xst: disable lsan when xs exit imminent #1067
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR affects only oss-fuzz build target for xst.
When ASAN is enabled, by default it reports all allocated memory at exit as memory leaks. However, this interferes with patterns that do not free memory when program exit is imminent as the allocated memory will be reclaimed at exit anyway. In XS, generally this is the case when fatal errors occur; those reports are not true memory leaks.
Libfuzzer, as an in-process fuzzer, additionally tracks the ratio of
malloc
tofree
calls during each test case to determine if it should call LeakSanitizer's interface for on-demand leak detection. It uses the on-demand check to find leaks during test cases instead of ASAN's default at exit detection.Ideally, we want leak detection to work, while not reporting leaks that would have been immediately freed at program exit.
To do this, we implement
__lsan_is_turned_off
to disallow leak checking at certain parts of the program, independent of whether libfuzzer enables or disables lsan internally. The documentation states that it must return a constant value, but for our case it works as expected (lsan check impl for reference). With this change, we no longer need to suppress callsites where allocations may not be freed on fatal errors.Tested against all current variants of false-positive memory leaks, and they no longer reproduce.
A tradeoff may be more out-of-memory issues reported, since libfuzzer is in-process and does not exit when XS would exit.