#pragma D option quiet
/* activity1.d -- Record fork() and exec() activity for a specified program */
proc::_do_fork:create
/execname == $1/
{
/* Extract PID of child process from the psinfo_t pointed to by args[0] */
childpid = args[0]->pr_pid;
time[childpid] = timestamp;
p_pid[childpid] = pid; /* Current process ID (parent PID of new child) */
p_name[childpid] = execname; /* Parent command name */
p_exec[childpid] = ""; /* Child has not yet been exec'ed */
}
proc::do_execveat_common:exec
/p_pid[pid] != 0/
{
p_exec[pid] = args[0]; /* Child process path name */
}
proc::do_exit:exit
/p_pid[pid] != 0 && p_exec[pid] != ""/
{
printf("%s (%d) executed %s (%d) for %d microseconds\n",
p_name[pid], p_pid[pid], p_exec[pid], pid, (timestamp - time[pid])/1000);
}
proc::do_exit:exit
/p_pid[pid] != 0 && p_exec[pid] == ""/
{
printf("%s (%d) forked itself (as %d) for %d microseconds\n",
p_name[pid], p_pid[pid], pid, (timestamp - time[pid])/1000);
} 次の例に示すように、トレースするプログラムの名前をdtrace コマンドの引数として指定できるようになりました。 シェルから二重引用符を保護するには、引数をエスケープする必要があります:
#dtrace -s activity.d '"bash"'bash (10367) executed /bin/ps (10368) for 10926 microseconds bash (10360) executed /usr/bin/tty (10361) for 3046 microseconds bash (10359) forked itself (as 10363) for 32005 microseconds bash (10366) executed /bin/basename (10369) for 1285 microseconds bash (10359) forked itself (as 10370) for 12373 microseconds bash (10360) executed /usr/bin/tput (10362) for 34409 microseconds bash (10363) executed /usr/bin/dircolors (10364) for 29527 microseconds bash (10359) executed /bin/grep (10365) for 21024 microseconds bash (10366) forked itself (as 10367) for 11749 microseconds bash (10359) forked itself (as 10360) for 41918 microseconds bash (10359) forked itself (as 10366) for 14197 microseconds bash (10370) executed /usr/bin/id (10371) for 11729 microseconds^C