On Linux with the ps from procps(-ng) (and most other systems since this is specified by POSIX):
ps -o etime= -p "$$"
Where $$ is the PID of the process you want to check. This will return the elapsed time in the format [[dd-]hh:]mm:ss.
Using -o etime tells ps that you just want the elapsed time field, and the = at the end of that suppresses the header (without, you get a line which says ELAPSED and then the time on the next line; with, you get just one line with the time).
Or, with newer versions of the procps-ng tool suite (3.3.0 or above) on Linux or on FreeBSD 9.0 or above (and possibly others), use:
ps -o etimes= -p "$$"
(with an added s) to get time formatted just as seconds, which is more useful in scripts.
On Linux, the ps program gets this from /proc/$$/stat, where one of the fields (see man proc) is process start time. This is, unfortunately, specified to be the time in jiffies (an arbitrary time counter used in the Linux kernel) since the system boot. So you have to determine the time at which the system booted (from /proc/stat), the number of jiffies per second on this system, and then do the math to get the elapsed time in a useful format.
It turns out to be ridiculously complicated to find the value of HZ (that is, jiffies per second). From comments in sysinfo.c in the procps package, one can A) include the kernel header file and recompile if a different kernel is used, B) use the posix sysconf() function, which, sadly, uses a hard-coded value compiled into the C library, or C) ask the kernel, but there's no official interface to doing that. So, the ps code includes a series of kludges by which it determines the correct value. Wow.
So it's convenient that ps does that all for you. :)
As user @336_ notes, on Linux (this is not portable), you can use the stat command to look at the access, modification, or status change dates for the directory /proc/$$ (where again $$ is the process of interest). All three numbers should be the same, so
stat -c%X /proc/$$
will give you the time that process $$ started, in seconds since the epoch. That still isn't quite what you want, since you still need to do the math to subtract that from the current time to get elapsed time — I guess something like date +%s --date="now - $( stat -c%X /proc/$$ ) seconds" would work, but it's a bit ungainly. One possible advantage is that if you use the long-format output like -c%x instead of -c%X, you get greater resolution than whole-number seconds. But, if you need that, you should probably use process-auditing approach because the timing of running the stat command is going to interfere with accuracy.
Best Answer
When a process calls
vfork, the parent remains in state D as long as the child hasn't executed_exitorexecve(the only two authorized functions, together withexecve's relatives likeexecvp, etc.). The parent is still executing thevforkcall, so it's in state D.If the child does something like this (which is stupid, but valid), the parent will remain in state D indefinitely, while the child will remain in state R indefinitely.