1# Breakpad Processor Library 2 3## Objective 4 5The Breakpad processor library is an open-source framework to access the the 6information contained within crash dumps for multiple platforms, and to use that 7information to produce stack traces showing the call chain of each thread in a 8process. After processing, this data is made available to users of the library. 9 10## Background 11 12The Breakpad processor is intended to sit at the core of a comprehensive 13crash-reporting system that does not require debugging information to be 14provided to those running applications being monitored. Some existing 15crash-reporting systems, such as [GNOME](http://www.gnome.org/)’s Bug-Buddy and 16[Apple](http://www.apple.com/)’s 17[CrashReporter](http://developer.apple.com/technotes/tn2004/tn2123.html), 18require symbolic 19information to be present on the end user’s computer; in the case of 20CrashReporter, the reports are transmitted only to Apple, not to third-party 21developers. Other systems, such as [Microsoft](http://www.microsoft.com/)’s 22[Windows Error Reporting](http://msdn.microsoft.com/isv/resources/wer/) and 23SupportSoft’s Talkback, transmit only a snapshot of a crashed process’ state, 24which can later be combined with symbolic debugging information without the need 25for it to be present on end users’ computers. Because symbolic debugging 26information consumes a large amount of space and is otherwise not needed during 27the normal operation of software, and because some developers are reluctant to 28release debugging symbols to their customers, Breakpad follows the latter 29approach. 30 31We know of no currently-maintained crash-reporting systems that meet our 32requirements, which are to: * allow for symbols to be separate from the 33application, * handle crash reports from multiple platforms, * allow developers 34to operate their own crash-reporting platform, and to * be open-source. Windows 35Error Reporting only functions for Microsoft products, and requires the 36involvement of Microsoft’s servers. Talkback, while cross-platform, has not been 37maintained and at this point does not support Mac OS X on x86, which we consider 38to be a significant platform. Talkback is also closed-source commercial 39software, and has very specific requirements for its server platform. 40 41We are aware of Windows-only crash-reporting systems that leverage Microsoft’s 42debugging interfaces. Such systems, even if extended to support dumps from other 43platforms, are tied to using Windows for at least a portion of the processor 44platform. 45 46## Overview 47 48The Breakpad processor itself is written in standard C++ and will work on a 49variety of platforms. The dumps it accepts may also have been created on a 50variety of systems. The library is able to combine dumps with symbolic debugging 51information to create stack traces that include function signatures. The 52processor library includes simple command-line tools to examine dumps and 53process them, producing stack traces. It also exposes several layers of APIs 54enabling crash-reporting systems to be built around the Breakpad processor. 55 56## Detailed Design 57 58### Dump Files 59 60In the processor, the dump data is of primary significance. Dumps typically 61contain: 62 63* CPU context (register data) as it was at the time the crash occurred, and an 64 indication of which thread caused the crash. General-purpose registers are 65 included, as are special-purpose registers such as the instruction pointer 66 (program counter). 67* Information about each thread of execution within a crashed process, 68 including: 69 * The memory region used for each thread’s stack. 70 * CPU context for each thread, which for various reasons is not the same 71 as the crash context in the case of the crashed thread. 72* A list of loaded code segments (or modules), including: 73 * The name of the file (`.so`, `.exe`, `.dll`, etc.) which provides the 74 code. 75 * The boundaries of the memory region in which the code segment is visible 76 to the process. 77 * A reference to the debugging information for the code module, when such 78 information is available. 79 80Ordinarily, dumps are produced as a result of a crash, but other triggers may be 81set to produce dumps at any time a developer deems appropriate. The Breakpad 82processor can handle dumps in the minidump format, either generated by an 83[Breakpad client “handler”](client_design.md) implementation, or by another 84implementation that produces dumps in this format. The 85[DbgHelp.dll!MiniDumpWriteDump](http://msdn2.microsoft.com/en-us/library/ms680360.aspx) 86function on Windows 87produces dumps in this format, and is the basis for the Breakpad handler 88implementation on that platform. 89 90The [minidump format](http://msdn.microsoft.com/en-us/library/ms679293%28VS.85%29.aspx) is 91essentially a simple container format, organized as a series of streams. Each 92stream contains some type of data relevant to the crash. A typical “normal” 93minidump contains streams for the thread list, the module list, the CPU context 94at the time of the crash, and various bits of additional system information. 95Other types of minidump can be generated, such as a full-memory minidump, which 96in addition to stack memory contains snapshots of all of a process’ mapped 97memory regions. 98 99The minidump format was chosen as Breakpad’s dump format because it has an 100established track record on Windows, and it can be adapted to meet the needs of 101the other platforms that Breakpad supports. Most other operating systems use 102“core” files as their native dump formats, but the capabilities of core files 103vary across platforms, and because core files are usually presented in a 104platform’s native executable format, there are complications involved in 105accessing the data contained therein without the benefit of the header files 106that define an executable format’s entire structure. Because minidumps are 107leaner than a typical executable format, a redefinition of the format in a 108cross-platform header file, `minidump_format.h`, was a straightforward task. 109Similarly, the capabilities of the minidump format are understood, and because 110it provides an extensible container, any of Breakpad’s needs that could not be 111met directly by the standard minidump format could likely be met by extending it 112as needed. Finally, using this format means that the dump file is compatible 113with native debugging tools at least on Windows. A possible future avenue for 114exploration is the conversion of minidumps to core files, to enable this same 115benefit on other platforms. 116 117We have already provided an extension to the minidump format that allows it to 118carry dumps generated on systems with PowerPC processors. The format already 119allows for variable CPUs, so our work in this area was limited to defining a 120context structure sufficient to represent the execution state of a PowerPC. We 121have also defined an extension that allows minidumps to indicate which thread of 122execution requested a dump be produced for non-crash dumps. 123 124Often, the information contained within a dump alone is sufficient to produce a 125full stack backtrace for each thread. Certain optimizations that compilers 126employ in producing code frustrate this process. Specifically, the “frame 127pointer omission” optimization of x86 compilers can make it impossible to 128produce useful stack traces given only a stack snapshot and CPU context. In 129these cases, however, compiler-emitted debugging information can aid in 130producing useful stack traces. The Breakpad processor is able to take advantage 131of this debugging information as supplied by Microsoft’s C/C++ compiler, the 132only compiler to apply such optimizations by default. As a result, the Breakpad 133processor can produce useful stack traces even from code with frame pointer 134omission optimizations as produced by this compiler. 135 136### Symbol Files 137 138The [symbol files](symbol_files.md) that the Breakpad processor accepts allow 139for frame pointer omission data, but this is only one of their capabilities. 140Each symbol file also includes information about the functions, source files, 141and source code line numbers for a single module of code. A module is an 142individually-loadble chunk of code: these can be executables containing a main 143program (`exe` files on Windows) or shared libraries (`.so` files on Linux, 144`.dylib` files, frameworks, and bundles on Mac OS X, and `.dll` files on 145Windows). Dumps contain information about which of these modules were loaded at 146the time the dump was produced, and given this information, the Breakpad 147processor attempts to locate debugging symbols for the module through a 148user-supplied function embodied in a “symbol supplier.” Breakpad includes a 149sample symbol supplier, called `SimpleSymbolSupplier`, that is used by its 150command-line tools; this supplier locates symbol files by pathname. 151`SimpleSymbolSupplier` is also available to other users of the Breakpad 152processor library. This allows for the use of a simple reference implementation, 153but preserves flexibility for users who may have more demanding symbol file 154storage needs. 155 156Breakpad’s symbol file format is text-based, and was defined to be fairly 157human-readable and to encompass the needs of multiple platforms. The Breakpad 158processor itself does not operate directly with native symbol formats 159([DWARF](http://dwarf.freestandards.org/) and 160[STABS](http://sourceware.org/gdb/current/onlinedocs/stabs.html) 161on most Unix-like systems, 162[.pdb files](http://msdn2.microsoft.com/en-us/library/yd4f8bd1(VS.80).aspx) 163on Windows), 164because of the complications in accessing potentially complex symbol formats 165with slight variations between platforms, stored within different types of 166binary formats. In the case of `.pdb` files, the debugging format is not even 167documented. Instead, Breakpad’s symbol files are produced on each platform, 168using specific debugging APIs where available, to convert native symbols to 169Breakpad’s cross-platform format. 170 171### Processing 172 173Most commonly, a developer will enable an application to use Breakpad by 174building it with a platform-specific [client “handler”](client_design.md) 175library. After building the application, the developer will create symbol files 176for Breakpad’s use using the included `dump_syms` or `symupload` tools, or 177another suitable tool, and place the symbol files where the processor’s symbol 178supplier will be able to locate them. 179 180When a dump file is given to the processor’s `MinidumpProcessor` class, it will 181read it using its included minidump reader, contained in the `Minidump` family 182of classes. It will collect information about the operating system and CPU that 183produced the dump, and determine whether the dump was produced as a result of a 184crash or at the direct request of the application itself. It then loops over all 185of the threads in a process, attempting to walk the stack associated with each 186thread. This process is achieved by the processor’s `Stackwalker` components, of 187which there are a slightly different implementations for each CPU type that the 188processor is able to handle dumps from. Beginning with a thread’s context, and 189possibly using debugging data, the stackwalker produces a list of stack frames, 190containing each instruction executed in the chain. These instructions are 191matched up with the modules that contributed them to a process, and the 192`SymbolSupplier` is invoked to locate a symbol file. The symbol file is given to 193a `SourceLineResolver`, which matches the instruction up with a specific 194function name, source file, and line number, resulting in a representation of a 195stack frame that can easily be used to identify which code was executing. 196 197The results of processing are made available in a `ProcessState` object, which 198contains a vector of threads, each containing a vector of stack frames. 199 200For small-scale use of the Breakpad processor, and for testing and debugging, 201the `minidump_stackwalk` tool is provided. It invokes the processor and displays 202the full results of processing, optionally allowing symbols to be provided to 203the processor by a pathname-based symbol supplier, `SimpleSymbolSupplier`. 204 205For lower-level testing and debugging, the processor library also includes a 206`minidump_dump` tool, which walks through an entire minidump file and displays 207its contents in somewhat readable form. 208 209### Platform Support 210 211The Breakpad processor library is able to process dumps produced on Mac OS X 212systems running on x86, x86-64, and PowerPC processors, on Windows and Linux 213systems running on x86 or x86-64 processors, and on Android systems running ARM 214or x86 processors. The processor library itself is written in standard C++, and 215should function properly in most Unix-like environments. It has been tested on 216Linux and Mac OS X. 217 218## Future Plans 219 220There are currently no firm plans or timetables to implement any of these 221features, although they are possible avenues for future exploration. 222 223The symbol file format can be extended to carry information about the locations 224of parameters and local variables as stored in stack frames and registers, and 225the processor can use this information to provide enhanced stack traces showing 226function arguments and variable values. 227 228On Mac OS X and Linux, we can provide tools to convert files from the minidump 229format into the native core format. This will enable developers to open dump 230files in a native debugger, just as they are presently able to do with minidumps 231on Windows. 232