From owner-freebsd-hackers@FreeBSD.ORG  Mon May 17 15:02:23 2010
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 339E31065672
	for <freebsd-hackers@freebsd.org>; Mon, 17 May 2010 15:02:23 +0000 (UTC)
	(envelope-from dkmcnulty@gmail.com)
Received: from mail-ew0-f224.google.com (mail-ew0-f224.google.com
	[209.85.219.224])
	by mx1.freebsd.org (Postfix) with ESMTP id BC4998FC17
	for <freebsd-hackers@freebsd.org>; Mon, 17 May 2010 15:02:22 +0000 (UTC)
Received: by ewy24 with SMTP id 24so1299083ewy.13
	for <freebsd-hackers@freebsd.org>; Mon, 17 May 2010 08:02:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:received:date:message-id
	:subject:from:to:content-type;
	bh=POP/fw/CQD79ViKjZBvzE6YeFh2zUcV8jEGVh0KdLE0=;
	b=PtIdhFI9cBxSaNgbiIs8tp72DZ+j7LL7S8Hx137uze6VoP1C7uEWP+ogO4BoTEzzd9
	5oQs8qCbTZH+/q2XwsWlZ5CkERedhaFGIp8pDIf8smV+Op8s2+bm2fqdeI8anTN0gGun
	4QKJLDEQP4t1J5W+jqKcSYmjOjLAV0LEO3xZg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type;
	b=iPWtqTNFkDFVYf+BCZhwNauvMaaoWX23MtAbX2ZT48/nx1erOhqQEXifcTTQ58ezsn
	tQoCIOLEHZ+C1OBXhdTqW8MOxzOPkyNMuA3EOdf2/M4T6wykRVL18KxeasZIvgBVc7Sx
	oBjLL5V0SL+3jQY894sX2WfxNvESz6eekzu4A=
MIME-Version: 1.0
Received: by 10.239.132.206 with SMTP id 14mr498047hbs.111.1274106811543; Mon, 
	17 May 2010 07:33:31 -0700 (PDT)
Received: by 10.239.153.198 with HTTP; Mon, 17 May 2010 07:33:31 -0700 (PDT)
Date: Mon, 17 May 2010 09:33:31 -0500
Message-ID: <AANLkTinO0hqywG7sCWJYXTsayOtad2qnP1SPDn6NzCYm@mail.gmail.com>
From: Dan McNulty <dkmcnulty@gmail.com>
To: freebsd-hackers@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Subject: Efficient way to determine when a child process forks or calls exec
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 May 2010 15:02:23 -0000

Hi all,

I have been experimenting with ptrace to determine when a child
process forks or calls exec. Particularly, I have explored tracing
every system call entry and exit similar to what the truss utility
does, and for my case, the performance impact of tracing every system
call is too great.

Is there a more efficient way than tracing every system call entry and
exit to determine when a child process forks, calls exec, or creates a
new LWP?

Thanks a lot for your help!
-Dan