go-fuzz icon indicating copy to clipboard operation
go-fuzz copied to clipboard
verified publisher icon dvyukov

leak detection?

Open dvyukov opened this issue 5 years ago • 0 comments

Could go-fuzz detect logical memory leaks (DoS)?

Libfuzzer uses LeakSanitizer but it has an interesting heuristic, it will do a LeakSanitizer check (very expensive) iff the test case has unbalanced malloc/free, i.e. it allocated something it did not freed. This is not possible directly for Go (no free). But maybe it's possible to build something similar. Namely, run GC, capture MemStats, run a batch of tests, run GC, capture MemStats, if we see unbalanced malloc/free counts, try to bisect the batch and confirm leak in a single test (each repeated execution must increase the number of live objects).

The first would probably be to build a prototype outside of go-fuzz that would precisely pinpoint a logical leak.

dvyukov avatar Jun 26 '20 06:06 dvyukov