_trace_tsk+0x26/0x50
[<0000000000000000>] proc_pid_stack+0xa4/0xf0
[<0000000000000000>] proc_single_show+0x5f/0xa0
[<0000000000000000>] seq_read+0xfb/0x3c0
[<0000000000000000>] __vfs_read+0x18/0x50
[<0000000000000000>] vfs_read+0x95/0x130
[<0000000000000000>] SyS_read+0x4f/0xb0
[<0000000000000000>] system_call_fastpath+0x16/0x1b
[<0000000000000000>] 0xffffffffffffffff

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s