work out a way to catch fastfail exceptions |
|
Issue descriptionCurrently it's not possible to catch certain types of failures e.g. heap corruptions, CFG failures, stack canary corruption. This is because these typically result in a 'fastfail' exception, described in two places in MSDN: __fastfail intrinsic - https://docs.microsoft.com/en-us/cpp/intrinsics/fastfail RaiseFailFastException - https://msdn.microsoft.com/en-us/library/windows/desktop/dd941688.aspx Note: These seem to behave differently, see https://bugs.chromium.org/p/crashpad/issues/detail?id=133#c3 Note: __fastfail behavior seems to vary depending on compiler (more research here is needed). We should probably start by being able to artificially generate these types of exceptions. Perhaps consideration should be given to disabling HeapEnableTerminationOnCorruption on a certain percentage of canary users to gauge how many of these corruptions are happening. This is also tracked by CrashExitCodes on Windows, for child processes only. I do not believe we have a way of accurately tracking this for Browser process.
,
Jul 25
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/eb4a6ff50a1b18459d68ebbd066610cd483b6faa commit eb4a6ff50a1b18459d68ebbd066610cd483b6faa Author: Will Harris <wfh@chromium.org> Date: Wed Jul 25 18:36:52 2018 Add Heap corruption chrome URLs. chrome://heapcorruptioncrash/ to crash a child renderer process. chrome://inducebrowserheapcorruption/ to crash a browser process. BUG=865632 Change-Id: I69caa1c80cd1775f416d656312222b9b4856f682 Reviewed-on: https://chromium-review.googlesource.com/1129628 Commit-Queue: Will Harris <wfh@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org> Reviewed-by: John Abd-El-Malek <jam@chromium.org> Cr-Commit-Position: refs/heads/master@{#577989} [modify] https://crrev.com/eb4a6ff50a1b18459d68ebbd066610cd483b6faa/base/BUILD.gn [add] https://crrev.com/eb4a6ff50a1b18459d68ebbd066610cd483b6faa/base/debug/invalid_access_win.cc [add] https://crrev.com/eb4a6ff50a1b18459d68ebbd066610cd483b6faa/base/debug/invalid_access_win.h [modify] https://crrev.com/eb4a6ff50a1b18459d68ebbd066610cd483b6faa/base/process/process_unittest.cc [modify] https://crrev.com/eb4a6ff50a1b18459d68ebbd066610cd483b6faa/chrome/browser/metrics/metrics_service_browsertest.cc [modify] https://crrev.com/eb4a6ff50a1b18459d68ebbd066610cd483b6faa/chrome/common/webui_url_constants.cc [modify] https://crrev.com/eb4a6ff50a1b18459d68ebbd066610cd483b6faa/content/browser/frame_host/debug_urls.cc [modify] https://crrev.com/eb4a6ff50a1b18459d68ebbd066610cd483b6faa/content/public/common/url_constants.cc [modify] https://crrev.com/eb4a6ff50a1b18459d68ebbd066610cd483b6faa/content/public/common/url_constants.h [modify] https://crrev.com/eb4a6ff50a1b18459d68ebbd066610cd483b6faa/content/public/common/url_utils.cc [modify] https://crrev.com/eb4a6ff50a1b18459d68ebbd066610cd483b6faa/content/renderer/render_frame_impl.cc |
|
►
Sign in to add a comment |
|
Comment 1 by wfh@chromium.org
, Jul 20