dtrace_proc — a DTrace provider for tracing events related to user processes

       Though  the  proc  provider probes use native FreeBSD arguments types, standard D types for processes and
       threads  are  available.   These  are  psinfo_t  and  lwpsinfo_t  respectively,  and   are   defined   in
       /usr/lib/dtrace/psinfo.d.   This file also defines two global variables, curpsinfo and curlwpsinfo, which
       provide representations of the current process and thread using these types.

       The fields of psinfo_t are:

             intpr_nlwp        Number of threads in the process.

             pid_tpr_pid       Process ID.

             pid_tpr_ppid      Process ID of the parent process, or 0 if the process does not have a parent.

             pid_tpr_pgid      Process ID of the process group leader.

             pid_tpr_sid       Session ID, or 0 if the process does not belong to a session.

             pid_tpr_uid       Real user ID.

             pid_tpr_euid      Effective user ID.

             pid_tpr_gid       Real group ID.

             pid_tpr_egid      Effective group ID.

             uintptr_tpr_addr  Pointer to the structproc for the process.

             stringpr_psargs   Process arguments.

             u_intpr_arglen    Length of the process argument string.

             u_intpr_jailid    Jail ID of the process.

       The fields of lwpsinfo_t are:

             id_tpr_lwpid       Thread ID.

             intpr_flag         Thread flags.

             intpr_pri          Real scheduling priority of the thread.

             charpr_state       Currently always 0.

             charpr_sname       Currently always ‘’?.

             shortpr_syscall    Currently always 0.

             uintptr_tpr_addr   Pointer to the structthread for the thread.

             uintptr_tpr_wchan  Current wait address on which the thread is sleeping.

       This manual page was written by Mark Johnston <markj@FreeBSD.org>.

Debian                                           April 17, 2016                                   DTRACE_PROC(4)

       The proc provider in FreeBSD is not compatible with the proc provider in Solaris.  In particular, FreeBSD
       uses  the  native  structproc and structthread types for probe arguments rather than translated types.
       Additionally, a number of proc provider probes found in Solaris are not currently available on FreeBSD.

       The  DTrace  proc  provider  provides  insight  into events related to user processes: process and thread
       creation and termination events, and process signalling.

       The proc:::create() probe fires when a user process is created via the fork(2), vfork(2),  pdfork(2),  or
       rfork(2)  system  calls.   In particular, kernel processes created with the kproc(9) KPI will not trigger
       this probe.  The proc:::create() probe's first two arguments are the new child process  and  its  parent,
       respectively.   The  third argument is a mask of rfork(2) flags indicating which process resources are to
       be shared between the parent and child processes.

       The proc:::exec() probe fires when a process attempts to execute a file.  Its argument is  the  specified
       filename  for  the  file.  If the attempt fails because of an error, the proc:::exec-failure() probe will
       subsequently fire, providing the corresponding errno(2) value in  its  first  argument.   Otherwise,  the
       proc:::exec-success() probe will fire.

       The  proc:::exit()  probe fires when a process exits or is terminated.  Its argument is the corresponding
       SIGCHLD signal code; valid values are documented in the siginfo(3) manual page and defined  in  signal.h.
       For example, when a process exits normally, the value of args[0] will be CLD_EXITED.

       The  proc:::signal-send() probe fires when a signal is about to be sent to a process.  The proc:::signal-discard() probe fires when a signal is sent to a process that ignores it.  This probe will fire after the
       proc:::signal-send() probe for the signal in question.  The arguments to these probes are the thread  and
       process  to which the signal will be sent, and the signal number of the signal.  Valid signal numbers are
       defined in the signal(3) manual page.  The proc:::signal-clear() probe fires when a  pending  signal  has
       been  cleared  by  one of the sigwait(2), sigtimedwait(2), or sigwaitinfo(2) system calls.  Its arguments
       are the signal number of the cleared signal, and a pointer to the corresponding signal information.   The
       siginfo_t for the signal can be obtained from args[1]->ksi_info.

       The following script logs process execution events as they occur:

             #pragma D option quiet

             proc:::exec-success
             {
                     printf("%s", curpsinfo->pr_psargs);
             }

       Note that the pr_psargs field is subject to the limit defined by the kern.ps_arg_cache_limit sysctl.   In
       particular, processes with an argument list longer than the value defined by this sysctl cannot be logged
       in this way.

/usr/lib/dtrace/psinfo.d  DTrace type and translator definitions for the proc provider.

       The proc provider first appeared in FreeBSD 7.1.

       dtrace_proc — a DTrace provider for tracing events related to user processes

dtrace(1), errno(2), fork(2), pdfork(2),  rfork(2),  vfork(2),  siginfo(3),  signal(3),  dtrace_sched(4),
       kproc(9)

proc:::create(structproc*, structproc*, int);

       proc:::exec(char*);

       proc:::exec-failure(int);

       proc:::exec-success(char*);

       proc:::exit(int);

       proc:::signal-clear(int, ksiginfo_t*);

       proc:::signal-discard(structthread*, structproc*, int);

       proc:::signal-send(structthread*, structproc*, int);