executor: enable periodic leak checking

pimyn-girgis · pimyn-girgis · commit ed8ce2cbd722 · 2025-10-02T15:03:10.000Z
This commit enables the periodic execution of a leak checker within the executor. The leak checker will now run every 2 * num_procs executions, but only after the corpus has been triaged and all executor processes are in an idle state. Fixes #4728.
diff --git a/executor/executor_runner.h b/executor/executor_runner.h
@@ -1,6 +1,7 @@
 // Copyright 2024 syzkaller project authors. All rights reserved.
 // Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
 
+#include <cstring>
 #include <fcntl.h>
 #include <signal.h>
 #include <sys/mman.h>
@@ -17,6 +18,8 @@
 #include <utility>
 #include <vector>
 
+#include "pkg/flatrpc/flatrpc.h"
+
 inline std::ostream& operator<<(std::ostream& ss, const rpc::ExecRequestRawT& req)
 {
 	return ss << "id=" << req.id
@@ -197,7 +200,6 @@ class Proc
 		return;
 	}
 
-private:
 	enum State : uint8 {
 		// The process has just started.
 		Started,
@@ -209,6 +211,12 @@ class Proc
 		Executing,
 	};
 
+	State GetState() const
+	{
+		return state_;
+	}
+
+private:
 	Connection& conn_;
 	const char* const bin_;
 	ProcIDPool& proc_id_pool_;
@@ -575,6 +583,8 @@ class Runner
 	std::vector<std::string> leak_frames_;
 	int restarting_ = 0;
 	bool corpus_triaged_ = false;
+	bool is_leak_enabled_ = false;
+	uint64 exec_count_ = 0;
 	ProcOpts proc_opts_{};
 
 	friend std::ostream& operator<<(std::ostream& ss, const Runner& runner)
@@ -621,11 +631,35 @@ class Runner
 				failmsg("unknown host message type", "type=%d", static_cast<int>(raw.msg.type));
 		}
 
+#if GOOS_linux
+		const uint64 kRunLeakCheckEvery = 2 * procs_.size();
+		constexpr auto IsProcIdle = [](const std::unique_ptr<Proc>& proc) {
+			return proc->GetState() == Proc::State::Idle;
+		};
+		const bool isScheduledForLeakCheck =
+		    is_leak_enabled_ &&
+		    corpus_triaged_ &&
+		    exec_count_ > 0 &&
+		    exec_count_ % kRunLeakCheckEvery == 0;
+
+		if (isScheduledForLeakCheck && std::all_of(procs_.begin(), procs_.end(), IsProcIdle)) {
+			const int len = leak_frames_.size();
+			auto leakFrames = GetArrOfCStr(leak_frames_);
+			check_leaks(leakFrames, len);
+			FreeArrOfCStr(leakFrames, len);
+			++exec_count_;
+		}
+#else
+		constexpr bool isScheduledForLeakCheck = false;
+#endif
+
 		for (auto& proc : procs_) {
 			proc->Ready(select, now, requests_.empty());
-			if (!requests_.empty()) {
-				if (proc->Execute(requests_.front()))
+			if (!isScheduledForLeakCheck && !requests_.empty()) {
+				if (proc->Execute(requests_.front())) {
 					requests_.pop_front();
+					++exec_count_;
+				}
 			}
 		}
 
@@ -667,6 +701,7 @@ class Runner
 		      conn_reply.slowdown, conn_reply.syscall_timeout_ms,
 		      conn_reply.program_timeout_ms, static_cast<uint64>(conn_reply.features));
 		leak_frames_ = conn_reply.leak_frames;
+		is_leak_enabled_ = static_cast<bool>(conn_reply.features & rpc::Feature::Leak);
 
 		proc_opts_.use_cover_edges = conn_reply.cover_edges;
 		proc_opts_.is_kernel_64_bit = is_kernel_64_bit = conn_reply.kernel_64_bit;
@@ -857,6 +892,27 @@ class Runner
 
 		return {status == kFailStatus ? "process failed" : "", std::move(output)};
 	}
+
+#if GOOS_linux
+	char** GetArrOfCStr(const std::vector<std::string>& vec)
+	{
+		char** arr = new char*[vec.size()];
+		std::transform(vec.cbegin(), vec.cend(), arr, [](const std::string& str) {
+			char* c_str = new char[str.size() + 1];
+			memcpy(c_str, str.c_str(), str.size() + 1);
+			return c_str;
+		});
+		return arr;
+	}
+
+	void FreeArrOfCStr(char**& arr, int len)
+	{
+		for (int i = 0; i < len; ++i)
+			delete[] arr[i];
+
+		delete[] arr;
+	}
+#endif
 };
 
 static void SigintHandler(int sig)
