This chapter is from the book
This chapter is from the book
This chapter is from the book
4.9 Process Debugging
FreeBSD provides a simple facility for controlling and debugging the execution of a process. This facility, accessed through the ptrace system call, permits a parent process to control a child process’s execution by manipulating user- and kernel-mode execution states. In particular, with ptrace, a parent process can do the following operations on a child process:
- Attaches to an existing process to begin debugging it
- Reads and writes address space and registers
- Intercepts signals posted to the process
- Single steps and continues the execution of the process
- Terminates the execution of the process
The ptrace call is used almost exclusively by program debuggers, such as lldb.
When a process is being traced, any signals posted to that process cause it to enter the STOPPED state. The parent process is notified with a SIGCHLD signal and may interrogate the status of the child with the wait4 system call. On most machines, trace traps, generated when a process is single stepped, and breakpoint faults, caused by a process executing a breakpoint instruction, are translated by FreeBSD into SIGTRAP signals. Because signals posted to a traced process cause it to stop and result in the parent being notified, a program’s execution can be controlled easily.
To start a program that is to be debugged, the debugger first creates a child process with a fork system call. After the fork, the child process uses a ptrace call that causes the process to be flagged as “traced” by setting the P_TRACED bit in the p_flag field of the process structure. The child process then sets the trace trap bit in the process’s processor status word and calls execve to load the image of the program that is to be debugged. Setting this bit ensures that the first instruction executed by the child process after the new image is loaded will result in a hardware trace trap, which is translated by the system into a SIGTRAP signal. Because the parent process is notified about all signals to the child, it can intercept the signal and gain control over the program before it executes a single instruction.
Alternatively, the debugger may take over an existing process by attaching to it. A successful attach request causes the process to enter the STOPPED state and to have its P_TRACED bit set in the p_flag field of its process structure. The debugger can then begin operating on the process in the same way as it would with a process that it had explicitly started.
An alternative to the ptrace system call is the /proc filesystem. The functionality provided by the /proc filesystem is the same as that provided by ptrace; it differs only in its interface. The /proc filesystem implements a view of the system process table inside the filesystem and is so named because it is normally mounted on /proc. It provides a two-level view of process space. At the highest level, processes themselves are named, according to their process IDs. There is also a special node called curproc that always refers to the process making the lookup request.
Each node is a directory that contains the following entries:
ctl
A write-only file that supports a variety of control operations. Control commands are written as strings to the ctl file. The control commands are:
attach
Stops the target process and arranges for the sending process to become the debug control process.
detach
Continues execution of the target process and remove it from control by the debug process (that need not be the sending process).
run
Continues running the target process until a signal is delivered, a breakpoint is hit, or the target process exits.
step
Single steps the target process, with no signal delivery.
wait
Waits for the target process to come to a steady state ready for debugging. The target process must be in this state before any of the other commands are allowed.
The string can also be the name of a signal, lowercase and without the SIG prefix, in which case that signal is delivered to the process.
dbregs
Sets the debug registers as defined by the machine architecture.
etype
The type of the executable referenced by the file entry.
file
A reference to the vnode from which the process text was read. This entry can be used to gain access to the symbol table for the process or to start another copy of the process.
fpregs
The floating point registers as defined by the machine architecture. It is only implemented on machines that have distinct general-purpose and floating-point register sets.
map
A map of the process’s virtual memory.
mem
The complete virtual memory image of the process. Only those addresses that exist in the process can be accessed. Reads and writes to this file modify the process. Writes to the text segment remain private to the process. Because the address space of another process can be accessed with read and write system calls, a debugger can access a process being debugged with much greater efficiency than it can with the ptrace system call. The pages of interest in the process being debugged are mapped into the kernel address space. The data requested by the debugger can then be copied directly from the kernel to the debugger’s address space.
regs
Allows read and write access to the register set of the process.
rlimit
A read-only file containing the process’s current and maximum limits.
status
The process status. This file is read-only and returns a single line containing multiple space-separated fields that include the command name, the process id, the parent process id, the process group id, the session id, the controlling terminal (if any), a list of the process flags, the process start time, user and system times, the wait channel message, and the process credentials.
Each node is owned by the process’s user and belongs to that user’s primary group, except for the mem node, which belongs to the kmem group.
In a normal debugging environment, where the target does a fork followed by an exec by the debugger, the debugger should fork and the child should stop itself (with a self-inflicted SIGSTOP, for example). The parent should issue a wait and then an attach command via the appropriate ctl file. The child process will receive a SIGTRAP immediately after the call to exec.
Users wishing to view process information often find it easier to use the procstat command than to figure out how to extract the information from the /proc filesystem.
Exercises
4.1 For each state listed in Table 4.1, list the system queues on which a process in that state might be found.
4.2 Why is the performance of the context-switching mechanism critical to the performance of a highly multiprogrammed system?
4.3 What effect would increasing the time quantum have on the system’s interactive response and total throughput?
4.4 What effect would reducing the number of run queues from 64 to 32 have on the scheduling overhead and on system performance?
4.5 Give three reasons for the system to select a new process to run.
4.6 Describe the three types of scheduling policies provided by FreeBSD.
4.7 What type of jobs does the timeshare scheduling policy favor? Propose an algorithm for identifying these favored jobs.
4.8 When and how does thread scheduling interact with memory-management facilities?
4.9 After a process has exited, it may enter the state of being a ZOMBIE before disappearing from the system entirely. What is the purpose of the ZOMBIE state? What event causes a process to exit from ZOMBIE?
4.10 Suppose that the data structures shown in Table 4.3 do not exist. Instead, assume that each process entry has only its own PID and the PID of its parent. Compare the costs in space and time to support each of the following operations:
- Creation of a new process
- Lookup of the process’s parent
- Lookup of all of a process’s siblings
- Lookup of all of a process’s descendants
- Destruction of a process
4.11 What are the differences between a mutex and a lock-manager lock?
4.12 Give an example of where a mutex lock should be used. Give an example of where a lock-manager lock should be used.
4.13 A process blocked without setting the PCATCH flag may never be awakened by a signal. Describe two problems a noninterruptible sleep may cause if a disk becomes unavailable while the system is running.
4.14 Describe the limitations a jail puts on the filesystem namespace, network access, and processes running in the jail.
*4.15 In FreeBSD, the signal SIGTSTP is delivered to a process when a user types a “suspend character.” Why would a process want to catch this signal before it is stopped?
*4.16 Before the FreeBSD signal mechanism was added, signal handlers to catch the SIGTSTP signal were written as
catchstop()
{
prepare to stop;
signal(SIGTSTP, SIG_DFL);
kill(getpid(), SIGTSTP);
signal(SIGTSTP,catchstop);
}
This code causes an infinite loop in FreeBSD. Why does it do so? How should the code be rewritten?
*4.17 The process-priority calculations and accounting statistics are all based on sampled data. Describe hardware support that would permit more accurate statistics and priority calculations.
*4.18 Why are signals a poor interprocess-communication facility?
**4.19 A kernel-stack-invalid trap occurs when an invalid value for the kernel-mode stack pointer is detected by the hardware. How might the system gracefully terminate a process that receives such a trap while executing on its kernel-run-time stack?
**4.20 Describe alternatives to the test-and-set instruction that would allow you to build a synchronization mechanism for a multiprocessor FreeBSD system.
**4.21 A lightweight process is a thread of execution that operates within the context of a normal FreeBSD process. Multiple lightweight processes may exist in a single FreeBSD process and share memory, but each is able to do blocking operations, such as system calls. Describe how lightweight processes might be implemented entirely in user mode.
References
Aral et al., 1989.
Z. Aral, J. Bloom, T. Doeppner, I. Gertner, A. Langerman, & G. Schaffer, “Variable Weight Processes with Flexible Shared Resources,” USENIX Association Conference Proceedings, pp. 405–412, January 1989.
Dekker, 2013.
Dekker, “Dekker Algorithm,” Wikipedia, available from http://en.wikipedia.org/wiki/Dekkers_algorithm, November 2013.
Joy, 1994.
W. N. Joy, “An Introduction to the C Shell,” in 4.4BSD User’s Supplementary Documents, pp. 4:1–46, O’Reilly & Associates, Inc., Sebastopol, CA, 1994.
McDougall & Mauro, 2006.
R. McDougall & J. Mauro, Solaris Internals: Solaris 10 and OpenSolaris Kernel Architecture (2nd Edition), Prentice Hall, Upper Saddle River, NJ, 2006.
Ritchie, 1988.
D. M. Ritchie, “Multi-Processor UNIX,” private communication, April 25, 1988.
Roberson, 2003.
J. Roberson, “ULE: A Modern Scheduler For FreeBSD,” Proceedings of the USENIX BSDCon 2003, pp. 17–28, September 2003.
Simpleton, 2008.
Caffeinated Simpleton, A Threading Model Overview, available from http://justin.harmonize.fm/Development/2008/09/09/threading-model-overview.html, September 2008.