Unicorn 2 regression: memory leak when using hooks on Windows

[erdnaxe]

The following code snippet works with Unicorn 1.0.3 (under Linux AND Windows) or Unicorn 2.0.1.post1 under Linux, but does not work on Unicorn 2.0.1.post1 on Windows:

import unicorn as uc

def intr_hook(uci, intno, data):
    return False

print("Creating 100 unicorn instances (without hook)")
for i in range(100):
    emu = uc.Uc(uc.UC_ARCH_ARM, uc.UC_MODE_THUMB | uc.UC_MODE_MCLASS)

for i in range(100):
    print(f"Creating unicorn instance (with hook) {i+1}")
    emu = uc.Uc(uc.UC_ARCH_ARM, uc.UC_MODE_THUMB | uc.UC_MODE_MCLASS)
    h = emu.hook_add(uc.UC_HOOK_INTR, (intr_hook))
    emu.hook_del(h)

Unicorn 2.0.1.post1 output using Windows Server 2022:

PS C:\Users\Administrateur\rainbow> python .\windows_mem_test.py
Creating 100 unicorn instances (without hook)
Creating unicorn instance (with hook) 1
Creating unicorn instance (with hook) 2
Creating unicorn instance (with hook) 3
Creating unicorn instance (with hook) 4
Creating unicorn instance (with hook) 5
Creating unicorn instance (with hook) 6
Could not allocate dynamic translator buffer
PS C:\Users\Administrateur\rainbow>

This definitely seems strange. I also observed that the error code can change if I add mem_map and mem_unmap calls:

 for i in range(100):
     print(f"Creating unicorn instance (with hook) {i+1}")
     emu = uc.Uc(uc.UC_ARCH_ARM, uc.UC_MODE_THUMB | uc.UC_MODE_MCLASS)
     h = emu.hook_add(uc.UC_HOOK_INTR, (intr_hook))
     emu.hook_del(h)
+    emu.mem_map(0x00000000, 0x60000000)
+    emu.mem_unmap(0x00000000, 0x60000000)

now gives a different error:

PS C:\Users\Administrateur\rainbow> python .\windows_mem_test.py
Creating 100 unicorn instances (without hook)
Creating unicorn instance (with hook) 1
Creating unicorn instance (with hook) 2
Creating unicorn instance (with hook) 3
Creating unicorn instance (with hook) 4
Traceback (most recent call last):
  File "C:\Users\Administrateur\rainbow\windows_mem_test.py", line 15, in <module>
    emu.mem_map(0x00000000, 0x60000000)
  File "C:\Users\Administrateur\AppData\Local\Programs\Python\Python311\Lib\site-packages\unicorn\unicorn.py", line 621, in mem_map
    raise UcError(status)
unicorn.unicorn.UcError: No memory available or memory not present (UC_ERR_NOMEM)
PS C:\Users\Administrateur\rainbow>

Finally, when running this code in Github Actions (using windows_latest which is also Windows Server 2022), I can sometime get the Python process to exit with return code 1 without any extra output.

[wtdcode]

Looks duplicate with #1704

[erdnaxe]

From what I understand, I am indirectly observing some sides effects of issue #1704.

However, the main issue here is that adding then removing a hook cause the garbage collector to stop collecting the Uc instance. Maybe this line is causing the problem as hook_del does not remove the callback from self._ctype_cbs ?: https://github.com/unicorn-engine/unicorn/blob/2.0.1.post1/bindings/python/unicorn/unicorn.py#L896

[wtdcode]

From what I understand, I am indirectly observing some sides effects of issue #1704.

However, the main issue here is that adding then removing a hook cause the garbage collector to stop collecting the Uc instance. Maybe this line is causing the problem as hook_del does not remove the callback from self._ctype_cbs ?: https://github.com/unicorn-engine/unicorn/blob/2.0.1.post1/bindings/python/unicorn/unicorn.py#L896

This should be fixed by #1629 I think.

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 15 days.

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 15 days.