Reputation: 9072
Is there a generic format for core files?
I've noticed that no matter which compiler I use (gcc, llvm, clang, icc, etc.), if I get a core dump, I can almost always just throw it into GDB (or probably other debuggers, but I end up with GDB reflexively most of the time) without worrying about how the program/library was compiled. Why is this? Is there a generic format to describe how core dumps are created? Are there any compiler/debugger combos that don't follow this format?
Upvotes: 1
Views: 875
Answers (2)
Reputation: 7238
Core dump files are written by the operating system kernel and not by the compiler or debugger. That's why for e.g. every Linux debugger supports the same format.
Linux core dumps use the ELF format. The kernel side implementation is in elf_core_dump() in fs/binfmt_elf.c.
There are, however, crash-reporting systems like Crashpad that write out their own core dump equivalents for remote collection. These dumps are much smaller, can include only a list of stack trace addresses and use their own custom format across different operating systems. You'd need to explicitly integrate these as libraries in your apps though.
Upvotes: 2
Reputation: 1780
Core dump format is specific to each operating system default and most common format is ELF.
Userspace core file has many segments/program headers.
Two types of program/segment headers are dumped in a core file
- PT_NOTE
- PT_LOAD
PT_NOTE segment is composed of one or more Elf_Note entries.
PT_LOAD entry in the program header describes VMAs(Virtual Memory Area) of the process
Both Linux and FreeBSD store most data about the process in PT_NOTE segment.
On FreeBSD you can read note segments from core file as below
$ readelf --notes hello.core | grep -v "description data:"
Displaying notes found at file offset 0x00000200 with length 0x00001d04:
Owner Data size Description
FreeBSD 0x00000078 NT_PRPSINFO (prpsinfo structure)
FreeBSD 0x000000e0 NT_PRSTATUS (prstatus structure)
FreeBSD 0x00000200 NT_FPREGSET (floating point registers)
FreeBSD 0x00000018 NT_THRMISC (thrmisc structure)
FreeBSD 0x00000444 NT_PROCSTAT_PROC (proc data)
FreeBSD 0x00000aec NT_PROCSTAT_FILES (files data)
FreeBSD 0x00000724 NT_PROCSTAT_VMMAP (vmmap data)
FreeBSD 0x00000038 NT_PROCSTAT_GROUPS (groups data)
FreeBSD 0x00000006 NT_PROCSTAT_UMASK (umask data)
FreeBSD 0x000000d4 NT_PROCSTAT_RLIMIT (rlimit data)
FreeBSD 0x00000008 NT_PROCSTAT_OSREL (osreldate data)
FreeBSD 0x0000000c NT_PROCSTAT_PSSTRINGS (ps_strings data)
FreeBSD 0x00000114 NT_PROCSTAT_AUXV (auxv data)
NT_PRPSINFO - "struct prpsinfo" is dumped
NT_PRSTATUS - "struct prstatus" & "struct __reg64" is dumped
NT_FPREGSET - "struct __fpreg64" is dumped
NT_THRMISC - "struct thrmisc" is dumped
NT_PROCSTAT_* - Refer this for proc stat data see libprocstat
Below paper has more details on FreeBSD supported core dumps
The History and Future of Core Dumps in FreeBSD
Upvotes: 0
Related Questions
- How to gather information/debug when we have only the core file
- How to bundle a core file with its associated executables?
- ELF core file format
- How to debug a core file without any executable provided by customer
- Core-dump file format
- Saving core file in gdb
- Debugging core dump files in gdb
- generate core file with gdb
- GDB + Core file dump
- Extracting debugging information from core files