cwe_checher docker container use too much memory

[cingmanwu]

Can someone help give me some suggestions?

OS: Ubuntu 20.04.1 CPU: 4 cores Mem: 16G

I run the cwe_checker:v0.8 docker container to scan a binary file, the I use "docker stats" command to monitor the memory usage, the memory usage of cwe_checker container reaches to 10.19G (see the picture below)

Could someone tell me how can I reduce the memory usage? Such as

1. It's possible to reduce the threads number in the cwe_checker command?
2. can I use the --disable-detected-cwes- parameter to exclude those cwe types which need big memory usage?

(the binary file contains some sensitive data, so I can't upload here, sorry)

[vobst]

Hi,

unfortunately it is not uncommon for implementations of static analysis algorithms to use a lot of memory. This is true for any tool that does analyses that maintain a complex state. For most of our analyses memory consumption should approximately correlate linearly with program size (but program characteristics can also play a role). We frequently encounter cases where we use more then 20GiB of RAM on "large" programs.

There is not much that can be done about that as we often need to trade resource consumption for precision. I'd generally recommend a system with at least 64GiB of RAM. If you run many analyses in parallel or want to avoid rendering the system unresponsive due to swapping I'd recommend limiting the memory usage of containers.

[cingmanwu]

thanks very much, I will try to limit the memory usage of docker container and observe the difference of time usage