Computing systems require memory in order to function. This computer memory is referenced by address and the full range of memory available to the system is known as the address space. When a problem with a computer system is being investigated, a copy or image of this address space, that is, the memory addresses and address data contents, can be stored for later inspection. Such data is commonly referred to as core or dump data and stored in a core or dump file.
If the program under investigation has been written to include trace entries, these can be enabled so that diagnostic information in the form of trace data is written out or cut to a trace file during the execution of the program. The combination of the dump or core data and the trace data enables engineers analyzing the performance of the relevant program to inspect the contents of memory when the dump file was taken and compare this with the trace data produced during the processing of the program in an attempt to identify the cause of a problem.
One problem with this arrangement is that tracing has limitations as only those areas of the address space that the developer decided to trace when the code was written are available for subsequent analysis. Therefore, in many cases the data required to resolve a given problem may not be present in the trace data. For example if a parameter list is traced out containing a pointer, it is not possible to view the storage addressed by the pointer unless it also happened to be specifically traced out. Another problem is that the core file may not reflect the content of memory when a problem actually occurred. This is because the contents of memory at the time the problem occurred may have been subsequently modified by processing that occurred before a dump file was subsequently created.