Memory debugger

Last updated

A memory debugger is a debugger for finding software memory problems such as memory leaks and buffer overflows. These are due to bugs related to the allocation and deallocation of dynamic memory. Programs written in languages that have garbage collection, such as managed code, might also need memory debuggers, e.g. for memory leaks due to "living" references in collections.

Contents

Overview

Memory debuggers work by monitoring memory access, allocations, and deallocation of memory. Many memory debuggers require applications to be recompiled with special dynamic memory allocation libraries, whose APIs are mostly compatible with conventional dynamic memory allocation libraries, or else use dynamic linking. Electric Fence is such a debugger which debugs memory allocation with malloc. Some memory debuggers (e.g. Valgrind) work by running the executable in a virtual machine-like environment, monitoring memory access, allocation and deallocation so that no recompilation with special memory allocation libraries is required.

Finding memory issues such as leaks can be extremely time consuming as they may not manifest themselves except under certain conditions. Using a tool to detect memory misuse makes the process much faster and easier. [1]

As abnormally high memory utilization can be a contributing factor in software aging, memory debuggers can help programmers to avoid software anomalies that would exhaust the computer system memory, thus ensuring high reliability of the software even for long runtimes.

Comparison to static analyzer

Some static analysis tools can also help find memory errors. Memory debuggers operate as part of an application while it's running while static code analysis is performed by analyzing the code without executing it. These different techniques will typically find different instances of problems, and using them both together yields the best result. [2]

List of memory debugging tools

This is a list of tools useful for memory debugging. A profiler can be used in conjunction with a memory debugger.

NameOSLicenseLanguagesTechnique
AddressSanitizer Linux, Mac OSFree/open source (LLVM)C, C++, RustCompile-time instrumentation (available in Clang and GCC) and specialized library
Allinea DDT Linux, Blue Gene Proprietary commercialC, C++ and F90. Also for parallel programs on supercomputersRuntime - through dynamic linking
AQtime Windows (Visual Studio, Embarcadero IDEs) Proprietary commercial.NET, C++, Java, Silverlight, JScript, VBScript [3] Runtime
Bcheck Solaris
BoundsChecker Windows (Visual Studio) Proprietary commercialC++Runtime intercepts or compile-time
Daikon Unix, Windows, Mac OS X [4] Free/open source [5] Java, C/C++, Perl, and Eiffel [4] Runtime dynamic invariant detection
Debug_new (general technique)(general technique)C++Compile-time override
Deleaker Windows (standalone, and plugins for Visual Studio, RAD Studio, Qt Creator, CLion) Proprietary commercialC++, .Net, DelphiRuntime intercepts
dmalloc AnyFree/open sourceCCompile-time override
DynamoRIO § Dr. Memory Android, Linux, WindowsFree/open source (LGPL and BSD)AnyRuntime intercepts
Electric Fence Unix GNU GPL C, C++Compile-time override
FASTMM4 Windows GNU GPL DelphiCompile-time override
IBM Rational Purify Unix, Windows Proprietary commercialC++, Java, .NETRuntime
Insure++ Windows (Visual Studio plugin), Unix Proprietary commercialC, C++source code instrumentation
Intel Inspector Windows (Visual Studio), Linux Proprietary commercialC, C++, FortranRuntime
libcwd Linux (gcc)Free/open sourceC, C++Compile-time override
libumem SolarisBundled with SolarisLink-time override
Memwatch Any (programming library)Free/open sourceCCompile-time override
mtrace Various GNU LGPL GNU C libraryBuilt-in, outputs accesses
MTuner VariousFreeC, C++Runtime intercepts, Link-time override (MSVC, Clang and GCC), Leak detection
Oracle Solaris Studio (formerly Sun Studio Runtime Checking)Linux, SolarisProprietary freewareC, C++, Fortran
OLIVER (APT international)MVS, MVS/EXA, DOS/VSE Proprietary softwareIBM AssemblerRuntime intercepts, Hypervisor - Type 2
TotalView Unix, Mac OS X Proprietary commercialC, C++, FortranRuntime
Valgrind § Memcheck Linux, Mac OS, Android GNU GPL AnyRuntime intercepts
WinDbg Windows Proprietary freewareC, C++, .NET, PythonRuntime

See also

Related Research Articles

Computer programming or coding is the composition of sequences of instructions, called programs, that computers can follow to perform tasks. It involves designing and implementing algorithms, step-by-step specifications of procedures, by writing code in one or more programming languages. Programmers typically use high-level programming languages that are more easily intelligible to humans than machine code, which is directly executed by the central processing unit. Proficient programming usually requires expertise in several different subjects, including knowledge of the application domain, details of programming languages and generic code libraries, specialized algorithms, and formal logic.

In computer science, a memory leak is a type of resource leak that occurs when a computer program incorrectly manages memory allocations in a way that memory which is no longer needed is not released. A memory leak may also happen when an object is stored in memory but cannot be accessed by the running code. A memory leak has symptoms similar to a number of other problems and generally can only be diagnosed by a programmer with access to the program's source code.

A software bug is a bug in computer software.

Turbo Pascal is a software development system that includes a compiler and an integrated development environment (IDE) for the programming language Pascal running on the operating systems CP/M, CP/M-86, and DOS. It was originally developed by Anders Hejlsberg at Borland, and was notable for its very fast compiling. Turbo Pascal, and the later but similar Turbo C, made Borland a leader in PC-based development tools.

In computer science, program analysis is the process of automatically analyzing the behavior of computer programs regarding a property such as correctness, robustness, safety and liveness. Program analysis focuses on two major areas: program optimization and program correctness. The first focuses on improving the program’s performance while reducing the resource usage while the latter focuses on ensuring that the program does what it is supposed to do.

In computer programming, specifically when using the imperative programming paradigm, an assertion is a predicate connected to a point in the program, that always should evaluate to true at that point in code execution. Assertions can help a programmer read the code, help a compiler compile it, or help the program detect its own defects.

A programming tool or software development tool is a computer program that software developers use to create, debug, maintain, or otherwise support other programs and applications. The term usually refers to relatively simple programs, that can be combined to accomplish a task, much as one might use multiple hands to fix a physical object. The most basic tools are a source code editor and a compiler or interpreter, which are used ubiquitously and continuously. Other tools are used more or less depending on the language, development methodology, and individual engineer, often used for a discrete task, like a debugger or profiler. Tools may be discrete programs, executed separately – often from the command line – or may be parts of a single large program, called an integrated development environment (IDE). In many cases, particularly for simpler use, simple ad hoc techniques are used instead of a tool, such as print debugging instead of using a debugger, manual timing instead of a profiler, or tracking bugs in a text file or spreadsheet instead of a bug tracking system.

Execution in computer and software engineering is the process by which a computer or virtual machine interprets and acts on the instructions of a computer program. Each instruction of a program is a description of a particular action which must be carried out, in order for a specific problem to be solved. Execution involves repeatedly following a "fetch–decode–execute" cycle for each instruction done by control unit. As the executing machine follows the instructions, specific effects are produced in accordance with the semantics of those instructions.

<span class="mw-page-title-main">Valgrind</span> Programming tool for profiling, memory debugging and memory leak detection

Valgrind is a programming tool for memory debugging, memory leak detection, and profiling.

PurifyPlus is a memory debugger program used by software developers to detect memory access errors in programs, especially those written in C or C++. It was originally written by Reed Hastings of Pure Software. Pure Software later merged with Atria Software to form Pure Atria Software, which in turn was later acquired by Rational Software, which in turn was acquired by IBM, and then divested to UNICOM Systems, Inc. on Dec 31, 2014. It is functionally similar to other memory debuggers, such as Insure++, Valgrind and BoundsChecker.

In computer programming, unreachable code is part of the source code of a program which can never be executed because there exists no control flow path to the code from the rest of the program.

Runtime verification is a computing system analysis and execution approach based on extracting information from a running system and using it to detect and possibly react to observed behaviors satisfying or violating certain properties. Some very particular properties, such as datarace and deadlock freedom, are typically desired to be satisfied by all systems and may be best implemented algorithmically. Other properties can be more conveniently captured as formal specifications. Runtime verification specifications are typically expressed in trace predicate formalisms, such as finite state machines, regular expressions, context-free patterns, linear temporal logics, etc., or extensions of these. This allows for a less ad-hoc approach than normal testing. However, any mechanism for monitoring an executing system is considered runtime verification, including verifying against test oracles and reference implementations. When formal requirements specifications are provided, monitors are synthesized from them and infused within the system by means of instrumentation. Runtime verification can be used for many purposes, such as security or safety policy monitoring, debugging, testing, verification, validation, profiling, fault protection, behavior modification, etc. Runtime verification avoids the complexity of traditional formal verification techniques, such as model checking and theorem proving, by analyzing only one or a few execution traces and by working directly with the actual system, thus scaling up relatively well and giving more confidence in the results of the analysis, at the expense of less coverage. Moreover, through its reflective capabilities runtime verification can be made an integral part of the target system, monitoring and guiding its execution during deployment.

Dynamic program analysis is the act of analyzing software that involves executing a program – as opposed to static program analysis, which does not execute it.

In software development, dynamic testing is examining the runtime response from a software system to particular input.

Memory safety is the state of being protected from various software bugs and security vulnerabilities when dealing with memory access, such as buffer overflows and dangling pointers. For example, Java is said to be memory-safe because its runtime error detection checks array bounds and pointer dereferences. In contrast, C and C++ allow arbitrary pointer arithmetic with pointers implemented as direct memory addresses with no provision for bounds checking, and thus are potentially memory-unsafe.

Intel Inspector is a memory and thread checking and debugging tool to increase the reliability, security, and accuracy of C/C++ and Fortran applications.

In engineering, debugging is the process of finding the root cause of and workarounds and possible fixes for bugs.

Cppcheck is a static code analysis tool for the C and C++ programming languages. It is a versatile tool that can check non-standard code. The creator and lead developer is Daniel Marjamäki.

<span class="mw-page-title-main">DynamoRIO</span> Software framework

DynamoRIO is a BSD-licensed dynamic binary instrumentation framework for the development of dynamic program analysis tools. DynamoRIO targets user space applications under the Android, Linux, and Windows operating systems running on the AArch32, IA-32, and x86-64 instruction set architectures.

In computer science, language-based security (LBS) is a set of techniques that may be used to strengthen the security of applications on a high level by using the properties of programming languages. LBS is considered to enforce computer security on an application-level, making it possible to prevent vulnerabilities which traditional operating system security is unable to handle.

References