Commit 28e34497 authored by David Teller's avatar David Teller
Browse files

Bug 1589493 - Extending BrowserTestUtils.crashFrame to allow crashing with an... 

Bug 1589493 - Extending BrowserTestUtils.crashFrame to allow crashing with an OOM;r=mconley,froydnj,dmajor

BrowserTestUtils.crashFrame now accepts additional `options`, with an argument `crashType` that may
take "CRASH_OOM" or "CRASH_INVALID_POINTER_DEREF"|null to specify the nature of the crash. The names
are taken from CrashTestUtils.jsm but this module cannot be imported as such as it has non-trivial
binary dependencies.

Depends on D54130

Differential Revision: https://phabricator.services.mozilla.com/D54700

--HG--
extra : moz-landing-system : lando
parent 54cacf1b

testing/mochitest/BrowserTestUtils/BrowserTestUtils.jsm

+9 −2
Original line number Diff line number Diff line
@@ -1628,6 +1628,10 @@ var BrowserTestUtils = { 
   * @param (BrowsingContext) browsingContext

   *        The context where the frame leaves. Default to

   *        top level context if not supplied.

   * @param (object?) options

   *        An object with any of the following fields:

   *          crashType: "CRASH_INVALID_POINTER_DEREF" | "CRASH_OOM"

   *            The type of crash. If unspecified, default to "CRASH_INVALID_POINTER_DEREF"

   *

   * @returns (Promise)

   * @resolves An Object with key-value pairs representing the data from the
@@ -1637,7 +1641,8 @@ var BrowserTestUtils = { 
    browser,

    shouldShowTabCrashPage = true,

    shouldClearMinidumps = true,

    browsingContext

    browsingContext,

    options = {}

  ) {

    let extra = {};
@@ -1772,7 +1777,9 @@ var BrowserTestUtils = { 
    this.sendAsyncMessage(

      browsingContext || browser.browsingContext,

      "BrowserTestUtils:CrashFrame",

      {}

      {

        crashType: options.crashType || "",

      }

    );



    await Promise.all(expectedPromises);

testing/mochitest/BrowserTestUtils/BrowserTestUtilsChild.jsm

+22 −5
Original line number Diff line number Diff line
@@ -210,8 +210,8 @@ class BrowserTestUtilsChild extends JSWindowActorChild { 


      case "BrowserTestUtils:CrashFrame": {

        // This is to intentionally crash the frame.

        // We crash by using js-ctypes and dereferencing

        // a bad pointer. The crash should happen immediately

        // We crash by using js-ctypes. The crash

        // should happen immediately

        // upon loading this frame script.



        const { ctypes } = ChromeUtils.import(
@@ -220,9 +220,26 @@ class BrowserTestUtilsChild extends JSWindowActorChild { 


        let dies = function() {

          ChromeUtils.privateNoteIntentionalCrash();



          switch (aMessage.data.crashType) {

            case "CRASH_OOM": {

              let debug = Cc["@mozilla.org/xpcom/debug;1"].getService(

                Ci.nsIDebug2

              );

              debug.crashWithOOM();

              break;

            }

            case "CRASH_INVALID_POINTER_DEREF": // Fallthrough

            default: {

              // Dereference a bad pointer.

              let zero = new ctypes.intptr_t(8);

          let badptr = ctypes.cast(zero, ctypes.PointerType(ctypes.int32_t));

              let badptr = ctypes.cast(

                zero,

                ctypes.PointerType(ctypes.int32_t)

              );

              badptr.contents;

            }

          }

        };



        dump("\nEt tu, Brute?\n");

xpcom/base/nsDebugImpl.cpp

+6 −0
Original line number Diff line number Diff line
@@ -135,6 +135,12 @@ nsDebugImpl::Abort(const char* aFile, int32_t aLine) { 
  return NS_OK;

}



NS_IMETHODIMP

nsDebugImpl::CrashWithOOM() {

  NS_ABORT_OOM(-1);

  return NS_OK;

}



// From toolkit/library/rust/lib.rs

extern "C" void intentional_panic(const char* message);

xpcom/base/nsIDebug2.idl

+5 −0
Original line number Diff line number Diff line
@@ -86,4 +86,9 @@ interface nsIDebug2 : nsISupports 
     * @param aMessage the string to pass to panic!().

     */

    void rustPanic(in string aMessage);



    /**

     * Cause an Out of Memory Crash.

     */

    void crashWithOOM();

};