Geodesic Great Circle: a Product Review
Manufacturer: Geodesic Systems, Inc.
Requirements: Linux, Pentium or Itanium processor, web browser, GNU compiler
"Look out behind you!"
Okay, I was trying to distract you from noticing that Geodesic Great Circle is not open source. Some of you may stop reading right here, which is too bad, because Great Circle can help you write better applications and save you development time. Great Circle finds memory leaks, multiple frees, heap corruption and so on--and presents it all in a browser-based interface.
Debugging memory management is, let's face it, probably the most tedious task C and C++ developers face. That's part of the reason scripting languages are popular; it's why languages such as Java have automatic garbage collection. And it's why Great Circle exists.
It couldn't have been much easier: I copied greatcircle.tar.Z from CD to my hard drive and extracted the archive. Getting it to run, then, was a simple matter of launching gcmonitor.
Because Great Circle is itself a web server, gone is the potentially complicated step of making it working with Apache. It listens on its own port, which you can specify and change.
Documentation is a 166-page PDF file. Much of it is platform-specific, containing separate instructions for the different platforms on which Great Circle runs: Linux, IBM-AIX, HP-UX, Sun Solaris and Windows. So I read some of the documentation before getting started with the examples.
The example applications link to the Great Circle libraries. The first one I tried simply leaks a bunch of memory by calling malloc and never freeing the memory. The operative part of the code looks like this:
for(i = 0; i < OBJECTS_TO_LEAK;i++) malloc(sizeof(int));
This is clearly not something you want to do in real life. I ran the application, then checked out the browser-based interface by going to http://127.0.0.1:50565/. From there, I navigated to the Leaks & Allocations screen.
This screen lists the memory allocated, freed and leaked, as well as multiple frees and memory overwrites. It also lists what memory is in use; therefore, you can monitor an application that's still running.
This screen also includes stack traces, so you can see exactly which allocations lead to which leaks. Clicking on an item in a stack trace opens a new window that shows the surrounding source code, with the specific line in blue text. And so the line "malloc(sizeof(int));" was highlighted in the source code window, as one would expect.
The other examples were somewhat more complex. Importantly, they demonstrated how Great Circle works with not only C but also with C++, alerting you to undisposed objects.
On the other hand, it may say something about the current state of Linux browsers that I had some trouble. On Mozilla, for example, sometimes resizing the window or hitting the Back button would cause the bottom frame to go blank. Next I tried Galeon, which crashed almost right away. I then tried Konqueror, which appeared to keep requesting the main page over and over, without ever displaying it.
On a hunch, I switched over to my OS X machine and connected to the page using Internet Explorer; it worked wonderfully.
The fact that MSIE, connecting from another machine, worked so well was heartening. But it also made me wonder about security. Great Circle is, after all, an internet service, an HTTP server. Because it's not an open-source application, its code has not been scrutinized in the same way Apache has been scrutinized.
I was surprised to learn there are no security settings. I expected it would work, by default, only when connecting from the same machine. I also expected that remote connections would be possible only with a username and password--and even that would be optional.
It's not really necessary for Great Circle to have security holes in order for it to be a risk: it can be an information risk. Do you want people to know what you're working on? My recommendation to Great Circle users would be to double-check that your firewall prevents access from outside your LAN.
Great Circle has two ways of monitoring an application. One is to link an application with the Great Circle libraries. The other is to "inject" an application with Great Circle support.
To test these out, I created a simple application that leaks memory (similar to one of the examples) and injected it by using the command gsinject -d -t -e ./testapp. This information runs the application with Great Circle monitoring support.
Then I went to my browser to look at the report. Great Circle reported the expected amount of memory was being leaked. Though the stack traces included symbols, you can't see the source code in the browser with an injected application. Which is what you'd expect.
Injecting means you can monitor the memory use of almost any application, whether you have the source or not. This feature is probably less useful in the open-source world, where you either have or can get the source, than it is for Windows users.
If you're used to running open-source applications, you're probably out of the habit of reconciling what's written in a product brochure (written for pointy-headed-bosses) with what's in the docs (written for developers).
For example, the brochure says, "Great Circle detects and reports on memory problems without unacceptable performance degradation." But then, later in the PDF documentation, I read, "Great Circle is not appropriate for a production environment because the performance hit for all the symbol reading can be enormous."
Although that's not exactly a contradiction, it's not exactly consonant, either. The good news is there's little of this. The claims made in the product brochure, though written in marketing patois, are borne out by the product itself.
The easiest way to find out more about Great Circle is through the on-line demo. You can monitor leaks in Mozilla at www.geodesic.com/monitor/monitor.html. This demo gives you an accurate feel for the browser-based interface. You can also download a 15-day demo here.
Accurately finds memory leaks, multiple frees and memory overwrites.
Easy to install.
Supports monitoring applications even if you don't have the source.