search

google / tcmalloc

Apache License 2.0
4.31k stars 463 forks source link

gwp-asan seems not effective! #193

Closed kungf closed 1 year ago

kungf commented 1 year ago

I writed an example, memory used after free, but gwp-asan didn't show any error trace, the program works fine. This is the code:

#include <iostream>
#include "tcmalloc/malloc_extension.h"

int main() {
    tcmalloc::MallocExtension::SetGuardedSamplingRate(0);
    tcmalloc::MallocExtension::ActivateGuardedSampling();
    int *cs = new int[10];
    delete[] cs;
    for (int i = 0; i< 1000; i++) {
            cs[i] = i;
    }
    std::cout << "used after delete" << std::endl;
    return 0;
}

This is the BUILD:

cc_binary(
    name = "hello_world",
    srcs = ["hello_world.cc"],
    malloc = "@com_google_tcmalloc//tcmalloc",
)
kungf commented 1 year ago

fix. Maybe there are unused bytes remaining, inspired by:

//tcmalloc/testing/memory_errors_test.cc 

// Eat up unsampled bytes remaining to flush the new sample rates.
    while (true) {
      void *p = ::operator new(kPageSize);
      if (tcmalloc::Static::guardedpage_allocator()->PointerIsMine(p)) {
        ::operator delete(p);
        break;
      }
      ::operator delete(p);
    }

fix test code :

#include <iostream>
#include "tcmalloc/malloc_extension.h"

int main() {

    tcmalloc::MallocExtension::SetProfileSamplingRate(1);
    tcmalloc::MallocExtension::SetGuardedSamplingRate(0);
    tcmalloc::MallocExtension::ActivateGuardedSampling();

    for (int i = 0; i < 100000; i++ ){
        void *p = ::operator new(128);
        ::operator delete(p);
        }

    int64_t *cs = new int64_t[10];
    delete[] cs;
    cs[11] = 11;

    return 0;
}