User:Benjamin Smedberg/Flash Crash Reporting

From MozillaWiki
Jump to: navigation, search

This is a design document for bug 769048.

Prototype

The prototype code which I used to test and develop this is located in a user repo.

Remote Code Injector

Most of the time, DLLs can be injected into another process using "the LoadLibrary trick". But the Flash process is in a security sandbox which forbids opening the DLL library. So instead, I modified the loading code of https://github.com/fancycode/MemoryModule so that it can perform section mappings relocations and then inject the DLL memory into the target process.

Breakpad changes

The upstream breakpad code was modified to support opening a crash generation client with a duplicated handle instead of a named pipe. Ted has already completed the upstream review (formatting nits yet to be fixed). I intend to cherrypick this fix into the Mozilla tree since we haven't imported a full breakpad in a little while and we don't need the risk of other changes.

Injector Library/Breakpad Build Goop

The injector library consists of the breakpad client code which uses a duplicated handle to an existing pipe to set a global exception handler in the Flash process. This is relatively straightforward, except that the breakpad client needs to be compiled in a slightly different way (static CRT, no mozalloc/mozutils dependendencies), so I had to modify the breakpad build scripts. I also added a global MOZ_CRASHREPORTER_INJECTOR variable, because I limited this code to win32, and repeating "#if defined(XP_WIN) && !defined(HAVE_64BIT_OS)" in a bunch of places was really ugly.

Crashreporter API

The crashreporter has grown an API to inject a crash handler into a process identified by PID and a callback mechanism to know when this process has crashed. The only slightly complicated part of this process is that the injection should happen on a worker thread because it has potentially blocking pipe calls.

Plugins API

The PluginModuleParent code, which already has functions to identify a crashed plugin-container process, now watches for subprocesses of Flash specifically, which have the process name "FlashPluginPlugin*", and uses the crashreporter API to inject a crash handler into these processes.

The first process to crash is the one for which we collect a minidump. We ignore subsequent crashes of any other processes, because we're pretty sure that the first one to crash is almost always going to be the interesting one.

Plugin hang detection is currently unchanged. We probably want to do something better, but not right now because it will require some headscratching WRT server identifiers.

Retrieved from "https://wiki.mozilla.org/index.php?title=User:Benjamin_Smedberg/Flash_Crash_Reporting&oldid=446957"