Closed zak-pawel closed 2 years ago
cc @golang/vulndb
cc @zpavlinovic
I can confirm that the peak memory usage for this project goes above 8GB. This is not exactly surprising as govulncheck builds a call graph both for the top packages and all of their transitive dependencies. For the telegraf project, govulncheck works over ~385k functions and just the loaded packages take ~4GB. Conversion to SSA and call graph computation more than double that usage.
While there might be something we can do to make the memory peak go below 8GB for this particular project, there are definitely other large projects that will go well over that. We suggest either increasing the memory or partitioning the package set (if that makes sense in your context) and run govulncheck separately for each partition:
govulncheck partition1
...
govulncheck partitionN
Closing for now as "working as intended."
What version of Go are you using (
go version
)?Does this issue reproduce at the latest version of golang.org/x/vuln?
Yes:
x/vuln@v0.0.0-20221019194534-41df7bda74f3
What operating system and processor architecture are you using (
go env
)?go env
Outputuname -a
Outputlscpu
Outputfree -m
OutputWhat did you do?
What did you expect to see?
I expected to see
govulncheck
finishes without any error, potentially with some findings reported.What did you see instead?
Additionally, I saw in
top
thatgovulncheck
consumed all available memory before it was killed.Moreover,
govulncheck
was also killed in CircleCI job run inside VM with 4 vCPUs and 8GB RAM in official Telegraf CI.More information
Problematic scan was run in Ubuntu Budgie 22.04 VM (inside VMWare Workstation). 8 CPUs and 8 GB were assigned.
After I increased memory 32 GB, following output appeared: