global indent

function get_usertime:long() %{
  THIS->__retvalue = current->utime + current->signal->utime;
%}

function get_systime:long() %{
  THIS->__retvalue = current->stime + current->signal->stime;
%}

function timestamp() {
  return string(gettimeofday_ms()) . indent[pid()] . " "
}

function proc() {
  return string(pid()) . " (" . execname() . ")"
}

function push(pid, ppid) {
  indent[pid] = indent[ppid] . "  "
}

function pop(pid) {
  delete indent[pid]
}

probe kernel.function("sys_clone").return {
  print(timestamp() . proc() . " forks " . string(retval()). "\n")
  push(retval(), pid())
}

probe kernel.function("do_execve") {
  print(timestamp() . proc() . " execs " . kernel_string($filename) . "\n")
}

probe kernel.function("sys_open") {
  if ($flags & 1) {
    print(timestamp() . proc() . " writes " . user_string($filename) . "\n")
  } else {
    print(timestamp() . proc() . " reads " . user_string($filename) . "\n")
  }
} 

probe kernel.function("do_exit") {
  print(timestamp() . proc() . " exit with user " . string(get_usertime()) . " sys " . string(get_systime()) . "\n")
  pop(pid())
}

probe timer.jiffies(100) {
  if (pid() != 0) {
    print(timestamp() . proc() . " tick with user " . string(get_usertime()) . " sys " . string(get_systime()) . "\n")
  }
}