[Forensics-changes] [yara] 192/415: Speed optimization by using arenas to store matching information instead of heap mallocs.
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:43:04 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit e6becca832c2f4eaf357c82b9a76e0d6af8b63aa
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Thu Jul 4 12:07:36 2013 +0000
Speed optimization by using arenas to store matching information instead of heap mallocs.
---
libyara/compiler.c | 1 +
libyara/rules.c | 71 +++++++++++++++++++++++++++---------------------------
libyara/yara.h | 1 +
3 files changed, 37 insertions(+), 36 deletions(-)
diff --git a/libyara/compiler.c b/libyara/compiler.c
index 23abf2e..41e90b8 100644
--- a/libyara/compiler.c
+++ b/libyara/compiler.c
@@ -509,6 +509,7 @@ int yr_compiler_get_rules(
yara_rules->externals_list_head = rules_file_header->externals_list_head;
yara_rules->automaton = rules_file_header->automaton;
yara_rules->code_start = rules_file_header->code_start;
+ yara_rules->matches_arena = NULL;
*rules = yara_rules;
}
diff --git a/libyara/rules.c b/libyara/rules.c
index 32e1760..301f65c 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -414,6 +414,7 @@ inline int _yr_scan_verify_string_match(
int _yr_scan_verify_match(
+ YARA_RULES* rules,
AC_MATCH* ac_match,
uint8_t* data,
size_t data_size,
@@ -422,6 +423,7 @@ int _yr_scan_verify_match(
MATCH* match;
STRING* string;
+ int result;
int32_t match_length;
match_length = _yr_scan_verify_string_match(
@@ -442,39 +444,35 @@ int _yr_scan_verify_match(
}
else
{
- match = (MATCH*) yr_malloc(sizeof(MATCH));
-
- if (match == NULL)
- return ERROR_INSUFICIENT_MEMORY;
+ result = yr_arena_allocate_memory(
+ rules->matches_arena,
+ sizeof(MATCH),
+ (void**) &match);
- match->data = (uint8_t*) yr_malloc(match_length);
+ if (result != ERROR_SUCCESS)
+ return result;
- if (match->data != NULL)
- {
- match->first_offset = string_offset;
- match->last_offset = string_offset;
- match->length = match_length;
- match->next = NULL;
+ match->first_offset = string_offset;
+ match->last_offset = string_offset;
+ match->length = match_length;
+ match->next = NULL;
- memcpy(match->data, data + string_offset, match_length);
+ result = yr_arena_write_data(
+ rules->matches_arena,
+ data + string_offset,
+ match_length,
+ (void**) &match->data);
- if (string->matches_list_head == NULL)
- string->matches_list_head = match;
+ if (result != ERROR_SUCCESS)
+ return result;
- if (string->matches_list_tail != NULL)
- string->matches_list_tail->next = match;
+ if (string->matches_list_head == NULL)
+ string->matches_list_head = match;
- string->matches_list_tail = match;
- }
- else
- {
- yr_free(match);
- return ERROR_INSUFICIENT_MEMORY;
- }
+ if (string->matches_list_tail != NULL)
+ string->matches_list_tail->next = match;
- match->first_offset = string_offset;
- match->last_offset = string_offset;
- match->length = match_length;
+ string->matches_list_tail = match;
}
}
@@ -573,16 +571,6 @@ void yr_rules_free_matches(
while (!STRING_IS_NULL(string))
{
string->flags &= ~STRING_FLAGS_FOUND;
- match = string->matches_list_head;
-
- while (match != NULL)
- {
- next_match = match->next;
- yr_free(match->data);
- yr_free(match);
- match = next_match;
- }
-
string->matches_list_head = NULL;
string->matches_list_tail = NULL;
string++;
@@ -590,6 +578,9 @@ void yr_rules_free_matches(
rule++;
}
+
+ if (rules->matches_arena != NULL)
+ yr_arena_destroy(rules->matches_arena);
}
@@ -627,6 +618,7 @@ int yr_rules_scan_mem_block(
ac_match->string->flags & STRING_FLAGS_SINGLE_MATCH))
{
result = _yr_scan_verify_match(
+ rules,
ac_match,
data,
data_size,
@@ -667,6 +659,7 @@ int yr_rules_scan_mem_block(
while (ac_match != NULL)
{
result = _yr_scan_verify_match(
+ rules,
ac_match,
data,
data_size,
@@ -705,6 +698,11 @@ int yr_rules_scan_mem_blocks(
yr_rules_free_matches(rules);
+ result = yr_arena_create(&rules->matches_arena);
+
+ if (result != ERROR_SUCCESS)
+ return result;
+
start_time = time(NULL);
while (block != NULL)
@@ -916,6 +914,7 @@ int yr_rules_load(
new_rules->code_start = header->code_start;
new_rules->externals_list_head = header->externals_list_head;
new_rules->rules_list_head = header->rules_list_head;
+ new_rules->matches_arena = NULL;
rule = new_rules->rules_list_head;
diff --git a/libyara/yara.h b/libyara/yara.h
index 7fa2ff9..bd85d76 100644
--- a/libyara/yara.h
+++ b/libyara/yara.h
@@ -474,6 +474,7 @@ typedef struct _MEMORY_BLOCK
typedef struct _YARA_RULES {
ARENA* arena;
+ ARENA* matches_arena;
RULE* rules_list_head;
EXTERNAL_VARIABLE* externals_list_head;
AC_AUTOMATON* automaton;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list