Using dynamically allocated memory properly is a tricky issue. In many cases, programs continue to run well after a programming error causes serious memory corruption; sometimes they don’t crash at all. In this post we’re looking at how dynamic analysis can detect memory corruption problems common in C code.
A common mistake is trying to reuse a pointer after it has already been released. Consider lines 22-26 in the following program that de-allocates memory blocks before allocating the larger ones:
If you run this code through memory error detection tool such as Parasoft Insure++, you’ll get an error message about a “dangling pointer” at line 24. In this case, the block pointed to by string_so_far is freed at line 23 and then used in the next line.
Wikipedia defines a dangling pointer as “pointers that do not point to a valid object of the appropriate type. These are special cases of memory safety violations. More generally, dangling references and wild references are references that do not resolve to a valid destination.” These are a class of errors related to “deleting an object from memory explicitly or by destroying the stack frame on return does not alter associated pointers. The pointer still points to the same location in memory even though it may now be used for other purposes.” This is a common problem that often goes unnoticed because programs with these errors often compile with no warnings and can sometime execute correctly.
In the example above, the memory buffer reference by pointer string_so_far is explicitly freed and then subsequently dereferenced. Dynamic analysis detects these errors which can go unnoticed during testing and even during normal operation of the application until the wrong piece of memory is incorrectly accessed.
Insure++ detects errors at compile-time as well as runtime. Compile-time errors detected include:
The user then executes this program as part of use-case testing, just as you would use the original program, and Insure++ reports any problems found. Insure++ reports include detailed information, including: about the type of bug, source file and line number, actual source code line contents, expression that caused the problem, with reports including:
Image credit: xithorian
Parasoft’s industry-leading automated software testing tools support the entire software development process, from when the developer writes the first line of code all the way through unit and functional testing, to performance and security testing, leveraging simulated test environments along the way.