blob: 2bd83e10e71cb0a53cac0b375713ff7787743c65 [file] [log] [blame]
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <windows.h>
#include <winevt.h>
#include <map>
#include <memory>
#include <utility>
#include <vector>
#include "base/gtest_prod_util.h"
#include "base/time/time.h"
namespace metrics {
// Analyzes system session events for unclean sessions. Initialization is
// expensive and therefore done lazily, as the analyzer is instantiated before
// knowing whether it will be used.
class SystemSessionAnalyzer {
enum Status {
CLEAN = 1,
// Minimal information about a log event.
struct EventInfo {
uint16_t event_id;
base::Time event_time;
// Creates a SystemSessionAnalyzer that will analyze system sessions based on
// events pertaining to as many as |max_session_cnt| of the most recent system
// sessions.
explicit SystemSessionAnalyzer(uint32_t max_session_cnt);
virtual ~SystemSessionAnalyzer();
// Returns an analysis status for the system session that contains
// |timestamp|.
virtual Status IsSessionUnclean(base::Time timestamp);
// Queries for the next |requested_events|. On success, returns true and
// |event_infos| contains up to |requested_events| events ordered from newest
// to oldest.
// Returns false otherwise. Virtual for unit testing.
virtual bool FetchEvents(size_t requested_events,
std::vector<EventInfo>* event_infos);
struct EvtHandleCloser {
using pointer = EVT_HANDLE;
void operator()(EVT_HANDLE handle) const {
if (handle)
using EvtHandle = std::unique_ptr<EVT_HANDLE, EvtHandleCloser>;
FRIEND_TEST_ALL_PREFIXES(SystemSessionAnalyzerTest, FetchEvents);
bool EnsureInitialized();
bool EnsureHandlesOpened();
bool Initialize();
// Validates that |end| and |start| have sane event IDs and event times.
// Updates |coverage_start_| and adds the session to unclean_sessions_
// as appropriate.
bool ProcessSession(const EventInfo& end, const EventInfo& start);
EvtHandle CreateRenderContext();
// The maximal number of sessions to query events for.
uint32_t max_session_cnt_;
uint32_t sessions_queried_;
bool initialized_ = false;
bool init_success_ = false;
// A handle to the query, valid after a successful initialize.
EvtHandle query_handle_;
// A handle to the event render context, valid after a successful initialize.
EvtHandle render_context_;
// Information about unclean sessions: start time to session duration.
std::map<base::Time, base::TimeDelta> unclean_sessions_;
// Timestamp of the oldest event.
base::Time coverage_start_;
} // namespace metrics