This article needs additional citations for verification .(December 2011) |
Program execution |
---|
General concepts |
Types of code |
Compilation strategies |
Notable runtimes |
|
Notable compilers & toolchains |
|
A memory debugger is a debugger for finding software memory problems such as memory leaks and buffer overflows. These are due to bugs related to the allocation and deallocation of dynamic memory. Programs written in languages that have garbage collection, such as managed code, might also need memory debuggers, e.g. for memory leaks due to "living" references in collections.
Memory debuggers work by monitoring memory access, allocations, and deallocation of memory. Many memory debuggers require applications to be recompiled with special dynamic memory allocation libraries, whose APIs are mostly compatible with conventional dynamic memory allocation libraries, or else use dynamic linking. Electric Fence is such a debugger which debugs memory allocation with malloc. Some memory debuggers (e.g. Valgrind) work by running the executable in a virtual machine-like environment, monitoring memory access, allocation and deallocation so that no recompilation with special memory allocation libraries is required.
Finding memory issues such as leaks can be extremely time consuming as they may not manifest themselves except under certain conditions. Using a tool to detect memory misuse makes the process much faster and easier. [1]
As abnormally high memory utilization can be a contributing factor in software aging, memory debuggers can help programmers to avoid software anomalies that would exhaust the computer system memory, thus ensuring high reliability of the software even for long runtimes.
Some static analysis tools can also help find memory errors. Memory debuggers operate as part of an application while it's running while static code analysis is performed by analyzing the code without executing it. These different techniques will typically find different instances of problems, and using them both together yields the best result. [2]
This is a list of tools useful for memory debugging. A profiler can be used in conjunction with a memory debugger.
Name | OS | License | Languages | Technique |
---|---|---|---|---|
AddressSanitizer | Linux, Mac OS | Free/open source (LLVM) | C, C++, Rust | Compile-time instrumentation (available in Clang and GCC) and specialized library |
Allinea DDT | Linux, Blue Gene | Proprietary commercial | C, C++ and F90. Also for parallel programs on supercomputers | Runtime - through dynamic linking |
AQtime | Windows (Visual Studio, Embarcadero IDEs) | Proprietary commercial | .NET, C++, Java, Silverlight, JScript, VBScript [3] | Runtime |
Bcheck | Solaris | |||
BoundsChecker | Windows (Visual Studio) | Proprietary commercial | C++ | Runtime intercepts or compile-time |
Daikon | Unix, Windows, Mac OS X [4] | Free/open source [5] | Java, C/C++, Perl, and Eiffel [4] | Runtime dynamic invariant detection |
Debug_new | (general technique) | (general technique) | C++ | Compile-time override |
Deleaker | Windows (standalone, and plugins for Visual Studio, RAD Studio, Qt Creator, CLion) | Proprietary commercial | C++, .Net, Delphi | Runtime intercepts |
dmalloc | Any | Free/open source (ISC License) | C | Compile-time override |
DynamoRIO § Dr. Memory | Android, Linux, Windows | Free/open source (LGPL and BSD) | Any | Runtime intercepts |
Electric Fence | Unix | GNU GPL | C, C++ | Compile-time override |
FASTMM4 | Windows | GNU GPL | Delphi | Compile-time override |
IBM Rational Purify | Unix, Windows | Proprietary commercial | C++, Java, .NET | Runtime |
Insure++ | Windows (Visual Studio plugin), Unix | Proprietary commercial | C, C++ | source code instrumentation |
Intel Inspector | Windows (Visual Studio), Linux | Proprietary commercial | C, C++, Fortran | Runtime |
libcwd | Linux (gcc) | Free/open source | C, C++ | Compile-time override |
libumem | Solaris | Bundled with Solaris | Link-time override | |
Memwatch | Any (programming library) | Free/open source | C | Compile-time override |
mtrace | Various | GNU LGPL | GNU C library | Built-in, outputs accesses |
MTuner | Various | Free | C, C++ | Runtime intercepts, Link-time override (MSVC, Clang and GCC), Leak detection |
Oracle Solaris Studio (formerly Sun Studio Runtime Checking) | Linux, Solaris | Proprietary freeware | C, C++, Fortran | |
OLIVER (APT international) | MVS, MVS/EXA, DOS/VSE | Proprietary software | IBM Assembler | Runtime intercepts, Hypervisor - Type 2 |
TotalView | Unix, Mac OS X | Proprietary commercial | C, C++, Fortran | Runtime |
Valgrind § Memcheck | Linux, Mac OS, Android | GNU GPL | Any | Runtime intercepts |
WinDbg | Windows | Proprietary freeware | C, C++, .NET, Python | Runtime |
Computer programming is the composition of sequences of instructions, called programs, that computers can follow to perform tasks. It involves designing and implementing algorithms, step-by-step specifications of procedures, by writing code in one or more programming languages. Programmers typically use high-level programming languages that are more easily intelligible to humans than machine code, which is directly executed by the central processing unit. Proficient programming usually requires expertise in several different subjects, including knowledge of the application domain, details of programming languages and generic code libraries, specialized algorithms, and formal logic.
In computer science, a memory leak is a type of resource leak that occurs when a computer program incorrectly manages memory allocations in a way that memory which is no longer needed is not released. A memory leak may also happen when an object is stored in memory but cannot be accessed by the running code. A memory leak has symptoms similar to a number of other problems and generally can only be diagnosed by a programmer with access to the program's source code.
A software bug is a design defect (bug) in computer software. A computer program with many or serious bugs may be described as buggy.
In computer science, program analysis is the process of automatically analyzing the behavior of computer programs regarding a property such as correctness, robustness, safety and liveness. Program analysis focuses on two major areas: program optimization and program correctness. The first focuses on improving the program’s performance while reducing the resource usage while the latter focuses on ensuring that the program does what it is supposed to do.
In computer programming, specifically when using the imperative programming paradigm, an assertion is a predicate connected to a point in the program, that always should evaluate to true at that point in code execution. Assertions can help a programmer read the code, help a compiler compile it, or help the program detect its own defects.
A programming tool or software development tool is a computer program that software developers use to create, debug, maintain, or otherwise support other programs and applications. The term usually refers to relatively simple programs, that can be combined to accomplish a task, much as one might use multiple hands to fix a physical object. The most basic tools are a source code editor and a compiler or interpreter, which are used ubiquitously and continuously. Other tools are used more or less depending on the language, development methodology, and individual engineer, often used for a discrete task, like a debugger or profiler. Tools may be discrete programs, executed separately – often from the command line – or may be parts of a single large program, called an integrated development environment (IDE). In many cases, particularly for simpler use, simple ad hoc techniques are used instead of a tool, such as print debugging instead of using a debugger, manual timing instead of a profiler, or tracking bugs in a text file or spreadsheet instead of a bug tracking system.
Execution in computer and software engineering is the process by which a computer or virtual machine interprets and acts on the instructions of a computer program. Each instruction of a program is a description of a particular action which must be carried out, in order for a specific problem to be solved. Execution involves repeatedly following a "fetch–decode–execute" cycle for each instruction done by the control unit. As the executing machine follows the instructions, specific effects are produced in accordance with the semantics of those instructions.
Valgrind is a programming tool for memory debugging, memory leak detection, and profiling.
A race condition or race hazard is the condition of an electronics, software, or other system where the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events, leading to unexpected or inconsistent results. It becomes a bug when one or more of the possible behaviors is undesirable.
PurifyPlus is a memory debugger program used by software developers to detect memory access errors in programs, especially those written in C or C++. It was originally written by Reed Hastings of Pure Software. Pure Software later merged with Atria Software to form Pure Atria Software, which in turn was later acquired by Rational Software, which in turn was acquired by IBM, and then divested to UNICOM Systems, Inc. on Dec 31, 2014. It is functionally similar to other memory debuggers, such as Insure++, Valgrind and BoundsChecker.
Runtime verification is a computing system analysis and execution approach based on extracting information from a running system and using it to detect and possibly react to observed behaviors satisfying or violating certain properties. Some very particular properties, such as datarace and deadlock freedom, are typically desired to be satisfied by all systems and may be best implemented algorithmically. Other properties can be more conveniently captured as formal specifications. Runtime verification specifications are typically expressed in trace predicate formalisms, such as finite state machines, regular expressions, context-free patterns, linear temporal logics, etc., or extensions of these. This allows for a less ad-hoc approach than normal testing. However, any mechanism for monitoring an executing system is considered runtime verification, including verifying against test oracles and reference implementations. When formal requirements specifications are provided, monitors are synthesized from them and infused within the system by means of instrumentation. Runtime verification can be used for many purposes, such as security or safety policy monitoring, debugging, testing, verification, validation, profiling, fault protection, behavior modification, etc. Runtime verification avoids the complexity of traditional formal verification techniques, such as model checking and theorem proving, by analyzing only one or a few execution traces and by working directly with the actual system, thus scaling up relatively well and giving more confidence in the results of the analysis, at the expense of less coverage. Moreover, through its reflective capabilities runtime verification can be made an integral part of the target system, monitoring and guiding its execution during deployment.
Dynamic program analysis is the act of analyzing software that involves executing a program – as opposed to static program analysis, which does not execute it.
In software development, dynamic testing is examining the runtime response from a software system to particular input.
Memory safety is the state of being protected from various software bugs and security vulnerabilities when dealing with memory access, such as buffer overflows and dangling pointers. For example, Java is said to be memory-safe because its runtime error detection checks array bounds and pointer dereferences. In contrast, C and C++ allow arbitrary pointer arithmetic with pointers implemented as direct memory addresses with no provision for bounds checking, and thus are potentially memory-unsafe.
Parasoft is an independent software vendor specializing in automated software testing and application security with headquarters in Monrovia, California. It was founded in 1987 by four graduates of the California Institute of Technology who planned to commercialize the parallel computing software tools they had been working on for the Caltech Cosmic Cube, which was the first working hypercube computer built.
Intel Inspector is a memory and thread checking and debugging tool to increase the reliability, security, and accuracy of C/C++ and Fortran applications.
In engineering, debugging is the process of finding the root cause, workarounds and possible fixes for bugs.
Cppcheck is a static code analysis tool for the C and C++ programming languages. It is a versatile tool that can check non-standard code. The creator and lead developer is Daniel Marjamäki.
DynamoRIO is a BSD-licensed dynamic binary instrumentation framework for the development of dynamic program analysis tools. DynamoRIO targets user space applications under the Android, Linux, and Windows operating systems running on the AArch32, IA-32, and x86-64 instruction set architectures.
In computer science, language-based security (LBS) is a set of techniques that may be used to strengthen the security of applications on a high level by using the properties of programming languages. LBS is considered to enforce computer security on an application-level, making it possible to prevent vulnerabilities which traditional operating system security is unable to handle.