On Tue, Jul 12, 2011 at 08:37:16PM +0200, Otto Moerbeek wrote: > On Tue, Jul 12, 2011 at 08:24:34PM +0200, Ariane van der Steldt wrote: > > On Tue, Jul 12, 2011 at 01:23:52PM +0200, Otto Moerbeek wrote: > > > at the cost of some speed, reduce the malloc cache size to 0 with > > > flag 'S'. This means that pages that become free will be unmapped asap. > > > This detects more use-after-free bugs. The slowdown is because of more > > > unmap/mmap calls. > > > > > > ok? > > > > I like it. Any reason not to do this with the F (freeguard) option? > > Originally the freeguard just set the protection to NONE. But > come to think of it, setting cache size to 0 has a very similar effect. > So freeguard could only do the small chunks and let the rest to > cachesize 0. > > I am wondering: how expensieve are mprotect calls compared to mmap/munmap?
mprotect is slightly less expensive, since it doesn't have to teardown and rebuild an amap. For the remainder, the algorithms have the same cost: O(log N) lookup with O(M log N) treewalk (where N is the size of the map, and M is the number of pages visited). If I understand the malloc code correct, then M=1. No idea really what the real overhead of amaps is, but if people turn on Freeguard, I doubt that performance is not at the top of their priorities anyway. -- Ariane