cronet/base/immediate_crash.h

*6777b538SAndroid Build Coastguard Worker// Copyright 2019 The Chromium Authors
*6777b538SAndroid Build Coastguard Worker// Use of this source code is governed by a BSD-style license that can be
*6777b538SAndroid Build Coastguard Worker// found in the LICENSE file.
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#ifndef BASE_IMMEDIATE_CRASH_H_
*6777b538SAndroid Build Coastguard Worker#define BASE_IMMEDIATE_CRASH_H_
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#include "base/fuzzing_buildflags.h"
*6777b538SAndroid Build Coastguard Worker#include "build/build_config.h"
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#if BUILDFLAG(USE_FUZZING_ENGINE)
*6777b538SAndroid Build Coastguard Worker#include <stdlib.h>
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#if BUILDFLAG(IS_LINUX)
*6777b538SAndroid Build Coastguard Worker// The fuzzing coverage display wants to record coverage even
*6777b538SAndroid Build Coastguard Worker// for failure cases. It's Linux-only. So on Linux, dump coverage
*6777b538SAndroid Build Coastguard Worker// before we immediately exit. We provide a weak symbol so that
*6777b538SAndroid Build Coastguard Worker// this causes no link problems on configurations that don't involve
*6777b538SAndroid Build Coastguard Worker// coverage.
*6777b538SAndroid Build Coastguard Workerextern "C" int __attribute__((weak)) __llvm_profile_write_file(void);
*6777b538SAndroid Build Coastguard Worker#endif  // BUILDFLAG(IS_LINUX)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#endif  // BUILDFLAG(USE_FUZZING_ENGINE)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Crashes in the fastest possible way with no attempt at logging.
*6777b538SAndroid Build Coastguard Worker// There are several constraints; see http://crbug.com/664209 for more context.
*6777b538SAndroid Build Coastguard Worker//
*6777b538SAndroid Build Coastguard Worker// - TRAP_SEQUENCE_() must be fatal. It should not be possible to ignore the
*6777b538SAndroid Build Coastguard Worker//   resulting exception or simply hit 'continue' to skip over it in a debugger.
*6777b538SAndroid Build Coastguard Worker// - Different instances of TRAP_SEQUENCE_() must not be folded together, to
*6777b538SAndroid Build Coastguard Worker//   ensure crash reports are debuggable. Unlike __builtin_trap(), asm volatile
*6777b538SAndroid Build Coastguard Worker//   blocks will not be folded together.
*6777b538SAndroid Build Coastguard Worker//   Note: TRAP_SEQUENCE_() previously required an instruction with a unique
*6777b538SAndroid Build Coastguard Worker//   nonce since unlike clang, GCC folds together identical asm volatile
*6777b538SAndroid Build Coastguard Worker//   blocks.
*6777b538SAndroid Build Coastguard Worker// - TRAP_SEQUENCE_() must produce a signal that is distinct from an invalid
*6777b538SAndroid Build Coastguard Worker//   memory access.
*6777b538SAndroid Build Coastguard Worker// - TRAP_SEQUENCE_() must be treated as a set of noreturn instructions.
*6777b538SAndroid Build Coastguard Worker//   __builtin_unreachable() is used to provide that hint here. clang also uses
*6777b538SAndroid Build Coastguard Worker//   this as a heuristic to pack the instructions in the function epilogue to
*6777b538SAndroid Build Coastguard Worker//   improve code density.
*6777b538SAndroid Build Coastguard Worker// - base::ImmediateCrash() is used in allocation hooks. To prevent recursions,
*6777b538SAndroid Build Coastguard Worker//   TRAP_SEQUENCE_() must not allocate.
*6777b538SAndroid Build Coastguard Worker//
*6777b538SAndroid Build Coastguard Worker// Additional properties that are nice to have:
*6777b538SAndroid Build Coastguard Worker// - TRAP_SEQUENCE_() should be as compact as possible.
*6777b538SAndroid Build Coastguard Worker// - The first instruction of TRAP_SEQUENCE_() should not change, to avoid
*6777b538SAndroid Build Coastguard Worker//   shifting crash reporting clusters. As a consequence of this, explicit
*6777b538SAndroid Build Coastguard Worker//   assembly is preferred over intrinsics.
*6777b538SAndroid Build Coastguard Worker//   Note: this last bullet point may no longer be true, and may be removed in
*6777b538SAndroid Build Coastguard Worker//   the future.
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Note: TRAP_SEQUENCE Is currently split into two macro helpers due to the fact
*6777b538SAndroid Build Coastguard Worker// that clang emits an actual instruction for __builtin_unreachable() on certain
*6777b538SAndroid Build Coastguard Worker// platforms (see https://crbug.com/958675). In addition, the int3/bkpt/brk will
*6777b538SAndroid Build Coastguard Worker// be removed in followups, so splitting it up like this now makes it easy to
*6777b538SAndroid Build Coastguard Worker// land the followups.
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#if defined(COMPILER_GCC)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#if BUILDFLAG(IS_NACL)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Crash report accuracy is not guaranteed on NaCl.
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE1_() __builtin_trap()
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE2_() asm volatile("")
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#elif defined(ARCH_CPU_X86_FAMILY)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// TODO(https://crbug.com/958675): In theory, it should be possible to use just
*6777b538SAndroid Build Coastguard Worker// int3. However, there are a number of crashes with SIGILL as the exception
*6777b538SAndroid Build Coastguard Worker// code, so it seems likely that there's a signal handler that allows execution
*6777b538SAndroid Build Coastguard Worker// to continue after SIGTRAP.
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE1_() asm volatile("int3")
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#if BUILDFLAG(IS_APPLE)
*6777b538SAndroid Build Coastguard Worker// Intentionally empty: __builtin_unreachable() is always part of the sequence
*6777b538SAndroid Build Coastguard Worker// (see IMMEDIATE_CRASH below) and already emits a ud2 on Mac.
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE2_() asm volatile("")
*6777b538SAndroid Build Coastguard Worker#else
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE2_() asm volatile("ud2")
*6777b538SAndroid Build Coastguard Worker#endif  // BUILDFLAG(IS_APPLE)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#elif defined(ARCH_CPU_ARMEL)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// bkpt will generate a SIGBUS when running on armv7 and a SIGTRAP when running
*6777b538SAndroid Build Coastguard Worker// as a 32 bit userspace app on arm64. There doesn't seem to be any way to
*6777b538SAndroid Build Coastguard Worker// cause a SIGTRAP from userspace without using a syscall (which would be a
*6777b538SAndroid Build Coastguard Worker// problem for sandboxing).
*6777b538SAndroid Build Coastguard Worker// TODO(https://crbug.com/958675): Remove bkpt from this sequence.
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE1_() asm volatile("bkpt #0")
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE2_() asm volatile("udf #0")
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#elif defined(ARCH_CPU_ARM64)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// This will always generate a SIGTRAP on arm64.
*6777b538SAndroid Build Coastguard Worker// TODO(https://crbug.com/958675): Remove brk from this sequence.
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE1_() asm volatile("brk #0")
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE2_() asm volatile("hlt #0")
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#else
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Crash report accuracy will not be guaranteed on other architectures, but at
*6777b538SAndroid Build Coastguard Worker// least this will crash as expected.
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE1_() __builtin_trap()
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE2_() asm volatile("")
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#endif  // ARCH_CPU_*
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#elif defined(COMPILER_MSVC)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#if !defined(__clang__)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// MSVC x64 doesn't support inline asm, so use the MSVC intrinsic.
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE1_() __debugbreak()
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE2_()
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#elif defined(ARCH_CPU_ARM64)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Windows ARM64 uses "BRK #F000" as its breakpoint instruction, and
*6777b538SAndroid Build Coastguard Worker// __debugbreak() generates that in both VC++ and clang.
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE1_() __debugbreak()
*6777b538SAndroid Build Coastguard Worker// Intentionally empty: __builtin_unreachable() is always part of the sequence
*6777b538SAndroid Build Coastguard Worker// (see IMMEDIATE_CRASH below) and already emits a ud2 on Win64,
*6777b538SAndroid Build Coastguard Worker// https://crbug.com/958373
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE2_() __asm volatile("")
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#else
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE1_() asm volatile("int3")
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE2_() asm volatile("ud2")
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#endif  // __clang__
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#else
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#error No supported trap sequence!
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#endif  // COMPILER_GCC
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#define TRAP_SEQUENCE_() \
*6777b538SAndroid Build Coastguard Worker  do {                   \
*6777b538SAndroid Build Coastguard Worker    TRAP_SEQUENCE1_();   \
*6777b538SAndroid Build Coastguard Worker    TRAP_SEQUENCE2_();   \
*6777b538SAndroid Build Coastguard Worker  } while (false)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// This version of ALWAYS_INLINE inlines even in is_debug=true.
*6777b538SAndroid Build Coastguard Worker// TODO(pbos): See if NDEBUG can be dropped from ALWAYS_INLINE as well, and if
*6777b538SAndroid Build Coastguard Worker// so merge. Otherwise document why it cannot inline in debug in
*6777b538SAndroid Build Coastguard Worker// base/compiler_specific.h.
*6777b538SAndroid Build Coastguard Worker#if defined(COMPILER_GCC)
*6777b538SAndroid Build Coastguard Worker#define IMMEDIATE_CRASH_ALWAYS_INLINE inline __attribute__((__always_inline__))
*6777b538SAndroid Build Coastguard Worker#elif defined(COMPILER_MSVC)
*6777b538SAndroid Build Coastguard Worker#define IMMEDIATE_CRASH_ALWAYS_INLINE __forceinline
*6777b538SAndroid Build Coastguard Worker#else
*6777b538SAndroid Build Coastguard Worker#define IMMEDIATE_CRASH_ALWAYS_INLINE inline
*6777b538SAndroid Build Coastguard Worker#endif
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Workernamespace base {
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker[[noreturn]] IMMEDIATE_CRASH_ALWAYS_INLINE void ImmediateCrash() {
*6777b538SAndroid Build Coastguard Worker#if BUILDFLAG(USE_FUZZING_ENGINE)
*6777b538SAndroid Build Coastguard Worker  // If fuzzing, exit in such a way that atexit() handlers are run in order
*6777b538SAndroid Build Coastguard Worker  // to write out failing fuzz cases. This is similar
*6777b538SAndroid Build Coastguard Worker  // behavior to __sanitizer::Die.
*6777b538SAndroid Build Coastguard Worker  // libfuzzer has its own atexit handler which unfortunately calls the
*6777b538SAndroid Build Coastguard Worker  // equivalent of base::ImmediateCrash, thus not running any other atexit
*6777b538SAndroid Build Coastguard Worker  // handlers. We want to dump coverage information so we'll do that
*6777b538SAndroid Build Coastguard Worker  // here explicitly too.
*6777b538SAndroid Build Coastguard Worker#if BUILDFLAG(IS_LINUX)
*6777b538SAndroid Build Coastguard Worker  if (__llvm_profile_write_file) {
*6777b538SAndroid Build Coastguard Worker    __llvm_profile_write_file();
*6777b538SAndroid Build Coastguard Worker  }
*6777b538SAndroid Build Coastguard Worker#endif  // BUILDFLAG(IS_LINUX)
*6777b538SAndroid Build Coastguard Worker  exit(-1);
*6777b538SAndroid Build Coastguard Worker#else   // BUILDFLAG(USE_FUZZING_ENGINE)
*6777b538SAndroid Build Coastguard Worker  TRAP_SEQUENCE_();
*6777b538SAndroid Build Coastguard Worker#endif  // BUILDFLAG(USE_FUZZING_ENGINE)
*6777b538SAndroid Build Coastguard Worker#if defined(__clang__) || defined(COMPILER_GCC)
*6777b538SAndroid Build Coastguard Worker  __builtin_unreachable();
*6777b538SAndroid Build Coastguard Worker#endif  // defined(__clang__) || defined(COMPILER_GCC)
*6777b538SAndroid Build Coastguard Worker}
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker}  // namespace base
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#endif  // BASE_IMMEDIATE_CRASH_H_