Memory Debugging with Parasoft Insure++

 

Memory Debugging with Parasoft Insure++

Identify sporadic memory corruption defects that cause system crashes and expose security vulnerabilities in the field, but are impossible to find during normal testing. Parasoft Insure++ helps you ensure the integrity of your C/C++ applications’ memory by dynamically finding these erratic programming and memory-access errors, such as heap corruption, rogue threads, memory leaks, array out of bounds, and invalid pointers.

Parasoft Insure++

How does it work?

Parasoft Insure++ is a comprehensive memory debugging tool for C/C++ software developers, that can be used to find issues such as:

  • Memory leaks (which are identified and classified as to their cause)
  • Memory abuse
  • Buffer overflow/underflow
  • Pointer abuse
  • Many other causes of possible undefined behavior or implementation-defined behavior.

Insure++ uses a state-of-the-art code parser, along with hundreds of heuristics, to analyze the application code, during which it reports on several possible static violations. While analyzing the code, it writes a new source code file, with appropriate instrumentation inserted in “trouble spots” (e.g. pointer dereference, scope exit, etc.), and the resulting source file is automatically compiled and all resulting object code files are linked into a new executable program. 

The user then executes this program as part of use-case testing, just as you would use the original program, and Insure++ reports any problems found. Insure++ reports include detailed information, including: about the type of bug, source file and line number, actual source code line contents, expression that caused the problem, with reports including:

  • The type of bug, (e.g. EXPR_UNRELATED_PTRCMP)
  • The source file and line number, (e.g. foo.cc:42)
  • The actual source code line contents, (e.g. “while (p < g) {”)
  • The expression which caused the problem, (e.g. “p < g”)
  • Information about all pointers and memory blocks involved in the bug:
    • The pointer values
    • The memory blocks pointed to, (if any), and any offset
    • The block allocation information:
      • Stack trace if dynamically allocated.
      • Block declaration location, (source file and line number), if allocated on the stack or globally.
      • Stack trace of deallocation of the block, if applicable.
    • The stack trace showing how the program got to the bug location.

This detailed information enables users to more easily resolve issues found during testing. Read more about the features of Parasoft Insure++ below.

Features

Target Insure++’s patented instrumentation to pinpoint real memory issues and get immediate visibility at runtime. Identify memory issues both within your codebase, and caused by external libraries, automatically tracking and monitoring all threads and processes within the application to quickly find algorithmic anomalies. At compile time, use Insure++ to identify deviations from C/C++ standards that may lead to memory leaks or application instabilities.

Runtime memory debugging

During testing, Insure++ checks all types of memory references, including those to static (global), stack, and shared memory -- both in your own code and in third-party libraries. Errors detected include:

  • Corrupted heap and stack memory
  • Use of uninitialized variables and objects
  • Array and string bounds errors on heap and stack
  • Use of dangling, NULL, and uninitialized pointers
  • All types of memory allocation and free errors or mismatches
  • All types of memory leaks
  • Type mismatches in global declarations, pointers, and function calls

Compile-time analysis

Insure++ detects errors at compile-time as well as runtime. Compile-time errors detected include:

  • Cast of pointer loses precision
  • Mismatch in format specification
  • Mismatch in argument type
  • Code is not evaluated, has no effect, or is unreachable
  • Undefined identifier
  • Variable declared, but never used
  • Returning pointer to local variable
  • Function returns inconsistent value
  • Unused variables

If you haven’t executed code, then you don’t know if there are any bugs in it. Parasoft Insure++’s coverage analysis enables the visual identification of which sections of code have been executed and which have not. This capability allows users to focus on testing use-cases for the areas of code that haven’t yet been exercised, or haven’t been exercised sufficiently. With Parasoft Insure++, you can easily:

  • Identify the blocks of instrumented code exercised during memory debugging.
  • Understand the relationships between the memory defects and the code that was executed.

Insure++ can also add a “hit count” to the basic blocks, showing how many times each block has executed in order to detect surprising performance bottlenecks.  Basic block coverage instrumentation and visualization is built into Insure++, and happens automatically.  A basic block is any sequence of statements which do not cause or accept a branch. Insure++ detects these and adds instrumentation to record the execution of each block.

While your application is running, Insure++ provides live data about ongoing memory usage, providing a graphical view of all memory allocations over time, with specific visibility into overall heap usage, block allocations, possible outstanding leaks, and so on. This insight into an application’s memory usage patterns allows you to effectively analyze and optimize runtime memory usage and performance.

If a block has been leaked, you can see the allocation stack trace, as well as the stack trace where the leak occurred. Additionally, the overall size of the heap is monitored, and various statistics are tracked, such as number of allocation and deallocation calls. This information gives the user clear information about heap flogging, high- and low- water marks, heap exhaustion, and most importantly heap fragmentation. Heap fragmentation is the hardest thing to identify without some sort of visualization, so Insure++ makes this easy to find and fix.

While your application is running, get real-time visibility into:

  • How your application is utilizing memory
  • Memory problems as they appear, and the impact of those problems on memory
  • Details of heap usage, block allocations, free memory, and frequency of memory access over time
  • Comparisons with historical data to view the outcomes of tuning your application's use of memory

Benefit from the Parasoft Approach

The Power of Integrations

Parasoft integrates with a wide variety of software, tools and frameworks, so you can easily adopt and scale within your existing development environment.

Get a free trial of Parasoft Insure++

What the industry is saying about Parasoft