What's the best way to deliberately crash my Windows application?

Question

I've added a mini-core-dump feature (via __try/__except and MiniDumpWriteDump()) to the Windows build of my Qt application, so that if/when my application ever crashes, a .dmp file will be written out to disk for me to look at and debug with later on.

That works pretty well, but for testing I'd like to have a known-reliable method for making my program crash. For example, there could be a "crash now" button in the GUI and when the user clicks it, it will cause the application to deliberately crash.

One way to do it, of course, is like this:

int * badPointer = NULL;
*badPointer = 666;

And that works for me, but I don't like that approach because it relies on undefined behavior -- in particular, the C++ standard doesn't require the above code to cause a crash, so it's possible (from a language-lawyer perspective) that some future version of the compiler will not crash when the above code executes.

As a more "official" approach, I tried this:

abort();

... which does terminate the program, but it doesn't cause the Windows Structured Exception that triggers the MiniCrashDump handler, so no .dmp file gets written.

My question is, is there an "Official Right Way" to crash my program? I see that Windows API has a RaiseException() function that I could call, but I'm not sure what the proper arguments to it should be. Is that the way to go, or is there some more specific call that I would be better off using?

Answer 1

It's perfectly fine to dereference a null pointer to cause an access violation if you know you're running on Windows — Windows provides stronger guarantees than the C++ language. C++ says that dereferencing a null pointer is Undefined Behavior, but Windows defines this as an access violation (which is perfectly acceptable as far as C++ is conerned, since an access violation is one possible result of Undefined Behavior).

From Managing Virtual Memory:

Windows NT builds a safeguard into every process's address space. Both the upper and lower 65,536 bytes of each process are permanently reserved by the system. These portions of the address space are reserved to trap stray pointers—pointers that attempt to address memory in the range 00000000₁₆-0000FFFF₁₆ or 7FFF0000₁₆-7FFFFFFF₁₆. Not coincidentally, it is easy to detect pointers in this range by simply ignoring the lower four nibbles (the rightmost two bytes) in these addresses. Essentially, a pointer is invalid if the upper four nibbles are 0000₁₆ or 7FFF₁₆; all other values represent valid addresses.

The first page of memory is always mapped as PAGE_NOACCESS, so if you attempt to read or write to a null pointer (or any pointer within +/-64 KB of a null pointer), you'll always raise an access violation exception.