BoundsChecker

BoundsChecker
Developer(s)	Micro Focus
Stable release	12.1.40 / 5 March 2021
Operating system	Windows
Type	Profiler / Memory debugger
License	Proprietary software
Website	www.microfocus.com/products/devpartner/

Last updated March 18, 2023

BoundsChecker is a memory checking and API call validation tool used for C++ software development with Microsoft Visual C++. It was created by NuMega in the early 1990s. When NuMega was purchased by Compuware in 1997, BoundsChecker became part of a larger tool suite, DevPartner Studio. Micro Focus purchased the product line from Compuware in 2009.^[1] Comparable tools include Purify, Insure++ and Valgrind.

ActiveCheck performs a less intrusive analysis and monitors all calls by the application to the C Runtime Library, Windows API and calls to COM objects. By monitoring memory allocations and releases, it can detect memory leaks and overruns. Monitoring API and COM calls enables ActiveCheck to check parameters, returns and exceptions and report exceptions when they occur. Thread deadlocks can also be detected by monitoring of the synchronization objects and calls giving actual and potential deadlock detection.

FinalCheck requires an instrumented build and gives a much deeper but more intrusive analysis. It provides all of the detection features of ActiveCheck plus the ability to detect buffer overflows (read and write) and uninitialized memory accesses. It monitors every scope change, and tracks pointers referencing memory objects.

General functionality

Leak detection

Memory tracking - Memory allocation and release is tracked over the life of the application, and an end-of-session report is generated showing which blocks of memory allocated by user code remain allocated at the time of a normal process termination. When compiler instrumentation is used, some memory leaks can be announced earlier, when the last pointer referring to an allocated block memory goes out of scope or gets overwritten by another value. Through the same mechanisms, attempts to use pointers to previously released memory are reported.
COM object tracking - COM object creation and destruction is tracked over the life of the application, and an end-of-session report is generated showing which objects remain active at the time of a normal process termination.
Resource tracking - The creation and destruction of system object handles (like file handles, GDI handles and so on) is monitored, and an end-of-session report is generated showing which handles remain at the time of a normal process termination.

API call validation

API calls are monitored, their input parameters verified before the function calls are actually performed, warning of possible problems. The API return codes are also monitored, and error codes are logged. Such validation is limited to such APIs as are known to BoundsChecker, currently several thousand in number. If Memory Tracking is enabled, API Call Validation can make use of the information gathered for more precise validation of memory pointers.

Memory overrun detection

When both memory tracking and API validation are enabled, it becomes possible to detect many kinds of array and buffer overrun conditions. Compiler instrumentation enhances this ability. This is the feature for which the product was originally named.

API call logging

API, COM method and .NET Interop function calls can be logged in detail, noting the call parameter values and the resulting return values. This feature is limited in value, as non-trivial applications often result in the session log quickly becoming too large.

.NET analysis

A report can be generated analyzing .NET Interop, garbage collection and finalizer activity over the life of the process under test.

Deadlock analysis

Certain kinds of deadly embraces and other such lockups can be detected.

Compatibility

The current version (12.1.40) of BoundsChecker supports 32-bit and 64-bit native applications on Windows 10 (2020 Spring Update). MS-DOS, 16-bit Windows, Windows 2000, Windows XP and Windows 7 environments are no longer supported. As part of DevPartner Studio, the product integrates with 2017 Update 15.9.33 and 2019 Update 16.9^[2]

As of March 2021, the Deadlock Analysis feature is not yet supported in X64 applications.

Criticisms

Licensing - Since the takeover by Micro Focus International, the suite has attracted criticism due to the increasingly awkward licensing mechanisms that need to be dealt with when installing and using it. For example, every single review on the online store site selling the product (apart from one submitted by one of its developers) describes the product as effectively unusable due to the way licensing is handled.^[3]
Speed - This is a relatively intrusive tool, and can slow the application under test anywhere from 50 to 300 times. The more of the features in use at a time, the slower it gets. This is particularly true when using compiler instrumentation.
Currency - Though the product works with many versions of Windows and of Microsoft Visual Studio, the API validation database has not been added to significantly since 2006. Newer APIs are generally not monitored.
Portability - Only Microsoft Windows and Microsoft Visual Studio are supported. There is no support for other operating systems nor compilers.
Noise - Many results are reported that, while valid, are not very useful. The most common of these kinds of things are API error returns. It is perfectly normal to have certain API calls fail. These kinds of results can be suppressed.

Version history

12.0 - Mar 2020 - New version built for latest Visual C/C++ runtime from Microsoft. Many other internal changes as well.^[4]
11.5.1 - Sep 2020 - Now uses the WiX Toolset installer.
11.4 HF5 - Feb 2020 - Support for Visual Studio 2019 16.4.5. Last version to support Windows 7 or earlier, or Visual Studio 2015 or earlier.
11.4 HF4 - Oct 2019 - Support for Windows 10 2019 Fall Update and Visual Studio 2019 16.3.6.
11.4 HF3 - May 2019 - Support for Windows 10 2019 Spring Update and Visual Studio 2019 16.0.3.
11.4 HF2 - Dec 2018 - Support for Windows 10 2018 Fall Update and Visual Studio 2017 15.9.4.
11.4 - Nov 2017 - Support for Windows 10 2017 Fall Creator's Update.
11.3 HF5 - Apr 2017 - Support for Visual Studio 2017.
11.3 - Jul 2015 - Support for Windows 10 and Visual Studio 2015.
11.2 - Jan 2014 - Support for Windows 8.1, Windows 8.0 and Visual Studio 2013.
11.1 - Apr 2013 - Chinese localization (excluding on-line help). Various bug fixes.
11.0 - Sep 2012 - Full Visual Studio 2012 support, improved performance and accuracy.
10.6 - Apr 2012 - New licensing model, product update checker, preliminary support for Visual Studio 2012, and system tray tool with activity monitor.
10.5 - Feb 2011 - Supports X64 applications on Windows Vista X64 and later.
10.0 - Apr 2010 - Supports Visual Studio 2010.
9.1 - Oct 2009 - Supports Windows 7.
9.0 - Sep 2008 - Supports Visual Studios 2005 & 2008.
8.2 - May 2007 - Last version with full support for Visual Studio 6.0 and Visual Studio .NET 2003.
6.0 - 1998 - First version after acquisition of NuMega by Compuware.
5.0 - Mar 1997
4.0 - 1996 - Introduced API Validation feature.
2.0 for DOS - Mar 1991^[5]

Related Research Articles

SoftICE is a kernel mode debugger for DOS and Windows up to Windows XP. It is designed to run underneath Windows, so that the operating system is unaware of its presence. Unlike an application debugger, SoftICE is capable of suspending all operations in Windows when instructed. Because of its low-level capabilities, SoftICE is also popular as a software cracking tool.

The Windows API, informally WinAPI, is Microsoft's core set of application programming interfaces (APIs) available in the Microsoft Windows operating systems. The name Windows API collectively refers to several different platform implementations that are often referred to by their own names ; see the versions section. Almost all Windows programs interact with the Windows API. On the Windows NT line of operating systems, a small number use the Native API.

Microsoft Foundation Class Library (MFC) is a C++ object-oriented library for developing desktop applications for Windows.

Delphi is a general-purpose programming language and a software product that uses the Delphi dialect of the Object Pascal programming language and provides an integrated development environment (IDE) for rapid application development of desktop, mobile, web, and console software, currently developed and maintained by Embarcadero Technologies.

PurifyPlus is a memory debugger program used by software developers to detect memory access errors in programs, especially those written in C or C++. It was originally written by Reed Hastings of Pure Software. Pure Software later merged with Atria Software to form Pure Atria Software, which in turn was later acquired by Rational Software, which in turn was acquired by IBM, and then divested to UNICOM Systems, Inc. on Dec 31, 2014. It is functionally similar to other memory debuggers, such as Insure++, Valgrind and BoundsChecker.

<span class="mw-page-title-main">Windows Installer</span> Software

Windows Installer is a software component and application programming interface (API) of Microsoft Windows used for the installation, maintenance, and removal of software. The installation information, and optionally the files themselves, are packaged in installation packages, loosely relational databases structured as COM Structured Storages and commonly known as "MSI files", from their default filename extensions. The packages with the file extensions mst contain Windows Installer "Transformation Scripts", those with the msm extensions contain "Merge Modules" and the file extension pcp is used for "Patch Creation Properties". Windows Installer contains significant changes from its predecessor, Setup API. New features include a GUI framework and automatic generation of the uninstallation sequence. Windows Installer is positioned as an alternative to stand-alone executable installer frameworks such as older versions of InstallShield and NSIS.

NuMega Technologies, Inc., was a software company founded in 1987 by Frank Grossman and Jim Moskun in Nashua, New Hampshire. The company developed a Kernel mode debugger, now SoftICE, for DOS and the Windows NT family.

C# is a general-purpose high-level programming language supporting multiple paradigms. C# encompasses static typing, strong typing, lexically scoped, imperative, declarative, functional, generic, object-oriented (class-based), and component-oriented programming disciplines.

Borland C++ is a C and C++ IDE released by Borland for MS-DOS and Microsoft Windows. It was the successor to Turbo C++ and included a better debugger, the Turbo Debugger, which was written in protected mode DOS.

The Microsoft Windows operating system supports a form of shared libraries known as "dynamic-link libraries", which are code libraries that can be used by multiple processes while only one copy is loaded into memory. This article provides an overview of the core libraries that are included with every modern Windows installation, on top of which most Windows applications are built.

Windows Vista contains a range of new technologies and features that are intended to help network administrators and power users better manage their systems. Notable changes include a complete replacement of both the Windows Setup and the Windows startup processes, completely rewritten deployment mechanisms, new diagnostic and health monitoring tools such as random access memory diagnostic program, support for per-application Remote Desktop sessions, a completely new Task Scheduler, and a range of new Group Policy settings covering many of the features new to Windows Vista. Subsystem for UNIX Applications, which provides a POSIX-compatible environment is also introduced.

DevPartner is a set of software development and testing tools developed by NuMega, acquired by Compuware in 1997, which on June 1, 2009 sold it to Micro Focus. There are two versions: one for native and .NET Windows applications, and another for Java applications. It is currently sold by Micro Focus.

Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing and release management capabilities. It covers the entire application lifecycle, and enables DevOps capabilities. Azure DevOps can be used as a back-end to numerous integrated development environments (IDEs) but is tailored for Microsoft Visual Studio and Eclipse on all platforms.

Visual Studio is an integrated development environment (IDE) from Microsoft. It is used to develop computer programs including websites, web apps, web services and mobile apps. Visual Studio uses Microsoft software development platforms such as Windows API, Windows Forms, Windows Presentation Foundation, Windows Store and Microsoft Silverlight. It can produce both native code and managed code.

Microsoft SQL Server is a relational database management system developed by Microsoft. As a database server, it is a software product with the primary function of storing and retrieving data as requested by other software applications—which may run either on the same computer or on another computer across a network. Microsoft markets at least a dozen different editions of Microsoft SQL Server, aimed at different audiences and for workloads ranging from small single-machine applications to large Internet-facing applications with many concurrent users.

Intel Inspector is a memory and thread checking and debugging tool to increase the reliability, security, and accuracy of C/C++ and Fortran applications.

CSS HTML Validator is an HTML editor and CSS editor for Windows that helps web developers create syntactically correct and accessible HTML/HTML5, XHTML, and CSS documents by locating errors, potential problems like browser compatibility issues, and common mistakes. It is also able to check links, check spelling, suggest improvements, alert developers to deprecated, obsolete, or proprietary tags, attributes, and CSS properties, and find issues that can affect search engine optimization.

<span class="mw-page-title-main">.NET Framework</span> Software platform developed by Microsoft

The .NET Framework is a proprietary software framework developed by Microsoft that runs primarily on Microsoft Windows. It was the predominant implementation of the Common Language Infrastructure (CLI) until being superseded by the cross-platform .NET project. It includes a large class library called Framework Class Library (FCL) and provides language interoperability across several programming languages. Programs written for .NET Framework execute in a software environment named the Common Language Runtime (CLR). The CLR is an application virtual machine that provides services such as security, memory management, and exception handling. As such, computer code written using .NET Framework is called "managed code". FCL and CLR together constitute the .NET Framework.

A code sanitizer is a programming tool that detects bugs in the form of undefined or suspicious behavior by a compiler inserting instrumentation code at runtime. The class of tools was first introduced by Google's AddressSanitizer of 2012, which uses directly mapped shadow memory to detect memory corruption such as buffer overflows or accesses to a dangling pointer (use-after-free).

Control-flow integrity (CFI) is a general term for computer security techniques that prevent a wide variety of malware attacks from redirecting the flow of execution of a program.

References

↑ Micro Focus DevPartner official site
↑ "DevPartner Technical Specs". Archived from the original on 2017-09-20. Retrieved 2017-05-18.
↑ "Code Analysis & Metrics Applications - Best Selling".
↑ "Top 20+ Memory Leak Detection Tools for Java and C++". Software Testing Help. Retrieved 2022-02-20.
↑ InfoWorld, 4 Mar 1991, page 19

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Micro Focus DevPartner official site

[2] "DevPartner Technical Specs". Archived from the original on 2017-09-20. Retrieved 2017-05-18.

[3] "Code Analysis & Metrics Applications - Best Selling".

[4] "Top 20+ Memory Leak Detection Tools for Java and C++". Software Testing Help. Retrieved 2022-02-20.

[5] InfoWorld, 4 Mar 1991, page 19

[1]

[2]

[3]

[4]

[5]