BoundsChecker

BoundsChecker is a memory checking and API call validation tool used for C++ software development with Microsoft Visual C++. It was created by NuMega in the early 1990s. When NuMega was purchased by Compuware in 1997, BoundsChecker became part of a larger tool suite, DevPartner Studio. Micro Focus purchased the product line from Compuware in 2009. Comparable tools include Purify, Insure++ and Valgrind.

BoundsChecker may be run in two distinct modes: ActiveCheck, which will work against any application as is, or FinalCheck, which makes use of instrumentation added to the application when it is built.

ActiveCheck performs a less intrusive analysis and monitors all calls by the application to the C Runtime Library, Windows API and calls to COM objects. By monitoring memory allocations and releases, it can detect memory leaks and overruns. Monitoring API and COM calls enables ActiveCheck to check parameters, returns and exceptions and report exceptions when they occur. Thread deadlocks can also be detected by monitoring of the synchronization objects and calls giving actual and potential deadlock detection.

FinalCheck requires an instrumented build and gives a much deeper but more intrusive analysis. It provides all of the detection features of ActiveCheck plus the ability to detect buffer overflows (read and write) and uninitialized memory accesses. It monitors every scope change, and tracks pointers referencing memory objects.

Leak detection

 * Memory tracking - Memory allocation and release is tracked over the life of the application, and an end-of-session report is generated showing which blocks of memory allocated by user code remain allocated at the time of a normal process termination. When compiler instrumentation is used, some memory leaks can be announced earlier, when the last pointer referring to an allocated block memory goes out of scope or gets overwritten by another value. Through the same mechanisms, attempts to use pointers to previously released memory are reported.
 * COM object tracking - COM object creation and destruction is tracked over the life of the application, and an end-of-session report is generated showing which objects remain active at the time of a normal process termination.
 * Resource tracking - The creation and destruction of system object handles (like file handles, GDI handles and so on) is monitored, and an end-of-session report is generated showing which handles remain at the time of a normal process termination.

API call validation
API calls are monitored, their input parameters verified before the function calls are actually performed, warning of possible problems. The API return codes are also monitored, and error codes are logged. Such validation is limited to such APIs as are known to BoundsChecker, currently several thousand in number. If Memory Tracking is enabled, API Call Validation can make use of the information gathered for more precise validation of memory pointers.

Memory overrun detection
When both memory tracking and API validation are enabled, it becomes possible to detect many kinds of array and buffer overrun conditions. Compiler instrumentation enhances this ability. This is the feature for which the product was originally named.

API call logging
API, COM method and .NET Interop function calls can be logged in detail, noting the call parameter values and the resulting return values. This feature is limited in value, as non-trivial applications often result in the session log quickly becoming too large.

.NET analysis
A report can be generated analyzing .NET Interop, garbage collection and finalizer activity over the life of the process under test.

Deadlock analysis
Certain kinds of deadly embraces and other such lockups can be detected.

Compatibility
The current version (12.1.40) of BoundsChecker supports 32-bit and 64-bit native applications on Windows 10 (2020 Spring Update). MS-DOS, 16-bit Windows, Windows 2000, Windows XP and Windows 7 environments are no longer supported. As part of DevPartner Studio, the product integrates with 2017 Update 15.9.33 and 2019 Update 16.9

As of March 2021, the Deadlock Analysis feature is not yet supported in X64 applications.

Criticisms

 * Licensing - Since the takeover by Micro Focus International, the suite has attracted criticism due to the increasingly awkward licensing mechanisms that need to be dealt with when installing and using it. For example, every single review on the online store site selling the product (apart from one submitted by one of its developers) describes the product as effectively unusable due to the way licensing is handled.
 * Speed - This is a relatively intrusive tool, and can slow the application under test anywhere from 50 to 300 times. The more of the features in use at a time, the slower it gets. This is particularly true when using compiler instrumentation.
 * Currency - Though the product works with many versions of Windows and of Microsoft Visual Studio, the API validation database has not been added to significantly since 2006. Newer APIs are generally not monitored.
 * Portability - Only Microsoft Windows and Microsoft Visual Studio are supported. There is no support for other operating systems nor compilers.
 * Noise - Many results are reported that, while valid, are not very useful. The most common of these kinds of things are API error returns. It is perfectly normal to have certain API calls fail. These kinds of results can be suppressed.

Version history

 * 12.0 - Mar 2020 - New version built for latest Visual C/C++ runtime from Microsoft. Many other internal changes as well.
 * 11.5.1 - Sep 2020 - Now uses the WiX Toolset installer.
 * 11.4 HF5 - Feb 2020 - Support for Visual Studio 2019 16.4.5. Last version to support Windows 7 or earlier, or Visual Studio 2015 or earlier.
 * 11.4 HF4 - Oct 2019 - Support for Windows 10 2019 Fall Update and Visual Studio 2019 16.3.6.
 * 11.4 HF3 - May 2019 - Support for Windows 10 2019 Spring Update and Visual Studio 2019 16.0.3.
 * 11.4 HF2 - Dec 2018 - Support for Windows 10 2018 Fall Update and Visual Studio 2017 15.9.4.
 * 11.4 - Nov 2017 - Support for Windows 10 2017 Fall Creator's Update.
 * 11.3 HF5 - Apr 2017 - Support for Visual Studio 2017.
 * 11.3 - Jul 2015 - Support for Windows 10 and Visual Studio 2015.
 * 11.2 - Jan 2014 - Support for Windows 8.1, Windows 8.0 and Visual Studio 2013.
 * 11.1 - Apr 2013 - Chinese localization (excluding on-line help). Various bug fixes.
 * 11.0 - Sep 2012 - Full Visual Studio 2012 support, improved performance and accuracy.
 * 10.6 - Apr 2012 - New licensing model, product update checker, preliminary support for Visual Studio 2012, and system tray tool with activity monitor.
 * 10.5 - Feb 2011 - Supports X64 applications on Windows Vista X64 and later.
 * 10.0 - Apr 2010 - Supports Visual Studio 2010.
 * 9.1 - Oct 2009 - Supports Windows 7.
 * 9.0 - Sep 2008 - Supports Visual Studios 2005 & 2008.
 * 8.2 - May 2007 - Last version with full support for Visual Studio 6.0 and Visual Studio .NET 2003.
 * 6.0 - 1998 - First version after acquisition of NuMega by Compuware.
 * 5.0 - Mar 1997
 * 4.0 - 1996 - Introduced API Validation feature.
 * 2.0 for DOS - Mar 1991