[Forensics-changes] [yara] 192/415: Speed optimization by using arenas to store matching information instead of heap mallocs.

Hilko Bengen bengen at moszumanska.debian.org
Thu Apr 3 05:43:04 UTC 2014 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to branch debian
in repository yara.

commit e6becca832c2f4eaf357c82b9a76e0d6af8b63aa
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Thu Jul 4 12:07:36 2013 +0000

    Speed optimization by using arenas to store matching information instead of heap mallocs.
---
 libyara/compiler.c |  1 +
 libyara/rules.c    | 71 +++++++++++++++++++++++++++---------------------------
 libyara/yara.h     |  1 +
 3 files changed, 37 insertions(+), 36 deletions(-)

diff --git a/libyara/compiler.c b/libyara/compiler.c
index 23abf2e..41e90b8 100644
--- a/libyara/compiler.c
+++ b/libyara/compiler.c
@@ -509,6 +509,7 @@ int yr_compiler_get_rules(
     yara_rules->externals_list_head = rules_file_header->externals_list_head;
     yara_rules->automaton = rules_file_header->automaton;
     yara_rules->code_start = rules_file_header->code_start;
+    yara_rules->matches_arena = NULL;
 
     *rules = yara_rules;
   }
diff --git a/libyara/rules.c b/libyara/rules.c
index 32e1760..301f65c 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -414,6 +414,7 @@ inline int _yr_scan_verify_string_match(
 
 
 int _yr_scan_verify_match(
+    YARA_RULES* rules,
     AC_MATCH* ac_match,
     uint8_t* data,
     size_t data_size,
@@ -422,6 +423,7 @@ int _yr_scan_verify_match(
   MATCH* match;
   STRING* string;
 
+  int result;
   int32_t match_length;
 
   match_length = _yr_scan_verify_string_match(
@@ -442,39 +444,35 @@ int _yr_scan_verify_match(
     }
     else
     {
-      match = (MATCH*) yr_malloc(sizeof(MATCH));
-
-      if (match == NULL)
-        return ERROR_INSUFICIENT_MEMORY;
+      result = yr_arena_allocate_memory(
+          rules->matches_arena,
+          sizeof(MATCH),
+          (void**) &match);
 
-      match->data = (uint8_t*) yr_malloc(match_length);
+      if (result != ERROR_SUCCESS)
+        return result;
 
-      if (match->data != NULL)
-      {
-        match->first_offset = string_offset;
-        match->last_offset = string_offset;
-        match->length = match_length;
-        match->next = NULL;
+      match->first_offset = string_offset;
+      match->last_offset = string_offset;
+      match->length = match_length;
+      match->next = NULL;
 
-        memcpy(match->data, data + string_offset, match_length);
+      result = yr_arena_write_data(
+          rules->matches_arena,
+          data + string_offset,
+          match_length,
+          (void**) &match->data);
 
-        if (string->matches_list_head == NULL)
-          string->matches_list_head = match;
+      if (result != ERROR_SUCCESS)
+        return result;
 
-        if (string->matches_list_tail != NULL)
-          string->matches_list_tail->next = match;
+      if (string->matches_list_head == NULL)
+        string->matches_list_head = match;
 
-        string->matches_list_tail = match;
-      }
-      else
-      {
-        yr_free(match);
-        return ERROR_INSUFICIENT_MEMORY;
-      }
+      if (string->matches_list_tail != NULL)
+        string->matches_list_tail->next = match;
 
-      match->first_offset = string_offset;
-      match->last_offset = string_offset;
-      match->length = match_length;
+      string->matches_list_tail = match;
     }
   }
 
@@ -573,16 +571,6 @@ void yr_rules_free_matches(
     while (!STRING_IS_NULL(string))
     {
       string->flags &= ~STRING_FLAGS_FOUND;
-      match = string->matches_list_head;
-
-      while (match != NULL)
-      {
-        next_match = match->next;
-        yr_free(match->data);
-        yr_free(match);
-        match = next_match;
-      }
-
       string->matches_list_head = NULL;
       string->matches_list_tail = NULL;
       string++;
@@ -590,6 +578,9 @@ void yr_rules_free_matches(
 
     rule++;
   }
+
+  if (rules->matches_arena != NULL)
+    yr_arena_destroy(rules->matches_arena);
 }
 
 
@@ -627,6 +618,7 @@ int yr_rules_scan_mem_block(
               ac_match->string->flags & STRING_FLAGS_SINGLE_MATCH))
         {
           result = _yr_scan_verify_match(
+              rules,
               ac_match,
               data,
               data_size,
@@ -667,6 +659,7 @@ int yr_rules_scan_mem_block(
   while (ac_match != NULL)
   {
     result = _yr_scan_verify_match(
+        rules,
         ac_match,
         data,
         data_size,
@@ -705,6 +698,11 @@ int yr_rules_scan_mem_blocks(
 
   yr_rules_free_matches(rules);
 
+  result = yr_arena_create(&rules->matches_arena);
+
+  if (result != ERROR_SUCCESS)
+    return result;
+
   start_time = time(NULL);
 
   while (block != NULL)
@@ -916,6 +914,7 @@ int yr_rules_load(
   new_rules->code_start = header->code_start;
   new_rules->externals_list_head = header->externals_list_head;
   new_rules->rules_list_head = header->rules_list_head;
+  new_rules->matches_arena = NULL;
 
   rule = new_rules->rules_list_head;
 
diff --git a/libyara/yara.h b/libyara/yara.h
index 7fa2ff9..bd85d76 100644
--- a/libyara/yara.h
+++ b/libyara/yara.h
@@ -474,6 +474,7 @@ typedef struct _MEMORY_BLOCK
 typedef struct _YARA_RULES {
 
   ARENA*               arena;
+  ARENA*               matches_arena;
   RULE*                rules_list_head;
   EXTERNAL_VARIABLE*   externals_list_head;
   AC_AUTOMATON*        automaton;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list