valgrind (http://developer.kde.org/~sewardj/) is an excellent program correctness checker, including checking for memory leaks/usage of freed memory and usage of uninitialized values. I would like to humbly propose its inclusion in the upcoming RHL release. There are probably some space constraints, but I'd be happy to sacrifice all three of of ElectricFence, njamd and memprof to get valgrind. The only disadvantage of valgrind I can think of is that it is currently IA-32 (x86) only.
Created attachment 86064 [details] valgrind 1.04 packaged for RedHat 8
Created attachment 86065 [details] kcachegrind packaged for RedHat 8
I attached my SRPMS for valgrind and kcachegrind. valgrind has one glaring problem: it access a glibc private interface. That needs to be fixed. The packages also lack BuildRequires.
We'd like to. But we can't. Lots'o'patent issues.
What Patent issues? Hmm just noticed that Mr. Seward (who also wrote bzip2 fair dues to him) is currently a contractor for Microsoft? Or is google lying to me?
Google lied :-) He's a compiler writer at ARM, Cambridge, UK. I still would like to know what Patent issues there are? This is the first pertinent link from google.
In rawhide now.
Rational has some patents for using binary rewrites for memory checks. This is the mechanism used in Purify their memory checking tool. IBM bought Rational in December 2002. This is one of the patents: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=/netahtml/search-bool.html&r=11&f=G&l=50&co1=AND&d=ptxt&s1=rational.ASNM.&s2=memory&OS=AN/rational+AND+memory&RS=AN/rational+AND+memory
Unfortunately, many pieces of software, including ones crucial to the Red Hat/Fedora distribution (such as the Linux kernel), almost certainly infringe upon software patents. This is not unique to open source -- it is simply no longer possible to write significant software packages without infringing upon software patents. Any decent software engineer can easily go to the USPTO and search for "computer" and recognize many widely-used techniques that have been patented. In this case, we are fortunate that IBM is the patent holder. Given that valgrind is probably the most powerful free memory debugging tool under Linux, and Red Hat/Fedora cannot currently include valgrind, it seems that it might be worthwhile to request a waiver from IBM for GPLed software on this patent. I cannot see IBM likely to get much good out of using the patent against GPLed software, and there are clearly a number of Red Hat users that would get a good deal of good out of being able to use valgrind. Such a move for IBM would not, at least in the immediate sense, reduce the utility of the patent for IBM's defensive measures -- anyone likely to sue IBM has probably made many releases of their own infringing software in the past under a license other than the GPL. Even if an attacker's infringing software was immediately GPLed, IBM would have a case.
valgrind is now in Fedora Core 3