Crash Dump Analysis AntiPatterns (Part 5)
Fooled by Description or the first incursion into Psychology of Memory Dump Analysis
From my observation an engineer with software development background opens a crash dump after glancing at a problem description provided by a customer or even without reading it first. Only if the problem is not immediately obvious from the memory dump file the engineer will read the problem description thoroughly. On the contrary, an engineer with technical support or system administration background will thoroughly read the problem description first. In the latter case the description might influence the direction of analysis.
Here is an example. The description says - slow application start and you have a memory dump from a process. An engineer with technical support background will most likely look for hang patterns inside the dump. An engineer with experience writing native applications in C and C++ will open the dump and check an exception stored in it and if it is a breakpoint the suspicion might arise that the memory dump was taken manually because of the hanging process. Based on analysis the engineer might even correct the problem description or add questions that clarify the discrepancy between what is seen in the dump and what users perceive.
- Dmitry Vostokov @ DumpAnalysis.org -
November 1st, 2007 at 11:29 am
A antipattern not is only relevant to dump analysis but to troubleshooting in general.
The best approach would be to take the benefits from both worlds where you thoroughly read the problem description but also be careful not to jump to assumptions. In this case the unverified assumption is that the dump is off a hung process and a manually triggered crash dump.