Saturday, October 3, 2009

What is a core dump and how to generate one

In this article we’re going to discuss about core files, what are their use, and how to get them, and what we can do with them.

What is a core file and how to get one

Starting from the beginning, let’s first define what is a core file. A core file, also called core dump is basically a dump, or image of the memory of a computer at a given time. It’s like a photo of everything in memory of your computer at the time of the creation of the core, the registry the stack and heap, pretty much every live data. Usually people will say “Oh S…t the software has cored again”. It’s usually not a good sign.
In most of case the generation of a core dump is involuntary, and is the result of a *violent* crash of a software. Amongst the common cause we can cite memory corruption core dump, stack overflow, lack of memory or even device failure. If your biggest problem is how to dump core, rest assured that'd the easy part by far. If think my favorite one is segmentation fault core dump ;)
Despite the fact that a core file usually means you’ve got a serious bug in your software, they are tremendously useful. Since they are a snapshot photo of the memory at the time of the crash, this can help a lot to figure out what happened. With the help of a core file you can explore the exact conditions at the time of the crash.
Does it mean that core file are the paramount of debugging, the panacea to bug, certainly not. For instance in the case of memory corruption, by the time you get the core file, it’s already too late, the corruption happened seconds before … which means ages for a computer.

What to do with a core file ?

Now if you get a core file that’s good. You can use a debugger that’s able to read core dump on the systems the core was generated. Each system (Windows, Linux, Solaris …) has its own debugger, and each has its own function. So depending the system you’re using you will have to search for the appropriate tool to read core dump. Here’s the list of what tools you can use to debug cores:
  • Solaris Core Dump: dbx or gdb
  • Linux Core Dump: gdb
  • Mac OS Core Dump: gdb or Xcode
This list is by no mean complete since each system boast different tools. Windows is absent from the list because its a it different from other systems in that aspect. For more information about core dump equivalent on windows called minidump, you can check here.

How to generate a core and why ?

As we’ve said above, core dumps are generally the result of a violent crash, so why would one want to force the generation of a core dump ? The answer is to try to investigate dead lock or process hanging issues. When your process is really frozen, you will have to kill it anyway, but if you do it right you can at the same time generate a core dump that will help you later on with your investigation.
You have two ways to generate a core:
  • gcore : This command will generate a core file for a live process but leave the process running
  • kill -6 : as the name of the command, this will kill the process but also generate a core of your application
Additionally before using the kill command you may want to use the command pstack , which will generate a text file that constains the list of all process stack (and each thread of your process) currently running. Executing the command a couple of time before actually killing your application can prove useful, since it’ll give you a better image of what thead is active and doing what than a simple core would.