diff options
| author | Alex Shlyapnikov <alekseys@google.com> | 2017-10-23 22:04:30 +0000 |
|---|---|---|
| committer | Alex Shlyapnikov <alekseys@google.com> | 2017-10-23 22:04:30 +0000 |
| commit | 4b9f44eeb084b0aa8ed0e8ddc5da8a3f13e5a764 (patch) | |
| tree | 901ea456f08d41ae5cf5a6836834d2410dd1deae /lib/fuzzer/FuzzerLoop.cpp | |
| parent | d93cb79ee54b601d00a1852e78895ae236857262 (diff) | |
[libFuzzer] Periodically purge allocator's quarantine to prolong fuzzing sessions.
Summary:
Fuzzing targets that allocate/deallocate a lot of memory tend to consume
a lot of RSS when ASan quarantine is enabled. Purging quarantine between
iterations and returning memory to OS keeps RSS down and should not
reduce the quarantine effectiveness provided the fuzz target does not
preserve state between iterations (in this case this feature can be turned off).
Based on D39153.
Reviewers: vitalybuka
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39155
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@316382 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/fuzzer/FuzzerLoop.cpp')
| -rw-r--r-- | lib/fuzzer/FuzzerLoop.cpp | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp index 30844e328..58e8168d1 100644 --- a/lib/fuzzer/FuzzerLoop.cpp +++ b/lib/fuzzer/FuzzerLoop.cpp @@ -587,7 +587,7 @@ void Fuzzer::MutateAndTestOne() { size_t NewSize = 0; NewSize = MD.Mutate(CurrentUnitData, Size, CurrentMaxMutationLen); assert(NewSize > 0 && "Mutator returned empty unit"); - assert(NewSize <= CurrentMaxMutationLen && "Mutator return overisized unit"); + assert(NewSize <= CurrentMaxMutationLen && "Mutator return oversized unit"); Size = NewSize; II.NumExecutedMutations++; if (RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II)) @@ -598,6 +598,25 @@ void Fuzzer::MutateAndTestOne() { } } +void Fuzzer::PurgeAllocator() { + if (Options.PurgeAllocatorIntervalSec < 0 || + !EF->__sanitizer_purge_allocator) { + return; + } + if (duration_cast<seconds>(system_clock::now() - + LastAllocatorPurgeAttemptTime).count() < + Options.PurgeAllocatorIntervalSec) { + return; + } + + if (Options.RssLimitMb <= 0 || + GetPeakRSSMb() > static_cast<size_t>(Options.RssLimitMb) / 2) { + EF->__sanitizer_purge_allocator(); + } + + LastAllocatorPurgeAttemptTime = system_clock::now(); +} + void Fuzzer::ReadAndExecuteSeedCorpora(const Vector<std::string> &CorpusDirs) { const size_t kMaxSaneLen = 1 << 20; const size_t kMinDefaultLen = 4096; @@ -699,6 +718,8 @@ void Fuzzer::Loop(const Vector<std::string> &CorpusDirs) { // Perform several mutations and runs. MutateAndTestOne(); + + PurgeAllocator(); } PrintStats("DONE ", "\n"); |