I'm writing a program to be run from the Linux user space which spawns another process. How can it determine which files were modified by the spawned process after it completes?
Call it under strace and parse the output you care about.
Inject your own replacement for fopen(3) that records the names and modes.
Maybe g++ itself spawns other processes? Than "strace -fF -efile program" plus some filtering will probably help you.
Related
Is it possible to find out all the programs getting executed in Linux. There will be many scripts and other executables getting launched and killed during the life time of a system and I would like to get a list of these (or a print while execuction start). I am looking for this to understand program flow in an embedded board.
Type ps aux in the terminal will give information about the processes(Started time, runtime), more information about keep track of processes
There's a kernel interface which will notify a client program of every fork, exec, and exit. See this answer: https://stackoverflow.com/a/8255487/5844347
Take a look at ps -e and eventually crontab if you want to take that information periodically.
I have several instances of a process (i.e. with a common command line). I would like to kill all of them at one go. How to achieve it?
Options:
killall
ps|awk|xargs kill
tag-and-kill in htop
Killall is super powerful, but I find it hazardous to use indiscriminately. Option 2 is awkward to use, but I often find myself in environments that don't have killall; also, leaving out the xargs bit on the first pass lets me review the condemned processes before I swing the blade. Ultimately, I usually favour htop, since it lets me pick and choose before hitting the big "k".
You are probably looking for the killall command. For example:
killall perl
Would kill off all perl processes that are running on your machine. See http://linux.die.net/man/1/killall for more details.
killall will do that for you. Use man killall for the options but I usually do:
killall myProgName
Just be very careful (eg, use ps first to make sure it will only kill what you want).
NOTE: killall is the answer... IF you're on Linux. SysV also has a killall command, but it does a very, very different thing: it's part of the shutting-down-processes-prior-to-system-halt. So, yes, killall's the easiest, but if you often shuttle between Linux and SysV systems, I might recommend writing up a quick script to do what you want, instead.
i want to kill specific thread of a process at command line..is there some command to achieve this?
there is an api for this, on linux:
int tkill(int tid, int sig);
refers to man page tkill(2)
I don't think you can do this. Most programs are not designed to handle one of their threads being shut down without their knowledge. The program might have passed important data off to that thread, or might be waiting for it to finish.
If it is truly a concern, you can attempt to find a single-threaded or multi-process version of the program. For example, Apache has both a prefork (non-threaded) and worker (threaded) version.
I am learning how to program in Linux OS platform and what is the implementation to run my app in background process.
Like for example in this scenario: When executing my app in the shell it will automatically run in background process. Take note that I don't need the "&" in the shell when I run my app. What standard Linux function to do this implementation?
And how can I kill or terminate the app that was run in background in the code? What I mean is I don't need to execute the kill shell command to terminate my app in background? Or if the app meets a condition then it will kill itself or terminate itself.
Many thanks.
You want to daemonize your program. This is generally done by fork() and a few other system calls.
There are more details here
Background applications can be killed by using kill. It is good practice for a daemon to write its process ID (PID) in a well-known file so it can be located easily.
While you should learn about fork() exec() wait() and kill(), its sometimes more convenient to just use daemon(3) if it exists.
Caveats:
Not in POSIX.1-2001
Not present in all BSD's (may be named something else, however)
If portability is not a major concern, it is rather convenient. If portability is a major concern, you can always write your own implementation and use that.
From the manpage:
SYNOPSIS
#include <unistd.h>
int daemon(int nochdir, int noclose);
DESCRIPTION
The daemon() function is for programs wishing to detach themselves from the
controlling terminal and run in the background as system daemons.
If nochdir is zero, daemon() changes the calling process's current working directory
to the root directory ("/"); otherwise, the current working directory is left
unchanged.
If noclose is zero, daemon() redirects standard input, standard output and standard
error to /dev/null; otherwise, no changes are made to these file descriptors.
fork(2) gives you a new process. In the child you run one of the exec(3) functions to replace it with a new executable. The parent can use one of the wait(2) functions to wait for the child to terminate. kill(2) can be used to send a signal to another process.
I've read about fork and from what I understand, the process is cloned but which process? The script itself or the process that launched the script?
For example:
I'm running rTorrent on my machine and when a torrent completes, I have a script run against it. This script fetches data from the web so it takes a few seconds to complete. During this time, my rtorrent process is frozen. So I made the script fork using the following
my $pid = fork();
if ($pid == 0) { blah blah blah; exit 0; }
If I run this script from the CLI, it comes back to the shell within a second while it runs in the background, exactly as I intended. However, when I run it from rTorrent, it seems to be even slower than before. So what exactly was forked? Did the rtorrent process clone itself and my script ran in that, or did my script clone itself? I hope this makes sense.
The fork() function returns TWICE! Once in the parent process, and once in the child process. In general, both processes are IDENTICAL in every way, as if EACH one had just returned from fork(). The only difference is that in one, the return value from fork() is 0, and in the other it is non-zero (the PID of the child process).
So whatever process was running your Perl script (if it is an embedded Perl interpreter inside rTorrent then rTorrent would be the process) would be duplicated at exactly the point that the fork() happened.
I believe I found the problem by looking through rTorrent's source. For some processes, it will read all of the output sent to stdout before continuing. If this is happening to your process, rTorrent will block until you close the stdout process. Because you're forking, your child process shares the same stdout as the parent. Your parent process will exit, but the pipe remains open (because your child process is still running). If you did an strace of rTorrent, I'd bet that it'd be blocked on this read() call while executing your command.
Try closing/redirecting stdout in your perl script before the fork().
The entire process containing the interpreter forks. Fortunately memory is copy-on-write so it doesn't need to copy all the process memory in order to fork. However, things such as file descriptors remain open. This allows child processes to handle them, but may cause issues if they aren't closed appropriately. In general, fork() should not be used in an embedded interpreter except under extreme duress.
To answer the nominal question, since you commented that the accepted answer fails to do so, fork affects the process in which it is called. In your example of rTorrent spawning a Perl process which then calls fork, it is the Perl process which is duplicated, since it was the Perl process which called fork.
In the general case, there is no way for a process to fork any process other than itself. If it were possible to tell another arbitrary process to go fork itself, that would open up no end of security and performance issues.
My advice would be "don't do that".
If the Perl interpreter is embedded within the rtorrent process, you've almost certainly forked an entire rtorrent process, the effects of which are probably ill-defined at best. It's generally a bad idea to play with process-level stuff in an embedded interpreter regardless of language.
There's an excellent chance that some sort of lock is not being properly released, or that threads within the processes are proceeding in unintended and possibly competing ways.
When we create a process using fork the child process will have the copy of the address space.So the child also can use the address space.And it also can access the files which is opened by the parent.We can have the control over the child.To get the complete status of the child we can use wait.