What is a Process?
A process is an instance of a running program. It consists of:
- Code (text segment)
- Data and stack
- File descriptors
- Environment variables
- Register and program counter values
Every Active process in Linux is uniquely identified by a specific PID (Process ID).
Process Lifecycle in Linux
The process lifecycle consists of several important phases which include:
1.Process Creation(fork/clone)
– Linux creates new processes using the fork() system function. By generating a child process, the fork() call replicates the caller process.
– The child gets a new PID and is almost a replica of the parent.
pid_t pid = fork();
– Alternatively, clone() is used for creating threads or processes with shared resources (used internally by pthread_create()).
2.Program Execution (exec)
– After creation, a process might replace its memory space with a new program using exec() family of functions like execl(), execv(), etc.
execl(“/bin/date”, “date”, NULL);
– This is how command-line tools or applications are launched.
3.Waiting (wait) :
-A parent process can wait for its child process to finish by using the wait() system function.
wait(NULL);
-This helps synchronize between parent and child processes.
4.Termination (exit)
– With exit(), a process can end itself. The kernel then deallocates the resources associated with the process.
Process Control Block (PCB)
Linux stores all of a process’s data in a structure called task_struct (defined in ). By preserving:
- PID, PPID (Parent PID)
- Scheduling info
- Memory maps
- State (Running, Zombie, sleeping etc.)
- File descriptors
- Credentials
All running processes form the process table which maintains its entries as doubly linked list within the kernel space.
Process States
In Linux, a process may be in any of the following states:
State | Description |
R | Running or ready to run |
S | Sleeping (interruptible) |
D | Sleeping (uninterruptible) |
T | Stopped (e.g., via SIGSTOP) |
Z | Zombie (terminated but not reaped) |
X | Dead (should not be seen normally) |
You can view the current state using:
ps -o pid , ppid, state,cmd
Process Scheduling
Linux uses the Completely Fair Scheduler (CFS) enables Linux to distribute CPU time with fairness between all the running processes. Key concepts:
- Time slice: CPU time allotted to a particular process
- Nice value: Affects process priority (-20 highest to 19 lowest)
- Real-time scheduling policies: SCHED_FIFO, SCHED_RR, SCHED_DEADLINE
Use the top or htop command to observe scheduling in action.
Essential Process Commands
- Common tools to interact with processes:
Command | Description |
ps | List processes |
top | Live process monitor |
htop | Interactive version of top |
kill | Send signals to processes |
nice / renice | Set or change process priority |
pidof | Find PID by name |
pgrep | Search processes by pattern |
Zombie and Orphan Processes
Zombie:
A process whose parent hasn’t called wait(), although having completed execution, still has an entry in the process table. Despite not using any resources, they clog the process table.
Orphan:
A child becomes an orphan when a parent process ends before the child does. These are adopted by init or systemd, the first process in Linux (PID 1).
Viewing Process Details
You can acquire real-time process data by utilizing the /proc virtual filesystem.
cat /proc//status
cat /proc//cmdline
cat /proc//fd/ # Open files
This is how many system utilities get process information.
Threads vs Processes
- Processes: have separate memory spaces.
- Threads: share memory with other threads in the same process (via pthread_create).
- Linux handles threads as lightweight processes using the same task_struct mechanism, differentiated by flags.
By understanding how the kernel internally manages processes, you not only become a better Linux user — but you also become a more informed developer, capable of writing optimized, system-aware applications.
