Microsoft Application Verifier (AppVerifier) is a premier runtime verification tool designed specifically to detect subtle bugs in unmanaged (native C/C++) code that standard testing misses. By hooking OS APIs and injecting specialized testing layers (like Page Heap), it forces hidden runtime issues to trigger an immediate debugger break precisely at the moment the violation occurs.
The top runtime and real-time issues solved by Application Verifier are organized into its primary test categories: 1. Heap Corruption and Memory Overruns
Heap-related bugs account for roughly 10% of all Windows application crashes and are notoriously difficult to debug because the crash usually happens long after the corruption occurs.
Buffer Overruns/Underruns: AppVerifier’s Full Page Heap places an inaccessible guard page immediately after (or before) a memory allocation. If a thread reads or writes even one byte past the buffer, it instantly triggers an Access Violation (0xC0000005).
Use-After-Free (Dangling Pointers): When memory is freed, AppVerifier can mark that entire memory page as inaccessible rather than returning it to the pool. Any subsequent attempt to read or modify that freed memory causes an immediate crash.
Double Frees: It intercepts calls to HeapFree and flags instances where an application attempts to free the same memory block twice, preventing underlying heap structure corruption. 2. Resource and Handle Leaks
Unmanaged applications interact extensively with the Windows Kernel via handles, which can easily be misused. Application Verifier – Overview – Windows drivers
Leave a Reply