What is a core dump file in linux? What all information does it provide?
linux中的核心转储文件是什么?它提供了什么信息?
2 个解决方案
#1
12
It's basically the process address space in use (from the mm_struct structure which contains all the virtual memory areas), and any other supporting information*a, at the time it crashed.
它基本上是正在使用的进程地址空间(来自包含所有虚拟内存区域的mm_struct结构),以及在崩溃时的任何其他支持信息*a。
For example, let's say you try to dereference a NULL pointer and receive a SEGV signal, causing you to exit. As part of that process, the operating system tries to write your information to a file for later post-mortem analysis.
例如,假设您尝试去引用一个空指针并接收一个SEGV信号,导致您退出。作为该过程的一部分,操作系统尝试将您的信息写入文件,以便以后进行分析。
You can load the core file into a debugger along with the executable file (for symbols and other debugging information, for example) and poke around to try and discover what caused the problem.
您可以将核心文件连同可执行文件一起加载到调试器中(例如,对于符号和其他调试信息),然后四处查看,试图发现问题的原因。
*a: in kernel version 2.6.38, fs/exec.c/do_coredump() is the one responsible for core dumps and you can see that it's passed the signal number, exit code and registers. It in turn passes the signal number and registers to a binary-format-specific (ELF, a.out, etc) dumper.
*a:在内核版本2.6.38中,fs/exec.c/do_coredump()负责内核转储,您可以看到它已经传递了信号号、退出代码和寄存器。然后,它将信号号传递给特定于二进制格式的寄存器(ELF, a)。等)清洁工人。
The ELF dumper is fs/binfmt_elf.c/elf_core_dump() and you can see that it outputs non-memory-based information, like thread details, in fs/binfmt_elf.c/fill_note_info(), then returns to output the process space.
ELF dumper是fs/binfmt_elf.c/elf_core_dump(),您可以看到它在fs/binfmt_elf.c/fill_note_info()中输出非基于内存的信息,如线程细节,然后返回到输出进程空间。
#2
1
If a program terminates abnormally, the status of the program at the point of abnormal termination should be recorded for further analysis. and this status is recorded in core dump file.
如果程序异常终止,则应记录异常终止点的程序状态,以便进一步分析。这个状态被记录在核心转储文件中。
In a multiuser and multitasking environment, accessing resources which doesn't belong to you is not acceptable. If a process-A tries to access system resources which belongs to process-B, Its a violation. At this point of time, the operating system kills the process and stores the process status into a file. And this file is called core dump file. There are many reasons for core dump. I just explained one of the possibilities for core dump. Usually it will be because of SIGSEGV (segmentation fault) and SIGBUS(Bus error).
在多用户和多任务环境中,访问不属于您的资源是不可接受的。如果进程- a试图访问属于进程- b的系统资源,这就是违反。此时,操作系统会杀死进程并将进程状态存储到文件中。这个文件叫做core dump文件。核心转储有很多原因。我刚刚解释了core dump的一种可能性。通常是由于SIGSEGV(分割错误)和SIGBUS(总线错误)。
The core dump file contains details of where the abnormal termination happened, process stack, symbol table etc.
核心转储文件包含异常终止发生的位置、进程堆栈、符号表等细节。
There are many tools available to debug the coredumps. gdb dbx objdump mdb
有许多工具可以用来调试内核转储。gdb dbx objdump mdb
Compiler options are present to make the debugging process easier. while compilation giving these flags (-g usually) will result in leaving extra information in symbol table of object files, which helps debuggers (gdb/dbx) to easily access the symbols(symbolic references).
有编译器选项可以使调试过程更容易。当编译提供这些标志(通常是-g)时,将会在对象文件的符号表中留下额外的信息,这有助于调试器(gdb/dbx)容易地访问符号(符号引用)。
#1
12
It's basically the process address space in use (from the mm_struct structure which contains all the virtual memory areas), and any other supporting information*a, at the time it crashed.
它基本上是正在使用的进程地址空间(来自包含所有虚拟内存区域的mm_struct结构),以及在崩溃时的任何其他支持信息*a。
For example, let's say you try to dereference a NULL pointer and receive a SEGV signal, causing you to exit. As part of that process, the operating system tries to write your information to a file for later post-mortem analysis.
例如,假设您尝试去引用一个空指针并接收一个SEGV信号,导致您退出。作为该过程的一部分,操作系统尝试将您的信息写入文件,以便以后进行分析。
You can load the core file into a debugger along with the executable file (for symbols and other debugging information, for example) and poke around to try and discover what caused the problem.
您可以将核心文件连同可执行文件一起加载到调试器中(例如,对于符号和其他调试信息),然后四处查看,试图发现问题的原因。
*a: in kernel version 2.6.38, fs/exec.c/do_coredump() is the one responsible for core dumps and you can see that it's passed the signal number, exit code and registers. It in turn passes the signal number and registers to a binary-format-specific (ELF, a.out, etc) dumper.
*a:在内核版本2.6.38中,fs/exec.c/do_coredump()负责内核转储,您可以看到它已经传递了信号号、退出代码和寄存器。然后,它将信号号传递给特定于二进制格式的寄存器(ELF, a)。等)清洁工人。
The ELF dumper is fs/binfmt_elf.c/elf_core_dump() and you can see that it outputs non-memory-based information, like thread details, in fs/binfmt_elf.c/fill_note_info(), then returns to output the process space.
ELF dumper是fs/binfmt_elf.c/elf_core_dump(),您可以看到它在fs/binfmt_elf.c/fill_note_info()中输出非基于内存的信息,如线程细节,然后返回到输出进程空间。
#2
1
If a program terminates abnormally, the status of the program at the point of abnormal termination should be recorded for further analysis. and this status is recorded in core dump file.
如果程序异常终止,则应记录异常终止点的程序状态,以便进一步分析。这个状态被记录在核心转储文件中。
In a multiuser and multitasking environment, accessing resources which doesn't belong to you is not acceptable. If a process-A tries to access system resources which belongs to process-B, Its a violation. At this point of time, the operating system kills the process and stores the process status into a file. And this file is called core dump file. There are many reasons for core dump. I just explained one of the possibilities for core dump. Usually it will be because of SIGSEGV (segmentation fault) and SIGBUS(Bus error).
在多用户和多任务环境中,访问不属于您的资源是不可接受的。如果进程- a试图访问属于进程- b的系统资源,这就是违反。此时,操作系统会杀死进程并将进程状态存储到文件中。这个文件叫做core dump文件。核心转储有很多原因。我刚刚解释了core dump的一种可能性。通常是由于SIGSEGV(分割错误)和SIGBUS(总线错误)。
The core dump file contains details of where the abnormal termination happened, process stack, symbol table etc.
核心转储文件包含异常终止发生的位置、进程堆栈、符号表等细节。
There are many tools available to debug the coredumps. gdb dbx objdump mdb
有许多工具可以用来调试内核转储。gdb dbx objdump mdb
Compiler options are present to make the debugging process easier. while compilation giving these flags (-g usually) will result in leaving extra information in symbol table of object files, which helps debuggers (gdb/dbx) to easily access the symbols(symbolic references).
有编译器选项可以使调试过程更容易。当编译提供这些标志(通常是-g)时,将会在对象文件的符号表中留下额外的信息,这有助于调试器(gdb/dbx)容易地访问符号(符号引用)。