The present invention relates to computer systems, and more particularly to a system and method for generating a summary of a system crash dump file. The present invention also relates to a system and method for generating a summary of an application program crash dump file.
Many operating systems support xe2x80x9ccrash dumpsxe2x80x9d or xe2x80x9ccore dumpsxe2x80x9d. These are typically files that an operating system generates when the operating system recognizes an internal failure. Traditionally, the operating system will switch to a minimal mode of operation and attempt to save the operating system""s state information to a file on disk. A software developer or system administrator can subsequently use the saved state information to analyze the operating system failure, for example, offline at a later date. Such analysis is often referred to as xe2x80x9cdebuggingxe2x80x9d. Generally, a complete crash dump is a dump of all physically memory present in a machine into a file, referred to as a crash dump file, at the time of a fault that caused the system to crash. The crash dump file provides the developers with access to data structures relating to the state of different components on the machine at the time of the fault. Developers can then analyze these data structures to determine the cause of the crash.
Conventionally, a crash dump file can be anywhere from 64 Megabytes to several Gigabytes in size. As machine instructions increase in bit size (e.g., 32 bit, 64 bit, 128 bit) and memory size of these machines increases (e.g., 16 Gigabytes, 32 Gigabytes, 64 Gigabytes, 128 Gigabytes), the size of these full crash dump files will increase in astronomical proportions. The size of these full dump files makes it cumbersome to read through the vast amount of information in the system to isolate the fault that caused the internal failure. Therefore, systems have been developed to allow generation of a summary of the physical memory at the time of the fault. The summary of the physical memory is referred to as a small or mini dump file, which contains a minimal amount of information necessary to isolate faults in many circumstances. For example, Microsoft(copyright) Windows(copyright) 2000 Operating System allows a user to select between creating a complete memory dump, a kernel memory dump or a small dump file upon a fault condition. A small dump file contains a very small subset of information of the physical memory of the system that can be used to quickly analyze basic operating system failures. For Microsoft (copyright) Windows(copyright) 2000, this dump file is 64 Kilobytes in size, which is approximately one thousand to one million times smaller than a complete crash dump file.
Dump files are the most important way for a user to report operating system problems to the vendor or creator of the operating system. However, because of the size of the complete dump file, transferring of these complete dump files over a communication link is inefficient. On the other hand, small or mini dump files can be easily transferred over a communication link. However, in some situations a mini dump file may not be enough for the developer to isolate certain failures. An ideal situation would be to provide a developer with both a complete crash dump file and a mini dump file relating to the failure. However, operating system limitations do not allow for both a complete dump file and a mini dump file to be generated concurrently at failure time. A tool for extracting pertinent information from a full crash dump file to a mini-dump file would require that the tool load all symbol information residing in a large symbol table file so that the data structures residing in the dump file can be located, such that all the key data structures required for the mini dump file can be extracted from the complete dump file. A symbol is a human readable representation of the data structures residing in the physical memory of the machine. These symbol table files are also quite large and extensive to search through to locate the appropriate information necessary for generating a useful set of information for analysis.
Accordingly, there is an unmet need in the art for a system and method for generating a mini dump file from a crash dump file.
A system and method is provided for generating a summary dump file from a system crash dump or core dump file without the need for referencing a large symbol table file. Many operating systems support what is known as a crash dump or core dump, which is a file that is generated by the operating system when the operating system recognizes an internal failure. Generally, a crash dump is a dump of all physical memory present in the machine at the time of the fault. The crash dump is then accessible to a developer for analyzing the system state at the time the fault occurred. A crash dump file can be anywhere from 64 Megabytes to many Gigabytes and analysis of these large files has proved to be extremely cumbersome. However, many faults can be isolated by analyzing a portion of the information in the crash dump file. Since the data structures within the crash dump file are simply blocks of numbers, a developer typically needs to refer to a large symbol table file to determine where a data structure may reside.
Therefore, the present invention relates to providing a crash dump file with a referencing portion containing references to certain pertinent information (e.g., data structures), including references conventionally not found in a crash dump files. The data structures referenced in the referencing portion have been found to be optimal for analyzing faults residing in a crash dump file. The crash dump file may be a complete crash dump file of an operating system or a kernel memory dump. Alternatively, the crash dump file may be a crash dump file of an application program. A stand alone extraction tool is also provided for extracting pertinent information from the crash dump or core dump file by utilizing information in the referencing portion. The stand alone tool then generates a summary or mini dump file of the crash dump file (e.g., 64K in size). The stand alone tool can be compiled executable code written in a programming language such as C and/or C++. The summary or mini dump file can be easily communicated over a network or saved to a portable memory device for analysis by a system developer or the like. If the stand alone tool is compiled executable code it can be run remotely and be provided in the form of a Java Applet or an Active X Control, such that the tool can be invoked from a remote site, downloaded to the local machine and executed on the local machine. The mini dump file can then be generated and then transmitted to the remote site for analysis.