Software Trace - A Mathematical Definition

What is a software trace from a mathematical standpoint? Before any software writes its trace data, it assembles it in memory. Therefore, generally, a software trace is a linear ordered sequence of specifically prepared memory fragments (trace statements):

(ts1, ts2, …, tsn

where every tsi is a sequence of bits, bytes or other discrete units (see the definition of a memory dump):

(s11, s12, …, s1k, s21, s22, …, s2l, …, …, …, sn1, sn2, …, snm)

These trace statements can also be minidumps, selected regions of memory space. In the limit, if every tsi is a full memory snapshot saved at an instant of time (ti) we have a sequence of memory dumps:

(mt1, mt2, …, mtn

Like with memory dump analysis we need symbol files to interpret saved memory fragments unless they were already interpreted during their construction. For example, traces written according ETW specification (Event Tracing for Windows), need TMF files (Trace Message Format) for their interpretation and viewing. Usually these files are generated from PDB files and therefore we have this correspondence:

memory dump file -> software trace file

PDB file -> TMF file 

- Dmitry Vostokov @ -

5 Responses to “Software Trace - A Mathematical Definition”

  1. Crash Dump Analysis » Blog Archive » The Meaning of DATA Says:

    […] Crash Dump Analysis Exploring Crash Dumps and Debugging Techniques on Windows Platforms « Software Trace - A Mathematical Definition […]

  2. Jamie Fenton Says:

    Congratulations Dmitry, you have just given a concise description of an event oriented metaphysical system

    One outfit who I have watched over the years was called Ontek - they did, in the early 1980s, a software system that managed an aircraft factory, that among other things, never deleted anything Alan Kay and Doug Lenat were on the board of directors, and they had a couple of British philosophers who worked it all out in a logical metasystem.

    I have a couple of posters from them explaining how their system, based on an event calculus for “States of Affairs formation”, worked. Grandiose Megalomania at its best.

  3. Crash Dump Analysis » Blog Archive » Memory Dumps as Posets Says:

    […] traces (if appropriate information is available there). Fundamentally, it is implied by the definition of a software trace as some sort of a memory dump. And we can see traces in memory dumps too, for example, Execution […]

  4. Crash Dump Analysis » Blog Archive » MemD Category (Categories for the Working Software Defect Researcher, Part 1) Says:

    […] category definitely applies to software traces as well if we consider every individual trace message or statement as a minidump. We currently consider software trace category MemT as a subcategory of […]

  5. Crash Dump Analysis » Blog Archive » The Year of Debugging in Retrospection Says:

    […] of Memory Dump Analysis with Software Trace Analysis […]

Leave a Reply

You must be logged in to post a comment.