immediate_crash.h 6.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168
  1. // Copyright 2019 The Chromium Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style license that can be
  3. // found in the LICENSE file.
  4. #ifndef BASE_IMMEDIATE_CRASH_H_
  5. #define BASE_IMMEDIATE_CRASH_H_
  6. #include "build/build_config.h"
  7. // Crashes in the fastest possible way with no attempt at logging.
  8. // There are several constraints; see http://crbug.com/664209 for more context.
  9. //
  10. // - TRAP_SEQUENCE_() must be fatal. It should not be possible to ignore the
  11. // resulting exception or simply hit 'continue' to skip over it in a debugger.
  12. // - Different instances of TRAP_SEQUENCE_() must not be folded together, to
  13. // ensure crash reports are debuggable. Unlike __builtin_trap(), asm volatile
  14. // blocks will not be folded together.
  15. // Note: TRAP_SEQUENCE_() previously required an instruction with a unique
  16. // nonce since unlike clang, GCC folds together identical asm volatile
  17. // blocks.
  18. // - TRAP_SEQUENCE_() must produce a signal that is distinct from an invalid
  19. // memory access.
  20. // - TRAP_SEQUENCE_() must be treated as a set of noreturn instructions.
  21. // __builtin_unreachable() is used to provide that hint here. clang also uses
  22. // this as a heuristic to pack the instructions in the function epilogue to
  23. // improve code density.
  24. //
  25. // Additional properties that are nice to have:
  26. // - TRAP_SEQUENCE_() should be as compact as possible.
  27. // - The first instruction of TRAP_SEQUENCE_() should not change, to avoid
  28. // shifting crash reporting clusters. As a consequence of this, explicit
  29. // assembly is preferred over intrinsics.
  30. // Note: this last bullet point may no longer be true, and may be removed in
  31. // the future.
  32. // Note: TRAP_SEQUENCE Is currently split into two macro helpers due to the fact
  33. // that clang emits an actual instruction for __builtin_unreachable() on certain
  34. // platforms (see https://crbug.com/958675). In addition, the int3/bkpt/brk will
  35. // be removed in followups, so splitting it up like this now makes it easy to
  36. // land the followups.
  37. #if defined(COMPILER_GCC)
  38. #if defined(OS_NACL)
  39. // Crash report accuracy is not guaranteed on NaCl.
  40. #define TRAP_SEQUENCE1_() __builtin_trap()
  41. #define TRAP_SEQUENCE2_() asm volatile("")
  42. #elif defined(ARCH_CPU_X86_FAMILY)
  43. // TODO(https://crbug.com/958675): In theory, it should be possible to use just
  44. // int3. However, there are a number of crashes with SIGILL as the exception
  45. // code, so it seems likely that there's a signal handler that allows execution
  46. // to continue after SIGTRAP.
  47. #define TRAP_SEQUENCE1_() asm volatile("int3")
  48. #if defined(OS_APPLE)
  49. // Intentionally empty: __builtin_unreachable() is always part of the sequence
  50. // (see IMMEDIATE_CRASH below) and already emits a ud2 on Mac.
  51. #define TRAP_SEQUENCE2_() asm volatile("")
  52. #else
  53. #define TRAP_SEQUENCE2_() asm volatile("ud2")
  54. #endif // defined(OS_APPLE)
  55. #elif defined(ARCH_CPU_ARMEL)
  56. // bkpt will generate a SIGBUS when running on armv7 and a SIGTRAP when running
  57. // as a 32 bit userspace app on arm64. There doesn't seem to be any way to
  58. // cause a SIGTRAP from userspace without using a syscall (which would be a
  59. // problem for sandboxing).
  60. // TODO(https://crbug.com/958675): Remove bkpt from this sequence.
  61. #define TRAP_SEQUENCE1_() asm volatile("bkpt #0")
  62. #define TRAP_SEQUENCE2_() asm volatile("udf #0")
  63. #elif defined(ARCH_CPU_ARM64)
  64. // This will always generate a SIGTRAP on arm64.
  65. // TODO(https://crbug.com/958675): Remove brk from this sequence.
  66. #define TRAP_SEQUENCE1_() asm volatile("brk #0")
  67. #define TRAP_SEQUENCE2_() asm volatile("hlt #0")
  68. #else
  69. // Crash report accuracy will not be guaranteed on other architectures, but at
  70. // least this will crash as expected.
  71. #define TRAP_SEQUENCE1_() __builtin_trap()
  72. #define TRAP_SEQUENCE2_() asm volatile("")
  73. #endif // ARCH_CPU_*
  74. #elif defined(COMPILER_MSVC)
  75. #if !defined(__clang__)
  76. // MSVC x64 doesn't support inline asm, so use the MSVC intrinsic.
  77. #define TRAP_SEQUENCE1_() __debugbreak()
  78. #define TRAP_SEQUENCE2_()
  79. #elif defined(ARCH_CPU_ARM64)
  80. // Windows ARM64 uses "BRK #F000" as its breakpoint instruction, and
  81. // __debugbreak() generates that in both VC++ and clang.
  82. #define TRAP_SEQUENCE1_() __debugbreak()
  83. // Intentionally empty: __builtin_unreachable() is always part of the sequence
  84. // (see IMMEDIATE_CRASH below) and already emits a ud2 on Win64,
  85. // https://crbug.com/958373
  86. #define TRAP_SEQUENCE2_() __asm volatile("")
  87. #else
  88. #define TRAP_SEQUENCE1_() asm volatile("int3")
  89. #define TRAP_SEQUENCE2_() asm volatile("ud2")
  90. #endif // __clang__
  91. #else
  92. #error No supported trap sequence!
  93. #endif // COMPILER_GCC
  94. #define TRAP_SEQUENCE_() \
  95. do { \
  96. TRAP_SEQUENCE1_(); \
  97. TRAP_SEQUENCE2_(); \
  98. } while (false)
  99. // CHECK() and the trap sequence can be invoked from a constexpr function.
  100. // This could make compilation fail on GCC, as it forbids directly using inline
  101. // asm inside a constexpr function. However, it allows calling a lambda
  102. // expression including the same asm.
  103. // The side effect is that the top of the stacktrace will not point to the
  104. // calling function, but to this anonymous lambda. This is still useful as the
  105. // full name of the lambda will typically include the name of the function that
  106. // calls CHECK() and the debugger will still break at the right line of code.
  107. #if !defined(COMPILER_GCC)
  108. #define WRAPPED_TRAP_SEQUENCE_() TRAP_SEQUENCE_()
  109. #else
  110. #define WRAPPED_TRAP_SEQUENCE_() \
  111. do { \
  112. [] { TRAP_SEQUENCE_(); }(); \
  113. } while (false)
  114. #endif // !defined(COMPILER_GCC)
  115. #if defined(__clang__) || defined(COMPILER_GCC)
  116. // __builtin_unreachable() hints to the compiler that this is noreturn and can
  117. // be packed in the function epilogue.
  118. #define IMMEDIATE_CRASH() \
  119. ({ \
  120. WRAPPED_TRAP_SEQUENCE_(); \
  121. __builtin_unreachable(); \
  122. })
  123. #else
  124. // This is supporting non-chromium user of logging.h to build with MSVC, like
  125. // pdfium. On MSVC there is no __builtin_unreachable().
  126. #define IMMEDIATE_CRASH() WRAPPED_TRAP_SEQUENCE_()
  127. #endif // defined(__clang__) || defined(COMPILER_GCC)
  128. #endif // BASE_IMMEDIATE_CRASH_H_