1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifdef UNSAFE_BUFFERS_BUILD
6 // TODO(crbug.com/40284755): Remove this and spanify to fix the errors.
7 #pragma allow_unsafe_buffers
8 #endif
9
10 #include "base/debug/debugger.h"
11
12 #include <errno.h>
13 #include <fcntl.h>
14 #include <stddef.h>
15 #include <stdio.h>
16 #include <stdlib.h>
17 #include <sys/param.h>
18 #include <sys/stat.h>
19 #include <sys/types.h>
20 #include <unistd.h>
21
22 #include <memory>
23 #include <string_view>
24
25 #include "base/check_op.h"
26 #include "base/notimplemented.h"
27 #include "base/strings/string_util.h"
28 #include "base/threading/platform_thread.h"
29 #include "base/time/time.h"
30 #include "build/build_config.h"
31
32 #if defined(__GLIBCXX__)
33 #include <cxxabi.h>
34 #endif
35
36 #if BUILDFLAG(IS_APPLE)
37 #include <AvailabilityMacros.h>
38 #endif
39
40 #if BUILDFLAG(IS_APPLE) || BUILDFLAG(IS_BSD)
41 #include <sys/sysctl.h>
42 #endif
43
44 #if BUILDFLAG(IS_FREEBSD)
45 #include <sys/user.h>
46 #endif
47
48 #include <ostream>
49
50 #include "base/check.h"
51 #include "base/debug/alias.h"
52 #include "base/debug/debugging_buildflags.h"
53 #include "base/environment.h"
54 #include "base/files/file_util.h"
55 #include "base/posix/eintr_wrapper.h"
56 #include "base/process/process.h"
57 #include "base/strings/string_number_conversions.h"
58
59 #if defined(USE_SYMBOLIZE)
60 #include "base/third_party/symbolize/symbolize.h" // nogncheck
61 #endif
62
63 namespace base {
64 namespace debug {
65
66 #if BUILDFLAG(IS_APPLE) || BUILDFLAG(IS_BSD)
67
68 // Based on Apple's recommended method as described in
69 // http://developer.apple.com/qa/qa2004/qa1361.html
BeingDebugged()70 bool BeingDebugged() {
71 // NOTE: This code MUST be async-signal safe (it's used by in-process
72 // stack dumping signal handler). NO malloc or stdio is allowed here.
73 //
74 // While some code used below may be async-signal unsafe, note how
75 // the result is cached (see |is_set| and |being_debugged| static variables
76 // right below). If this code is properly warmed-up early
77 // in the start-up process, it should be safe to use later.
78
79 // If the process is sandboxed then we can't use the sysctl, so cache the
80 // value.
81 static bool is_set = false;
82 static bool being_debugged = false;
83
84 if (is_set)
85 return being_debugged;
86
87 // Initialize mib, which tells sysctl what info we want. In this case,
88 // we're looking for information about a specific process ID.
89 int mib[] = {
90 CTL_KERN,
91 KERN_PROC,
92 KERN_PROC_PID,
93 getpid()
94 #if BUILDFLAG(IS_OPENBSD)
95 ,
96 sizeof(struct kinfo_proc),
97 0
98 #endif
99 };
100
101 // Caution: struct kinfo_proc is marked __APPLE_API_UNSTABLE. The source and
102 // binary interfaces may change.
103 struct kinfo_proc info;
104 size_t info_size = sizeof(info);
105
106 #if BUILDFLAG(IS_OPENBSD)
107 if (sysctl(mib, std::size(mib), NULL, &info_size, NULL, 0) < 0)
108 return -1;
109
110 mib[5] = (info_size / sizeof(struct kinfo_proc));
111 #endif
112
113 int sysctl_result = sysctl(mib, std::size(mib), &info, &info_size, NULL, 0);
114 DCHECK_EQ(sysctl_result, 0);
115 if (sysctl_result != 0) {
116 is_set = true;
117 being_debugged = false;
118 return being_debugged;
119 }
120
121 // This process is being debugged if the P_TRACED flag is set.
122 is_set = true;
123 #if BUILDFLAG(IS_FREEBSD)
124 being_debugged = (info.ki_flag & P_TRACED) != 0;
125 #elif BUILDFLAG(IS_BSD)
126 being_debugged = (info.p_flag & P_TRACED) != 0;
127 #else
128 being_debugged = (info.kp_proc.p_flag & P_TRACED) != 0;
129 #endif
130 return being_debugged;
131 }
132
VerifyDebugger()133 void VerifyDebugger() {
134 #if BUILDFLAG(ENABLE_LLDBINIT_WARNING)
135 if (Environment::Create()->HasVar("CHROMIUM_LLDBINIT_SOURCED"))
136 return;
137 if (!BeingDebugged())
138 return;
139 DCHECK(false)
140 << "Detected lldb without sourcing //tools/lldb/lldbinit.py. lldb may "
141 "not be able to find debug symbols. Please see debug instructions for "
142 "using //tools/lldb/lldbinit.py:\n"
143 "https://chromium.googlesource.com/chromium/src/+/main/docs/"
144 "lldbinit.md\n"
145 "To continue anyway, type 'continue' in lldb. To always skip this "
146 "check, define an environment variable CHROMIUM_LLDBINIT_SOURCED=1";
147 #endif
148 }
149
150 #elif BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || \
151 BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_AIX)
152
153 // We can look in /proc/self/status for TracerPid. We are likely used in crash
154 // handling, so we are careful not to use the heap or have side effects.
155 // Another option that is common is to try to ptrace yourself, but then we
156 // can't detach without forking(), and that's not so great.
157 // static
158 Process GetDebuggerProcess() {
159 // NOTE: This code MUST be async-signal safe (it's used by in-process
160 // stack dumping signal handler). NO malloc or stdio is allowed here.
161
162 int status_fd = open("/proc/self/status", O_RDONLY);
163 if (status_fd == -1)
164 return Process();
165
166 // We assume our line will be in the first 1024 characters and that we can
167 // read this much all at once. In practice this will generally be true.
168 // This simplifies and speeds up things considerably.
169 char buf[1024];
170
171 ssize_t num_read = HANDLE_EINTR(read(status_fd, buf, sizeof(buf)));
172 if (IGNORE_EINTR(close(status_fd)) < 0)
173 return Process();
174
175 if (num_read <= 0)
176 return Process();
177
178 std::string_view status(buf, static_cast<size_t>(num_read));
179 std::string_view tracer("TracerPid:\t");
180
181 std::string_view::size_type pid_index = status.find(tracer);
182 if (pid_index == std::string_view::npos) {
183 return Process();
184 }
185 pid_index += tracer.size();
186 std::string_view::size_type pid_end_index = status.find('\n', pid_index);
187 if (pid_end_index == std::string_view::npos) {
188 return Process();
189 }
190
191 std::string_view pid_str(buf + pid_index, pid_end_index - pid_index);
192 int pid = 0;
193 if (!StringToInt(pid_str, &pid))
194 return Process();
195
196 return Process(pid);
197 }
198
199 bool BeingDebugged() {
200 return GetDebuggerProcess().IsValid();
201 }
202
203 void VerifyDebugger() {
204 #if BUILDFLAG(ENABLE_GDBINIT_WARNING)
205 // Quick check before potentially slower GetDebuggerProcess().
206 if (Environment::Create()->HasVar("CHROMIUM_GDBINIT_SOURCED"))
207 return;
208
209 Process proc = GetDebuggerProcess();
210 if (!proc.IsValid())
211 return;
212
213 FilePath cmdline_file =
214 FilePath("/proc").Append(NumberToString(proc.Handle())).Append("cmdline");
215 std::string cmdline;
216 if (!ReadFileToString(cmdline_file, &cmdline))
217 return;
218
219 // /proc/*/cmdline separates arguments with null bytes, but we only care about
220 // the executable name, so interpret |cmdline| as a null-terminated C string
221 // to extract the exe portion.
222 std::string_view exe(cmdline.c_str());
223
224 DCHECK(ToLowerASCII(exe).find("gdb") == std::string::npos)
225 << "Detected gdb without sourcing //tools/gdb/gdbinit. gdb may not be "
226 "able to find debug symbols, and pretty-printing of STL types may not "
227 "work. Please see debug instructions for using //tools/gdb/gdbinit:\n"
228 "https://chromium.googlesource.com/chromium/src/+/main/docs/"
229 "gdbinit.md\n"
230 "To continue anyway, type 'continue' in gdb. To always skip this "
231 "check, define an environment variable CHROMIUM_GDBINIT_SOURCED=1";
232 #endif
233 }
234
235 #else
236
237 bool BeingDebugged() {
238 NOTIMPLEMENTED();
239 return false;
240 }
241
242 void VerifyDebugger() {}
243
244 #endif
245
246 // We want to break into the debugger in Debug mode, and cause a crash dump in
247 // Release mode. Breakpad behaves as follows:
248 //
249 // +-------+-----------------+-----------------+
250 // | OS | Dump on SIGTRAP | Dump on SIGABRT |
251 // +-------+-----------------+-----------------+
252 // | Linux | N | Y |
253 // | Mac | Y | N |
254 // +-------+-----------------+-----------------+
255 //
256 // Thus we do the following:
257 // Linux: Debug mode if a debugger is attached, send SIGTRAP; otherwise send
258 // SIGABRT
259 // Mac: Always send SIGTRAP.
260
261 #if defined(ARCH_CPU_ARMEL)
262 #define DEBUG_BREAK_ASM() asm("bkpt 0")
263 #elif defined(ARCH_CPU_ARM64)
264 #define DEBUG_BREAK_ASM() asm("brk 0")
265 #elif defined(ARCH_CPU_MIPS_FAMILY)
266 #define DEBUG_BREAK_ASM() asm("break 2")
267 #elif defined(ARCH_CPU_X86_FAMILY)
268 #define DEBUG_BREAK_ASM() asm("int3")
269 #endif
270
271 #if defined(NDEBUG) && !BUILDFLAG(IS_APPLE) && !BUILDFLAG(IS_ANDROID)
272 #define DEBUG_BREAK() abort()
273 #elif BUILDFLAG(IS_NACL)
274 // The NaCl verifier doesn't let use use int3. For now, we call abort(). We
275 // should ask for advice from some NaCl experts about the optimum thing here.
276 // http://code.google.com/p/nativeclient/issues/detail?id=645
277 #define DEBUG_BREAK() abort()
278 #elif !BUILDFLAG(IS_APPLE)
279 // Though Android has a "helpful" process called debuggerd to catch native
280 // signals on the general assumption that they are fatal errors. If no debugger
281 // is attached, we call abort since Breakpad needs SIGABRT to create a dump.
282 // When debugger is attached, for ARM platform the bkpt instruction appears
283 // to cause SIGBUS which is trapped by debuggerd, and we've had great
284 // difficulty continuing in a debugger once we stop from SIG triggered by native
285 // code, use GDB to set |go| to 1 to resume execution; for X86 platform, use
286 // "int3" to setup breakpiont and raise SIGTRAP.
287 //
288 // On other POSIX architectures, except Mac OS X, we use the same logic to
289 // ensure that breakpad creates a dump on crashes while it is still possible to
290 // use a debugger.
291 namespace {
DebugBreak()292 void DebugBreak() {
293 if (!BeingDebugged()) {
294 abort();
295 } else {
296 #if defined(DEBUG_BREAK_ASM)
297 DEBUG_BREAK_ASM();
298 #else
299 volatile int go = 0;
300 while (!go)
301 PlatformThread::Sleep(Milliseconds(100));
302 #endif
303 }
304 }
305 } // namespace
306 #define DEBUG_BREAK() DebugBreak()
307 #elif defined(DEBUG_BREAK_ASM)
308 #define DEBUG_BREAK() DEBUG_BREAK_ASM()
309 #else
310 #error "Don't know how to debug break on this architecture/OS"
311 #endif
312
BreakDebuggerAsyncSafe()313 void BreakDebuggerAsyncSafe() {
314 // NOTE: This code MUST be async-signal safe (it's used by in-process
315 // stack dumping signal handler). NO malloc or stdio is allowed here.
316
317 // Linker's ICF feature may merge this function with other functions with the
318 // same definition (e.g. any function whose sole job is to call abort()) and
319 // it may confuse the crash report processing system. http://crbug.com/508489
320 static int static_variable_to_make_this_function_unique = 0;
321 Alias(&static_variable_to_make_this_function_unique);
322
323 DEBUG_BREAK();
324 #if BUILDFLAG(IS_ANDROID) && !defined(OFFICIAL_BUILD)
325 // For Android development we always build release (debug builds are
326 // unmanageably large), so the unofficial build is used for debugging. It is
327 // helpful to be able to insert BreakDebugger() statements in the source,
328 // attach the debugger, inspect the state of the program and then resume it by
329 // setting the 'go' variable above.
330 #elif defined(NDEBUG)
331 // Terminate the program after signaling the debug break.
332 // When DEBUG_BREAK() expands to abort(), this is unreachable code. Rather
333 // than carefully tracking in which cases DEBUG_BREAK()s is noreturn, just
334 // disable the unreachable code warning here.
335 #pragma GCC diagnostic push
336 #pragma GCC diagnostic ignored "-Wunreachable-code"
337 _exit(1);
338 #pragma GCC diagnostic pop
339 #endif
340 }
341
342 } // namespace debug
343 } // namespace base
344