This is an archive of the discontinued LLVM Phabricator instance.

[libFuzzer] Periodically purge allocator's quarantine to prolong fuzzing sessions.
ClosedPublic

Authored by alekseyshl on Oct 20 2017, 7:55 PM.

Details

Summary

Fuzzing targets that allocate/deallocate a lot of memory tend to consume
a lot of RSS when ASan quarantine is enabled. Purging quarantine between
iterations and returning memory to OS keeps RSS down and should not
reduce the quarantine effectiveness provided the fuzz target does not
preserve state between iterations (in this case this feature can be turned off).

Based on D39153.

Event Timeline

alekseyshl created this revision.Oct 20 2017, 7:55 PM
vitalybuka accepted this revision.Oct 23 2017, 11:11 AM

Did you consider to avoid interval option at all?
e.g. closer you get to rss limit -> smaller number of fuzz iteration without purge?

lib/fuzzer/FuzzerLoop.cpp
604

for could you put following together?

EF->__sanitizer_purge_allocator();
LastAllocatorPurgeAttemptTime = system_clock::now();

e.g.

void Fuzzer::PurgeAllocator() {
  if (some condition)
    return;
  if (some condition)
    return;
  if (some condition)
    return;
  if (some condition)
    return;
 
  EF->__sanitizer_purge_allocator();
  LastAllocatorPurgeAttemptTime = system_clock::now();
}

or 

void Fuzzer::PurgeAllocator() {
  if (some condition ||
      some condition ||
      some condition ||
      some condition) {
     return;
  } 
 
  EF->__sanitizer_purge_allocator();
  LastAllocatorPurgeAttemptTime = system_clock::now();
}
This revision is now accepted and ready to land.Oct 23 2017, 11:11 AM
alekseyshl added inline comments.Oct 23 2017, 2:12 PM
lib/fuzzer/FuzzerLoop.cpp
604

No, that's not what I wanted to achieve here, I want to record LastAllocatorPurgeAttemptTime regadless of the result of the last check, so that we do not call GetPeakRSSMb() too often.

This revision was automatically updated to reflect the committed changes.
kcc added a subscriber: kcc.Oct 23 2017, 3:42 PM
kcc added inline comments.
compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp
603 ↗(On Diff #119944)

Style nit pick.
libFuzzer tries to follow the LLVM code style exactly, and in that style we don't use {} in statements like this. (here, and below in this function)