Memory debugger

Last updated June 27, 2024

A memory debugger is a debugger for finding software memory problems such as memory leaks and buffer overflows. These are due to bugs related to the allocation and deallocation of dynamic memory. Programs written in languages that have garbage collection, such as managed code, might also need memory debuggers, e.g. for memory leaks due to "living" references in collections.

Overview

Memory debuggers work by monitoring memory access, allocations, and deallocation of memory. Many memory debuggers require applications to be recompiled with special dynamic memory allocation libraries, whose APIs are mostly compatible with conventional dynamic memory allocation libraries, or else use dynamic linking. Electric Fence is such a debugger which debugs memory allocation with malloc. Some memory debuggers (e.g. Valgrind) work by running the executable in a virtual machine-like environment, monitoring memory access, allocation and deallocation so that no recompilation with special memory allocation libraries is required.

Finding memory issues such as leaks can be extremely time consuming as they may not manifest themselves except under certain conditions. Using a tool to detect memory misuse makes the process much faster and easier.^[1]

As abnormally high memory utilization can be a contributing factor in software aging, memory debuggers can help programmers to avoid software anomalies that would exhaust the computer system memory, thus ensuring high reliability of the software even for long runtimes.

Comparison to static analyzer

Some static analysis tools can also help find memory errors. Memory debuggers operate as part of an application while it's running while static code analysis is performed by analyzing the code without executing it. These different techniques will typically find different instances of problems, and using them both together yields the best result.^[2]

List of memory debugging tools

This is a list of tools useful for memory debugging. A profiler can be used in conjunction with a memory debugger.

Name	OS	License	Languages	Technique
AddressSanitizer	Linux, Mac OS	Free/open source (LLVM)	C, C++, Rust	Compile-time instrumentation (available in Clang and GCC) and specialized library
Allinea DDT	Linux, Blue Gene	Proprietary commercial	C, C++ and F90. Also for parallel programs on supercomputers	Runtime - through dynamic linking
AQtime	Windows (Visual Studio, Embarcadero IDEs)	Proprietary commercial	.NET, C++, Java, Silverlight, JScript, VBScript^[3]	Runtime
Bcheck	Solaris
BoundsChecker	Windows (Visual Studio)	Proprietary commercial	C++	Runtime intercepts or compile-time
Daikon	Unix, Windows, Mac OS X^[4]	Free/open source^[5]	Java, C/C++, Perl, and Eiffel^[4]	Runtime dynamic invariant detection
Debug_new	(general technique)	(general technique)	C++	Compile-time override
Deleaker	Windows (standalone, and plugins for Visual Studio, RAD Studio, Qt Creator, CLion)	Proprietary commercial	C++, .Net, Delphi	Runtime intercepts
dmalloc	Any	Free/open source	C	Compile-time override
DynamoRIO § Dr. Memory	Android, Linux, Windows	Free/open source (LGPL and BSD)	Any	Runtime intercepts
Electric Fence	Unix	GNU GPL	C, C++	Compile-time override
FASTMM4	Windows	GNU GPL	Delphi	Compile-time override
IBM Rational Purify	Unix, Windows	Proprietary commercial	C++, Java, .NET	Runtime
Insure++	Windows (Visual Studio plugin), Unix	Proprietary commercial	C, C++	source code instrumentation
Intel Inspector	Windows (Visual Studio), Linux	Proprietary commercial	C, C++, Fortran	Runtime
libcwd	Linux (gcc)	Free/open source	C, C++	Compile-time override
libumem	Solaris	Bundled with Solaris		Link-time override
Memwatch	Any (programming library)	Free/open source	C	Compile-time override
mtrace	Various	GNU LGPL	GNU C library	Built-in, outputs accesses
MTuner	Various	Free	C, C++	Runtime intercepts, Link-time override (MSVC, Clang and GCC), Leak detection
Oracle Solaris Studio (formerly Sun Studio Runtime Checking)	Linux, Solaris	Proprietary freeware	C, C++, Fortran
OLIVER (APT international)	MVS, MVS/EXA, DOS/VSE	Proprietary software	IBM Assembler	Runtime intercepts, Hypervisor - Type 2
TotalView	Unix, Mac OS X	Proprietary commercial	C, C++, Fortran	Runtime
Valgrind § Memcheck	Linux, Mac OS, Android	GNU GPL	Any	Runtime intercepts
WinDbg	Windows	Proprietary freeware	C, C++, .NET, Python	Runtime

Related Research Articles

Computer programming or coding is the composition of sequences of instructions, called programs, that computers can follow to perform tasks. It involves designing and implementing algorithms, step-by-step specifications of procedures, by writing code in one or more programming languages. Programmers typically use high-level programming languages that are more easily intelligible to humans than machine code, which is directly executed by the central processing unit. Proficient programming usually requires expertise in several different subjects, including knowledge of the application domain, details of programming languages and generic code libraries, specialized algorithms, and formal logic.

In computer science, a memory leak is a type of resource leak that occurs when a computer program incorrectly manages memory allocations in a way that memory which is no longer needed is not released. A memory leak may also happen when an object is stored in memory but cannot be accessed by the running code. A memory leak has symptoms similar to a number of other problems and generally can only be diagnosed by a programmer with access to the program's source code.

A software bug is a bug in computer software.

Turbo Pascal is a software development system that includes a compiler and an integrated development environment (IDE) for the programming language Pascal running on the operating systems CP/M, CP/M-86, and DOS. It was originally developed by Anders Hejlsberg at Borland, and was notable for its very fast compiling. Turbo Pascal, and the later but similar Turbo C, made Borland a leader in PC-based development tools.

In computer science, program analysis is the process of automatically analyzing the behavior of computer programs regarding a property such as correctness, robustness, safety and liveness. Program analysis focuses on two major areas: program optimization and program correctness. The first focuses on improving the program’s performance while reducing the resource usage while the latter focuses on ensuring that the program does what it is supposed to do.

In computer programming, specifically when using the imperative programming paradigm, an assertion is a predicate connected to a point in the program, that always should evaluate to true at that point in code execution. Assertions can help a programmer read the code, help a compiler compile it, or help the program detect its own defects.

A programming tool or software development tool is a computer program that software developers use to create, debug, maintain, or otherwise support other programs and applications. The term usually refers to relatively simple programs, that can be combined to accomplish a task, much as one might use multiple hands to fix a physical object. The most basic tools are a source code editor and a compiler or interpreter, which are used ubiquitously and continuously. Other tools are used more or less depending on the language, development methodology, and individual engineer, often used for a discrete task, like a debugger or profiler. Tools may be discrete programs, executed separately – often from the command line – or may be parts of a single large program, called an integrated development environment (IDE). In many cases, particularly for simpler use, simple ad hoc techniques are used instead of a tool, such as print debugging instead of using a debugger, manual timing instead of a profiler, or tracking bugs in a text file or spreadsheet instead of a bug tracking system.

Execution in computer and software engineering is the process by which a computer or virtual machine interprets and acts on the instructions of a computer program. Each instruction of a program is a description of a particular action which must be carried out, in order for a specific problem to be solved. Execution involves repeatedly following a "fetch–decode–execute" cycle for each instruction done by control unit. As the executing machine follows the instructions, specific effects are produced in accordance with the semantics of those instructions.

Valgrind is a programming tool for memory debugging, memory leak detection, and profiling.

PurifyPlus is a memory debugger program used by software developers to detect memory access errors in programs, especially those written in C or C++. It was originally written by Reed Hastings of Pure Software. Pure Software later merged with Atria Software to form Pure Atria Software, which in turn was later acquired by Rational Software, which in turn was acquired by IBM, and then divested to UNICOM Systems, Inc. on Dec 31, 2014. It is functionally similar to other memory debuggers, such as Insure++, Valgrind and BoundsChecker.

In computer programming, unreachable code is part of the source code of a program which can never be executed because there exists no control flow path to the code from the rest of the program.

Runtime verification is a computing system analysis and execution approach based on extracting information from a running system and using it to detect and possibly react to observed behaviors satisfying or violating certain properties. Some very particular properties, such as datarace and deadlock freedom, are typically desired to be satisfied by all systems and may be best implemented algorithmically. Other properties can be more conveniently captured as formal specifications. Runtime verification specifications are typically expressed in trace predicate formalisms, such as finite state machines, regular expressions, context-free patterns, linear temporal logics, etc., or extensions of these. This allows for a less ad-hoc approach than normal testing. However, any mechanism for monitoring an executing system is considered runtime verification, including verifying against test oracles and reference implementations. When formal requirements specifications are provided, monitors are synthesized from them and infused within the system by means of instrumentation. Runtime verification can be used for many purposes, such as security or safety policy monitoring, debugging, testing, verification, validation, profiling, fault protection, behavior modification, etc. Runtime verification avoids the complexity of traditional formal verification techniques, such as model checking and theorem proving, by analyzing only one or a few execution traces and by working directly with the actual system, thus scaling up relatively well and giving more confidence in the results of the analysis, at the expense of less coverage. Moreover, through its reflective capabilities runtime verification can be made an integral part of the target system, monitoring and guiding its execution during deployment.

Dynamic program analysis is the act of analyzing software that involves executing a program – as opposed to static program analysis, which does not execute it.

In software development, dynamic testing is examining the runtime response from a software system to particular input.

Memory safety is the state of being protected from various software bugs and security vulnerabilities when dealing with memory access, such as buffer overflows and dangling pointers. For example, Java is said to be memory-safe because its runtime error detection checks array bounds and pointer dereferences. In contrast, C and C++ allow arbitrary pointer arithmetic with pointers implemented as direct memory addresses with no provision for bounds checking, and thus are potentially memory-unsafe.

Intel Inspector is a memory and thread checking and debugging tool to increase the reliability, security, and accuracy of C/C++ and Fortran applications.

In engineering, debugging is the process of finding the root cause of and workarounds and possible fixes for bugs.

Cppcheck is a static code analysis tool for the C and C++ programming languages. It is a versatile tool that can check non-standard code. The creator and lead developer is Daniel Marjamäki.

DynamoRIO is a BSD-licensed dynamic binary instrumentation framework for the development of dynamic program analysis tools. DynamoRIO targets user space applications under the Android, Linux, and Windows operating systems running on the AArch32, IA-32, and x86-64 instruction set architectures.

In computer science, language-based security (LBS) is a set of techniques that may be used to strengthen the security of applications on a high level by using the properties of programming languages. LBS is considered to enforce computer security on an application-level, making it possible to prevent vulnerabilities which traditional operating system security is unable to handle.

References

Michael C. Daconta: C++ Pointers and Dynamic Memory Management, John Wiley & Sons, ISBN 0-471-04998-0
Andrew Koenig: C Traps and Pitfalls, Addison-Wesley, ISBN 0-201-17928-8

↑ "Review: 5 memory debuggers for Linux coding". 20 November 2015. Retrieved August 24, 2017.
↑ "Dynamic Analysis vs. Static Analysis" . Retrieved August 24, 2017.
↑ "Managed Code - AQtime Pro | SmartBear". Archived from the original on 2013-09-19. Retrieved 2013-01-14.
1 2 "The Daikon Invariant Detector User Manual".
↑ "The Daikon Invariant Detector User Manual".

External links

"Hunting Memory Bugs" by Ivan Skytte Jørgensen
"Comparison of Free Memory Checkers" by Jean-Philippe Martin ^{[ full citation needed ]}

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Review: 5 memory debuggers for Linux coding". 20 November 2015. Retrieved August 24, 2017.

[2] "Dynamic Analysis vs. Static Analysis" . Retrieved August 24, 2017.

[3] "Managed Code - AQtime Pro | SmartBear". Archived from the original on 2013-09-19. Retrieved 2013-01-14.

[diakon_manual-4] 1 2 "The Daikon Invariant Detector User Manual".

[5] "The Daikon Invariant Detector User Manual".

[1]

[2]

[3]

[4]

[5]

v t e Memory management
Memory management as a function of an operating system
Hardware	Memory management unit (MMU) Translation lookaside buffer (TLB) Input–output memory management unit (IOMMU)
Virtual memory	Demand paging Memory paging Page table Virtual memory compression
Memory segmentation	Protected mode Real mode Virtual 8086 mode x86 memory segmentation
Memory allocator	dlmalloc Hoard jemalloc libumem mimalloc ptmalloc
Manual memory management	Static memory allocation C dynamic memory allocation new and delete (C++)
Garbage collection	Automatic Reference Counting Boehm garbage collector Cheney's algorithm Concurrent mark sweep collector Finalizer Garbage Garbage-first collector Mark–compact algorithm Reference counting Tracing garbage collection Strong reference Weak reference
Memory safety	Buffer overflow Buffer over-read Dangling pointer Stack overflow
Issues	Fragmentation Memory leak Unreachable memory
Other	Automatic variable International Symposium on Memory Management Region-based memory management
Memory management Virtual memory Automatic memory management Memory management algorithms Memory management software