Open llvmbot opened 7 years ago
The quarantine size is only a part of the problem. The bigger problem is that when the quarantine is large, and the program changes the allocation pattern, a portion of the memory freed by the user but not returned to the OS by the allocator keeps growing. Imagine the application does free(malloc(32) lots of times. We will have some number of these 32-byte chunkds in quarantine. Then the application stops allocating 32-byte chunks and instead starts working with 200-byte chunks. The 32-byte chunks get evicted from the quarantine, and just sit in the allocator -- they are not returned to the OS.
In the 64-bit allocator we have implemented allocator_release_to_os_interval_ms to solve this issue (hoping to enable it by default soon), but for 32-bit we don't have any remedy other than making smaller quarantine.
Shouldn't be bigger than on 64 bit mode, though (quarantines are smaller, etc). Unless we're missing something in ASan anyway.
It seems to grow much slower in that case.
We don't test libFuzzer in 32-bit mode, so everything is possible, but more likely the leak is not libFuzzer's fault, but asan's fault. Are you using libFuzzer with asan? If so, try setting env. var. ASAN_OPTIONS=quarantine_size_mb=1 and tell us if this helps.
Extended Description
When I build my fuzzing application using libfuzzer in 32 bit mode, the memory keeps growing until it hits 2 GB after half an hour or something. The same applications in 64 bit mode keep using around 550 - 600 MB.