Browser tests should verify the exact BadMessageReason |
||||||
Issue descriptionSecurityExploitBrowserTest.MismatchedOriginOnCommit tries to verify that the browser process will kill a renderer if the DidCommitProvisionalLoad IPC claims that it is a same-document navigation, but it really isn't. The problem is that the test doesn't accurately simulate product code behavior and because of this recently started to fail with RFH_INTERFACE_PROVIDER_MISSING(188), rather than RFH_INVALID_ORIGIN_ON_COMMIT(114). This is a problem, because it means that we can silently loose test coverage. So - let's try to make browser tests more robust, by having them verify the exact BadMessageReason of the renderer kill being tested.
,
Jan 4 2018
Is this the cause of these flakes of SecurityExploitBrowserTest.InvalidRequestId on linux_android_rel_ng ? https://ci.chromium.org/buildbot/tryserver.chromium.android/linux_android_rel_ng/460732 https://ci.chromium.org/buildbot/tryserver.chromium.android/linux_android_rel_ng/460601 https://ci.chromium.org/buildbot/tryserver.chromium.android/linux_android_rel_ng/460594 Logs show: [ RUN ] SecurityExploitBrowserTest.InvalidRequestId [WARNING:dns_config_service_posix.cc(341)] Failed to read DnsConfig. [ERROR:devtools_http_handler.cc(249)] Cannot start http server for devtools. Stop devtools. [WARNING:simple_synchronous_entry.cc(1170)] Could not open platform files for entry. [WARNING:child_process_launcher_helper_posix.cc(118)] Ignoring invalid file assets/snapshot_blob_64.bin [ERROR:shell_android.cc(78)] Not implemented reached in void content::Shell::PlatformSetTitle(const base::string16 &): OK [ERROR:bad_message.cc(25)] Terminating renderer for bad IPC message, reason 108 [WARNING:child_process_launcher_helper_posix.cc(118)] Ignoring invalid file assets/snapshot_blob_64.bin [ERROR:shell_android.cc(78)] Not implemented reached in void content::Shell::PlatformSetTitle(const base::string16 &): OK [INFO:test_support_android.cc(185)] MessagePumpForUIFactory already set, unable to override. >>ScopedMainEntryLogger Note: Google Test filter = SecurityExploitBrowserTest.MissingInterfaceProviderOnNonSameDocumentCommit [==========] Running 1 test from 1 test case. [----------] Global test environment set-up. [----------] 1 test from SecurityExploitBrowserTest, where TypeParam = Full logs: https://00e9e64bac525c52ef3140a1a7097c2242db3d7089b80a6785-apidata.googleusercontent.com/download/storage/v1/b/chromium-result-details/o/html%2Fcontent_browsertests_linux_android_rel_ng_460594_2018_01_03_T21_03_23-UTC?qk=AD5uMEtfhaNafv8spLFcraPMoRaYZ_c2mx5qqf9sTt0UvVvPkA4lnpje4HUxb8l4eNcMus_0xwTlgP2Lv883AmRSyT_m8n_n1OGqIRptD5288T_uxFIofg0tax7wj_bfus8eWJ4NczxK9GN8ExLX1giCBfXRD4QvvK3PuLwkJCpKyA4I9NvfI3G_iCIzGWMJU0-5cBJU9FdBCYUqrvRtK6BzGdb4LUzOUAN1YLf3BRs5wJxdgneoGognteEvuU01SR_XH6j496LqlUPD7PfJNdj6O-A1jTW88kXuBtyzxeLWsy2NFUhHu2776c1qjLoiOyLqaLmRNtdxWvk0zs3mnafy6vNx6tP2cStc-dUD515mddzAXVWXSCDAZy-jekeVgKS2XczI7vMg8Rn7FT4wulC1l0juIypO446MLeTna2tkx1XMOnfylveJOxmTj_83vNvG3JW69mrpaidsbv4jik-D5xSJwJD45bAOjUQfhbm_1WS2uis_9KT_ZiALSiGsXY4GU4L7UlVMp1hmQjK3r9_vmvVmzc1qCqbdGfJgYf06beTlWK3hBO99ehrOl2Hf2sQU3L6PmntS3jEnN9pIpJZC0mU3OLNaIVoYPCn0Oz4SAWWTbQk-WOyLSYuSXs-4P1_-3goOEelxszXKuqS1XDY8Ho9K3VoaNujhyD42bluqVb5vHhhdJHZD__yQ_-DY7k-E7tRuiHavz_bQbp4w1mLpfltadpy6ta_MkUXe5XeqYSLKfMsgpfSSxmqxq3OFrdKxfKnc0QY3sT_MFTg0XynJ_8WB-xJqgwckmdXfzbczwAfw7emSbKO_bU4rp-WUlGPiuZwzsADVcIYJMi7GKS82jKLV6z-SYQ Upgrading to P2; if this is really the root cause, please upgrade to P1 and fix urgently as this is causing valid CQ jobs to fail.
,
Jan 5 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6f7462890994e5940c83994fb94e2fba5b31f685 commit 6f7462890994e5940c83994fb94e2fba5b31f685 Author: Lukasz Anforowicz <lukasza@chromium.org> Date: Fri Jan 05 17:30:06 2018 Browser tests should verify the exact BadMessageReason This CL introduces RenderProcessHostKillWaiter, which is almost the same as RenderProcessHostWatcher, but its Wait method is capable of returning base::Optional<content::bad_message::BadMessageReason> that describes the reason why the renderer got killed. When refactoring tests to use RenderProcessHostKillWaiter I've noticed that some kills still use the old actions.xml approach. I've tweaked those kills to use bad_message approach instead. Bug: 797360 Change-Id: Id2ae41888f039932b07138c55d9579149825542d Reviewed-on: https://chromium-review.googlesource.com/843447 Reviewed-by: Robert Kaplow <rkaplow@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Commit-Queue: Ćukasz Anforowicz <lukasza@chromium.org> Cr-Commit-Position: refs/heads/master@{#527309} [modify] https://crrev.com/6f7462890994e5940c83994fb94e2fba5b31f685/content/browser/bad_message.h [modify] https://crrev.com/6f7462890994e5940c83994fb94e2fba5b31f685/content/browser/browser_side_navigation_browsertest.cc [modify] https://crrev.com/6f7462890994e5940c83994fb94e2fba5b31f685/content/browser/cross_site_transfer_browsertest.cc [modify] https://crrev.com/6f7462890994e5940c83994fb94e2fba5b31f685/content/browser/frame_host/render_frame_host_manager_browsertest.cc [modify] https://crrev.com/6f7462890994e5940c83994fb94e2fba5b31f685/content/browser/frame_host/render_frame_message_filter_browsertest.cc [modify] https://crrev.com/6f7462890994e5940c83994fb94e2fba5b31f685/content/browser/isolated_origin_browsertest.cc [modify] https://crrev.com/6f7462890994e5940c83994fb94e2fba5b31f685/content/browser/renderer_host/render_view_host_impl.cc [modify] https://crrev.com/6f7462890994e5940c83994fb94e2fba5b31f685/content/browser/security_exploit_browsertest.cc [modify] https://crrev.com/6f7462890994e5940c83994fb94e2fba5b31f685/content/browser/site_per_process_browsertest.cc [modify] https://crrev.com/6f7462890994e5940c83994fb94e2fba5b31f685/content/browser/web_contents/web_contents_impl.cc [modify] https://crrev.com/6f7462890994e5940c83994fb94e2fba5b31f685/content/test/content_browser_test_utils_internal.cc [modify] https://crrev.com/6f7462890994e5940c83994fb94e2fba5b31f685/content/test/content_browser_test_utils_internal.h [modify] https://crrev.com/6f7462890994e5940c83994fb94e2fba5b31f685/tools/metrics/actions/actions.xml [modify] https://crrev.com/6f7462890994e5940c83994fb94e2fba5b31f685/tools/metrics/histograms/enums.xml
,
Jan 5 2018
kbr@: RE: #c2: I think the flakiness is a different issue and should be followed-up separately (this bug tracks verifying that a kill expected by a test happened for the exactly expected reason; the flakiness seems to be caused by an *unexpected* kill). FWIW, I see that kill reason 108 is RDH_INVALID_REQUEST_ID introduced in r372547 by gzobqq@ - can you please follow-up with them?
,
Jan 5 2018
BTW: I am keeping this bug open to figure out if the tests can also verify the kill reason for mojo-related kills - see https://chromium-review.googlesource.com/c/chromium/src/+/851133
,
Jan 5 2018
,
Jan 5 2018
Thanks lukasza@. Filed Issue 799516 about that other specific flake. Feel free to turn around the blocked on/blocking relationship.
,
Jan 5 2018
,
Jan 5 2018
,
Jan 5 2018
kbr@: I think issue 797360 and 799516 are independent. What makes you think otherwise?
,
Jan 5 2018
I think they should be linked together somehow. It's otherwise very difficult to find potentially related bugs in the bug database. There was clearly a general problem in browser tests that you fixed above, which probably affected this test among others, and there's a separate problem in SecurityExploitBrowserTest.InvalidRequestId .
,
Mar 6 2018
A potential follow-up here would be to also add verification of specific mojo kills as pointed out in #c5, but I am not actively working on this, so let me reflect this in the bug status. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by lukasza@chromium.org
, Dec 22 2017