Google Git
Sign in
chromium / chromium / src / be615a8821d04fb4bf6d371be95bd323d2d4155c / . / content / browser / frame_host / debug_urls.cc
blob: d396b2fc0309ef56c932299bd25d9bf6b4d49410 [file] [log] [blame]
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/browser/frame_host/debug_urls.h"
#include <vector>
#include "base/command_line.h"
#include "base/debug/asan_invalid_access.h"
#include "base/debug/profiler.h"
#include "base/strings/utf_string_conversions.h"
#include "base/synchronization/waitable_event.h"
#include "base/task/post_task.h"
#include "base/threading/thread_restrictions.h"
#include "build/build_config.h"
#include "cc/base/switches.h"
#include "content/browser/gpu/gpu_process_host.h"
#include "content/public/browser/browser_task_traits.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/common/content_constants.h"
#include "content/public/common/url_constants.h"
#include "ppapi/buildflags/buildflags.h"
#include "url/gurl.h"
#if BUILDFLAG(ENABLE_PLUGINS)
#include "content/browser/ppapi_plugin_process_host.h" // nogncheck
#include "ppapi/proxy/ppapi_messages.h" // nogncheck
#endif
#if defined(OS_WIN)
#include "base/debug/invalid_access_win.h"
#endif
namespace content {
class ScopedAllowWaitForDebugURL {
private:
base::ScopedAllowBaseSyncPrimitivesOutsideBlockingScope wait;
};
namespace {
// Define the Asan debug URLs.
const char kAsanCrashDomain[] = "crash";
const char kAsanHeapOverflow[] = "/browser-heap-overflow";
const char kAsanHeapUnderflow[] = "/browser-heap-underflow";
const char kAsanUseAfterFree[] = "/browser-use-after-free";
#if defined(OS_WIN)
const char kAsanCorruptHeapBlock[] = "/browser-corrupt-heap-block";
const char kAsanCorruptHeap[] = "/browser-corrupt-heap";
#endif
void HandlePpapiFlashDebugURL(const GURL& url) {
#if BUILDFLAG(ENABLE_PLUGINS)
bool crash = url == kChromeUIPpapiFlashCrashURL;
std::vector<PpapiPluginProcessHost*> hosts;
PpapiPluginProcessHost::FindByName(
base::UTF8ToUTF16(kFlashPluginName), &hosts);
for (auto iter = hosts.begin(); iter != hosts.end(); ++iter) {
if (crash)
(*iter)->Send(new PpapiMsg_Crash());
else
(*iter)->Send(new PpapiMsg_Hang());
}
#endif
}
bool IsAsanDebugURL(const GURL& url) {
if (!(url.is_valid() && url.SchemeIs(kChromeUIScheme) &&
url.DomainIs(kAsanCrashDomain) &&
url.has_path())) {
return false;
}
if (url.path_piece() == kAsanHeapOverflow ||
url.path_piece() == kAsanHeapUnderflow ||
url.path_piece() == kAsanUseAfterFree) {
return true;
}
#if defined(OS_WIN)
if (url.path_piece() == kAsanCorruptHeapBlock ||
url.path_piece() == kAsanCorruptHeap) {
return true;
}
#endif
return false;
}
bool HandleAsanDebugURL(const GURL& url) {
#if defined(ADDRESS_SANITIZER)
#if defined(OS_WIN)
if (url.path_piece() == kAsanCorruptHeapBlock) {
base::debug::AsanCorruptHeapBlock();
return true;
} else if (url.path_piece() == kAsanCorruptHeap) {
base::debug::AsanCorruptHeap();
return true;
}
#endif // OS_WIN
if (url.path_piece() == kAsanHeapOverflow) {
base::debug::AsanHeapOverflow();
} else if (url.path_piece() == kAsanHeapUnderflow) {
base::debug::AsanHeapUnderflow();
} else if (url.path_piece() == kAsanUseAfterFree) {
base::debug::AsanHeapUseAfterFree();
} else {
return false;
}
#endif
return true;
}
void HangCurrentThread() {
ScopedAllowWaitForDebugURL allow_wait;
base::WaitableEvent(base::WaitableEvent::ResetPolicy::AUTOMATIC,
base::WaitableEvent::InitialState::NOT_SIGNALED)
.Wait();
}
} // namespace
bool HandleDebugURL(const GURL& url, ui::PageTransition transition) {
// Ensure that the user explicitly navigated to this URL, unless
// kEnableGpuBenchmarking is enabled by Telemetry.
bool is_telemetry_navigation =
base::CommandLine::ForCurrentProcess()->HasSwitch(
cc::switches::kEnableGpuBenchmarking) &&
(PageTransitionCoreTypeIs(transition, ui::PAGE_TRANSITION_TYPED));
if (!(transition & ui::PAGE_TRANSITION_FROM_ADDRESS_BAR) &&
!is_telemetry_navigation)
return false;
if (IsAsanDebugURL(url))
return HandleAsanDebugURL(url);
if (url == kChromeUIBrowserCrashURL) {
// Induce an intentional crash in the browser process.
CHECK(false);
return true;
}
#if defined(OS_WIN)
if (url == kChromeUIBrowserHeapCorruptionURL) {
// Induce an intentional heap corruption in the browser process.
base::debug::win::TerminateWithHeapCorruption();
return true;
}
#endif
if (url == kChromeUIBrowserUIHang) {
HangCurrentThread();
return true;
}
if (url == kChromeUIDelayedBrowserUIHang) {
// Webdriver-safe url to hang the ui thread. Webdriver waits for the onload
// event in javascript which needs a little more time to fire.
base::PostDelayedTaskWithTraits(FROM_HERE, {BrowserThread::UI},
base::BindOnce(&HangCurrentThread),
base::TimeDelta::FromSeconds(2));
return true;
}
if (url == kChromeUIGpuCleanURL) {
GpuProcessHost::CallOnIO(GpuProcessHost::GPU_PROCESS_KIND_SANDBOXED,
false /* force_create */,
base::Bind([](GpuProcessHost* host) {
if (host)
host->gpu_service()->DestroyAllChannels();
}));
return true;
}
if (url == kChromeUIGpuCrashURL) {
GpuProcessHost::CallOnIO(GpuProcessHost::GPU_PROCESS_KIND_SANDBOXED,
false /* force_create */,
base::Bind([](GpuProcessHost* host) {
if (host)
host->gpu_service()->Crash();
}));
return true;
}
#if defined(OS_ANDROID)
if (url == kChromeUIGpuJavaCrashURL) {
GpuProcessHost::CallOnIO(GpuProcessHost::GPU_PROCESS_KIND_SANDBOXED,
false /* force_create */,
base::Bind([](GpuProcessHost* host) {
if (host)
host->gpu_service()->ThrowJavaException();
}));
return true;
}
#endif
if (url == kChromeUIGpuHangURL) {
GpuProcessHost::CallOnIO(GpuProcessHost::GPU_PROCESS_KIND_SANDBOXED,
false /* force_create */,
base::Bind([](GpuProcessHost* host) {
if (host)
host->gpu_service()->Hang();
}));
return true;
}
if (url == kChromeUIPpapiFlashCrashURL || url == kChromeUIPpapiFlashHangURL) {
base::PostTaskWithTraits(FROM_HERE, {BrowserThread::IO},
base::BindOnce(&HandlePpapiFlashDebugURL, url));
return true;
}
return false;
}
} // namespace content