Core dump

In computing, a bulk dump, anamnesis dump, or accumulator dump consists of the recorded accompaniment of the alive anamnesis of a computer affairs at a specific time, about back the affairs has concluded abnormally (crashed).1 In practice, added key pieces of affairs accompaniment are usually dumped at the aforementioned time, including the processor registers, which may accommodate the affairs adverse and assemblage pointer, anamnesis administration information, and added processor and operating arrangement flags and information. Bulk depression are generally acclimated to abetment in diagnosing and debugging errors in computer programs.

The name comes from alluring bulk memory,2 the arch anatomy of accidental admission anamnesis from the 1950's to the 1970's. The name has remained continued afterwards alluring bulk technology became obsolete.

On abounding operating systems, a baleful absurdity in a affairs automatically triggers a bulk dump; by addendum the byword "to dump core" has appear to mean, in abounding cases, any baleful error, behindhand of whether a almanac of the affairs anamnesis results.

The appellation "core dump", "memory dump", or aloof "dump" has become abracadabra to announce any autumn of a ample bulk of raw abstracts for added examination

Background

Before the appearance of deejay operating systems and the adeptness to almanac ample abstracts files, amount depression were cardboard printouts of the capacity of memory, about abiding in columns of octal or hexadecimal numbers (a "hex dump"), sometimes accompanied by their interpretations as apparatus accent instructions, argument strings, or decimal or floating-point numbers (cf. disassembler). In added contempo operating systems, a "core dump" is a book absolute the anamnesis angel of a accurate process, or the anamnesis images of genitalia of the abode amplitude of that process, forth with added advice such as the ethics of processor registers. These files can be printed or beheld as text, or analysed with specialised accoutrement such as objdump.

Uses of core dumps

Core depression can serve as advantageous debugging aids in several situations. On aboriginal standalone or batch-processing systems, amount depression accustomed a user to alter a affairs after arresting the (very expensive) accretion ability for debugging; a printout could additionally be added acceptable than debugging appliance switches and lights. On aggregate computers, whether time-sharing, accumulation processing, or server systems, amount depression acquiesce off-line debugging of the operating system, so that the arrangement can go aback into operation immediately. Amount depression acquiesce a user to save a blast for after or off-site analysis, or allegory with added crashes. For anchored computers, it may be abstract to abutment debugging on the computer itself, so assay of a dump may booty abode on a altered computer. Some operating systems such as aboriginal versions of Unix did not abutment adhering debuggers to active processes, so amount depression were all-important to run a debugger on a process's anamnesis contents. Amount depression can be acclimated to abduction abstracts freed during activating anamnesis allocation and may appropriately be acclimated to retrieve advice from a affairs that is no best running. In the absence of an alternate debugger, the amount dump may be acclimated by an active programmer to actuate the absurdity from absolute examination.

A amount dump represents the complete capacity of the dumped regions of the abode amplitude of the dumped process. Depending on the operating system, the dump may accommodate few or no abstracts structures to aid estimation of the anamnesis regions. In these systems, acknowledged estimation requires that the affairs or user aggravating to adapt the dump understands the anatomy of the program's anamnesis use.

A debugger can use a attribute table, if one exists, to advice the programmer adapt dumps, anecdotic variables symbolically and announcement antecedent code; if the attribute table is not available, beneath estimation of the dump is possible, but there ability still be abundant accessible to actuate the account of the problem. There are additionally special-purpose accoutrement alleged dump analyzers to assay dumps. One accepted tool, accessible on abounding operating systems, is the GNU binutils' objdump.

On avant-garde Unix-like operating systems, administrators and programmers can apprehend amount dump files appliance the GNU Binutils Binary File Descriptor library (BFD), and the GNU Debugger (gdb) and objdump that use this library. This library will accumulation the raw abstracts for a accustomed abode in a anamnesis arena from a amount dump; it does not apperceive annihilation about variables or abstracts structures in that anamnesis region, so the appliance application the library to apprehend the amount dump will accept to actuate the addresses of variables and actuate the blueprint of abstracts structures itself, for archetype by appliance the attribute table for the affairs ability debugging.

Analysts of blast depression from Linux systems can use kdump or the Linux Kernel Blast Dump (LKCD).3

Core depression can save the ambience (state) of a action at a accustomed accompaniment for abiding to it later. Systems can be fabricated awful accessible by appointment amount amid processors, sometimes via amount dump files themselves.

Core can additionally be dumped assimilate a alien host over a arrangement (which is a aegis risk).4

Format

In earlier and simpler operating systems, anniversary action had a abutting address-space, so a amount dump book was artlessly a bifold book with the arrangement of bytes or words. In avant-garde operating systems, a action abode amplitude may accept gaps, and allotment pages with added processes or files, so added busy representations are used; they may additionally accommodate added advice about the accompaniment of the affairs at the time of the dump.

In Unix-like systems, amount depression about use the accepted executable image-format:

a.out in earlier versions of Unix,

ELF in avant-garde Linux, System V, Solaris, and BSD systems,

Mach-O in Mac OS X, etc.

Naming

Dumps of user-processes commonly get created as "core

".

System-wide depression on avant-garde Unix-like systems generally arise as "vmcore" or as "vmcore.incomplete

".

Systems such as Microsoft Windows which use filename extensions may use the addendum ".dmp", e.g., "memory.dmp" or "\Minidump\Mini051509-01.dmp".