ytlvy · January 5, 2016 04:37
diff --git a/signals.d b/signals.d
 /* ps -axco "pid= comm=" | awk '{printf "pnames[%s]", $1; $1=""; sub(/^ /, "", $0); printf " = \x22%s\x22;\n", $0}' > /tmp/pnames.h; sudo dtrace -C -I/tmp -s signals.d */

 #pragma D option quiet

 dtrace:::BEGIN
 {
 #include "pnames.h"

    snames[0] = "_QUERY_";
    snames[1] = "SIGHUP";
    snames[2] = "SIGINT";
    snames[3] = "SIGQUIT";
    snames[4] = "SIGILL";
    snames[5] = "SIGTRAP";
    snames[6] = "SIGABRT";
    snames[7] = "SIGEMT";
    snames[8] = "SIGFPE";
    snames[9] = "SIGKILL";
    snames[10] = "SIGBUS";
    snames[11] = "SIGSEGV";
    snames[12] = "SIGSYS";
    snames[13] = "SIGPIPE";
    snames[14] = "SIGALRM";
    snames[15] = "SIGTERM";
    snames[16] = "SIGURG";
    snames[17] = "SIGSTOP";
    snames[18] = "SIGTSTP";
    snames[19] = "SIGCONT";
    snames[20] = "SIGCONT";
    snames[21] = "SIGTTIN";
    snames[22] = "SIGTTOU";
    snames[23] = "SIGIO";
    snames[24] = "SIGXCPU";
    snames[25] = "SIGXFSZ";
    snames[26] = "SIGVTALRM";
    snames[27] = "SIGPROF";
    snames[28] = "SIGWINCH";
    snames[29] = "SIGINFO";
    snames[30] = "SIGUSR1";
    snames[31] = "SIGUSR2";
 }

 proc:::create
 {
    this->pid = args[0]->pr_pid;
    this->ppid = args[0]->pr_ppid;

    pnames[this->pid] = pnames[this->ppid];

    printf(">>> fork process %d: parent is %s (%d)\n",
            this->pid,
            pnames[this->ppid], this->ppid);
 }

 proc:::exec
 {
    this->pname = basename(args[0]);
    pnames[pid] = this->pname;

    printf("--> exec process: %s (%d), parent is %s (%d)\n",
            this->pname, pid,
            pnames[ppid], ppid);
 }

 proc:::exit
 {
    printf("<-- exit process: %s (%d), parent is %s (%d)\n",
            pnames[pid], pid,
            pnames[ppid], ppid);

    pnames[pid] = strjoin(pnames[pid], " (exited)");
 }

 syscall::kill:entry
 / (int32_t)arg0 == 0 /
 {
    this->sig = arg1;

    printf("\t%s (%d) sent signal %s (%d) to every process in its own process group\n",
            pnames[pid], pid,
            snames[this->sig], this->sig);
 }

 syscall::kill:entry
 / (int32_t)arg0 > 0 /
 {
    this->target_pid = (int32_t)arg0;
    this->sig = arg1;

    printf("\t%s (%d) sent signal %s (%d) to %s (%d)\n",
            pnames[pid], pid,
            snames[this->sig], this->sig,
            pnames[this->target_pid], this->target_pid);
 }

 syscall::kill:entry
 / (int32_t)arg0 == -1 /
 {
    this->sig = arg1;

    printf("\t%s (%d) sent signal %s (%d) to all processes\n",
            pnames[pid], pid,
            snames[this->sig], this->sig);
 }

 syscall::kill:entry
 / (int32_t)arg0 < -1 /
 {
    this->target_pid = -(int32_t)arg0;
    this->sig = arg1;

    printf("\t%s (%d) sent signal %s (%d) to all process in group %s (%d)\n",
            pnames[pid], pid,
            snames[this->sig], this->sig,
            pnames[this->target_pid], this->target_pid);
 }
	/* ps -axco "pid= comm=" \| awk '{printf "pnames[%s]", $1; $1=""; sub(/^ /, "", $0); printf " = \x22%s\x22;\n", $0}' > /tmp/pnames.h; sudo dtrace -C -I/tmp -s signals.d */

	#pragma D option quiet

	dtrace:::BEGIN
	{
	#include "pnames.h"

	snames[0] = "_QUERY_";
	snames[1] = "SIGHUP";
	snames[2] = "SIGINT";
	snames[3] = "SIGQUIT";
	snames[4] = "SIGILL";
	snames[5] = "SIGTRAP";
	snames[6] = "SIGABRT";
	snames[7] = "SIGEMT";
	snames[8] = "SIGFPE";
	snames[9] = "SIGKILL";
	snames[10] = "SIGBUS";
	snames[11] = "SIGSEGV";
	snames[12] = "SIGSYS";
	snames[13] = "SIGPIPE";
	snames[14] = "SIGALRM";
	snames[15] = "SIGTERM";
	snames[16] = "SIGURG";
	snames[17] = "SIGSTOP";
	snames[18] = "SIGTSTP";
	snames[19] = "SIGCONT";
	snames[20] = "SIGCONT";
	snames[21] = "SIGTTIN";
	snames[22] = "SIGTTOU";
	snames[23] = "SIGIO";
	snames[24] = "SIGXCPU";
	snames[25] = "SIGXFSZ";
	snames[26] = "SIGVTALRM";
	snames[27] = "SIGPROF";
	snames[28] = "SIGWINCH";
	snames[29] = "SIGINFO";
	snames[30] = "SIGUSR1";
	snames[31] = "SIGUSR2";
	}

	proc:::create
	{
	this->pid = args[0]->pr_pid;
	this->ppid = args[0]->pr_ppid;

	pnames[this->pid] = pnames[this->ppid];

	printf(">>> fork process %d: parent is %s (%d)\n",
	this->pid,
	pnames[this->ppid], this->ppid);
	}

	proc:::exec
	{
	this->pname = basename(args[0]);
	pnames[pid] = this->pname;

	printf("--> exec process: %s (%d), parent is %s (%d)\n",
	this->pname, pid,
	pnames[ppid], ppid);
	}

	proc:::exit
	{
	printf("<-- exit process: %s (%d), parent is %s (%d)\n",
	pnames[pid], pid,
	pnames[ppid], ppid);

	pnames[pid] = strjoin(pnames[pid], " (exited)");
	}

	syscall::kill:entry
	/ (int32_t)arg0 == 0 /
	{
	this->sig = arg1;

	printf("\t%s (%d) sent signal %s (%d) to every process in its own process group\n",
	pnames[pid], pid,
	snames[this->sig], this->sig);
	}

	syscall::kill:entry
	/ (int32_t)arg0 > 0 /
	{
	this->target_pid = (int32_t)arg0;
	this->sig = arg1;

	printf("\t%s (%d) sent signal %s (%d) to %s (%d)\n",
	pnames[pid], pid,
	snames[this->sig], this->sig,
	pnames[this->target_pid], this->target_pid);
	}

	syscall::kill:entry
	/ (int32_t)arg0 == -1 /
	{
	this->sig = arg1;

	printf("\t%s (%d) sent signal %s (%d) to all processes\n",
	pnames[pid], pid,
	snames[this->sig], this->sig);
	}

	syscall::kill:entry
	/ (int32_t)arg0 < -1 /
	{
	this->target_pid = -(int32_t)arg0;
	this->sig = arg1;

	printf("\t%s (%d) sent signal %s (%d) to all process in group %s (%d)\n",
	pnames[pid], pid,
	snames[this->sig], this->sig,
	pnames[this->target_pid], this->target_pid);
	}