1*8975f5c5SAndroid Build Coastguard Worker // Copyright 2021 The Chromium Authors 2*8975f5c5SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*8975f5c5SAndroid Build Coastguard Worker // found in the LICENSE file. 4*8975f5c5SAndroid Build Coastguard Worker 5*8975f5c5SAndroid Build Coastguard Worker // This file has been copied from //base/immediate_crash.h. 6*8975f5c5SAndroid Build Coastguard Worker // TODO(crbug.com/40279749): Avoid code duplication / reuse code. 7*8975f5c5SAndroid Build Coastguard Worker 8*8975f5c5SAndroid Build Coastguard Worker #ifndef BUILD_RUST_STD_IMMEDIATE_CRASH_H_ 9*8975f5c5SAndroid Build Coastguard Worker #define BUILD_RUST_STD_IMMEDIATE_CRASH_H_ 10*8975f5c5SAndroid Build Coastguard Worker 11*8975f5c5SAndroid Build Coastguard Worker #include "build/build_config.h" 12*8975f5c5SAndroid Build Coastguard Worker 13*8975f5c5SAndroid Build Coastguard Worker // Crashes in the fastest possible way with no attempt at logging. 14*8975f5c5SAndroid Build Coastguard Worker // There are several constraints; see http://crbug.com/664209 for more context. 15*8975f5c5SAndroid Build Coastguard Worker // 16*8975f5c5SAndroid Build Coastguard Worker // - TRAP_SEQUENCE_() must be fatal. It should not be possible to ignore the 17*8975f5c5SAndroid Build Coastguard Worker // resulting exception or simply hit 'continue' to skip over it in a debugger. 18*8975f5c5SAndroid Build Coastguard Worker // - Different instances of TRAP_SEQUENCE_() must not be folded together, to 19*8975f5c5SAndroid Build Coastguard Worker // ensure crash reports are debuggable. Unlike __builtin_trap(), asm volatile 20*8975f5c5SAndroid Build Coastguard Worker // blocks will not be folded together. 21*8975f5c5SAndroid Build Coastguard Worker // Note: TRAP_SEQUENCE_() previously required an instruction with a unique 22*8975f5c5SAndroid Build Coastguard Worker // nonce since unlike clang, GCC folds together identical asm volatile 23*8975f5c5SAndroid Build Coastguard Worker // blocks. 24*8975f5c5SAndroid Build Coastguard Worker // - TRAP_SEQUENCE_() must produce a signal that is distinct from an invalid 25*8975f5c5SAndroid Build Coastguard Worker // memory access. 26*8975f5c5SAndroid Build Coastguard Worker // - TRAP_SEQUENCE_() must be treated as a set of noreturn instructions. 27*8975f5c5SAndroid Build Coastguard Worker // __builtin_unreachable() is used to provide that hint here. clang also uses 28*8975f5c5SAndroid Build Coastguard Worker // this as a heuristic to pack the instructions in the function epilogue to 29*8975f5c5SAndroid Build Coastguard Worker // improve code density. 30*8975f5c5SAndroid Build Coastguard Worker // 31*8975f5c5SAndroid Build Coastguard Worker // Additional properties that are nice to have: 32*8975f5c5SAndroid Build Coastguard Worker // - TRAP_SEQUENCE_() should be as compact as possible. 33*8975f5c5SAndroid Build Coastguard Worker // - The first instruction of TRAP_SEQUENCE_() should not change, to avoid 34*8975f5c5SAndroid Build Coastguard Worker // shifting crash reporting clusters. As a consequence of this, explicit 35*8975f5c5SAndroid Build Coastguard Worker // assembly is preferred over intrinsics. 36*8975f5c5SAndroid Build Coastguard Worker // Note: this last bullet point may no longer be true, and may be removed in 37*8975f5c5SAndroid Build Coastguard Worker // the future. 38*8975f5c5SAndroid Build Coastguard Worker 39*8975f5c5SAndroid Build Coastguard Worker // Note: TRAP_SEQUENCE Is currently split into two macro helpers due to the fact 40*8975f5c5SAndroid Build Coastguard Worker // that clang emits an actual instruction for __builtin_unreachable() on certain 41*8975f5c5SAndroid Build Coastguard Worker // platforms (see https://crbug.com/958675). In addition, the int3/bkpt/brk will 42*8975f5c5SAndroid Build Coastguard Worker // be removed in followups, so splitting it up like this now makes it easy to 43*8975f5c5SAndroid Build Coastguard Worker // land the followups. 44*8975f5c5SAndroid Build Coastguard Worker 45*8975f5c5SAndroid Build Coastguard Worker #if defined(COMPILER_GCC) 46*8975f5c5SAndroid Build Coastguard Worker 47*8975f5c5SAndroid Build Coastguard Worker #if BUILDFLAG(IS_NACL) 48*8975f5c5SAndroid Build Coastguard Worker 49*8975f5c5SAndroid Build Coastguard Worker // Crash report accuracy is not guaranteed on NaCl. 50*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE1_() __builtin_trap() 51*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE2_() asm volatile("") 52*8975f5c5SAndroid Build Coastguard Worker 53*8975f5c5SAndroid Build Coastguard Worker #elif defined(ARCH_CPU_X86_FAMILY) 54*8975f5c5SAndroid Build Coastguard Worker 55*8975f5c5SAndroid Build Coastguard Worker // TODO(crbug.com/40625592): In theory, it should be possible to use just 56*8975f5c5SAndroid Build Coastguard Worker // int3. However, there are a number of crashes with SIGILL as the exception 57*8975f5c5SAndroid Build Coastguard Worker // code, so it seems likely that there's a signal handler that allows execution 58*8975f5c5SAndroid Build Coastguard Worker // to continue after SIGTRAP. 59*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE1_() asm volatile("int3") 60*8975f5c5SAndroid Build Coastguard Worker 61*8975f5c5SAndroid Build Coastguard Worker #if BUILDFLAG(IS_APPLE) 62*8975f5c5SAndroid Build Coastguard Worker // Intentionally empty: __builtin_unreachable() is always part of the sequence 63*8975f5c5SAndroid Build Coastguard Worker // (see IMMEDIATE_CRASH below) and already emits a ud2 on Mac. 64*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE2_() asm volatile("") 65*8975f5c5SAndroid Build Coastguard Worker #else 66*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE2_() asm volatile("ud2") 67*8975f5c5SAndroid Build Coastguard Worker #endif // BUILDFLAG(IS_APPLE) 68*8975f5c5SAndroid Build Coastguard Worker 69*8975f5c5SAndroid Build Coastguard Worker #elif defined(ARCH_CPU_ARMEL) 70*8975f5c5SAndroid Build Coastguard Worker 71*8975f5c5SAndroid Build Coastguard Worker // bkpt will generate a SIGBUS when running on armv7 and a SIGTRAP when running 72*8975f5c5SAndroid Build Coastguard Worker // as a 32 bit userspace app on arm64. There doesn't seem to be any way to 73*8975f5c5SAndroid Build Coastguard Worker // cause a SIGTRAP from userspace without using a syscall (which would be a 74*8975f5c5SAndroid Build Coastguard Worker // problem for sandboxing). 75*8975f5c5SAndroid Build Coastguard Worker // TODO(crbug.com/40625592): Remove bkpt from this sequence. 76*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE1_() asm volatile("bkpt #0") 77*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE2_() asm volatile("udf #0") 78*8975f5c5SAndroid Build Coastguard Worker 79*8975f5c5SAndroid Build Coastguard Worker #elif defined(ARCH_CPU_ARM64) 80*8975f5c5SAndroid Build Coastguard Worker 81*8975f5c5SAndroid Build Coastguard Worker // This will always generate a SIGTRAP on arm64. 82*8975f5c5SAndroid Build Coastguard Worker // TODO(crbug.com/40625592): Remove brk from this sequence. 83*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE1_() asm volatile("brk #0") 84*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE2_() asm volatile("hlt #0") 85*8975f5c5SAndroid Build Coastguard Worker 86*8975f5c5SAndroid Build Coastguard Worker #else 87*8975f5c5SAndroid Build Coastguard Worker 88*8975f5c5SAndroid Build Coastguard Worker // Crash report accuracy will not be guaranteed on other architectures, but at 89*8975f5c5SAndroid Build Coastguard Worker // least this will crash as expected. 90*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE1_() __builtin_trap() 91*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE2_() asm volatile("") 92*8975f5c5SAndroid Build Coastguard Worker 93*8975f5c5SAndroid Build Coastguard Worker #endif // ARCH_CPU_* 94*8975f5c5SAndroid Build Coastguard Worker 95*8975f5c5SAndroid Build Coastguard Worker #elif defined(COMPILER_MSVC) 96*8975f5c5SAndroid Build Coastguard Worker 97*8975f5c5SAndroid Build Coastguard Worker #if !defined(__clang__) 98*8975f5c5SAndroid Build Coastguard Worker 99*8975f5c5SAndroid Build Coastguard Worker // MSVC x64 doesn't support inline asm, so use the MSVC intrinsic. 100*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE1_() __debugbreak() 101*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE2_() 102*8975f5c5SAndroid Build Coastguard Worker 103*8975f5c5SAndroid Build Coastguard Worker #elif defined(ARCH_CPU_ARM64) 104*8975f5c5SAndroid Build Coastguard Worker 105*8975f5c5SAndroid Build Coastguard Worker // Windows ARM64 uses "BRK #F000" as its breakpoint instruction, and 106*8975f5c5SAndroid Build Coastguard Worker // __debugbreak() generates that in both VC++ and clang. 107*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE1_() __debugbreak() 108*8975f5c5SAndroid Build Coastguard Worker // Intentionally empty: __builtin_unreachable() is always part of the sequence 109*8975f5c5SAndroid Build Coastguard Worker // (see IMMEDIATE_CRASH below) and already emits a ud2 on Win64, 110*8975f5c5SAndroid Build Coastguard Worker // https://crbug.com/958373 111*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE2_() __asm volatile("") 112*8975f5c5SAndroid Build Coastguard Worker 113*8975f5c5SAndroid Build Coastguard Worker #else 114*8975f5c5SAndroid Build Coastguard Worker 115*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE1_() asm volatile("int3") 116*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE2_() asm volatile("ud2") 117*8975f5c5SAndroid Build Coastguard Worker 118*8975f5c5SAndroid Build Coastguard Worker #endif // __clang__ 119*8975f5c5SAndroid Build Coastguard Worker 120*8975f5c5SAndroid Build Coastguard Worker #else 121*8975f5c5SAndroid Build Coastguard Worker 122*8975f5c5SAndroid Build Coastguard Worker #error No supported trap sequence! 123*8975f5c5SAndroid Build Coastguard Worker 124*8975f5c5SAndroid Build Coastguard Worker #endif // COMPILER_GCC 125*8975f5c5SAndroid Build Coastguard Worker 126*8975f5c5SAndroid Build Coastguard Worker #define TRAP_SEQUENCE_() \ 127*8975f5c5SAndroid Build Coastguard Worker do { \ 128*8975f5c5SAndroid Build Coastguard Worker TRAP_SEQUENCE1_(); \ 129*8975f5c5SAndroid Build Coastguard Worker TRAP_SEQUENCE2_(); \ 130*8975f5c5SAndroid Build Coastguard Worker } while (false) 131*8975f5c5SAndroid Build Coastguard Worker 132*8975f5c5SAndroid Build Coastguard Worker // CHECK() and the trap sequence can be invoked from a constexpr function. 133*8975f5c5SAndroid Build Coastguard Worker // This could make compilation fail on GCC, as it forbids directly using inline 134*8975f5c5SAndroid Build Coastguard Worker // asm inside a constexpr function. However, it allows calling a lambda 135*8975f5c5SAndroid Build Coastguard Worker // expression including the same asm. 136*8975f5c5SAndroid Build Coastguard Worker // The side effect is that the top of the stacktrace will not point to the 137*8975f5c5SAndroid Build Coastguard Worker // calling function, but to this anonymous lambda. This is still useful as the 138*8975f5c5SAndroid Build Coastguard Worker // full name of the lambda will typically include the name of the function that 139*8975f5c5SAndroid Build Coastguard Worker // calls CHECK() and the debugger will still break at the right line of code. 140*8975f5c5SAndroid Build Coastguard Worker #if !defined(COMPILER_GCC) || defined(__clang__) 141*8975f5c5SAndroid Build Coastguard Worker 142*8975f5c5SAndroid Build Coastguard Worker #define WRAPPED_TRAP_SEQUENCE_() TRAP_SEQUENCE_() 143*8975f5c5SAndroid Build Coastguard Worker 144*8975f5c5SAndroid Build Coastguard Worker #else 145*8975f5c5SAndroid Build Coastguard Worker 146*8975f5c5SAndroid Build Coastguard Worker #define WRAPPED_TRAP_SEQUENCE_() \ 147*8975f5c5SAndroid Build Coastguard Worker do { \ 148*8975f5c5SAndroid Build Coastguard Worker [] { TRAP_SEQUENCE_(); }(); \ 149*8975f5c5SAndroid Build Coastguard Worker } while (false) 150*8975f5c5SAndroid Build Coastguard Worker 151*8975f5c5SAndroid Build Coastguard Worker #endif // !defined(COMPILER_GCC) || defined(__clang__) 152*8975f5c5SAndroid Build Coastguard Worker 153*8975f5c5SAndroid Build Coastguard Worker #if defined(__clang__) || defined(COMPILER_GCC) 154*8975f5c5SAndroid Build Coastguard Worker 155*8975f5c5SAndroid Build Coastguard Worker // __builtin_unreachable() hints to the compiler that this is noreturn and can 156*8975f5c5SAndroid Build Coastguard Worker // be packed in the function epilogue. 157*8975f5c5SAndroid Build Coastguard Worker #define IMMEDIATE_CRASH() \ 158*8975f5c5SAndroid Build Coastguard Worker ({ \ 159*8975f5c5SAndroid Build Coastguard Worker WRAPPED_TRAP_SEQUENCE_(); \ 160*8975f5c5SAndroid Build Coastguard Worker __builtin_unreachable(); \ 161*8975f5c5SAndroid Build Coastguard Worker }) 162*8975f5c5SAndroid Build Coastguard Worker 163*8975f5c5SAndroid Build Coastguard Worker #else 164*8975f5c5SAndroid Build Coastguard Worker 165*8975f5c5SAndroid Build Coastguard Worker // This is supporting non-chromium user of logging.h to build with MSVC, like 166*8975f5c5SAndroid Build Coastguard Worker // pdfium. On MSVC there is no __builtin_unreachable(). 167*8975f5c5SAndroid Build Coastguard Worker #define IMMEDIATE_CRASH() WRAPPED_TRAP_SEQUENCE_() 168*8975f5c5SAndroid Build Coastguard Worker 169*8975f5c5SAndroid Build Coastguard Worker #endif // defined(__clang__) || defined(COMPILER_GCC) 170*8975f5c5SAndroid Build Coastguard Worker 171*8975f5c5SAndroid Build Coastguard Worker #endif // BUILD_RUST_STD_IMMEDIATE_CRASH_H_ 172