-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rust bindings leak emulators #1619
Comments
Acknowledged, but I'm not rust expert and not confident enough to post a fix. Could you draft a PR? |
@domenukk can you fix it? |
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 15 days. |
Yeah also noticed this, with next code it leaks roughly 1GB at a time. use unicorn_engine::unicorn_const as ucc;
use unicorn_engine::Unicorn;
fn leaks() {
let uni = Unicorn::new(ucc::Arch::X86, ucc::Mode::MODE_64);
if uni.is_err() {
println!("Unable to create unicorn instance");
return;
}
let mut emu = uni.unwrap();
emu.add_mem_hook(
ucc::HookType::MEM_UNMAPPED,
0,
u64::MAX,
|_uc, _access, _addr, _size, _value| {
true
},
).unwrap();
}
fn main() {
for i in 0..30 {
leaks();
println!("Iteration {}, check ram usage...", i);
// sleep for 1 second
std::thread::sleep(std::time::Duration::from_secs(1));
}
} |
Actually |
You're right, explicitly removing all hooks before dropping the emulator solves the issue. However, I think this is rather a workaround than a proper solution. |
hey @bet4it, thanks for the fix. I can confirm it's working (not leaking the memory on my sample) |
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 15 days. |
Not fixed yet |
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 15 days. |
Just hit this problem, found this issue, switched to the dev branch, and it seems to have gone away. Thanks! |
Closing as fixed. |
Steps to reproduce the bug:
Expected behaviour: all resources related to the emulator are freed.
Actual behaviour: the emulator is not freed.
The following code showcases the problem:
At each point in time, only one emulator should exist, so the memory usage should stay constant, around
MEM_SIZE
. Instead you will see that after each second, the memory usage increases byMEM_SIZE
, indicating that the emulator is not freed.The root cause of the problem is that the
UnicornInner
does not get dropped whenUnicorn
is dropped. This happens becauseinner
is anRc
, which only gets dropped if its reference count is exactly one.unicorn/bindings/rust/src/lib.rs
Lines 131 to 155 in ca81d46
However, the
add_code_hook
function clonesinner
, increasing the reference count. This introduces a circluar reference, because theinner
holds a reference to the hooks, but the hooks also hold a reference toinner
; henceinner
will never get dropped.unicorn/bindings/rust/src/lib.rs
Line 626 in ca81d46
The same issue holds for all
add_*_hook
functions, as well asmmio_map
.The text was updated successfully, but these errors were encountered: