Followup to crrev.com/c/3573184, which did not honor destructor order,
leading to the background task releasing before the lock.
Bug: 1313555
Change-Id: Ifbd3902964552458b83cfc550f50058067021499
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3591012
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
In a later CL, in some cases these structs were not zero-initialized
which caused some iOS tests to fail.
We now zero-initialize these structs which should be harmless now,
and useful later.
Bug: 1250098
Change-Id: I933e80e56714a1d8988deae3aa56ec36ed98ef03
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3538665
Reviewed-by: Justin Cohen <justincohen@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Because the upload thread uses synchronous upload, calling Stop() on
that thread from the main thread will lock, and trigger a terminate
when transitioning from foreground to background.
Additionally, background assertions now only last 30 seconds, so
shorten the timeout to 20 seconds.
This is a followup to https://crrev.com/c/3517967.
Bug: crashpad:1315441
Change-Id: Ic6886607805667ffce5ecf41716fc63333a341b8
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3577820
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Use ScopedBackgroundTask to prevent file lock termination from happening
when holding locked files in a shared AppGroup.
Bug: 1313555
Change-Id: Idc0105f8ecdb65c26214a7265a216b9d480ed01d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3573184
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Change the ObjExceptionProcessor to write intermediate dumps to a
temporary location until they are confirmed by the
UncaughtExceptionHandler. Because the exception preprocessor uses
heuristics to detect iOS sinkholes, it's possible for an exception to
be identified as fatal, but not actual trigger the uncaught exception
handler. If the processor detects more than one fatal exception, it will
unregister itself and indicate this in the second dump with the key
'MultipleHandledUncaughtNSException'.
This changes also consolidates and simplifies some methods in the
InProcessHandler.
Change-Id: Ifc457e974d25f533b77cfd18b702129fdfb10a75
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3529968
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Some sinkholes use objc_exception_throw instead of rethrow, which gives
the preprocessor a second, incorrect, attempt to process the
NSException. This also means if the processor misses the first sinkhole,
on the second attempt the original throwing stack will be missing.
Instead, track the original NSException and ignore any followup calls
to the ObjcExceptionPreprocessor with the same NSException.
Also creates a ExceptionPreprocessorState class to manage the complex
types. This will be used in a followup CL to finalize caught
NSExceptions using the uncaught handler.
Bug: 1300171
Change-Id: I1f9f2c7ee79c7a16585103f04831217979e9332b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3530246
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Stop the prune thread and the upload thread when moving to the
inactive/background state. This will reduce the number of 0xdead10cc
system kills from having a file lock during iOS suspend.
Wait to start the prune thread when the application is active.
Otherwise, for iOS prewarmed applications, the prune thread will
regularly start when the application is foregrounded for the first
time when the user intentionally runs the app.
It's still possible for either the prune thread or the upload thread to
have a file lock during iOS suspend, such as when a task started in the
foreground and does not complete in time for suspension. Future work
should include considering BackgroundTasks and/or NSURLSessions, which
can more safely run in the background.
Bug: crashpad: 400
Change-Id: Ic7d4687eb795fe585327f128aa84a5928141f4a9
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3517967
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
https://crrev.com/c/3401563 introduced logic to guard the cached
intermediate dump writer from concurrent exceptions with a first
exception wins approach. To prevent the losing exception from returning
immediately and terminating the app before the dump is written, the
losing thread sleeps indefinitely. In the case where the losing
exception is from a call to abort() and the winning exception is a Mach
exception, the process will never terminate because abort() will first
block all signals on all other threads with a sigprocmask. This prevents
the kernel from delivering the signal converted from the Mach exception
and will never terminate. This effectively deadlocks the app.
Instead, unblock all signals corresponding to all Mach exceptions
Crashpad registers for before returning KERN_FAILURE.
Bug: crashpad:391
Change-Id: I96c357e98f09e65e70c67125a45b9b04075c2c06
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3518186
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
in_process_intermediate_dump_handler_test was mixing CPU
architecture (x86_64 vs arm64) and iOS device type (iphoneos vs
iphonesimulator).
Bug: 1306589
Change-Id: Ie43a7f1916d69888e992320d999010071b2575b3
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3527034
Reviewed-by: Rohit Rao <rohitrao@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
iOS applications may be terminated with the exception code 0xdead10cc
when holding on to file locks in the shared container during suspension.
One approach to minimize this is to request additional background
execution time to complete the locking operation (in this case the
CrashReportUpload thread and the PruneIntermediateDumpsAndCrashReports
thread).
Bug: crashpad:400
Change-Id: I4192ae1a92646ea337a09ac071e49761ab2d3860
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3517966
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
The IOSSystemDataCollector was previously owned by the iOS CrashHandler
and passed in to the iOS InProcessHandler in each method. Move
ownership to iOS InProcessHandler to simplify.
Change-Id: Ifa41304cb1e3e3825a211e6cce5aa730d0edcc95
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3517965
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Override malloc_default_zone and malloc_default_purgeable_zone
with allocators that exit when called from the signal or Mach exception
threads in XCUITests, to verify the allocator is not used by the
InProcessHandler. Check stderr for error messages to confirm failures.
Change-Id: I1bb92e57504d71bbf6c6eaad3571c814e8a6934c
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3488826
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Change signal, uncaught NSExceptions and Mach exception handlers to
prevent re-entrancy with a first-exception-wins approach to prevent
concurrent exceptions from trying to use the same cached intermediate
dump writer. Uses compare-and-swap to either return early for reentrant
signals or to wait indefinitely for anything after the first fatal
exception.
Change the NSException handler generated from the Objective-C exception
preprocessor to not used the cached intermediate dump writer and
not use the same first-exception-wins logic. This is useful because the
Objective-C exception preprocessor is imperfect and may generate
intermediate dumps that are not followed by process termination.
Simplify DumpWithoutCrashing's ownership of its intermediate dump writer
to be thread safe.
Set a handler for SIGPIPE for applications that haven't already
ignored or set a handler for SIGPIPE.
Bug: crashpad:391
Change-Id: Ia8ae61d50be81910fa0af40325300441d9dc01b6
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3401563
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Crashpad currently has a circular dependency: client->snapshot->client.
The dependency from snapshot -> client only exists to pull in a single
constant for Windows (CrashpadClient::kTriggeredExceptionCode), so this
change breaks the dependency by splitting the constant out into a new
file util/win/exception_codes.h.
Change-Id: I6b74b367df716e097758e63a44c53cb92ea5e04d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3450763
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
When trying to update Chromium's copy of crashpad I got this error
message:
Banned functions were used.
third_party\crashpad\crashpad\client\crashpad_client_ios_test.mm:33:
testing::Test should not be used in Objective-C++ code as it does
not drain the autorelease pool at the end of the test. Use
PlatformTest instead.
So, I'm fixing the code as requested.
The change was introduced in crrev.com/c/3418581
Change-Id: I4888febbd41b6365d9bde5ad062565770496243f
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3459403
Reviewed-by: Justin Cohen <justincohen@chromium.org>
Commit-Queue: Bruce Dawson <brucedawson@chromium.org>
When updating Chromium's copy of crashpad I received this very
reasonable warning:
client\ios_handler\exception_processor.h: Includes STL header(s) but does not reference std::
So, this change removes the #include of vector.
Change-Id: I22f05b542fd4e0b582351072a3e3bb4af402b836
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3459402
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Justin Cohen <justincohen@chromium.org>
Commit-Queue: Bruce Dawson <brucedawson@chromium.org>
This patch adds optional support for Arm Pointer Authentication Codes.
X30/LR is not stored to stack at any place and restored for usage.
Therefore only adding PAC flag to .note.gnu.property section.
Change-Id: I9581059dfa1eed88af5a73df15b6a0d299caea13
Bug: crashpad: 1145581
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3440070
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Adenilson Cavalcanti <cavalcantii@chromium.org>
xnu turns hardware faults into Mach exceptions, so the only signal left
to register is SIGABRT, which never starts off as a hardware fault.
Installing a handler for other signals would lead to recording
exceptions twice. As a consequence, Crashpad will not generate
intermediate dumps for anything manually calling raise(SIG*). In
practice, this doesn’t actually happen for crash signals that originate
as hardware faults.
Change-Id: I1be669d10e89b8e8ebcc69cfdf79c1ee20c96f76
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3403042
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
https://crrev.com/c/3399252 fixed a heap overrun in iOS intermediate
dump processing.
This is a follow-up to that change to harden `CrashHandler` against
similar crashes:
1) Ensure the destructor of `ScopedAlternateWriter` is invoked
to restore `InProcessHandler::writer_` state before processing
the intermediate dump (otherwise, a signal raised by the intermediate
dump handler would dereference the empty `std::unique_ptr` in
`InProcessHandler::writer_`).
2) Harden `InProcessHandler` to check if `writer_` is empty before
handling signals or exceptions
Change-Id: I1e63a496395b26681632302e8915b4433897037a
Bug: 391
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3401766
Reviewed-by: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
Handle multiple simultaneous crashes among threads by having
the first crashing thread set an atomic flag and subsequently crashing
threads check the flag before requesting a dump. If a dump has already
been requested, the threads pause on a futex with a timeout in case the
crashing thread crashes again or otherwise fails to WakeThreads().
The thread_local disabled_for_thread_ is removed and combined with this
flag because accessing thread_locals produces undefined behavior in
signal handlers.
Bug:crashpad:384, chromium:861730
Change-Id: I83bce36e1010d0635ba8aeac937e150c43a4166f
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3403017
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Both running first chance handlers and checking for disabled signal
handlers should no longer interact with DumpWithoutCrashing().
First-chance-handlers should also run even with disabled crashpad
signal handlers or else those signals would be reported by the next
chained signal handlers as crashes.
Change-Id: I64b3da42c400a1c431c6228d4da181ed56bfda89
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3403413
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Use BUILDFLAG(IS_*) instead of defined(OS_*).
This was generated mostly mechnically by performing the following steps:
- sed -i '' -E -e 's/defined\(OS_/BUILDFLAG(IS_/g' \
-e 's%([ !])OS_([A-Z]+)%\1BUILDFLAG(IS_\2)%g' \
$(git grep -l 'OS_'
'**/*.c' '**/*.cc' '**/*.h' '**/*.m' '**/*.mm')
- sed -i '' -e 's/#ifdef BUILDFLAG(/#if BUILDFLAG(/' \
$(git grep -l '#ifdef BUILDFLAG('
'**/*.c' '**/*.cc' '**/*.h' '**/*.m' '**/*.mm')
- gsed -i -z -E -e \
's%(.*)#include "%\1#include "build/buildflag.h"\n#include "%' \
$(git grep -l 'BUILDFLAG(IS_'
'**/*.c' '**/*.cc' '**/*.h' '**/*.m' '**/*.mm')
- Spot checks to move #include "build/buildflag.h" to the correct parts
of files.
- sed -i '' -E -e \
's%^(#include "build/buildflag.h")$%#include "build/build_config.h"\n\1%' \
$(grep -L '^#include "build/build_config.h"$'
$(git grep -l 'BUILDFLAG(IS_'
'**/*.c' '**/*.cc' '**/*.h' '**/*.m' '**/*.mm'))
- Add “clang-format off” around tool usage messages.
- git cl format
- Update mini_chromium to 85ba51f98278 (intermediate step).
TESTING ONLY).
- for f in $(git grep -l '^#include "build/buildflag.h"$'
'**/*.c' '**/*.cc' '**/*.h' '**/*.m' '**/*.mm'); do \
grep -v '^#include "build/buildflag.h"$' "${f}" > /tmp/z; \
cp /tmp/z "${f}"; done
- git cl format
- Update mini_chromium to 735143774c5f (intermediate step).
- Update mini_chromium to f41420eb45fa (as checked in).
- Update mini_chromium to 6e2f204b4ae1 (as checked in).
For ease of review and inspection, each of these steps is uploaded as a
new patch set in a review series.
This includes an update of mini_chromium to 6e2f204b4ae1:
f41420eb45fa Use BUILDFLAG for OS checking
6e2f204b4ae1 Include what you use: string_util.h uses build_config.h
Bug: chromium:1234043
Change-Id: Ieef86186f094c64e59b853729737e36982f8cf69
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3400258
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
_LIBCPP_ENABLE_CXX17_REMOVED_UNEXPECTED_FUNCTIONS is needed to bring
back std::unexpected, which is removed in C++17, but still needed
for libc++abi for backward compatibility.
Bug: 1274565
Change-Id: I5b5687ef7a49e90bf6937ade8b02ff4484690e09
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3307905
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
iOS 15.1 reordered private APIs before public APIs when looking at the
unw_get_proc_info() frame_info.start_ip, so doing a min/max within
UIGestureEnvironment would fail on devices. However, this API is always
called by UIWindow sendEvent, which is not a private API. Do the same
check, but instead look back 2 frames, and check to see if we are
within UIWindow.
Both APIs are still marked <redacted>, but the detection should still
work.
Also cleans up some tests fixtures when running in release.
Change-Id: I762615e9cb44389800cf3291af52a7568c3825d5
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3299008
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Testing in beta has shown a few examples of a cropped intermediate dump
still providing useful information, but due to the order intermediate
dump data is written, could be improved.
- Change the order of writing data to the intermediate dump by
increasing the priority of the Exception block from:
Header / Process / System / Threads/ Modules / Exception
to
Header / Process / System / Exception / Threads / Modules
- Annotate minidump reports generated from incomplete intermediate
dumps with the key 'crashpad_intermediate_dump_incomplete'.
- Handle partial exception contexts rather than throwing them away.
Change-Id: I543c1d3135c42e5b8e339e498ea0c86002f37ea3
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3294862
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Change IOSIntermediateDumpReader to take a new interface that can be
backed by a FilePath (as it is now) or a StringFile byte array, which
can be useful for tests, especially with fuzzing.
Change-Id: I02a25cfb7cd204975d1bcce80201bd10944f3f2e
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3270755
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
And implement ExtraMemory() for ProcessSnapshotMinidump for this purpose.
Bug: crashpad:10,crashpad:30
Change-Id: I889c42c7e91358336671ae8d00154af820725e7b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3279301
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
This pulls in "base/ignore_result.h" from mini_chromium through DEPS and
updates existing uses of "base/macros.h" to use "base/ignore_result.h".
Bug: chromium:1010217
Change-Id: I283e2bcfb2775de420d7e767b3b4a639dbba9e20
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3286105
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
Because the intermediate dump directory is expected to be shared,
mitigate any spamming by limiting this to 20. Prioritize our
bundle id intermediate dumps first.
Bug: crashpad: 31
Change-Id: I2888431b8bd2d94f481d2f4ec6e032882dad9698
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3261747
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Another set of iOS redacted sinkholes appear in CoreAutoLayout.
However, this is often called by our code, so it's unsafe to simply
handle an uncaught nsexception here. Instead, skip the frame and
continue searching for either a handler that belongs to us, or another
sinkhole.
Bug: crashpad: 31
Change-Id: I20be2acef96f5ee6b7521144548e920e635f0dc7
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3261270
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
The iOS crashpad client was mistakenly setting the process annotations
(typically things like version and product name) when converting the
intermediate dump into a minidump. This is incorrect, as those
annotations are determined at intermediate dump creation time.
Instead, correctly write those annotations during intermediate dump
creation. Passing extra annotations during intermediate dump to
minidump is still supported.
Bug: crashpad: 31
Change-Id: Ic5e29debdc123011d130f75a48345071575466d9
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3266127
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Add another annotation similar to name and reason for the NSException
userInfo string value.
Bug: crashpad:31
Change-Id: Ifeda599d7855c1061e5c0f1fb5fe45d568af65f7
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3238128
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
This will prune the database on a daily basis, in accordance with the
specified condition. This will also unlock any leftover intermediate
dump files.
Bug: crashpad:31
Change-Id: I229f8b8006b44d31062fbf73bb9d316d69ab2dcf
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3231618
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Instead use a custom mechanism based on the filename. Rather than a
filename of <uuid>, instead name the file <bundle-id>|<uuid>[.locked].
A locked file will have the optional .locked extension. Files can be
unlocked after writing an intermediate dump, or during initialization by
looking for matching bundle-ids.
Clients that call ProcessIntermediateDumps() will clean up any leftover
locked intermediate dumps. Clients that never call
ProcessIntermediateDumps, such as extensions that leave this up to the
main application, will be cleaned up in a followup change.
Bug: crashpad:31
Change-Id: Icd4aaa3b79351870fbe9b8463cfbdf7cff7d5f87
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3229429
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Rohit Rao <rohitrao@chromium.org>
