Memory Hygiene in C and C++, Part 2: Commercial Tools
The first installment of this series on "memory hygiene" emphasized the importance of managing memory correctly. The daily news of the software industry reinforces this need, because so many headline-making faultsexploits, worms, instabilities, and so ontrace back directly to memory mismanagement.
Don't despair, though: All these problems are preventable.
The Fun Part
Part of my previous article's message on the importance of memory management is that you don't have to let memory errors infect you. I'm a big fan of "professional discipline"specific documentation and coding techniques that help prevent memory faults. The previous article couldn't possibly cover all the software engineering ideas for memory management that you can practice in your own work; later in this series, I'll describe a few more. This time, though, I want to introduce the aspect of memory hygiene that's easiest to enjoy: use of commercial products for testing memory usage. This is one of the healthiest proprietary domains in all of computing, in that there's a vibrant market with several competing alternatives, all of which are impressively effective and moderately priced. Unlike the tools or "frameworks" in many areas of computing, memory testers are good products that are comprehensible, have clear benefits, and are sometimes almost fun to use.
TIP
Check out this site, where I maintain pointers to the memory-checking products I've encountered.
Almost all memory-testing products operate in roughly the same way: Given a collection of C or C++ sources that you compile into an executable, you pass the program through the product to generate a slightly different executable. You then "exercise" the programlaunch it and run it through typical usage sequencesand the memory-testing product reports any errors or hazards it finds. For instance, suppose you've typed an array as follows:
int my_result[20];
If you then write to element 22 of my_result, the product tells you that you've made a mistake.
Beyond these similarities, products differ in their licensing, marketing, and basic technology; for example, Insure++ instruments at the source-code level, and Purify directly on compiled objects.