Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
1941933002:
net: Prevent fuzzers from leaking on each iteration. (Closed)
|
Created:
4 years, 7 months ago by mmenke Modified:
4 years, 7 months ago CC:
chromium-reviews, cbentzel+watch_chromium.org, Ilya Sherman, Alexei Svitkine (slow) Base URL:
https://chromium.googlesource.com/chromium/src.git@master Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
Descriptionnet: Prevent fuzzers from leaking on each iteration.
While the UMA macros use statics to avoid leaking, code that directly
invokes base::Histogram::FactoryGet will keep on creating new objects
on each iteration, unless the StatisticsRecorder has been initialized.
This CL modifies net's Fuzzer infrastructure to ensure it is
initialized.
BUG=602440
Committed: https://crrev.com/0960f7561368543f46cc126d64820307728faa2f
Cr-Commit-Position: refs/heads/master@{#391039}
Patch Set 1 #
Messages
Total messages: 17 (7 generated)
mmenke@chromium.org changed reviewers: + eroman@chromium.org
Haven't tested this doesn't under ASAN, but have confirmed that this stops Histogram::Factory::Build from creating new histogram objects.
On 2016/05/02 18:38:07, mmenke wrote: > Haven't tested this doesn't under ASAN, but have confirmed that this stops > Histogram::Factory::Build from creating new histogram objects. "doesn't leak every iteration under ASAN", rather
lgtm
Description was changed from ========== net: Prevent fuzzers from leaking on each fuzzer iteration. While the UMA macros use statics to avoid leaking, code that directly calls that directly invoke base::Histogram::FactoryGet will keep on creating new objects, unless the StatisticsRecorder has been initialized. This CL modifies net's Fuzzer code to ensure it is initialized. BUG=602440 ========== to ========== net: Prevent fuzzers from leaking on each iteration. While the UMA macros use statics to avoid leaking, code that directly calls that directly invoke base::Histogram::FactoryGet will keep on creating new objects, unless the StatisticsRecorder has been initialized. This CL modifies net's Fuzzer code to ensure it is initialized. BUG=602440 ==========
As an aside, this seems like a very mysterious way for histograms to work. Haven't dug into the specifics, but somewhat troubling that it would behave in this manner rather than crashing or no-op ing...
Description was changed from ========== net: Prevent fuzzers from leaking on each iteration. While the UMA macros use statics to avoid leaking, code that directly calls that directly invoke base::Histogram::FactoryGet will keep on creating new objects, unless the StatisticsRecorder has been initialized. This CL modifies net's Fuzzer code to ensure it is initialized. BUG=602440 ========== to ========== net: Prevent fuzzers from leaking on each iteration. While the UMA macros use statics to avoid leaking, code that directly invokes base::Histogram::FactoryGet will keep on creating new objects on each iteration, unless the StatisticsRecorder has been initialized. This CL modifies net's Fuzzer infrastructure to ensure it is initialized. BUG=602440 ==========
The CQ bit was checked by mmenke@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1941933002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1941933002/1
I agree...This behavior (And even ownership semantics) aren't at all documented in the histogram APIs. [+isherman, +asvitkine]: FYI.
asvitkine@chromium.org changed reviewers: + asvitkine@chromium.org
I'd welcome a change to add more explanation of this on comments on FactoryGet() functions. Though in this case, not sure those would be useful since I assume this test suite is just exercising normal Chrome code - so the person adding a new test suite would need to know this rather than the person using FactoryGet methods. I wonder if it would make sense to have a DCHECK when they're invoked with StatisticsRecorder being initialized? Though I wonder what kind of other problems that would uncover.
+1 for a DCHECK. If we hit the DCHECK elsewhere I think those could be real bugs to fix. For more context, the particular issue here was libfuzz tests leaking around 20MB of histogram data. This was coming from repeatedly instantiating histograms by CookieMonster::InitializeHistograms, which was getting reached once per fuzzed input: https://code.google.com/p/chromium/codesearch#chromium/src/net/cookies/cookie...
Message was sent while issue was closed.
Description was changed from ========== net: Prevent fuzzers from leaking on each iteration. While the UMA macros use statics to avoid leaking, code that directly invokes base::Histogram::FactoryGet will keep on creating new objects on each iteration, unless the StatisticsRecorder has been initialized. This CL modifies net's Fuzzer infrastructure to ensure it is initialized. BUG=602440 ========== to ========== net: Prevent fuzzers from leaking on each iteration. While the UMA macros use statics to avoid leaking, code that directly invokes base::Histogram::FactoryGet will keep on creating new objects on each iteration, unless the StatisticsRecorder has been initialized. This CL modifies net's Fuzzer infrastructure to ensure it is initialized. BUG=602440 ==========
Message was sent while issue was closed.
Committed patchset #1 (id:1)
Message was sent while issue was closed.
Description was changed from ========== net: Prevent fuzzers from leaking on each iteration. While the UMA macros use statics to avoid leaking, code that directly invokes base::Histogram::FactoryGet will keep on creating new objects on each iteration, unless the StatisticsRecorder has been initialized. This CL modifies net's Fuzzer infrastructure to ensure it is initialized. BUG=602440 ========== to ========== net: Prevent fuzzers from leaking on each iteration. While the UMA macros use statics to avoid leaking, code that directly invokes base::Histogram::FactoryGet will keep on creating new objects on each iteration, unless the StatisticsRecorder has been initialized. This CL modifies net's Fuzzer infrastructure to ensure it is initialized. BUG=602440 Committed: https://crrev.com/0960f7561368543f46cc126d64820307728faa2f Cr-Commit-Position: refs/heads/master@{#391039} ==========
Message was sent while issue was closed.
Patchset 1 (id:??) landed as https://crrev.com/0960f7561368543f46cc126d64820307728faa2f Cr-Commit-Position: refs/heads/master@{#391039} |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
