[go: up one dir, main page]

CN118708389A - A lightweight dump configuration method - Google Patents

A lightweight dump configuration method Download PDF

Info

Publication number
CN118708389A
CN118708389A CN202410794373.4A CN202410794373A CN118708389A CN 118708389 A CN118708389 A CN 118708389A CN 202410794373 A CN202410794373 A CN 202410794373A CN 118708389 A CN118708389 A CN 118708389A
Authority
CN
China
Prior art keywords
dump
process information
lightweight
gray wolf
wolf
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410794373.4A
Other languages
Chinese (zh)
Inventor
唐娅琴
韩智杰
唐渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Medical University
Original Assignee
Chongqing Medical University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Medical University filed Critical Chongqing Medical University
Priority to CN202410794373.4A priority Critical patent/CN118708389A/en
Publication of CN118708389A publication Critical patent/CN118708389A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0751Error or fault detection not based on redundancy
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0766Error or fault reporting or storing
    • G06F11/0778Dumping, i.e. gathering error/state information after a fault for later diagnosis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/079Root cause analysis, i.e. error or fault diagnosis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/004Artificial life, i.e. computing arrangements simulating life
    • G06N3/006Artificial life, i.e. computing arrangements simulating life based on simulated virtual individual or collective life forms, e.g. social simulations or particle swarm optimisation [PSO]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Quality & Reliability (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Evolutionary Computation (AREA)
  • Data Mining & Analysis (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Computational Linguistics (AREA)
  • Biophysics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Debugging And Monitoring (AREA)

Abstract

本发明涉及dump配置领域,公开了一种轻量dump的配置方法,包括:S1,获取软件异常信息,基于软件异常信息得到异常业务场景;S2,基于异常业务场景触发dump轻量配置;S3,基于灰狼优化算法优化转储进程信息列表,得到最优转储进程信息,根据最优转储进程信息进行数据读取;所述S3还包括:S31,dump轻量配置触发后,基于异常业务场景创建转储进程信息列表的灰狼优化算法模型;S32,基于转储进程信息列表的灰狼优化算法模型模拟灰狼围猎行为迭代更新灰狼位置,获取最终α狼位置,并将最终α狼位置解析得到最优转储进程信息;本申请能够进行最优dump配置,以提高dump配置的灵活性、高效性。

The invention relates to the field of dump configuration, and discloses a lightweight dump configuration method, comprising: S1, obtaining software exception information, and obtaining an abnormal business scenario based on the software exception information; S2, triggering the dump lightweight configuration based on the abnormal business scenario; S3, optimizing a dump process information list based on a gray wolf optimization algorithm, obtaining optimal dump process information, and performing data reading according to the optimal dump process information; the S3 further comprises: S31, after the dump lightweight configuration is triggered, creating a gray wolf optimization algorithm model of a dump process information list based on the abnormal business scenario; S32, simulating a gray wolf hunting behavior based on the gray wolf optimization algorithm model of the dump process information list to iteratively update a gray wolf position, obtaining a final alpha wolf position, and parsing the final alpha wolf position to obtain the optimal dump process information; the application can perform optimal dump configuration to improve the flexibility and efficiency of the dump configuration.

Description

一种轻量dump的配置方法A lightweight dump configuration method

技术领域Technical Field

本发明涉及dump配置领域,具体涉及一种轻量dump的配置方法。The present invention relates to the field of dump configuration, and in particular to a lightweight dump configuration method.

背景技术Background Art

当软件出现卡顿、崩溃或者未按预期运行等异常情况时,dump是软件上线后重要的问题分析定位方法之一,dump通过对内存、堆栈相关信息的记录分析,能够协助开发人员准确找到问题原因,相比其他的分析定位方法,dump具有准确与现场还原度完整的特点。When the software freezes, crashes, or does not run as expected, dump is one of the important problem analysis and location methods after the software is launched. Dump can assist developers in accurately finding the cause of the problem by recording and analyzing memory and stack-related information. Compared with other analysis and location methods, dump is accurate and has complete on-site restoration.

然而,现有的dump方法存在以下不足:(1)dump效率低或者信息不够,使用fulldump所需时间长,效率低,对程序的影响大;使用minidump虽然能够提高效率,但存在信息不够,不利于排查问题;(2)不够灵活,程序的dump触发条件多样,不同场景关注点存在差异,使用fulldump,虽然便于排查问题,但dump占用资源多,影响用户的使用体验,特别是高频产生dump的场景;使用minidump排查问题往往信息不够,需要联系客户做现场调式等。However, existing dump methods have the following shortcomings: (1) The dump efficiency is low or the information is insufficient. Using fulldump takes a long time, is inefficient, and has a great impact on the program. Although using minidump can improve efficiency, it does not provide enough information and is not conducive to troubleshooting. (2) It is not flexible enough. The dump trigger conditions of the program are diverse, and there are differences in the focus of different scenarios. Although fulldump is convenient for troubleshooting, the dump takes up a lot of resources and affects the user experience, especially in scenarios where dumps are generated frequently. Using minidump to troubleshoot problems often does not provide enough information and requires contacting the customer for on-site debugging.

发明内容Summary of the invention

本发明意在提供一种轻量dump的配置方法,以在软件出现异常时,进行最优dump配置,以提高dump配置的灵活性、高效性。The present invention aims to provide a lightweight dump configuration method, so as to perform optimal dump configuration when software exception occurs, so as to improve the flexibility and efficiency of dump configuration.

为达到上述目的,本发明采用如下技术方案:In order to achieve the above object, the present invention adopts the following technical scheme:

一种轻量dump的配置方法,包括:A lightweight dump configuration method includes:

S1,获取软件异常信息,基于软件异常信息得到异常业务场景;S1, obtain software exception information, and obtain abnormal business scenarios based on the software exception information;

S2,基于异常业务场景触发dump轻量配置;S2, triggers dump lightweight configuration based on abnormal business scenarios;

S3,基于灰狼优化算法优化转储进程信息列表,得到最优转储进程信息,根据最优转储进程信息进行数据读取;所述S3还包括:S3, optimizing the dump process information list based on the gray wolf optimization algorithm to obtain optimal dump process information, and reading data according to the optimal dump process information; S3 also includes:

S31,dump轻量配置触发后,基于异常业务场景创建转储进程信息列表的灰狼优化算法模型;S31, after the dump lightweight configuration is triggered, the Gray Wolf optimization algorithm model for creating a dump process information list based on abnormal business scenarios;

S32,基于转储进程信息列表的灰狼优化算法模型模拟灰狼围猎行为迭代更新灰狼位置,获取最终α狼位置,并将最终α狼位置解析得到最优转储进程信息。S32, the gray wolf optimization algorithm model based on the dump process information list simulates the gray wolf hunting behavior to iteratively update the gray wolf position, obtain the final α wolf position, and parse the final α wolf position to obtain the optimal dump process information.

本方案的原理及优点是:实际应用时,获取软件异常信息,基于软件异常信息得到异常业务场景,特定业务场景,关注的点不同,转储的进程信息也需差别提取,获取业务场景便于为dump轻量配置提供分析基础;基于异常业务场景触发dump轻量配置,以避免不具备适应性的软件异常,从而提高dump轻量配置的有效性和准确性;转储进程信息的优化是实现轻量配置的关键,当转储进程信息过多时,存在资源占用多、效率低的问题,当转储进程信息过少时,虽然效率提高,但是存在信息不够不利于排查的问题;基于灰狼优化算法优化转储进程信息列表,dump轻量配置触发后,基于异常业务场景创建转储进程信息列表的灰狼优化算法模型,基于转储进程信息列表的灰狼优化算法模型模拟灰狼围猎行为迭代更新灰狼位置,获取最终α狼位置,并将最终α狼位置解析得到最优转储进程信息,根据最优转储进程信息进行数据读取,从而实现dump配置最优化,提高dump配置的灵活性、高效性。The principles and advantages of this solution are: in actual application, software exception information is obtained, and abnormal business scenarios are obtained based on the software exception information. For specific business scenarios, the focus is different, and the dumped process information also needs to be extracted differently. Obtaining business scenarios is convenient for providing an analysis basis for dump lightweight configuration; dump lightweight configuration is triggered based on abnormal business scenarios to avoid software exceptions that are not adaptive, thereby improving the effectiveness and accuracy of dump lightweight configuration; optimization of dump process information is the key to achieving lightweight configuration. When there is too much dump process information, there are problems such as high resource usage and low efficiency. When there is too little information, although the efficiency is improved, there is still a problem that the information is not enough to be conducive to troubleshooting; based on the gray wolf optimization algorithm, the dump process information list is optimized. After the dump lightweight configuration is triggered, a gray wolf optimization algorithm model of the dump process information list is created based on the abnormal business scenario. The gray wolf optimization algorithm model based on the dump process information list simulates the gray wolf hunting behavior to iteratively update the gray wolf position, obtain the final α wolf position, and parse the final α wolf position to obtain the optimal dump process information. Data is read according to the optimal dump process information, thereby realizing the optimization of the dump configuration and improving the flexibility and efficiency of the dump configuration.

优选的,作为一种改进,所述S2还包括:Preferably, as an improvement, the S2 further includes:

S21,检索解析访问控制列表,验证请求访问的用户是否被列入用户白名单中;S21, retrieving and parsing the access control list to verify whether the user requesting access is included in the user whitelist;

S22,验证为是时,触发dump轻量配置。S22, when the verification is yes, triggers the dump lightweight configuration.

技术效果:通过设置触发机制,便于加强软件安全防护。Technical effect: By setting up a trigger mechanism, it is convenient to strengthen software security protection.

优选的,作为一种改进,所述转储进程信息列表包括系统信息、线程堆栈信息、线程名称、句柄、模块列表、卸载模块列表和内存。Preferably, as an improvement, the dump process information list includes system information, thread stack information, thread name, handle, module list, uninstall module list and memory.

技术效果:转储进程信息列表为fulldump配置的转储进程信息,基于上述转储进程信息的组合,便于适应不同的业务场景。Technical effect: The dump process information list is the dump process information configured by fulldump. Based on the combination of the above dump process information, it is easy to adapt to different business scenarios.

优选的,作为一种改进,所述基于异常业务场景创建转储进程信息列表的灰狼优化算法模型包括:Preferably, as an improvement, the gray wolf optimization algorithm model for creating a dump process information list based on abnormal business scenarios includes:

S311,初始化灰狼种群个体位置,以作为转储进程信息组合向量;S311, initializing the individual positions of the gray wolf population as a dump process information combination vector;

S312,根据转储进程信息组合速度、完整度及冗余度确定适应度函数表达式;S312, determining a fitness function expression according to the dump process information combination speed, completeness and redundancy;

S313,确定灰狼优化算法的约束条件。S313, determining the constraint conditions of the grey wolf optimization algorithm.

技术效果:通过上述步骤,能够将灰狼优化算法与dump轻量配置的转储进程信息进行融合。Technical effect: Through the above steps, the Gray Wolf optimization algorithm can be integrated with the dump process information of the dump lightweight configuration.

优选的,作为一种改进,所述适应度函数表达式为:Preferably, as an improvement, the fitness function expression is:

其中,ρ1、ρ2、ρ3为优化权重值,vx为转储进程信息组合速度;wx为转储进程信息组合的完整度;rx为转储进程信息组合冗余度;μ为适应度调整常数值,f为完整度判断常数值。Among them, ρ 1 , ρ 2 , ρ 3 are optimization weight values, v x is the dump process information combination speed; w x is the completeness of the dump process information combination; r x is the redundancy of the dump process information combination; μ is the fitness adjustment constant value, and f is the completeness judgment constant value.

技术效果:通过上述公式,将组合完整度作为适应度函数主要影响因素,确保最优解的完整度达标。Technical effect: Through the above formula, the combination completeness is used as the main influencing factor of the fitness function to ensure that the completeness of the optimal solution meets the standard.

优选的,作为一种改进,所述转储进程信息组合的完整度表达式为:Preferably, as an improvement, the completeness expression of the dump process information combination is:

其中,M0为转储进程信息组合有效量,θ1和θ2分别为使用量和挂起量的调节常数系数,Mq为软件异常问题q使用转储进程信息量,Gq为软件异常问题q挂起转储进程信息量。Among them, M0 is the effective amount of dump process information combination, θ1 and θ2 are the adjustment constant coefficients of usage and suspension respectively, Mq is the amount of dump process information used by software exception problem q, and Gq is the amount of dump process information suspended by software exception problem q.

技术效果:通过上式将挂起项结合至转储进程信息组合的完整度获取中,便于增加软件异常处理能力。Technical effect: By combining the suspension item with the completeness of the dump process information combination through the above formula, it is convenient to increase the software exception handling capability.

优选的,作为一种改进,所述约束条件为:Preferably, as an improvement, the constraint condition is:

(tm<Tm)and(minfh≥h)(t m <T m )and(minf h ≥h)

其中,tm为优化求解时间,Tm为时间阈值常数,fh为求解得到的转储进程信息组合中任意两项在当前异常业务场景中的关联性,h为关联性阈值常数。Among them, tm is the optimization solution time, Tm is the time threshold constant, fh is the correlation between any two items in the dump process information combination obtained in the current abnormal business scenario, and h is the correlation threshold constant.

技术效果:基于约束条件对优化结果中分型模型的数量进行限制,避免进行大量无用操作。Technical effect: The number of classification models in the optimization results is limited based on constraints to avoid a large number of useless operations.

优选的,作为一种改进,迭代更新灰狼位置过程中,从群体中随机选取灰狼个体与当前个体进行差分搜索,并对灰狼个体历史最优解解进行记忆保存,得到狼群的位置更新公式为:Preferably, as an improvement, in the process of iteratively updating the position of the gray wolf, a gray wolf individual is randomly selected from the group to perform a differential search with the current individual, and the historical optimal solution of the gray wolf individual is memorized and saved, and the position update formula of the wolf group is obtained as follows:

其中,b1为个体记忆系数,b1∈[0,1];b2为交流系数,b2∈[0,1];r3和r4为[0,1]的随机数;Pi,best为第i只灰狼个体所经历的最佳位置;Xj为群体中随机选择的灰狼个体,j≠i;Xi,1、Xi,2、Xi,3分别表示α、β和δ狼的更新位置,X为当前灰狼个体的位置。Among them, b1 is the individual memory coefficient, b1∈ [0,1]; b2 is the communication coefficient, b2∈ [0,1]; r3 and r4 are random numbers in [0,1]; Pi ,best is the best position experienced by the i-th gray wolf individual; Xj is a gray wolf individual randomly selected from the group, j≠i; Xi ,1 , Xi ,2 , Xi ,3 represent the updated positions of α, β and δ wolves respectively, and X is the current position of the gray wolf individual.

技术效果:通过上述算法,能够将灰狼个体的记忆功能进行改进,从而增强灰狼优化算法的探索能力和收敛速度。Technical effect: Through the above algorithm, the memory function of individual gray wolves can be improved, thereby enhancing the exploration ability and convergence speed of the gray wolf optimization algorithm.

优选的,作为一种改进,所述α、β和δ狼的更新位置的计算公式为:Preferably, as an improvement, the calculation formula for the updated positions of the α, β and δ wolves is:

Xi,1=Xα-A1DαXi ,1 = - A1Dα ;

Xi,2=Xβ-A2DβXi ,2 = - A2Dβ ;

Xi,3=Xδ-A3DδXi ,3 = - A3Dδ ;

其中,A1、A2和A3为距离系数向量;Dα、Dβ、Dδ表示其他ω狼与最优三条灰狼α、β和δ之间的距离;Xα、Xβ和Xδ分别表示α、β和δ狼的位置。Among them, A 1 , A 2 and A 3 are distance coefficient vectors; D α , D β , D δ represent the distances between other ω wolves and the three best gray wolves α, β and δ; X α , X β and X δ represent the positions of α, β and δ wolves respectively.

技术效果:基于上述算法,能够模拟灰狼包围狩猎机制,对狼群位置进行更新,从而找到最优解。Technical effect: Based on the above algorithm, it is possible to simulate the gray wolf's encirclement hunting mechanism, update the position of the wolf pack, and thus find the optimal solution.

优选的,作为一种改进,迭代更新灰狼位置过程中的收敛因子更新公式为:Preferably, as an improvement, the convergence factor update formula in the process of iteratively updating the gray wolf position is:

at=ai-(ai-af)*rand()+ρ*randn()a t =a i -(a i -a f )*rand()+ρ*randn()

其中,ai和af分别表示收敛因子的初始值和终止值,t为当前迭代次数,rand()为[0,1]服从均匀分布的随机数,randn()为服从正态分布的随机数,ρ为度量收敛因子与其数学期望之间的偏离程度的方差。Where a i and a f represent the initial value and final value of the convergence factor, respectively; t is the current number of iterations; rand() is a random number from [0,1] that follows a uniform distribution; randn() is a random number from a normal distribution; and ρ is the variance that measures the degree of deviation between the convergence factor and its mathematical expectation.

技术效果:通过上述算法,在迭代初期有机会取得较大或较小值,在迭代后期有机会取得较小或较大值,便于迭代跳出局部最优,从而加快收敛速度。Technical effect: Through the above algorithm, there is a chance to obtain a larger or smaller value in the early stage of iteration, and a chance to obtain a smaller or larger value in the later stage of iteration, which makes it easier for iteration to jump out of the local optimum, thereby accelerating the convergence speed.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为一种轻量dump的配置方法的流程示意图。FIG1 is a flow chart of a lightweight dump configuration method.

具体实施方式DETAILED DESCRIPTION

下面通过具体实施方式进一步详细说明:The following is further described in detail through specific implementation methods:

实施例基本如附图1所示:The embodiment is basically as shown in Figure 1:

一种轻量dump的配置方法,包括:A lightweight dump configuration method includes:

S1,获取软件异常信息,基于软件异常信息得到异常业务场景;本实施例中,软件异常信息基于软件的监控模块协同工作完成识别;异常业务场景如音视频卡顿、UI卡顿、数据库访问崩溃、数据库访问卡顿等,特定业务场景,关注的点不同,转储的进程信息也需差别提取。S1, obtain software exception information, and obtain abnormal business scenarios based on the software exception information; in this embodiment, the software exception information is identified based on the collaborative work of the software monitoring module; abnormal business scenarios such as audio and video freezes, UI freezes, database access crashes, database access freezes, etc., specific business scenarios have different focus points, and the dumped process information also needs to be extracted differently.

S2,基于异常业务场景触发dump轻量配置;为了确保软件安全,所述S2还包括:S21,检索解析访问控制列表,验证请求访问的用户是否被列入用户白名单中;S22,验证为是时,触发dump轻量配置。S2, triggering dump lightweight configuration based on abnormal business scenarios; in order to ensure software security, S2 also includes: S21, retrieving and parsing the access control list to verify whether the user requesting access is included in the user whitelist; S22, when the verification is yes, triggering dump lightweight configuration.

S3,基于灰狼优化算法优化转储进程信息列表,得到最优转储进程信息,根据最优转储进程信息进行数据读取;所述转储进程信息列表包括系统信息、线程堆栈信息、线程名称、句柄、模块列表、卸载模块列表和内存。以windows为例:系统信息通过使用系统apiGetProcessTimes获取进程创建时间、退出时间、进程运行在内核态、用户态时间;线程堆栈信息通过使用NtQuerySystemInformation指定参数SystemProcessInformation,获取进程信息SYSTEM_PROCESS_INFORMATION,访问SYSTEM_PROCESS_INFORMATION结构中获取到线程数量以及各个线程的SYSTEM_THREAD_INFORMATION,得到线程id,使用系统apiNtQueryInformationThread查询该线程id的tib,从tib中获取到线程堆栈的开始地址和大小;线程名称通过api GetThreadDescription获取;句柄使用NtQuerySystemInformation指定SystemExtendedHandleInformation参数获取;模块列表信息存放在进程PEB结构中,通过NtQueryInformationProcess获取PEB的地址,由于PEB的结构在不同的Windows版本中有所不同,根据目标操作系统版本确定PEB的结构,使用获取到的PEB地址,将其转换为PEB结构的指针,以访问其中的成员,在PEB结构中,获取名为Ldr的成员,PEB_LDR_DATA结构包含了加载的模块列表信息,通过访问PEB_LDR_DATA结构中的InMemoryOrderModuleList成员,获取双向链表,其中包含加载的模块列表信息,使用链表遍历的方式,逐个访问并获取每个模块的信息,如模块的基址、模块名等;卸载模块列表使用系统api RtlGetUnloadEventTraceEx获取到已卸载模块的名称,基地址,大小信息;内存使用系统api ReadProcessMemory读取进程内存。当使用fulldump时,需要获取转储进程信息列表中所有的转储进程信息,所需时间长、效率低,而凭经验采用minidump时,由于问题的不定性,存在转储进程信息不够的的情况,且灵活性差,因此,转储进程信息的优化是实现轻量配置的关键。所述S3还包括:S3, optimizes the dump process information list based on the Gray Wolf optimization algorithm to obtain the optimal dump process information, and reads data according to the optimal dump process information; the dump process information list includes system information, thread stack information, thread name, handle, module list, uninstall module list and memory. Take Windows as an example: system information obtains the process creation time, exit time, process running time in kernel state and user state by using the system apiGetProcessTimes; thread stack information obtains the process information SYSTEM_PROCESS_INFORMATION by using NtQuerySystemInformation to specify the parameter SystemProcessInformation, access the SYSTEM_PROCESS_INFORMATION structure to obtain the number of threads and the SYSTEM_THREAD_INFORMATION of each thread, obtain the thread id, use the system apiNtQueryInformationThread to query the tib of the thread id, and obtain the starting address and size of the thread stack from the tib; the thread name is obtained through the api GetThreadDescription; the handle is obtained by specifying the SystemExtendedHandleInformation parameter using NtQuerySystemInformation; the module list information is stored in the process PEB structure, and the address of the PEB is obtained through NtQueryInformationProcess. Since the structure of the PEB is different in different Windows versions, the structure of the PEB is determined according to the target operating system version. The obtained PEB address is used to convert it into a pointer to the PEB structure to access its members. In the PEB structure, a member named Ldr is obtained. The PEB_LDR_DATA structure contains the loaded module list information. By accessing the InMemoryOrderModuleList member in the PEB_LDR_DATA structure, a bidirectional linked list is obtained, which contains the loaded module list information. The linked list traversal method is used to access and obtain the information of each module one by one, such as the module base address, module name, etc.; the unloaded module list uses the system api RtlGetUnloadEventTraceEx to obtain the name, base address, and size information of the unloaded module; the memory uses the system api ReadProcessMemory to read the process memory. When fulldump is used, it is necessary to obtain all dump process information in the dump process information list, which takes a long time and is inefficient. When minidump is used based on experience, due to the uncertainty of the problem, there is a situation where the dump process information is insufficient and the flexibility is poor. Therefore, the optimization of the dump process information is the key to achieving lightweight configuration. The S3 also includes:

S31,dump轻量配置触发后,基于异常业务场景创建转储进程信息列表的灰狼优化算法模型,具体的,包括:S31, after the dump lightweight configuration is triggered, the Gray Wolf optimization algorithm model for creating a dump process information list based on abnormal business scenarios, specifically, including:

S311,初始化灰狼种群个体位置,以作为转储进程信息组合向量;还包括种群规模、最大迭代次数以及参数a、A和C的初始化,其中a为收敛因子,A和C为协同系数向量;本申请中灰狼个体位置以及参数a、A和C为随机生成。S311, initialize the individual positions of the gray wolf population as the dump process information combination vector; also includes the initialization of the population size, the maximum number of iterations, and the parameters a, A and C, where a is the convergence factor, A and C are the synergy coefficient vectors; in this application, the individual positions of the gray wolves and the parameters a, A and C are randomly generated.

S312,根据转储进程信息组合速度、完整度及冗余度确定适应度函数表达式;所述适应度表达式为:S312, determining a fitness function expression according to the dump process information combination speed, completeness and redundancy; the fitness expression is:

其中,ρ1、ρ2、ρ3为优化权重值,vx为转储进程信息组合速度;wx为转储进程信息组合的完整度;rx为转储进程信息组合冗余度,wx及rx均基于历史异常业务场景转储进程信息组合情况进行获取;μ为适应度调整常数值,f为完整度判断常数值,当转储进程信息组合的完整度不足时,通过调节μ值,便于快速剔除差解,以促进快速收敛。Among them, ρ 1 , ρ 2 , and ρ 3 are optimization weight values, v x is the speed of dump process information combination; w x is the completeness of dump process information combination; r x is the redundancy of dump process information combination, and w x and r x are both obtained based on the dump process information combination of historical abnormal business scenarios; μ is the fitness adjustment constant value, and f is the completeness judgment constant value. When the completeness of the dump process information combination is insufficient, the μ value can be adjusted to quickly eliminate the difference solution and promote rapid convergence.

由于软件异常时,即使表现出相同或相似的情况,诱因也存在差别,采用dump分析时,所需的转储进程信息同样存在差别,本实施例中,为了增加软件异常处理能力,在转储进程信息组合的完整度获取过程中,还增加了挂起项,具体的:Since the causes of software anomalies are different even if they show the same or similar situations, the required dump process information is also different when dump analysis is used. In this embodiment, in order to increase the software anomaly handling capability, a suspension item is added during the completeness acquisition process of the dump process information combination, specifically:

其中,M0为转储进程信息组合有效量,θ1和θ2分别为使用量和挂起量的调节常数系数,Mq为软件异常问题q使用转储进程信息量,Gq为软件异常问题q挂起转储进程信息量;挂起即虽配置但使用率低于阈值。Among them, M0 is the effective amount of dump process information combination, θ1 and θ2 are the adjustment constant coefficients of usage and suspension respectively, Mq is the amount of dump process information used by software exception problem q, and Gq is the amount of dump process information suspended by software exception problem q; suspension means that although it is configured, the usage rate is lower than the threshold.

S313,确定灰狼优化算法的约束条件,所述约束条件为:S313, determining the constraint conditions of the gray wolf optimization algorithm, wherein the constraint conditions are:

(tm<Tm)and(minfhh≥h)(t m <T m ) and (minfh h ≥ h)

其中,tm为优化求解时间,Tm为时间阈值常数,fh为求解得到的转储进程信息组合中任意两项在当前异常业务场景中的关联性,此关联性根据历史数据聚类得到,h为关联性阈值常数。Among them, tm is the optimization solution time, Tm is the time threshold constant, fh is the correlation between any two items in the dump process information combination obtained in the current abnormal business scenario, and this correlation is obtained based on historical data clustering, and h is the correlation threshold constant.

S32,基于转储进程信息列表的灰狼优化算法模型模拟灰狼围猎行为迭代更新灰狼位置,获取最终α狼位置,并将最终α狼位置解析得到最优转储进程信息。S32, the gray wolf optimization algorithm model based on the dump process information list simulates the gray wolf hunting behavior to iteratively update the gray wolf position, obtain the final α wolf position, and parse the final α wolf position to obtain the optimal dump process information.

迭代更新灰狼位置过程中,从群体中随机选取灰狼个体与当前个体进行差分搜索,并对灰狼个体历史最优解解进行记忆保存,将灰狼个体的记忆功能进行改进,从而增强灰狼优化算法的探索能力和收敛速度,得到狼群的位置更新公式为:In the process of iteratively updating the position of the gray wolf, a gray wolf individual is randomly selected from the group to perform differential search with the current individual, and the historical optimal solution of the gray wolf individual is memorized and saved, and the memory function of the gray wolf individual is improved, thereby enhancing the exploration ability and convergence speed of the gray wolf optimization algorithm, and the position update formula of the wolf group is obtained as follows:

其中,b1为个体记忆系数,b1∈[0,1];b2为交流系数,b2∈[0,1];r3和r4为[0,1]的随机数;Pi,best为第i只灰狼个体所经历的最佳位置;Xj为群体中随机选择的灰狼个体,j≠i;Xi,1、Xi,2、Xi,3分别表示α、β和δ狼的更新位置,X为当前灰狼个体的位置。Among them, b1 is the individual memory coefficient, b1∈ [0,1]; b2 is the communication coefficient, b2∈ [0,1]; r3 and r4 are random numbers in [0,1]; Pi ,best is the best position experienced by the i-th gray wolf individual; Xj is a gray wolf individual randomly selected from the group, j≠i; Xi ,1 , Xi ,2 , Xi ,3 represent the updated positions of α, β and δ wolves respectively, and X is the current position of the gray wolf individual.

所述α、β和δ狼的更新位置的计算公式为:The calculation formula for the updated position of the α, β and δ wolves is:

Xi,1=Xα-A1DαXi ,1 = - A1Dα ;

Xi,2=Xβ-A2DβXi ,2 = - A2Dβ ;

Xi,3=Xδ-A3DδXi ,3 = - A3Dδ ;

其中,A1、A2和A3为距离系数向量;A(A1、A2或A3)的计算公式为:Among them, A 1 , A 2 and A 3 are distance coefficient vectors; the calculation formula of A (A 1 , A 2 or A 3 ) is:

A=2ar1-aA=2ar 1 -a

其中,a为收敛因子,r1是[0,1]中的随机向量;Where a is the convergence factor, r 1 is a random vector in [0,1];

Dα、Dβ、Dδ表示其他ω狼与最优三条灰狼α、β和δ之间的距离;Xα、Xβ和Xδ分别表示α、β和δ狼的位置。D α , D β , D δ represent the distances between other ω wolves and the three best gray wolves α, β, and δ; X α , X β , and X δ represent the positions of α, β, and δ wolves, respectively.

Dα=|C1*Xα-X|;D α= |C 1 *X α −X|;

Dβ=|C2*Xβ-X|;D β= |C 2 *X β -X|;

Dδ=|C3*Xδ-X|;D δ= |C 3 *X δ -X|;

C1、C2和C3是位置系数向量,C1、C2和C3均为0到2之间的随机数,通过调整(C>1)或(C<1)强调或削弱猎物在距离计算公式中的影响,利于避免局部最优,C即C1、C2或C3C 1 , C 2 and C 3 are position coefficient vectors, and C 1 , C 2 and C 3 are all random numbers between 0 and 2. By adjusting (C>1) or (C<1) to emphasize or weaken the influence of prey in the distance calculation formula, it is helpful to avoid local optimality. C is C 1 , C 2 or C 3 .

为了更好的跳出局部最优解,加快收敛速度,在迭代初期有机会取得较大或较小值,在迭代后期有机会取得较小或较大值,迭代更新灰狼位置过程中的收敛因子更新公式为:In order to better jump out of the local optimal solution and speed up the convergence speed, there is a chance to obtain a larger or smaller value in the early stage of iteration, and a chance to obtain a smaller or larger value in the later stage of iteration. The convergence factor update formula in the process of iteratively updating the gray wolf position is:

at=ai-(ai-af)*rand()+ρ*randn()a t =a i -(a i -a f )*rand()+ρ*randn()

其中,ai和af分别表示收敛因子的初始值和终止值,t为当前迭代次数,rand()为[0,1]服从均匀分布的随机数,randn()为服从正态分布的随机数,ρ为度量收敛因子与其数学期望之间的偏离程度的方差。Where a i and a f represent the initial value and final value of the convergence factor, respectively; t is the current number of iterations; rand() is a random number from [0,1] that follows a uniform distribution; randn() is a random number from a normal distribution; and ρ is the variance that measures the degree of deviation between the convergence factor and its mathematical expectation.

得到最优转储进程信息后,即能够进行dump配置与读取,本实施例中,通过本地配置文件或数据库读取,或者从服务器拉取。以从服务器拉取为例:管理员后台搭建Httpserver服务器,修改配置文件,配置拉取模块发送http请求到服务器获得配置文件;配置文件格式采用任意格式,如ini、json、xml、yaml格式;minidump具有轻量、跨平台特性,同时被多种调试器支持,如windbg和lldb。After obtaining the optimal dump process information, the dump configuration and reading can be performed. In this embodiment, it is read through a local configuration file or database, or pulled from a server. Take pulling from a server as an example: the administrator sets up an Httpserver server in the background, modifies the configuration file, and configures the pulling module to send an http request to the server to obtain the configuration file; the configuration file format adopts any format, such as ini, json, xml, yaml format; minidump is lightweight and cross-platform, and is supported by multiple debuggers, such as windbg and lldb.

以上所述的仅是本发明的实施例,方案中公知的具体技术方案和/或特性等常识在此未作过多描述。应当指出,对于本领域的技术人员来说,在不脱离本发明技术方案的前提下,还可以作出若干变形和改进,这些也应该视为本发明的保护范围,这些都不会影响本发明实施的效果和专利的实用性。本申请要求的保护范围应当以其权利要求的内容为准,说明书中的具体实施方式等记载可以用于解释权利要求的内容。The above is only an embodiment of the present invention, and the common knowledge such as the known specific technical solutions and/or characteristics in the solution is not described in detail here. It should be pointed out that for those skilled in the art, several modifications and improvements can be made without departing from the technical solution of the present invention, which should also be regarded as the protection scope of the present invention, and these will not affect the effect of the implementation of the present invention and the practicality of the patent. The scope of protection required by this application shall be based on the content of its claims, and the specific implementation methods and other records in the specification can be used to interpret the content of the claims.

Claims (10)

1.一种轻量dump的配置方法,其特征在于,包括:1. A lightweight dump configuration method, characterized by comprising: S1,获取软件异常信息,基于软件异常信息得到异常业务场景;S1, obtain software exception information, and obtain abnormal business scenarios based on the software exception information; S2,基于异常业务场景触发dump轻量配置;S2, triggers dump lightweight configuration based on abnormal business scenarios; S3,基于灰狼优化算法优化转储进程信息列表,得到最优转储进程信息,根据最优转储进程信息进行数据读取;所述S3还包括:S3, optimizing the dump process information list based on the gray wolf optimization algorithm to obtain optimal dump process information, and reading data according to the optimal dump process information; S3 also includes: S31,dump轻量配置触发后,基于异常业务场景创建转储进程信息列表的灰狼优化算法模型;S31, after the dump lightweight configuration is triggered, the Gray Wolf optimization algorithm model for creating a dump process information list based on abnormal business scenarios; S32,基于转储进程信息列表的灰狼优化算法模型模拟灰狼围猎行为迭代更新灰狼位置,获取最终α狼位置,并将最终α狼位置解析得到最优转储进程信息。S32, the gray wolf optimization algorithm model based on the dump process information list simulates the gray wolf hunting behavior to iteratively update the gray wolf position, obtain the final α wolf position, and parse the final α wolf position to obtain the optimal dump process information. 2.根据权利要求1所述的一种轻量dump的配置方法,其特征在于,所述S2还包括:2. According to the method for configuring a lightweight dump in claim 1, it is characterized in that said S2 further comprises: S21,检索解析访问控制列表,验证请求访问的用户是否被列入用户白名单中;S21, retrieving and parsing the access control list to verify whether the user requesting access is included in the user whitelist; S22,验证为是时,触发dump轻量配置。S22, when the verification is yes, triggers the dump lightweight configuration. 3.根据权利要求1所述的一种轻量dump的配置方法,其特征在于:所述转储进程信息列表包括系统信息、线程堆栈信息、线程名称、句柄、模块列表、卸载模块列表和内存。3. A lightweight dump configuration method according to claim 1, characterized in that: the dump process information list includes system information, thread stack information, thread name, handle, module list, uninstall module list and memory. 4.根据权利要求1所述的一种轻量dump的配置方法,其特征在于,所述基于异常业务场景创建转储进程信息列表的灰狼优化算法模型包括:4. A lightweight dump configuration method according to claim 1, characterized in that the gray wolf optimization algorithm model for creating a dump process information list based on abnormal business scenarios includes: S311,初始化灰狼种群个体位置,以作为转储进程信息组合向量;S311, initializing the individual positions of the gray wolf population as a dump process information combination vector; S312,根据转储进程信息组合速度、完整度及冗余度确定适应度函数表达式;S312, determining a fitness function expression according to the dump process information combination speed, completeness and redundancy; S313,确定灰狼优化算法的约束条件。S313, determining the constraint conditions of the grey wolf optimization algorithm. 5.根据权利要求4所述的一种轻量dump的配置方法,其特征在于,所述适应度函数表达式为:5. A lightweight dump configuration method according to claim 4, characterized in that the fitness function expression is: 其中,ρ1、ρ2、ρ3为优化权重值,vx为转储进程信息组合速度;wx为转储进程信息组合的完整度;rx为转储进程信息组合冗余度;μ为适应度调整常数值,f为完整度判断常数值。Among them, ρ 1 , ρ 2 , ρ 3 are optimization weight values, v x is the dump process information combination speed; w x is the completeness of the dump process information combination; r x is the redundancy of the dump process information combination; μ is the fitness adjustment constant value, and f is the completeness judgment constant value. 6.根据权利要求5所述的一种轻量dump的配置方法,其特征在于,所述转储进程信息组合的完整度表达式为:6. A lightweight dump configuration method according to claim 5, characterized in that the completeness expression of the dump process information combination is: 其中,M0为转储进程信息组合有效量,θ1和θ2分别为使用量和挂起量的调节常数系数,Mq为软件异常问题q使用转储进程信息量,Gq为软件异常问题q挂起转储进程信息量。Among them, M0 is the effective amount of dump process information combination, θ1 and θ2 are the adjustment constant coefficients of usage and suspension respectively, Mq is the amount of dump process information used by software exception problem q, and Gq is the amount of dump process information suspended by software exception problem q. 7.根据权利要求4所述的一种轻量dump的配置方法,其特征在于,所述约束条件为:7. A lightweight dump configuration method according to claim 4, characterized in that the constraint condition is: (tm<Tm)and(minfh≥h)(t m <T m )and(minf h ≥h) 其中,tm为优化求解时间,Tm为时间阈值常数,fh为求解得到的转储进程信息组合中任意两项在当前异常业务场景中的关联性,h为关联性阈值常数。Among them, tm is the optimization solution time, Tm is the time threshold constant, fh is the correlation between any two items in the dump process information combination obtained in the current abnormal business scenario, and h is the correlation threshold constant. 8.根据权利要求1所述的一种轻量dump的配置方法,其特征在于,迭代更新灰狼位置过程中,从群体中随机选取灰狼个体与当前个体进行差分搜索,并对灰狼个体历史最优解解进行记忆保存,得到狼群的位置更新公式为:8. A lightweight dump configuration method according to claim 1, characterized in that, in the process of iteratively updating the position of the gray wolf, a gray wolf individual is randomly selected from the group and the current individual is searched for difference, and the historical optimal solution of the gray wolf individual is memorized and saved, and the position update formula of the wolf group is obtained as follows: 其中,b1为个体记忆系数,b1∈[0,1];b2为交流系数,b2∈[0,1];r3和r4为[0,1]的随机数;Pi,est为第i只灰狼个体所经历的最佳位置;Xj为群体中随机选择的灰狼个体,j≠i;Xi,、Xi,、Xi,分别表示α、β和δ狼的更新位置,X为当前灰狼个体的位置。Wherein, b1 is the individual memory coefficient, b1∈ [0,1]; b2 is the communication coefficient, b2∈ [0,1]; r3 and r4 are random numbers in [0,1]; Pi ,est is the best position experienced by the i-th gray wolf individual; Xj is a randomly selected gray wolf individual in the group, j≠i; Xi ,, Xi ,, Xi , respectively represent the updated positions of α, β and δ wolves, and X is the current position of the gray wolf individual. 9.根据权利要求8所述的一种轻量dump的配置方法,其特征在于,所述α、β和δ狼的更新位置的计算公式为:9. A lightweight dump configuration method according to claim 8, characterized in that the calculation formula for the update position of the α, β and δ wolves is: Xi,1=Xα-A1DαXi ,1 = - A1Dα ; Xi,2=Xβ-A2DβXi ,2 = - A2Dβ ; Xi,3=Xδ-A3DδXi ,3 = - A3Dδ ; 其中,A1、A2和A3为距离系数向量;Dα、Dβ、Dδ表示其他ω狼与最优三条灰狼α、β和δ之间的距离;Xα、Xβ和Xδ分别表示α、β和δ狼的位置。Among them, A 1 , A 2 and A 3 are distance coefficient vectors; D α , D β , D δ represent the distances between other ω wolves and the three best gray wolves α, β and δ; X α , X β and X δ represent the positions of α, β and δ wolves respectively. 10.根据权利要求1所述的一种轻量dump的配置方法,其特征在于,迭代更新灰狼位置过程中的收敛因子更新公式为:10. A lightweight dump configuration method according to claim 1, characterized in that the convergence factor update formula in the process of iteratively updating the gray wolf position is: at=ai-(ai-af)*rand()+ρ*randn()a t =a i -(a i -a f )*rand()+ρ*randn() 其中,ai和af分别表示收敛因子的初始值和终止值,t为当前迭代次数,rand()为[0,1]服从均匀分布的随机数,randn()为服从正态分布的随机数,ρ为度量收敛因子与其数学期望之间的偏离程度的方差。Where a i and a f represent the initial value and final value of the convergence factor, respectively; t is the current number of iterations; rand() is a random number from [0,1] that follows a uniform distribution; randn() is a random number from a normal distribution; and ρ is the variance that measures the degree of deviation between the convergence factor and its mathematical expectation.
CN202410794373.4A 2024-06-19 2024-06-19 A lightweight dump configuration method Pending CN118708389A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410794373.4A CN118708389A (en) 2024-06-19 2024-06-19 A lightweight dump configuration method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410794373.4A CN118708389A (en) 2024-06-19 2024-06-19 A lightweight dump configuration method

Publications (1)

Publication Number Publication Date
CN118708389A true CN118708389A (en) 2024-09-27

Family

ID=92808384

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410794373.4A Pending CN118708389A (en) 2024-06-19 2024-06-19 A lightweight dump configuration method

Country Status (1)

Country Link
CN (1) CN118708389A (en)

Similar Documents

Publication Publication Date Title
CN110175120B (en) A Reinforcement Learning-Based Fuzzy Test Case Adaptive Mutation Method and Device
Zhu et al. Bestconfig: tapping the performance potential of systems via automatic configuration tuning
US11057502B2 (en) Cloud assisted behavioral automated testing
US9467460B1 (en) Modularized database architecture using vertical partitioning for a state machine
US9600393B2 (en) Testing of application service versions on live data
CN110991871B (en) Risk monitoring method, device, equipment and computer readable storage medium
CN110798467B (en) Target object identification method and device, computer equipment and storage medium
CN106610854A (en) Model update method and device
US11455190B2 (en) Implicit status in many task computing
KR20190079517A (en) Method for searching using data structure supporting multiple search in blockchain based IoT environment, and apparatus thereof
CN104951306B (en) Data processing method and system based on real-time Computational frame
CN107003931B (en) Decoupling test validation from test execution
US11762689B2 (en) Message queue protocol for sequential execution of related task routines in many task computing
JP2023046293A (en) System, computer-implemented method, and computer program product for facilitating training data generation via reinforcement learning fault-injection (training data generation via reinforcement learning fault-injection)
CN104699595B (en) A kind of method for testing software of software-oriented upgrading
CN111865899B (en) Threat-driven collaborative collection method and device
CN111290855B (en) GPU card management method, system and storage medium for multiple GPU servers in distributed environment
US12106079B2 (en) Shared compilation cache verification system
CN118708389A (en) A lightweight dump configuration method
CN109255238B (en) Terminal threat detection and response method and engine
Bhattarai et al. Prov2vec: Learning provenance graph representation for anomaly detection in computer systems
Chen et al. Using memory propagation tree to improve performance of protocol fuzzer when testing ICS
US20220167469A1 (en) Coordinated performance controller failover in many task computing
US10324819B1 (en) Runtime performance introspection
US8560762B2 (en) Limited memory power

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination