4

In VS6 times there was BoundsChecker from Numega. I understand it is dead now, please correct me if I am wrong. What are the reliable alternatives? Preferably free or at least with trial version available.

Secure
  • 171
  • 1
  • 2
  • 4
  • I've just stumbled upon this: [http://users.softlab.ntua.gr/~ttsiod/HeapCheck.html]http://users.softlab.ntua.gr/~ttsiod/HeapCheck.html – J Evans Sep 22 '11 at 16:23

7 Answers7

6

IMO It might be a better idea to write custom memory manager (the one that supports new/delete/malloc/free wrappers). Make a new/delete wrapper that locks unused/freed memory using VirtualProtect (yeah, I know that default allocation block will have to be PAGE_SIZE bytes large, and you'll need a lot of ram even for a small app, but that's the only disadvantage). If you are on linux, it probably have VirtualProtect alternative. In this case any outrageous out-of-bounds access will generate access violation and will be easy to track. Also use stl containers when possible - they also offer bounds checking.

This advice is based on experience - I had worked with a terribly written huge (several megabytes of code) old software that had memory leaks, accessed already freed memory from multiple threads and so on. I've spent week trying different utilities (purify, devpartner studio, aqtime etc), and although some of them provided loads of information, none were really helpful. With custom memory managment problems were eliminated in 2 days (that includes writing memory manager).

If that doesn't work for you, try compuware devpartner studio - if it is still available anywhere.

SigTerm
  • 26,089
  • 6
  • 66
  • 115
  • can you expand on how this was implemented? Any pointers to relevant code? Many thanks. – J Evans Sep 18 '11 at 11:42
  • 3
    @G Forty: You write custom memory manager that implements global operators new/delete. On startup manager grabs as much system RAM as it can (few gigabytes) and locks it up with virtualprotect (win32). When program requests new block, manager finds PAGE_SIZE aligned block, unlocks it and returns it to program. When the block is freed, it locks it up again using virtual protect. This way most attempt to access dangling pointer will cause immediate access violation which can be debugged and exterminated. There are no pointers to code. Solution was written from scratch for commercial project. – SigTerm Sep 20 '11 at 14:43
  • That'll get me going. Thanks. – J Evans Sep 22 '11 at 12:42
  • BoundsChecker is now renamed (by the morons who do renaming things so you can't find them anymore) as Borland DevPartner Studio, where it is understood that Borland is actually a division of Micro-Focus, who acquired DevPartner from Compuware. http://www.borland.com/Products/Software-Testing/Automated-Testing/Devpartner-Studio – Warren P Jan 13 '15 at 21:02
  • A custom memory manager won't show the offender immediatly. You'll know something went bad, but not where. You also can't detect invalid memory reads. – StefanLundmark Aug 21 '15 at 21:27
  • 1
    @StefanLundmark: Sigh. Did you even read this (4 years old) answer? The whole point of this approach is using virtual protect and lock out every unused region. In this case ANY access to unitialized or deleted region will immediately result in access violation which will be caught by debugger who will present you line, source and stack trace. So, you'll immediately know who accessed invalid region and where. I already explained that back in 2011 in another comment. – SigTerm Aug 22 '15 at 09:28
  • No need to get worked up. I'm not sure why the age of your answer is relevant. But that's the point, these tools do a lot more than catching unitialized or dangling pointers. How are you going to prevent invalid memory reads in both directions with VirtualProtect? You can't, unless the memory you need is the exact same size as the protected page itself. – StefanLundmark Aug 22 '15 at 10:56
  • @StefanLundmark: The age is relevant, because you're wasting time necromancing a **closed** thread that no longer needs immediate attention - to argue in comments. Why do I have to keep explaining same stuff over and over? Read the answer again and think about it till you get it. As It is mentioned in the answer, at the time when that manager was written, no existing windows software could help with that particular problem. no valgrind on windows, remember?. Also, I would advise to do something useful instead of necromancing. Answer questions or something. – SigTerm Aug 22 '15 at 17:28
  • @SigTerm: We're not arguing, I just wanted to let people know your solution isn't anything like an "equivalent" of Boundschecker. There's no such thing as a "closed thread" on SO and bumping questions [is encouraged](http://meta.stackexchange.com/questions/125965/is-bumping-old-questions-allowed) when you have something new to contribute. You seem to take this way too personal and I'm going to leave it at that. – StefanLundmark Aug 22 '15 at 18:01
2

Boundschecker is not dead. I'm using it with Visual Studio 2008.

They just changed owners (Compuware to MicroFocus, to Borland), now it's called DevPartner for Visual C++ BoundsChecker Suite

Check this:

http://www.borland.com/Products/Software-Testing/Automated-Testing/Devpartner-Studio

Warren P
  • 65,725
  • 40
  • 181
  • 316
nabulke
  • 11,025
  • 13
  • 65
  • 114
  • Fixed your link as the owner or brand name has changed from Compuware, to MicroFocus and MicroFocus has decided to rebrand using the Borland brand-name, although it's still a division of MicroFocus. – Warren P Jan 13 '15 at 21:03
2

BoundsChecker is certainly not dead. "It's only mostly dead, which means partly alive" (sorry, cannot resist the Miracle Max quote from The Princess Bride.) Seriously, BoundsChecker is alive and thriving under Micro Focus stewardship. We are releasing DevPartner Studio with 64-bit application support in BoundsChecker, the .NET/native/mixed performance and coverage profilers, and the .NET memory and holistic CPU/network/disk IO performance profiler. Look for DPS 10.5 to ship on February 4, 2011. The 10.5 release integrates seamlessly with Visual Studio 2005, 2008, and 2010, but you can still use BC standalone to run Active Check against VC6 and VC2003 binaries with some success if needed. Shameless plug: I work on the DevPartner team. I am peppering SO with notes announcing the newfound relevance of DPS 10.5 for C++ and .NET app dev troubleshooting on the x64 platform. With the new pricing model where you can license just BC or just the perf profiler, DPS should be much more accessible than it ever was under Compuware stewardship and lofty pricing. Disclaimer: these are my own opinions not necessarily sanctioned by Micro Focus.

Matt Schuetze
  • 1,112
  • 8
  • 9
  • 2
    +5 for the 3 month licencing option. Wonderful. Sadly -10 for the online licensing 'system'. Results obtained today (18-Sept-2011) for license purchased via ComponentSource: 'We're sorry...there was a problem processing your request. The license for this product cannot be automatically generated at this time. Please contact your local Support Office.helloDevPartner Visual C++ BoundsChecker Suite Web Edition' . *grrr* – J Evans Sep 18 '11 at 11:40
  • Similar issues using this 'tool'. Would not recommend: licensing is a huge pain. You'll instantly regret the licensing model. – Brett Jul 28 '12 at 04:22
  • 2
    You have to call someone and make an appointment to discuss pricing even these days in the Borland/MicroFocus (2015) era. – Warren P Jan 13 '15 at 21:04
  • Looks like it's still like that. I know when they say "Contact us" for pricing it's going to be too expensive. – J. Gwinner Oct 30 '20 at 16:10
1

Bounds Checker used to be my second favorite tool, after a good debugger. I found it incredibly useful. Then it got so freakin expensive that I was no longer able to justify its purchase. If you want to know why hardly anybody even knows about this great tool anymore, there's your answer.

Kirk Hawley
  • 331
  • 2
  • 5
1

I also work for Micro Focus, and am the main guy right now for the BoundsChecker (DPS Error Detection) runtime internals. The product is definitely not dead, but the main thing keeping it alive right now is the fanatical loyalty of certain people. Though loyalty only goes so far. We continue to have customers. If the product weren't selling at all, the company would have laid us all off long ago and canned the product.

Anyway, for those of you with questions or bugs to report, try our forum at http://community.microfocus.com/.

Rick Papo
  • 369
  • 1
  • 2
  • 10
0

Purify (Plus) http://www-01.ibm.com/software/awdtools/purifyplus/

ogni42
  • 101
  • 3
0

BoundsChecker was acquired multiple times and is now here: http://microfocus.com/products/DevPartner/BoundsCheckerSuite.asp

Another option is Rational Purify (Now owned by IBM): http://www-01.ibm.com/software/awdtools/purify/

Both of these products work, kinda. But neither are a silver bullet and bring with them a non-trivial amount of work to get useful information out of them. YMMV

John Dibling
  • 99,718
  • 31
  • 186
  • 324