The Family of the Process

Debugging is all fun and games until you have to deal with a process that spawns children.

So...how are children born? In the POSIX standard, children of a process can be either threads or processes. Threads share the same virtual address space, while processes have their own. POSIX-compliant systems such as Linux supply a variety of system calls to create children of both types.

flowchart TD
    P[Parent Process] -->|"fork()"| CP1[Child Process]
    P -->|"clone()"| T((Thread))
    P -->|"vfork()"| CP2[Child<br>Process]
    P -->|"clone3()"| T2((Thread))

    CP1 -->|"fork()"| GP[Grandchild<br>Process]
    T -->|"clone()"| ST((Sibling<br>Thread))

Example family tree of a process in the Linux kernel.

Processes

Child processes are created by system calls such as fork, vfork, clone, and clone3. The clone and clone3 system calls are configurable, as they allow the caller to specify the resources to be shared between the parent and child.

In the Linux kernel, the ptrace system call allows a tracer to handle events like process creation and termination.

Since version 0.8 Chutoro Nigiri , libdebug supports handling children processes. Read more about it in the dedicated Multiprocessing section.

Threads

Threads of a running process in the POSIX Threads standard are children of the main process. They are created by the system calls clone and clone3. What distinguishes threads from processes is that threads share the same virtual address space.

libdebug offers a simple API to work with children threads. Read more about it in the dedicated Multithreading section.