Master Linux Process Debugging: From ps to gdb and /proc

What Is a Process

A program is a static collection of instructions stored on disk, while a process is the dynamic execution of that program, encompassing creation, scheduling, and termination, and serving as the smallest unit of resource management. Threads are the smallest units of CPU scheduling, residing inside processes; a process may contain multiple threads.

ps

The ps command snapshots the current processes. Common usage ps -ef lists all processes with columns such as PID (process ID) and PPID (parent process ID). Piping the output to grep filters for specific processes, e.g., ps -ef|grep interesting.

strace

strace

traces system calls and signals of a process. Running strace <command> starts a new process under trace; the -p <pid> option attaches to an existing process. It can display timestamps with microsecond precision and help locate where a process hangs by showing the last system call.

pstack

pstack <pid>

prints the stack trace of each thread in a running process. The output includes LWP (light‑weight process) identifiers, which are essentially kernel‑level threads.

Linux does not have a separate thread object; threads are implemented as lightweight processes. The Thread abstraction is simulated by the kernel using processes. Processes manage resources; threads schedule those resources.

pstree

pstree

displays the process hierarchy as a tree, making it easy to see parent‑child relationships and thread structures.

gdb

GDB is the GNU debugger for C/C++ programs on Linux. Compile with debugging symbols using -g (e.g., g++ -g test.cpp -o test). Basic usage includes:

Start debugging a program: gdb prog Attach to a running process: gdb prog <pid> Debug a core dump: gdb prog corefile (ensure core files are generated with ulimit -c unlimited).

Digging Deeper with /proc

The /proc pseudo‑filesystem resides in memory and provides an interface to kernel data. Each running process has a directory /proc/<pid> containing files such as: /proc/<pid>/environ – environment variables. /proc/<pid>/fd/ – file descriptor links (similar to lsof). /proc/<pid>/stat – extensive status information (state, CPU times, memory usage, etc.). /proc/<pid>/cmdline – full command line. /proc/<pid>/cwd – symbolic link to the current working directory. /proc/<pid>/exe – link to the executable binary. /proc/<pid>/mem – process memory image. /proc/<pid>/statm – memory usage summary.

Summary

Use ps to locate a process and inspect its state.

If the process is alive, employ strace or pstack to pinpoint where it is blocked.

If the process has crashed and a core file exists, open it with gdb for stack traces.

When in doubt, explore /proc/<pid> files for detailed runtime information.

And if all else fails, consider restarting the service.