Re: [Valgrind-users] memory check on the stack

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Wed, 14 Jan 2004, Paul Pluzhnikov wrote:

> Insure++ from ParaSoft in source-instrumentation mode is about the
> only current tool that can detect stack and globals overflow errors
> in C and C++.

I'm aware of the following other tools that can do stack and/or static
array/pointer checking:

- Purify on Solaris can detect global overflows, and has a limited form of
stack checking (detecting stack frame overflows)

- There are patches to add bounds-checking to GCC
(sourceforge.net/projects/boundschecking/)

- CCured (manju.cs.berkeley.edu/ccured/) is a tool that combines static
analysis with runtime checks to check all pointer use is ok in C.

- MicroQuill's HeapAgent documentation indicates that it does some kind
of stack checking, eg. see www.microquill.com/heapagent/ha_comp.htm.

- The documentation for BoundsChecker
(www.compuware.com/products/devpartner/bounds.htm) seems to indicate it
can do stack and static checking.

- I have an experimental tool called Annelid (see
www.cl.cam.ac.uk/~njn25/valgrind.html) that can do checking of static
arrays (global and local) if debug info is present in the binary.  It
doesn't do stack checking, unfortunately.

I haven't useed any of these but the last;  my information is based on
accompanying documentation, or comments from people who have used them.

I'd be interested to hear about any other tools that can do stack/static
checking.

N