Core Dump
Overview
A core dump is a set of software state information that is automatically saved by the panic handler when a fatal error occurs. Core dumps are useful for conducting post-mortem analysis of the software's state at the moment of failure. ESP-IDF provides support for generating core dumps.
A core dump contains snapshots of all tasks in the system at the moment of failure, where each snapshot includes a task's control block (TCB) and stack. By analyzing the task snapshots, it is possible to find out what task, at what instruction (line of code), and what call stack of that task lead to the crash. It is also possible to dump the contents of variables on demand, provided those variables are assigned special core dump attributes.
Core dump data is saved to a core dump file according to a particular format, see Core dump internals for more details. However, ESP-IDF's idf.py
command provides special subcommands to decode and analyze the core dump file.
Configurations
Destination
The CONFIG_ESP_COREDUMP_TO_FLASH_OR_UART option enables or disables core dump, and selects the core dump destination if enabled. When a crash occurs, the generated core dump file can either be saved to flash, or output to a connected host over UART.
Format & Size
The CONFIG_ESP_COREDUMP_DATA_FORMAT option controls the format of the core dump file, namely ELF format or Binary format.
The ELF format contains extended features and allows more information regarding erroneous tasks and crashed software to be saved. However, using the ELF format causes the core dump file to be larger. This format is recommended for new software designs and is flexible enough to be extended in future revisions to save more information.
The Binary format is kept for compatibility reasons. Binary format core dump files are smaller while provide better performance.
The CONFIG_ESP_COREDUMP_MAX_TASKS_NUM option configures the number of task snapshots saved by the core dump.
Core dump data integrity checking is supported via the Components
> Core dump
> Core dump data integrity check
option.
Reserved Stack Size
Core dump routines run from a separate stack due to core dump itself needing to parse and save all other task stacks. The CONFIG_ESP_COREDUMP_STACK_SIZE option controls the size of the core dump's stack in number of bytes.
Setting this option to 0 bytes will cause the core dump routines to run from the ISR stack, thus saving a bit of memory. Setting the option greater than zero will cause a separate stack to be instantiated.
Note
If a separate stack is used, the recommended stack size should be larger than 1300 bytes to ensure that the core dump routines themselves do not cause a stack overflow.
Core Dump Memory Regions
By default, core dumps typically save CPU registers, tasks data and summary of the panic reason. When the CONFIG_ESP_COREDUMP_CAPTURE_DRAM option is selected, .bss
and .data
sections and heap
data will also be part of the dump.
For a better debugging experience, it is recommended to dump these sections. However, this will result in a larger coredump file. The required additional storage space may vary based on the amount of DRAM the application uses.
Note
This feature is only enabled when using the ELF file format.
Core Dump to Flash
When the core dump file is saved to flash, the file is saved to a special core dump partition in flash. Specifying the core dump partition will reserve space on the flash chip to store the core dump file.
The core dump partition is automatically declared when using the default partition table provided by ESP-IDF. However, when using a custom partition table, you need to declare the core dump partition, as illustrated below:
# Name, Type, SubType, Offset, Size
# Note: if you have increased the bootloader size, make sure to update the offsets to avoid overlap
nvs, data, nvs, 0x9000, 0x6000
phy_init, data, phy, 0xf000, 0x1000
factory, app, factory, 0x10000, 1M
coredump, data, coredump,, 64K
Important
If Flash Encryption is enabled on the device, please add an encrypted
flag to the core dump partition declaration. Please note that the core dump cannot be read from encrypted partitions using idf.py coredump-info
or idf.py coredump-debug
commands.
It is recommended to read the core dump from ESP which will automatically decrypt the partition and send it for analysis, which can be done by running e.g. idf.py coredump-info -c <path-to-core-dump>
.
coredump, data, coredump,, 64K, encrypted
There are no special requirements for the partition name. It can be chosen according to the application's needs, but the partition type should be data
and the sub-type should be coredump
. Also, when choosing partition size, note that the core dump file introduces a constant overhead of 20 bytes and a per-task overhead of 12 bytes. This overhead does not include the size of TCB and stack for every task. So the partition size should be at least 20 + max tasks number x (12 + TCB size + max task stack size)
bytes.
An example of the generic command to analyze core dump from flash is:
idf.py coredump-info
or
idf.py coredump-debug
Note
The idf.py coredump-info
and idf.py coredump-debug
commands are wrappers around the esp-coredump tool for easier use in the ESP-IDF environment. For more information see Core Dump Commands section.
Core Dump to UART
When the core dump file is output to UART, the output file is Base64-encoded. The CONFIG_ESP_COREDUMP_DECODE option allows for selecting whether the output file is automatically decoded by the ESP-IDF monitor or kept encoded for manual decoding.
Automatic Decoding
If CONFIG_ESP_COREDUMP_DECODE is set to automatically decode the UART core dump, ESP-IDF monitor will automatically decode the data, translate any function addresses to source code lines, and display it in the monitor. The output to ESP-IDF monitor would resemble the following output:
The CONFIG_ESP_COREDUMP_UART_DELAY allows for an optional delay to be added before the core dump file is output to UART.
===============================================================
==================== ESP32 CORE DUMP START ====================
Crashed task handle: 0x3ffafba0, name: 'main', GDB name: 'process 1073413024'
Crashed task is not in the interrupt context
Panic reason: abort() was called at PC 0x400d66b9 on core 0
================== CURRENT THREAD REGISTERS ===================
exccause 0x1d (StoreProhibitedCause)
excvaddr 0x0
epc1 0x40084013
epc2 0x0
...
==================== CURRENT THREAD STACK =====================
#0 0x4008110d in panic_abort (details=0x3ffb4f0b "abort() was called at PC 0x400d66b9 on core 0") at /builds/espressif/esp-idf/components/esp_system/panic.c:472
#1 0x4008510c in esp_system_abort (details=0x3ffb4f0b "abort() was called at PC 0x400d66b9 on core 0") at /builds/espressif/esp-idf/components/esp_system/port/esp_system_chip.c:93
...
======================== THREADS INFO =========================
Id Target Id Frame
* 1 process 1073413024 0x4008110d in panic_abort (details=0x3ffb4f0b "abort() was called at PC 0x400d66b9 on core 0") at /builds/espressif/esp-idf/components/esp_system/panic.c:472
2 process 1073413368 vPortTaskWrapper (pxCode=0x0, pvParameters=0x0) at /builds/espressif/esp-idf/components/freertos/FreeRTOS-Kernel/portable/xtensa/port.c:133
...
TCB NAME PRIO C/B STACK USED/FREE
---------- ---------------- -------- ----------------
0x3ffafba0 main 1/1 368/3724
0x3ffafcf8 IDLE0 0/0 288/1240
0x3ffafe50 IDLE1 0/0 416/1108
...
==================== THREAD 1 (TCB: 0x3ffafba0, name: 'main') =====================
#0 0x4008110d in panic_abort (details=0x3ffb4f0b "abort() was called at PC 0x400d66b9 on core 0") at /builds/espressif/esp-idf/components/esp_system/panic.c:472
#1 0x4008510c in esp_system_abort (details=0x3ffb4f0b "abort() was called at PC 0x400d66b9 on core 0") at /builds/espressif/esp-idf/components/esp_system/port/esp_system_chip.c:93
...
==================== THREAD 2 (TCB: 0x3ffafcf8, name: 'IDLE0') =====================
#0 vPortTaskWrapper (pxCode=0x0, pvParameters=0x0) at /builds/espressif/esp-idf/components/freertos/FreeRTOS-Kernel/portable/xtensa/port.c:133
#1 0x40000000 in ?? ()
...
======================= ALL MEMORY REGIONS ========================
Name Address Size Attrs
...
.iram0.vectors 0x40080000 0x403 R XA
.iram0.text 0x40080404 0xb8ab R XA
.dram0.data 0x3ffb0000 0x2114 RW A
...
===================== ESP32 CORE DUMP END =====================
===============================================================
Manual Decoding
If you set CONFIG_ESP_COREDUMP_DECODE to no decoding, then the raw Base64-encoded body of core dump is output to UART between the following header and footer of the UART output:
================= CORE DUMP START =================
<body of Base64-encoded core dump, save it to file on disk>
================= CORE DUMP END ===================
It is advised to manually save the core dump text body to a file. The CORE DUMP START
and CORE DUMP END
lines must not be included in a core dump text file. The saved text can the be decoded using the following command:
idf.py coredump-info -c </path/to/saved/base64/text>
or
idf.py coredump-debug -c </path/to/saved/base64/text>
Core Dump Commands
ESP-IDF provides special commands to help to retrieve and analyze core dumps:
idf.py coredump-info
- prints crashed task's registers, call stack, list of available tasks in the system, memory regions, and contents of memory stored in core dump (TCBs and stacks).idf.py coredump-debug
- creates core dump ELF file and runs GDB debug session with this file. You can examine memory, variables, and task states manually. Note that since not all memory is saved in the core dump, only the values of variables allocated on the stack are meaningful.
For advanced users who want to pass additional arguments or use custom ELF files, it is possible to use the esp-coredump tool directly. For more information, use in ESP-IDF environment:
esp-coredump --help
ROM Functions in Backtraces
It is a possible that at the moment of a crash, some tasks and/or the crashed task itself have one or more ROM functions in their call stacks. Since ROM is not part of the program ELF, it is impossible for GDB to parse such call stacks due to GDB analyzing functions' prologues to decode backtraces. Thus, call stack parsing will break with an error message upon the first ROM function that is encountered.
To overcome this issue, the ROM ELF provided by Espressif is loaded automatically by ESP-IDF monitor based on the target and its revision. More details about ROM ELFs can be found in esp-rom-elfs.
Dumping Variables on Demand
Sometimes you want to read the last value of a variable to understand the root cause of a crash. Core dump supports retrieving variable data over GDB by applying special attributes to declared variables.
Supported Notations and RAM Regions
COREDUMP_DRAM_ATTR
places the variable into the DRAM area, which is included in the dump.
Example
In Project Configuration Menu, enable COREDUMP TO FLASH, then save and exit.
In your project, create a global variable in the DRAM area, such as:
// uint8_t global_var;
COREDUMP_DRAM_ATTR uint8_t global_var;
In the main application, set the variable to any value and
assert(0)
to cause a crash.
global_var = 25;
assert(0);
Build, flash, and run the application on a target device and wait for the dumping information.
Run the command below to start core dumping in GDB, where
PORT
is the device USB port:
idf.py coredump-debug
In GDB shell, type
p global_var
to get the variable content:
(gdb) p global_var
$1 = 25 '\031'
Running idf.py coredump-info
and idf.py coredump-debug
idf.py coredump-info --help
and idf.py coredump-debug --help
commands can be used to get more details on usage.