The present disclosure generally relates to heap analysis, and more specifically to, heap analysis in a run-time environment.
During a course of operation, a processing system may experience various failures that are caused by problems in software and/or hardware components. When an application crashes or is terminated abnormally, the operating system may initiate a core dump. The core dump consists of the recorded state of the working memory of the application at a specific time. Core dumps are often useful to assisting in diagnosing and debugging errors in computer programs. The core dump represents the complete contents of the dumped regions of the address space of the dumped process. Often, the damage that caused the program failure overwrote sections of memory. For run-time environments most of the process memory will be the heap memory, which therefore is a likely area of damage. Accessing a greater amount of data in the heap portion of the core dump improves diagnosis of the issue that caused the crash or early termination.
When examining data contained in the heap, the heap is “walked” to find all objects contained in the heap. In one embodiment, this may be done linearly by reading memory allocated to the heap from its start address, and walking each object slot or free slot in the heap. The linear heap walk can determine the size of each slot either because they are a fixed size or by looking at the type of object in the slot to obtain size information. However, as the core dump is initiated by program failure, or damage, the linear heap walks fails once it encounters the damage within the heap. As such, the linear heap walk is unable to continue past the damaged portions of the heap. This prevents the examination process from accessing the entirety of the heap, resulting in an incomplete diagnosis of the issue that caused the crash or early termination.