Introduction to Linux Process Knowledge

For Linux system administrators, knowledge about Linux processes needs to be understood. Processes and threads can be easily confused. Only when you fully understand the Linux process will you make mistakes. The following small series will give you a detailed introduction to the Linux process.

What the computer can actually do is essentially very simple, such as calculating the sum of two numbers, such as finding an address in memory, and so on. These most basic computer actions are called instructions. A so-called program is a collection of such a series of instructions. Through the program, we can let the computer complete complex operations. Most of the time the program is stored as an executable file. Such an executable file is like a recipe, and the computer can make delicious meals according to the recipe.

So, what is the difference between a program and a process?

A process is a concrete implementation of a program. Only recipes are useless, we always follow the recipe instructions and actually implement them step by step in order to make dishes. A process is a process of executing a program, similar to the process of actually cooking according to a recipe. The same program can be executed multiple times, each time creating a separate space in memory to load, resulting in multiple processes. Different processes can also have their own independent IO interfaces.

An important function of the operating system is to facilitate the process, such as allocating memory space for the process, managing information about the process, etc., as if we have prepared a beautiful kitchen for us.

Take a look at the process

First, we can use the $ps command to query the running process, such as $ps -eo pid, comm, cmd, the following figure is the execution result:

(-e flag to list all processes, -o pid, comm, cmd mean that we need to PID, COMMAND, cMD information) represents a process

each row. Each line is divided into three columns. The first column PID (process IDentity) is an integer. Each process has a unique PID to represent its own identity. The process can also identify other processes based on the PID. The second column, COMMAND, is short for this process. The third column CMD is the program corresponding to the process and the parameters carried in the runtime.

(The third column is enclosed in brackets []. They are part of the kernel and are dressed as processes to facilitate operating system management. We don't have to think about them.)

Let's look at the first line, PID is 1, the name is init. This process is generated by executing the /bin/init file (program). When Linux is started, init is the first process created by the system, and this process will persist until we shut down the computer. This process is of special importance and we will continue to mention it.

How to create a process

In fact, when the computer is powered on, the kernel only creates an init process. The Linux kernel does not provide a system call to directly create a new process. All remaining processes are created by the init process via the fork mechanism. The new process is to be copied by the old process itself, this is the fork. Fork is a system call. The process lives in memory. Each process is allocated its own address space in memory. When the process forks, Linux opens up a new memory space in memory for the new process, and copies the contents of the old process space to the new space, after which the two processes run simultaneously.

The old process becomes the parent process of the new process, and correspondingly, the new process is the child process of the old process. In addition to having a PID, a process will have a PPID (parent PID) to store the parent process PID. If we follow the PPID continuously, we will always find that the source is the init process. Therefore, all processes also form a tree structure rooted in init.

As follows, we query the current shell process:

The code is as follows:

root@vamei:~# ps -o pid,ppid,cmd

PID PPID CMD

16935 3101 sudo -i

16939 16935 -bash

23774 16939 ps -o pid,ppid,cmd

We can watch By the way, the second process bash is the child process of the first process sudo, and the third process ps is the child process of the second process.

You can also use the $pstree command to display the entire process tree:

The code is as follows:

init─┬─NetworkManager─┬─dhclient

│ └ ─2*[{NetworkManager}]

├─accounts-daemon───{accounts-daemon}

├─acpid

├─apache2─┬─apache2< Br>

│ └─2*[apache2───26*[{apache2}]]

├─at-spi-bus-laun───2*[{at-spi-bus -laun}]

├─atd

├─avahi-daemon───avahi-daemon

├─bluetoothd

├─colord── ─2*[{colord}]

├─console-kit-dae───64*[{console-kit-dae}]

├─cron

├─cupsd───2*[dbus]

├─2*[dbus-daemon]

├─dbus-launch

├─dconf-service── ─2*[{dconf-service}]

├─dropbox───15*[{dropbox}]

├─firefox───27*[{firefo x}]

├─gconfd-2

├─geoclue-master

├─6*[getty]

├─gnome-keyring- D───7*[{gnome-keyring-d}]

├─gnome-terminal─┬─bash

│ ├─bash───pstree

│ ├─gnome-pty-helpe

│ ├─sh───R───{R}

│ └─3*[{gnome-terminal}]

fork is usually called as a function. This function will return twice, returning the PID of the child process to the parent process, and returning 0 to the child process. In fact, the child process can always query its own PPID to know who its parent process is, so that a pair of parent processes and child processes can query each other at any time.

Usually after calling the fork function, the program will design an if selection structure. When the PID is equal to 0, it indicates that the process is a child process, then let it execute some instructions, such as using the exec library function to read another program file and execute it in the current process space (this is actually We use a big purpose of fork: create a process for a program); and when the PID is a positive integer, it is a parent process, and then execute some other instructions. Thus, after the child process is established, it can be executed differently from the parent process.

Termination of child process

When the child process terminates, it notifies the parent process and clears the memory it occupies, leaving its own exit information in the kernel ( Exit code, if it runs smoothly, it is 0; if there is an error or abnormal condition, it is an integer of "0". In this message, it explains why the process exited. When the parent process knows that the child process is terminated, it is responsible for using the wait system call for the child process. This wait function can take the exit information of the child process from the kernel and clear the space occupied by the information in the kernel. However, if the parent process is terminated earlier than the child process, the child process becomes an orphand process. The orphan process will be passed to the init process, and the init process will become the parent process of the process. The init process is responsible for calling the wait function when the child process terminates.

Of course, a bad program may also cause the exit information of the child process to stay in the kernel (the parent process does not call the wait function on the child process), in which case the child process becomes a zombie. process. When a large number of zombie processes accumulate, the memory space is squeezed.

Processes and Threads

Although in UNIX, processes and threads are two different things, but in Linux, threads are just a special kind of process. Memory space and IO interfaces can be shared between multiple threads. So, the process is the only way to implement a Linux program.

Summary

Program, Process, PID, Memory Space

Child Process, Parent Process, PPID, fork, wait

The above is related to the Linux process. Knowledge is introduced. Through the reading of this article, I believe that you have a deeper understanding of the Linux process, and it is easier to manage the Linux process.