« Lateral damage, stack overflow and execution residue: pattern cooperation
Googol Dump: A Computational SF Novel »

To bugcheck or not to bugcheck

This “Hamlet’s Question” of software technical support is often asked and unfortunately sometimes not even asked at all when troubleshooting and debugging complex enterprise environments. For applications the question of saving crash dumps is trivial. If a process is not in memory and not visible in Task Manager we won’t be able to dump it manually. With OS always running even when hanging the question often degenerates to “Let’s bugcheck and send the crash dump to dump file divers”. After that decision huge amounts of energy are spent in collecting, sending and storing gigabytes of data with always very little or no return. Therefore here is the preliminary list of symptoms where manual system dumps are appropriate and when they are not:

When a manual system dump is appropriate

  • - The system hangs visually (no GUI activity possible)

  • - No connections or logins are possible

  • - Abnormal system metrics (like pool, thread or process number growth)

  • - Insufficient system or session memory

When a manual process user dump is more appropriate than a complete memory dump

  • - Process hangs visually (other applications work as normal)

  • - Error message box appears

  • - Abnormal process metrics (like process memory growth or handle leaks)

When manual kernel and complete memory dumps are almost useless (I say almost because in rare circumstances they can aid in problem resolution so it is better not to collect them until explicitly asked from skilled memory dump file diver)

  • - Application failures resulted in their disappearance from the list of running processes

  • - Functional bugs (dynamic activity that requires historical tracing of events)

Note: 3rd-party kernel mode software developers should not face this question during the development of their drivers and delegate the responsibility for difficult bugcheck or panic decisions to an operating system. Surely Windows core developers face this question too.

Next we discuss another related question about choosing between kernel and complete memory dump options in Control Panel. 

- Dmitry Vostokov @ DumpAnalysis.org -

This entry was posted on Thursday, November 6th, 2008 at 3:27 pm and is filed under Crash Dump Analysis, Crash Dumps for Dummies, Software Technical Support, Troubleshooting Methodology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.