Geodesic Great Circle: a Product Review

Manufacturer: Geodesic Systems, Inc.

URL: www.geodesic.com

Price: $695.00

Requirements: Linux, Pentium or Itanium processor, web browser, GNU compiler

"Look out behind you!"

Okay, I was trying to distract you from noticing that Geodesic Great Circle is not open source. Some of you may stop reading right here, which is too bad, because Great Circle can help you write better applications and save you development time. Great Circle finds memory leaks, multiple frees, heap corruption and so on--and presents it all in a browser-based interface.

Debugging memory management is, let's face it, probably the most tedious task C and C++ developers face. That's part of the reason scripting languages are popular; it's why languages such as Java have automatic garbage collection. And it's why Great Circle exists.

It couldn't have been much easier: I copied greatcircle.tar.Z from CD to my hard drive and extracted the archive. Getting it to run, then, was a simple matter of launching gcmonitor.

Because Great Circle is itself a web server, gone is the potentially complicated step of making it working with Apache. It listens on its own port, which you can specify and change.

Documentation is a 166-page PDF file. Much of it is platform-specific, containing separate instructions for the different platforms on which Great Circle runs: Linux, IBM-AIX, HP-UX, Sun Solaris and Windows. So I read some of the documentation before getting started with the examples.

The example applications link to the Great Circle libraries. The first one I tried simply leaks a bunch of memory by calling malloc and never freeing the memory. The operative part of the code looks like this:

for(i = 0; i < OBJECTS_TO_LEAK;i++)
    malloc(sizeof(int));

This is clearly not something you want to do in real life. I ran the application, then checked out the browser-based interface by going to http://127.0.0.1:50565/. From there, I navigated to the Leaks & Allocations screen.

Leaks & Allocation Screenshot

This screen lists the memory allocated, freed and leaked, as well as multiple frees and memory overwrites. It also lists what memory is in use; therefore, you can monitor an application that's still running.

This screen also includes stack traces, so you can see exactly which allocations lead to which leaks. Clicking on an item in a stack trace opens a new window that shows the surrounding source code, with the specific line in blue text. And so the line "malloc(sizeof(int));" was highlighted in the source code window, as one would expect.

The other examples were somewhat more complex. Importantly, they demonstrated how Great Circle works with not only C but also with C++, alerting you to undisposed objects.

Before I go on, I should say that I ran into some problems with the browser-based interface. It uses frames, JavaScript and cookies, and it is possibly too advanced for some browsers.

On the other hand, it may say something about the current state of Linux browsers that I had some trouble. On Mozilla, for example, sometimes resizing the window or hitting the Back button would cause the bottom frame to go blank. Next I tried Galeon, which crashed almost right away. I then tried Konqueror, which appeared to keep requesting the main page over and over, without ever displaying it.

On a hunch, I switched over to my OS X machine and connected to the page using Internet Explorer; it worked wonderfully.

The fact that MSIE, connecting from another machine, worked so well was heartening. But it also made me wonder about security. Great Circle is, after all, an internet service, an HTTP server. Because it's not an open-source application, its code has not been scrutinized in the same way Apache has been scrutinized.

I was surprised to learn there are no security settings. I expected it would work, by default, only when connecting from the same machine. I also expected that remote connections would be possible only with a username and password--and even that would be optional.

It's not really necessary for Great Circle to have security holes in order for it to be a risk: it can be an information risk. Do you want people to know what you're working on? My recommendation to Great Circle users would be to double-check that your firewall prevents access from outside your LAN.