-
Notifications
You must be signed in to change notification settings - Fork 6
[QEUSTION] About leak detector #24
Comments
Hi all, I know the decripotr_type is a common interface for various watchpoints.
here is the link:https://github.com/Granary/granary/blob/release/clients/watchpoints/clients/leak_detector/descriptor.h#L187 |
I'm hoping that Akshay will explain the I will admit in advance that the configuration enumeration constants for descriptors are poorly designed and unusually complex. Future versions of watchpoints in the next Granary will be better though :-D
If the value is If the value is
void *ptr = ...;
add_watchpoint(ptr, ...);
add_watchpoint(ptr, ...); Then the first |
Hi pgoodman, May I ask, have you started working on next granary? |
There are updates; however, they are in a private repo for the time being. I will be happy to share when it's closer to being in a state where it actually does something. At the moment I am working on a virtual register system, which allows one to avoid having to manually write code that saves/restores registers, the flags, etc. That work will probably take another two or more weeks. After that I will need to implement the actual stuff that makes control-flow work. Beyond that there are several other challenges, including code cache flushing / migration. |
yeah, it's good news. When/if neccessary, I would like to help doing something like test, document etc. All best for you. |
Hello Ren, However, there are some challenges when implementing leak detector for the kernel modules. The modules generally has limited view of the kernel and its activities. The allocated memory blocks are also shared between kernel and modules. This makes it challenging to design a leak detector for kernel modules which detects leak with low or reasonable false positive. Behavioral watchpoints are quite helpful in designing such system. This is because they take the form of non-canonical addresses and can be easily identified. However, the challenge here is to add watchpoints with all the memory allocated in module context (allocated by the module or kernel code on behalf of module) and also identify the rootsets correctly. The current implementation of leak detector patches all memory allocators in the kernel and based on the interaction of the kernel/modules it decides when it has to add the watchpoints. The policy used to add watchpoints are lenient because adding more watchpoints will increase your scan space but it will also reduce the false positive. Implementation also uses two different scanning policy to perform reachability analysis: light scanning and deep scanning. Light scanning only scans the rootsets collected during the program run and it gets scheduled periodically. The initial rootset includes the machine context, thread stack and all global pointers. The deep scanning is infrequent and it gets scheduled only when the detected memory leaks reaches a threshold value. During deep scanning, it scans entire heap space looking for the watchpoints. The design of deep scanning is very critical because it introduces false negative and you can only detect certain kind of leaks, but the leak detected during deep scanning are true leaks. A decision about a leak is made after both light and deep scanning. This is a general overview of leak detector. I am not sure if it answers all your queries. Let me know if you have any other question. We can discuss it further. |
Hello kumarak, Sorry for my poor context knowleges. There is still some I don't understand:
thanks ;) |
perhapse, you can help me fix this compiling error, here #25. |
I suggest Googling (or Baidu-ing) for info on the "mark and sweep" garbage collection algorithm. That will answer some of your questions and give you a bit more intuition. Sans intuition answer:
Light scanning is based on object staleness. I am not sure if this is how Akshay actually implemented it, but the way we have previously discussed it, staleness tracking works as follows. For every object, keep track of a counter. The value of the counter is The way the staleness is implemented is that every access to a watched object moves |
Thanks. I get a high insight about leak detector.
All the best for you. |
Look at this code(https://github.com/Granary/granary/blob/release/clients/watchpoints/clients/leak_detector/state.h#L15):
does |
About leak policy(https://github.com/Granary/granary/blob/release/clients/watchpoints/clients/leak_detector/instrument.h#L90):
All the best for you. |
Think of I think that The initial policy is the
So far, a summary of the execution behavior is that if the kernel invokes some module code, then the first thing that happens is Okay, so why all of this fuss? Recall that this tool is attempting to detect leaks of all module-allocated memory. What Akshay discovered why working on this system is that things are not so simple as just function-wrapping In this case, what was needed was an understanding of whether or not an allocation was executing in the context of module code. In the simplest term, an allocation is in the context of a module in one of two cases:
Case 1 is easy to handle with a
What is meant by "internal app code" is that it is module code that is not within the entry function into the module. Suppose we have the following call chain: K1 calls M1 calls M2, where K1 is a kernel function, and M1 and M2 are instrumented module functions. Then the first basic block of M1 is instrumented with It's not clear to me that, as implemented, the method of tracking module entry/exit is sufficient. That is, I think a counter should also track the number of nestings, e.g. K1 -> M1 -> K2 -> M2 -> etc. An alternative approach that would not rely on |
Thanks.clearly explanations. The following code(https://github.com/Granary/granary/blob/release/clients/watchpoints/clients/leak_detector/thread.cc#L107) I cannot understand:
what make me confuse are:
There maybe some tricks I don't know, can you show me? |
So, It looks like the only think Akshay stored in the |
Hi all,
I want to make leak_detector work again, which is currently removed from master.
Could someone show me the high idea of leak_dector? like:
(1) what type of memory leak can be detected?
(2) why do we introduce thread into leak_detector?
Thanks! :)
The text was updated successfully, but these errors were encountered: