debug_urls.cc revision 6e8cce623b6e4fe0c9e4af605d675dd9d0338c38 
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "content/browser/frame_host/debug_urls.h"
6
7#include <vector>
8
9#include "base/command_line.h"
10#include "base/debug/asan_invalid_access.h"
11#include "base/debug/profiler.h"
12#include "base/strings/utf_string_conversions.h"
13#include "cc/base/switches.h"
14#include "content/browser/gpu/gpu_process_host_ui_shim.h"
15#include "content/browser/ppapi_plugin_process_host.h"
16#include "content/public/browser/browser_thread.h"
17#include "content/public/common/content_constants.h"
18#include "content/public/common/url_constants.h"
19#include "ppapi/proxy/ppapi_messages.h"
20#include "url/gurl.h"
21
22namespace content {
23
24namespace {
25
26// Define the Asan debug URLs.
27const char kAsanCrashDomain[] = "crash";
28const char kAsanHeapOverflow[] = "/browser-heap-overflow";
29const char kAsanHeapUnderflow[] = "/browser-heap-underflow";
30const char kAsanUseAfterFree[] = "/browser-use-after-free";
31#if defined(SYZYASAN)
32const char kAsanCorruptHeapBlock[] = "/browser-corrupt-heap-block";
33const char kAsanCorruptHeap[] = "/browser-corrupt-heap";
34#endif
35
36void HandlePpapiFlashDebugURL(const GURL& url) {
37#if defined(ENABLE_PLUGINS)
38  bool crash = url == GURL(kChromeUIPpapiFlashCrashURL);
39
40  std::vector<PpapiPluginProcessHost*> hosts;
41  PpapiPluginProcessHost::FindByName(
42      base::UTF8ToUTF16(kFlashPluginName), &hosts);
43  for (std::vector<PpapiPluginProcessHost*>::iterator iter = hosts.begin();
44       iter != hosts.end(); ++iter) {
45    if (crash)
46      (*iter)->Send(new PpapiMsg_Crash());
47    else
48      (*iter)->Send(new PpapiMsg_Hang());
49  }
50#endif
51}
52
53bool IsAsanDebugURL(const GURL& url) {
54#if defined(SYZYASAN)
55  if (!base::debug::IsBinaryInstrumented())
56    return false;
57#endif
58
59  if (!(url.is_valid() && url.SchemeIs(kChromeUIScheme) &&
60        url.DomainIs(kAsanCrashDomain, sizeof(kAsanCrashDomain) - 1) &&
61        url.has_path())) {
62    return false;
63  }
64
65  if (url.path() == kAsanHeapOverflow || url.path() == kAsanHeapUnderflow ||
66      url.path() == kAsanUseAfterFree) {
67    return true;
68  }
69
70#if defined(SYZYASAN)
71  if (url.path() == kAsanCorruptHeapBlock || url.path() == kAsanCorruptHeap)
72    return true;
73#endif
74
75  return false;
76}
77
78bool HandleAsanDebugURL(const GURL& url) {
79#if defined(SYZYASAN)
80  if (!base::debug::IsBinaryInstrumented())
81    return false;
82
83  if (url.path() == kAsanCorruptHeapBlock) {
84    base::debug::AsanCorruptHeapBlock();
85    return true;
86  } else if (url.path() == kAsanCorruptHeap) {
87    base::debug::AsanCorruptHeap();
88    return true;
89  }
90#endif
91
92#if defined(ADDRESS_SANITIZER) || defined(SYZYASAN)
93  if (url.path() == kAsanHeapOverflow) {
94    base::debug::AsanHeapOverflow();
95  } else if (url.path() == kAsanHeapUnderflow) {
96    base::debug::AsanHeapUnderflow();
97  } else if (url.path() == kAsanUseAfterFree) {
98    base::debug::AsanHeapUseAfterFree();
99  } else {
100    return false;
101  }
102#endif
103
104  return true;
105}
106
107
108}  // namespace
109
110bool HandleDebugURL(const GURL& url, PageTransition transition) {
111  // Ensure that the user explicitly navigated to this URL, unless
112  // kEnableGpuBenchmarking is enabled by Telemetry.
113  bool is_telemetry_navigation =
114      base::CommandLine::ForCurrentProcess()->HasSwitch(
115          cc::switches::kEnableGpuBenchmarking) &&
116      (transition & PAGE_TRANSITION_TYPED);
117
118  if (!(transition & PAGE_TRANSITION_FROM_ADDRESS_BAR) &&
119      !is_telemetry_navigation)
120    return false;
121
122  if (IsAsanDebugURL(url))
123    return HandleAsanDebugURL(url);
124
125  if (url.host() == kChromeUIBrowserCrashHost) {
126    // Induce an intentional crash in the browser process.
127    CHECK(false);
128    return true;
129  }
130
131  if (url == GURL(kChromeUIGpuCleanURL)) {
132    GpuProcessHostUIShim* shim = GpuProcessHostUIShim::GetOneInstance();
133    if (shim)
134      shim->SimulateRemoveAllContext();
135    return true;
136  }
137
138  if (url == GURL(kChromeUIGpuCrashURL)) {
139    GpuProcessHostUIShim* shim = GpuProcessHostUIShim::GetOneInstance();
140    if (shim)
141      shim->SimulateCrash();
142    return true;
143  }
144
145  if (url == GURL(kChromeUIGpuHangURL)) {
146    GpuProcessHostUIShim* shim = GpuProcessHostUIShim::GetOneInstance();
147    if (shim)
148      shim->SimulateHang();
149    return true;
150  }
151
152  if (url == GURL(kChromeUIPpapiFlashCrashURL) ||
153      url == GURL(kChromeUIPpapiFlashHangURL)) {
154    BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
155                            base::Bind(&HandlePpapiFlashDebugURL, url));
156    return true;
157  }
158
159  return false;
160}
161
162bool IsRendererDebugURL(const GURL& url) {
163  if (!url.is_valid())
164    return false;
165
166  if (url.SchemeIs(url::kJavaScriptScheme))
167    return true;
168
169  return url == GURL(kChromeUICrashURL) ||
170         url == GURL(kChromeUIDumpURL) ||
171         url == GURL(kChromeUIKillURL) ||
172         url == GURL(kChromeUIHangURL) ||
173         url == GURL(kChromeUIShorthangURL);
174}
175
176}  // namespace content
177