Open Bug 1253105 Opened 9 years ago Updated 2 years ago

Don't zero arenas when in debug mode (or offer build flag)

Categories

(NSPR :: NSPR, defect)

Product:
NSPR
Component:
NSPR
Type:
defect

Tracking

(Not tracked)

People

(Reporter: ryan.sleevi, Unassigned)

Details

I'm not sure the best title for this, so feel free to change. Presently, lib/ds/plarena.h has #defines for PL_CLEAR_UNUSED_PATTERN, PL_CLEAR_UNUSED, and PL_CLEAR_ARENA, all of which operate on an arena. In order to fuzz efficiently with ASAN, users MUST set DEBUG in order that PL_CLEAR_ARENA/PL_CLEAR_UNUSED_PATTERN will properly invoke PL_MAKE_MEM_UNDEFINED and indicate to ASAN that the memory should be treated as undefined. Unfortunately, it also calls memset, with either the PL_FREE_PATTERN or the user-supplied pattern (in the case of PL_CLEAR_UNUSED_PATTERN), which disproportionately dominates the performance of fuzzing runs (to the point of 80% or more of the time spent just in memset when fuzzing portions of NSS) I'm not sure the best approach here - whether removing the memset wholesale, adding yet-another-build-flag/if-def, or something else - but we should be able to remove the memset()s without ill-effect for ASAN builds, since PL_MAKE_MEM_UNDEFINED conveys the necessary/desired side-effects.
Hi Ryan: That memset call is intended to approximate PL_MAKE_MEM_UNDEFINED. So we don't need to do both. Ideally, we can define PL_MAKE_MEM_UNDEFINED as the memset call in a debug build when none of the dynamic memory error checker is in use. But that requires some analysis. We can start by skipping the memset call when we are using a dynamic memory error checker.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.