Archive for the ‘Java Debugging’ Category

Crash Dump Analysis Patterns (Part 84b)

Tuesday, September 20th, 2016

JIT compiling is not restricted to .NET in Windows and we decided to add Java variant of JIT Code (.NET) analysis pattern. Here’s one thread example from java.exe process memory dump:

0:071> k
# ChildEBP RetAddr
00 536cf424 770c15ce ntdll!NtWaitForSingleObject+0×15
01 536cf490 76f31194 KERNELBASE!WaitForSingleObjectEx+0×98
02 536cf4a8 76f31148 kernel32!WaitForSingleObjectExImplementation+0×75
03 536cf4bc 59207cb3 kernel32!WaitForSingleObject+0×12
WARNING: Stack unwind information not available. Following frames may be wrong.
04 536cf4e4 5918dbb1 jvm!JVM_FindSignal+0×5833
05 536cf558 03b6db25 jvm!JVM_Clone+0×30161
06 536cf588 03c4b0f4 0×3b6db25
07 536cf690 0348339a 0×3c4b0f4
08 536cf7d8 034803d7 0×348339a
09 536cf7e4 591a0732 0×34803d7
0a 536cf870 75bb9cde jvm!JVM_Clone+0×42ce2
0b 536cf87c 5926529e msvcrt!_VEC_memzero+0×82
0c 536cf8c4 591a1035 jvm!JVM_FindSignal+0×62e1e
0d 536cf908 591a1097 jvm!JVM_Clone+0×435e5
0e 536cf978 5914c49f jvm!JVM_Clone+0×43647
0f 536cf9d4 591c22dc jvm!jio_printf+0xaf
10 536cfa20 591c2d37 jvm!JVM_Clone+0×6488c
11 536cfa58 592071e9 jvm!JVM_Clone+0×652e7
12 536cfc98 5d34c556 jvm!JVM_FindSignal+0×4d69
13 536cfcd0 5d34c600 msvcr100!_endthreadex+0×3f
14 536cfcdc 76f3338a msvcr100!_endthreadex+0xce
15 536cfce8 77829902 kernel32!BaseThreadInitThunk+0xe
16 536cfd28 778298d5 ntdll!__RtlUserThreadStart+0×70
17 536cfd40 00000000 ntdll!_RtlUserThreadStart+0×1b

We see that the return addresses are indeed return addresses saved on stack with the preceding call instruction:

0:071> ub 03b6db25
03b6db03 50              push    eax
03b6db04 57              push    edi
03b6db05 e876586455      call    jvm!JVM_Clone+0x55930 (591b3380)
03b6db0a 83c408          add     esp,8
03b6db0d 8d9730010000    lea     edx,[edi+130h]
03b6db13 891424          mov     dword ptr [esp],edx
03b6db16 c7876c01000004000000 mov dword ptr [edi+16Ch],4
03b6db20 e8dbff6155      call    jvm!JVM_Clone+0×300b0 (5918db00)

0:071> ub 03c4b0f4
03c4b0cd 891c24          mov     dword ptr [esp],ebx
03c4b0d0 894c2404        mov     dword ptr [esp+4],ecx
03c4b0d4 899c2480000000  mov     dword ptr [esp+80h],ebx
03c4b0db 898c2484000000  mov     dword ptr [esp+84h],ecx
03c4b0e2 b928b0b91a      mov     ecx,1AB9B028h
03c4b0e7 89bc248c000000  mov     dword ptr [esp+8Ch],edi
03c4b0ee 90              nop
03c4b0ef e8ac29f2ff      call    03b6daa0

0:071> ub 034803d7
034803c6 89049c          mov     dword ptr [esp+ebx*4],eax
034803c9 43              inc     ebx
034803ca 49              dec     ecx
034803cb 75f5            jne     034803c2
034803cd 8b5d14          mov     ebx,dword ptr [ebp+14h]
034803d0 8b4518          mov     eax,dword ptr [ebp+18h]
034803d3 8bf4            mov     esi,esp
034803d5 ffd0            call    eax

0:071> ub 591a0732
jvm!JVM_Clone+0x42ccc:
591a071c 57              push    edi
591a071d 89461c          mov     dword ptr [esi+1Ch],eax
591a0720 e8ab110000      call    jvm!JVM_Clone+0x43e80 (591a18d0)
591a0725 6a08            push    8
591a0727 6a06            push    6
591a0729 57              push    edi
591a072a 894514          mov     dword ptr [ebp+14h],eax
591a072d e86e9af2ff      call    jvm+0×6a1a0 (590ca1a0)

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Trace Analysis Patterns (Part 6, Java)

Monday, August 19th, 2013

While working on Mobile Software Diagnostics webinar and exploring the richness of Android platform and similarity of its LogCat traces (Eclipse representation) to Minimal Trace Graphs (see a corresponding slide in trace analysis pattern reference) we recognized the time has come to provide a Java implementation for a general software narratological pattern-oriented trace analysis approach and also see what memory analysis patterns can also be applied there. Here by implementation we mean concrete platform examples. For example, in the past we did similar implementations of memory analysis patterns (originally developed for unmanaged and native Windows code) for .NET (WinDbg) and Mac OS X (GDB). The first trace analysis pattern we cover here is very obvious and simple and is called Exception Stack Trace. In the original pattern example a stack trace was inside a single trace message but can also be split such as each frame has its own message (date and time columns were removed for clarity):

E/AndroidRuntime(31416): java.lang.NullPointerException
E/AndroidRuntime(31416):  at android.view.MotionEvent.writeToParcel(MotionEvent.java:1596)
E/AndroidRuntime(31416):  at com.example.nullpointer.FullscreenActivity$1.onTouch(FullscreenActivity.java:139)
E/AndroidRuntime(31416):  at android.view.View.dispatchTouchEvent(View.java:3881)
E/AndroidRuntime(31416):  at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:869)
E/AndroidRuntime(31416):  at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:869)
E/AndroidRuntime(31416):  at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:869)
E/AndroidRuntime(31416):  at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:869)
E/AndroidRuntime(31416):  at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:869)
E/AndroidRuntime(31416):  at com.android.internal.policy.impl.PhoneWindow$DecorView. superDispatchTouchEvent(PhoneWindow.java:1750)
E/AndroidRuntime(31416):  at com.android.internal.policy.impl.PhoneWindow. superDispatchTouchEvent(PhoneWindow.java:1135)
E/AndroidRuntime(31416):  at android.app.Activity.dispatchTouchEvent(Activity.java:2096)
E/AndroidRuntime(31416):  at com.android.internal.policy.impl.PhoneWindow$DecorView. dispatchTouchEvent(PhoneWindow.java:1734)
E/AndroidRuntime(31416):  at android.view.ViewRoot.deliverPointerEvent(ViewRoot.java:2216)
E/AndroidRuntime(31416):  at android.view.ViewRoot.handleMessage(ViewRoot.java:1887)
E/AndroidRuntime(31416):  at android.os.Handler.dispatchMessage(Handler.java:99)
E/AndroidRuntime(31416):  at android.os.Looper.loop(Looper.java:130)
E/AndroidRuntime(31416):  at android.app.ActivityThread.main(ActivityThread.java:3687)
E/AndroidRuntime(31416):  at java.lang.reflect.Method.invokeNative(Native Method)
E/AndroidRuntime(31416):  at java.lang.reflect.Method.invoke(Method.java:507)
E/AndroidRuntime(31416):  at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:867)
E/AndroidRuntime(31416):  at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:625)
E/AndroidRuntime(31416):  at dalvik.system.NativeStart.main(Native Method)

Since many memory analysis patterns are based on stack traces here we also have similarity with the following patterns names as Managed Code Exception and Managed Stack Trace. We hope that in the subsequent pattern implementation examples we show more complex patterns of abnormal software behaviour and may also discover any missing ones.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Software Diagnostics Services

Friday, July 13th, 2012

For some time I was struggling with finding a good name for memory dump and software trace analysis activities. The name Memoretics I use for the science of memory dump analysis (that also incorporates software traces) seems not so good to describe the whole practical activity that should be transparent to everyone in IT. Fortunately, I timely understood that all these activities constitute the essence of software diagnostics that previously lacked any solid foundation. Thus, Software Diagnostics Institute was reborn from the previous Crash Dump Analysis Portal. This institute does pure and applied research and scientific activities and in recent years was funded mainly from OpenTask publisher and recently from Memory Dump Analysis Services. The latter company also recognized that the broadening of its commercial activities requires a new name. So, Software Diagnostics Services was reborn:

The First Comprehensive Software Diagnostics Service

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Forthcoming Webinar: Introduction to Pattern-Driven Software Problem Solving

Monday, March 7th, 2011

Introduction to Pattern-Driven Software Problem Solving Logo

The first Webinar to start an in-depth discussion of pattern-driven software troubleshooting, debugging and maintenance:

Date: 25th of March 2011
Time: 18:30 (GMT) 14:30 (EST) 11:30 (PST)
Duration: 60 minutes

Space is limited.
Reserve your Webinar seat now at:
https://www3.gotomeeting.com/register/448268158

Topics include:

  • A Short History of DumpAnalysis.org
  • Memory Dump Analysis Patterns
  • Troubleshooting and Debugging Tools (Debugware) Patterns
  • Software Trace Analysis Patterns
  • From Software Defects to Software Behavior
  • Workaround Patterns
  • Structural Memory Patterns
  • Memory Analysis Domain Pattern Hierarchy
  • New Directions

Prerequisites: experience in software troubleshooting and/or debugging.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

.NET and Java Debugging

Saturday, February 19th, 2011

This is the main topic of the forthcoming March Debugged! MZ/PE magazine issue:

Debugged! MZ/PE: .NET and Java Debugging, March, 2011 (Paperback, ISBN: 978-1908043139)

The draft front cover is an allegory of a class hierarchy and was designed by my daughter, Alexandra Vostokova, a coauthor of Baby Turing book.

If you have an article idea or if you’d like to write an article for this issue please use the following contact form:

http://www.dumpanalysis.org/contact

The deadline is the 31st of March. Articles will first appear in the online version and then in print.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Memory Dump and Software Trace Analysis Training and Seminars

Friday, April 9th, 2010

Plan to start providing training and seminars in my free time. If you are interested please answer these questions (you can either respond here in comments or use this form for private communication http://www.dumpanalysis.org/contact):

  • Are you interested in on-site training, prefer traveling or attending webinars?
  • Are you interested in software trace analysis as well?
  • What specific topics are you interested in?
  • What training level (beginner, intermediate, advanced) are you interested in? (please provide an example, if possible)

Additional topics of expertise that can be integrated into training include Source Code Reading and Analysis, Debugging, Windows Architecture, Device Drivers, Troubleshooting Tools Design and Implementation, Multithreading, Deep Down C and C++, x86 and x64 Assembly Language Reading.

Looking forward to your responses. Any suggestions are welcome.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Wonders of Binary Compatibility

Wednesday, March 10th, 2010

Just launched my game Blackjack, Jackpot and Slot applets written in pure Java 1.0 in 1997 and they still work in IE (I do launch them occasionally every few years):

http://vostokov.opentask.com/Applets.htm

Can’t believe it!

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -