💭 写在前面


0x00 什么是进程?

" Process is a running program. "


A program is a passive entity. (比如存储在磁盘上的可执行文件)

A process is an active




A process is comprised of code section, data section, stack and heap and program counter.


0x01 系统是如何营造出有许多CPU的错觉的

CPU虚拟化(CPU virtualizing)!

  • 操作系统可以营造有许多CPU的错觉。
  • 时间共享(Time Sharing):运行一个进程,然后停止它去运行另一个进程(潜在的开销 - 性能的损失)。

🔺 总结:操作系统通过虚拟化(virtualizing)CPU 来提供这种假象。

0x02 进程API

这些 API 适用于现代 CPU:


  • Create a new process to run a program(创建一个新的进程,在 shell 中键入命令或双击应用程序图标时,会调用操作系统来创建新进程,运行指定的程序)


  • Halt a runaway process (由于存在创建进程的接口,对应的操作系统还提供了一个强制销毁进程的接口。当然,很多进程会在运行完成后自行退出。但是,如果他们不退出,用户可能希望终止他们,因此停止失控进程的接口非常有用。)


  • Wait for a process to stop running(有时候等待进程运行是有用的,因此提供某种等待接口)

其他控制(Miscellaneous Control):

  • Some kind of method to suspend a process and then resume it(例如:大多数操作系统提供某种方法来暂停进程)


  • Get some status info about a proces(通常有一些接口可以获得有关进程的状态信息,例如运行了多长事件,或者处于什么状态)

0x03 创建进程(Process Creation)


  • 程序最初以可执行格式(executable format)的状态存在磁盘(disk)上
  • 现代操作系统会惰性处理(lazily),像是有拖延症一样去执行加载的过程
  • 在程序需要时才去加载代码和数据段(可以理解为不到DDL不去做,就硬托)
  • "Loading pieces of code or data only as they are needed during program execution."


  • 将栈用于局部变量(local variables)、函数参数(function parameters)和返回地址(return address)。
  • 用主函数的 argc 和 argv 数组初始化栈。


  • 用于动态分配有明确需求的数据
  • 程序通过调用 malloc() 来申请空间,通过调用 free() 来释放空间


  • Input / Output (I/O)设置
  • Each process by default has three open file descriptors.
  • Standard input (stdin), standard output (stdout) and standard error (stderr)

Step5:启动入口程序 main

  • OS将CPU控制权转移给新创建的进程。


0x04 程序状态和中转(Process States and Transition)



A process is ready to run but for some reason the OS has chosen not to run it at this given moment.   在就绪状态下,进程已经准备好运行,但由于某种原因,操作系统选择不在此时运行。


A process is running on a processor.  在运行状态下,进程正在处理器上运行(这意味着它正在执行指令)。


A process has performed some kinds of operations. (such as IO)

When a process initates an I/O request to a disk, it becomes blocked and thus some other process can use the processor.

在阻塞状态下,一个进程执行了某种操作,直到发生其他事时才会准备运行。比如进程向磁盘发起 I/O 请求时,它会被阻塞。因此其他进程可以使用处理器。


Example : Tracing Process State (跟踪进程状态)

0x05 数据结构(Data Structures)

PCB (Process Control Block)    - 进程控制块


A structure that contains information about each process. 

Includes register context: a set of registers that define the state of a process.

Other information associated with each process

Process List (Queue)   - 进程列表

Ready processes(进程准备)

Blocked processes(进程阻塞)

Current running processes(当前运行进程)

例子:XV6 内核结构

// the information xv6 tracks about each process
// including its register context and state
struct proc {
char *mem; // Start of process memory
uint sz; // Size of process memory
char *kstack; // Bottom of kernel stack
// for this process
enum proc_state state; // Process state
int pid; // Process ID
struct proc *parent; // Parent process
void *chan; // If non-zero, sleeping on chan
int killed; // If non-zero, have been killed
struct file *ofile[NOFILE]; // Open files
struct inode *cwd; // Current directory
struct context context; // Switch here to run process
struct trapframe *tf; // Trap frame for the
// current interrupt

// the registers xv6 will save and restore
// to stop and subsequently restart a process
struct context {
int eip; // Index pointer register
int esp; // Stack pointer register
int ebx; // Called the base register
int ecx; // Called the counter register
int edx; // Called the data register
int esi; // Source index register
int edi; // Destination index register
int ebp; // Stack base pointer register

// the different states a process can be in
enum proc_state { UNUSED, EMBRYO, SLEEPING,

Example : Linux task_struct

