PurifyPlus

UNICOM PurifyPlus
Original author(s)	Pure Software
Developer(s)	UNICOM Systems, a division of UNICOM Global
Stable release	8.2 / September 20, 2024
Operating system	Windows, Linux, Solaris
Type	Memory debugger
License	Proprietary software
Website	www.teamblue.unicomsi.com/products/purifyplus/

Last updated September 24, 2024

PurifyPlus is a memory debugger program used by software developers to detect memory access errors in programs, especially those written in C or C++. It was originally written by Reed Hastings of Pure Software.^[1] Pure Software later merged with Atria Software to form Pure Atria Software, which in turn was later acquired by Rational Software, which in turn was acquired by IBM, and then divested to UNICOM Systems, Inc. on Dec 31, 2014. It is functionally similar to other memory debuggers, such as Insure++, Valgrind and BoundsChecker.

Overview

PurifyPlus allows dynamic verification, a process by which a program discovers errors that occur when the program runs, much like a debugger. Static verification or static code analysis, by contrast, involves detecting errors in the source code without ever compiling or running it, just by discovering logical inconsistencies. The type checking by a C compiler is an example of static verification.

When a program is linked with PurifyPlus, corrected verification code is automatically inserted into the executable by parsing and adding to the object code, including libraries. That way, if a memory error occurs, the program will print out the exact location of the error, the memory address involved, and other relevant information. PurifyPlus also detects memory leaks. By default, a leak report is generated at program exit but can also be generated by calling the PurifyPlus leak-detection API from within an instrumented application.

The errors that PurifyPlus discovers include array bounds reads and writes, trying to access unallocated memory, freeing unallocated memory (usually due to freeing the same memory for the second time), as well as memory leaks (allocated memory with no pointer reference). Most of these errors are not fatal (at least not at the site of the error), and often when just running the program there is no way to detect them, except by observing that something is wrong due to incorrect program behavior. Hence PurifyPlus helps by detecting these errors and telling the programmer exactly where they occur. Because PurifyPlus works by instrumenting all the object code, it detects errors that occur inside of third-party or operating system libraries. These errors are often caused by the programmer passing incorrect arguments to the library calls, or by misunderstandings about the protocols for freeing data structures used by the libraries. These are often the most difficult errors to find and fix.

Differences from traditional debuggers

The ability to detect non-fatal errors is a major distinction between PurifyPlus and similar programs from the usual debuggers. By contrast, debuggers generally only allow the programmer to quickly find the sources of fatal errors, such as a program crash due to dereferencing a null pointer, but do not help to detect the non-fatal memory errors. Debuggers are useful for other things that PurifyPlus is not intended for, such as for stepping through the code line by line or examining the program's memory by hand at a particular moment of execution. In other words, these tools can complement each other for a skilled developer.

PurifyPlus also includes other functionality, such as high-performance watchpoints, which are of general use while using a debugger on one's code.

It is worth noting that using PurifyPlus makes the most sense in programming languages that leave memory management to the programmer. Hence, in Java, Lisp, or Visual Basic, for example, automatic memory management reduces occurrence of any memory leaks. These languages can however still have leaks; unnecessary references to objects will prevent the memory from being re-allocated. IBM has a product called Rational Application Developer to uncover these sorts of errors.

Supported platforms

Supported C/C++ platforms

Operating system	Processor architectures	Operating system versions	Compilers
Solaris
	Sun UltraSPARC	Solaris 11 base through 11.4 Solaris 10 base through U11	Sun C/C++ 5.10 through 5.15
	AMD64 Intel 64	Solaris 11 base through 11.4 Solaris 10 U6 through U11	Sun C/C++ 5.10 through 5.15
Linux
	Intel IA-32	RHEL 9 (Server/Desktop) base through 9.4 RHEL 8 (Server/Desktop) base through 8.9 RHEL 7 (Server/Desktop) base through 7.9 SLES 15 base through 15.5 SLES 12 base through 12.5	GNU gcc/g++ 4 through 11
	AMD64 Intel 64	RHEL 9 (Server/Desktop) base through 9.4 RHEL 8 (Server/Desktop) base through 8.9 RHEL 7 (Server/Desktop) base through 7.9 SLES 15 base through 15.5 SLES 12 base through 12.5	GNU gcc/g++ 4 through 11
Windows
Windows	Intel IA-32 Intel 64 AMD 64	Microsoft Windows 10 base through 21H1 Microsoft Windows Server 2019 Standard, Data Center Microsoft Windows Server 2016 Standard, Data Center Microsoft Windows Server 2012 Foundation, Essential, Standard, Data Center	Microsoft Visual Studio 2010 through 2022

Supported Java/.NET platforms

Platform	Data collection type	Runtime environment
Windows
	C/C++ (unmanaged code) data collection	Microsoft Visual Studio 2010 through 2022
	Java code coverage data collection	IBM JRE 5 through 8 SUN JRE 1.5 through 1.8
	.NET (managed code) data collection	.NET Framework 3.0 through 4.5 used with Microsoft Visual Studio 2010 through 2022

Related Research Articles

C is a general-purpose programming language. It was created in the 1970s by Dennis Ritchie and remains very widely used and influential. By design, C's features cleanly reflect the capabilities of the targeted CPUs. It has found lasting use in operating systems code, device drivers, and protocol stacks, but its use in application software has been decreasing. C is commonly used on computer architectures that range from the largest supercomputers to the smallest microcontrollers and embedded systems.

In computer science, a memory leak is a type of resource leak that occurs when a computer program incorrectly manages memory allocations in a way that memory which is no longer needed is not released. A memory leak may also happen when an object is stored in memory but cannot be accessed by the running code. A memory leak has symptoms similar to a number of other problems and generally can only be diagnosed by a programmer with access to the program's source code.

Java and C++ are two prominent object-oriented programming languages. By many language popularity metrics, the two languages have dominated object-oriented and high-performance software development for much of the 21st century, and are often directly compared and contrasted. Java's syntax was based on C/C++.

In computer programming, a type system is a logical system comprising a set of rules that assigns a property called a type to every term. Usually the terms are various language constructs of a computer program, such as variables, expressions, functions, or modules. A type system dictates the operations that can be performed on a term. For variables, the type system determines the allowed values of that term.

In computer programming, specifically when using the imperative programming paradigm, an assertion is a predicate connected to a point in the program, that always should evaluate to true at that point in code execution. Assertions can help a programmer read the code, help a compiler compile it, or help the program detect its own defects.

In computing, a crash, or system crash, occurs when a computer program such as a software application or an operating system stops functioning properly and exits. On some operating systems or individual applications, a crash reporting service will report the crash and any details relating to it, usually to the developer(s) of the application. If the program is a critical part of the operating system, the entire system may crash or hang, often resulting in a kernel panic or fatal system error.

A programming tool or software development tool is a computer program that software developers use to create, debug, maintain, or otherwise support other programs and applications. The term usually refers to relatively simple programs, that can be combined to accomplish a task, much as one might use multiple hands to fix a physical object. The most basic tools are a source code editor and a compiler or interpreter, which are used ubiquitously and continuously. Other tools are used more or less depending on the language, development methodology, and individual engineer, often used for a discrete task, like a debugger or profiler. Tools may be discrete programs, executed separately – often from the command line – or may be parts of a single large program, called an integrated development environment (IDE). In many cases, particularly for simpler use, simple ad hoc techniques are used instead of a tool, such as print debugging instead of using a debugger, manual timing instead of a profiler, or tracking bugs in a text file or spreadsheet instead of a bug tracking system.

A memory debugger is a debugger for finding software memory problems such as memory leaks and buffer overflows. These are due to bugs related to the allocation and deallocation of dynamic memory. Programs written in languages that have garbage collection, such as managed code, might also need memory debuggers, e.g. for memory leaks due to "living" references in collections.

Valgrind is a programming tool for memory debugging, memory leak detection, and profiling.

Memory corruption occurs in a computer program when the contents of a memory location are modified due to programmatic behavior that exceeds the intention of the original programmer or program/language constructs; this is termed as violation of memory safety. The most likely causes of memory corruption are programming errors. When the corrupted memory contents are used later in that program, it leads either to program crash or to strange and bizarre program behavior. Nearly 10% of application crashes on Windows systems are due to heap corruption.

Insure++ is a memory debugger computer program, used by software developers to detect various errors in programs written in C and C++. It is made by Parasoft, and is functionally similar to other memory debuggers, such as Purify, Valgrind and Dr Memory.

Dangling pointers and wild pointers in computer programming are pointers that do not point to a valid object of the appropriate type. These are special cases of memory safety violations. More generally, dangling references and wild references are references that do not resolve to a valid destination.

Dynamic program analysis is the act of analyzing software that involves executing a program – as opposed to static program analysis, which does not execute it.

In computing a storage violation is a hardware or software fault that occurs when a task attempts to access an area of computer storage which it is not permitted to access.

BoundsChecker is a memory checking and API call validation tool used for C++ software development with Microsoft Visual C++. It was created by NuMega in the early 1990s. When NuMega was purchased by Compuware in 1997, BoundsChecker became part of a larger tool suite, DevPartner Studio. Micro Focus purchased the product line from Compuware in 2009. Comparable tools include Purify, Insure++ and Valgrind.

Dynamic loading is a mechanism by which a computer program can, at run time, load a library into memory, retrieve the addresses of functions and variables contained in the library, execute those functions or access those variables, and unload the library from memory. It is one of the three mechanisms by which a computer program can use some other software within the program; the others are static linking and dynamic linking. Unlike static linking and dynamic linking, dynamic loading allows a computer program to start up in the absence of these libraries, to discover available libraries, and to potentially gain additional functionality.

Memory safety is the state of being protected from various software bugs and security vulnerabilities when dealing with memory access, such as buffer overflows and dangling pointers. For example, Java is said to be memory-safe because its runtime error detection checks array bounds and pointer dereferences. In contrast, C and C++ allow arbitrary pointer arithmetic with pointers implemented as direct memory addresses with no provision for bounds checking, and thus are potentially memory-unsafe.

Intel Inspector is a memory and thread checking and debugging tool to increase the reliability, security, and accuracy of C/C++ and Fortran applications.

Runtime error detection is a software verification method that analyzes a software application as it executes and reports defects that are detected during that execution. It can be applied during unit testing, component testing, integration testing, system testing, or penetration testing.

References

↑ Purify: fast detection of memory leaks and access errors. by Reed Hastings and Bob Joyce, Usenix Winter 1992 technical conference.

External links

"A Survey of Systems for Detecting Serial Run-Time Errors" by The Iowa State University’s High Performance Computing Group

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Purify: fast detection of memory leaks and access errors. by Reed Hastings and Bob Joyce, Usenix Winter 1992 technical conference.

[1]