I'm trying to detect "Use after free()" bugs, otherwise known as "Dangling pointers". I know Valgrind can be used to detect "Use after free" bugs on the *nix platform, but what about windows? What if I don't have the source? Is there a better program than Valgrind for detecting all dangling pointers in a program? A free and open source would be preferred , but I'll use a commercial solution if it will get the job done.
+2
A:
Years ago I used Purify for this purpose. It's been around for a long time and was quite good when I used it.
Greg Hewgill
2010-03-12 21:31:02
I have used purify, it only seems to detect bugs after the program has crashed. I'm looking for new ways to crash the application :)
Rook
2010-03-12 21:33:22
I've used Purify, and it definitely was able to catch all sorts of memory problems like dangling pointer, double delete, array bounds, memory leak (many false positives on the system I worked on). Obviously sometimes the program will crash too. On any sort of runtime checker you *have* to execute the broken code or it won't be able to detect it. If you're looking for a static checker that's a different question entirely.
Mark B
2010-03-12 22:03:11
Trivia: Purify was, at a certain extent, the cause of the Debian SSH bug. :P
Matteo Italia
2010-03-12 23:35:34
@Matteo your right, it was also humans not understanding a false positive.
Rook
2010-03-13 21:14:43
A:
NuMega BoundsChecker used to catch this stuff. Not sure if they're still in business though...
Seva Alekseyev
2010-03-12 21:33:26
+2
A:
It's not quite as good as Valgrind, but Microsoft's Application Verifier performs a similar function for Windows. It also will let you simulate error conditions for most of the API to tell you if things are going to blow up in your most important client's face :)
Billy ONeal
2010-03-12 21:34:44
+4
A:
The MSVC debug memory allocator already does this. When you get 0xfeeefeee from a pointer dereference you've dangled. With some luck that will bomb the program.
Hans Passant
2010-03-12 21:35:02
Thats cool, but I'm attempting to track down all possible cases of this bug as efficiently as possible. Stepping though a large program line by line is time consuming, although variable break points would help.
Rook
2010-03-12 21:50:12
But what happens if the memory containing 0xfeeefeee gets re-used for a new object? Then this method of detection does not work.
jmatthias
2010-08-25 19:02:38
+3
A:
You can use gflags.exe and the Debugging Tools for Windows to enable heap checking in a process:
It's been a while since I've used this, and I honestly can't remember how well it interacts with the C runtime heap as opposed to the Windows heap manager (to ensure that each malloc()/free()/new/delete call is separately checked).
Free, but not open source.
Michael Burr
2010-03-12 21:56:02
"Page Heap" option in gflags.exe changes the way heap is working. Since malloc/free/new/delete just call heap API, "Page Heap" is a great way to detect majority of memory violation.The actual functionality is embedded in Windows, gflags.exe just changes something in the registry.
Vladimir Lifliand
2010-03-13 05:21:27