Closed
Bug 963790
(fuzzing-layers-linux)
Opened 10 years ago
Closed 10 years ago
Tracking: Run Faulty without parent process crashes on desktop Linux with GL layers and e10s
Categories
(Core :: Graphics: Layers, defect)
Tracking
()
RESOLVED
FIXED
mozilla30
People
(Reporter: bjacob, Assigned: bjacob)
References
(Depends on 3 open bugs, Blocks 1 open bug, )
Details
Attachments
(7 files, 2 obsolete files)
5.83 KB,
patch
|
Details | Diff | Splinter Review | |
857 bytes,
patch
|
Details | Diff | Splinter Review | |
6.08 KB,
patch
|
Details | Diff | Splinter Review | |
1.01 KB,
patch
|
Details | Diff | Splinter Review | |
675 bytes,
patch
|
Details | Diff | Splinter Review | |
1.18 KB,
patch
|
Details | Diff | Splinter Review | |
895 bytes,
patch
|
Details | Diff | Splinter Review |
As a first step towards bug 898117, let us first get to the point where we run with Faulty without Gfx IPC crashes on desktop Linux. Need to enable GL layers to get IPC action. For background on Faulty, refer to bug 777067. Attaching a slightly fixed version of Faulty suitable for desktop Linux. Instructions: 1) apply Faulty patch to mozilla-central 2) build with --enable-ipc-fuzzer 3) run with these environment variables defined: FAULTY_PICKLE=1 FAULTY_PARENT=1 FAULTY_CHILDREN=1 FAULTY_ENABLE_LOGGING=1 FAULTY_PROBABILITY=10 Notes: 1) FAULTY_PROBABILITY=10 <-- the lower the number, the tougher the fuzzing. Christoph typically recomments 1000. Using 10 currently allows me to get Gfx IPC crashes right away, all the time. 2) Note that FAULTY_CHILDREN=1 is needed for Faulty not to reject the currently only Firefox process (thus a 'child' process as well as the 'parent' process).
Assignee | ||
Updated•10 years ago
|
Depends on: picky-with-pickles
Assignee | ||
Updated•10 years ago
|
Depends on: ipc-big-arrays
Assignee | ||
Comment 1•10 years ago
|
||
Attachment #8365340 -
Attachment is obsolete: true
Assignee | ||
Comment 2•10 years ago
|
||
Took that to bug 967320.
Assignee | ||
Comment 3•10 years ago
|
||
This also avoids a lot of crashes in debug builds, that are nontrivial to avoid. See the conversation on bug 963978.
Assignee | ||
Comment 4•10 years ago
|
||
Btw, new instructions: 0. Apply Christoph Faulty patch, and apply on top of that the patches here. Make a DEBUG build. 1. run with the tabs.remote pref set to true, to get separate parent and child processes. 2. as said above, run with layers.acceleration.force-enabled 3. do not set FAULTY_CHILDREN=1 (not wanted anymore thanks to step 1.). So here are the environment variables to be used: FAULTY_PICKLE=1 FAULTY_PARENT=1 FAULTY_ENABLE_LOGGING=1 FAULTY_PROBABILITY=10 Or any other probability.
Assignee | ||
Comment 5•10 years ago
|
||
I'm using this patch to get naughtly children to stay alive longer, to annoy the parent more. Otherwise they crash before they have time to do many naughty things.
Assignee | ||
Comment 6•10 years ago
|
||
This allows children to survive when the parent decides to kill them for rude behavior, allowing them to stress the parent longer. Anyway, while killing children is nice, it's not something that we would rely on for security. For starters, we currently ship browsers where child and parent are in the same process, and KillProcess just fails in this case.
Assignee | ||
Comment 7•10 years ago
|
||
Assignee | ||
Updated•10 years ago
|
Alias: fuzzing-layers-linux
Assignee | ||
Comment 8•10 years ago
|
||
Assignee | ||
Comment 9•10 years ago
|
||
Wiki page tracking this effort: https://intranet.mozilla.org/User:Bjacob@mozilla.com/Gfx_IPC_fuzzing
Assignee | ||
Comment 10•10 years ago
|
||
Bugs filed below this point are to be considered part of the "second round" of fuzzing.
Assignee | ||
Comment 11•10 years ago
|
||
Bugs filed below this point are to be considered part of the "third round" of fuzzing.
Assignee | ||
Comment 12•10 years ago
|
||
Disabling the dom/plugins reftests, which were stalling, I have a 100% complete run of all reftests, without any crash or ASan error! REFTEST FINISHED: Slowest test took 34477ms (http://localhost:60033/1392778213147/355/font-matching/font-stretch-1.html) REFTEST INFO | Result summary: REFTEST INFO | Successful: 8151 (8132 pass, 19 load only) REFTEST INFO | Unexpected: 2955 (1963 unexpected fail, 3 unexpected pass, 989 unexpected asserts, 0 unexpected fixed asserts, 0 failed load, 0 exception) REFTEST INFO | Known problems: 343 (179 known fail, 11 known asserts, 82 random, 71 skipped, 0 slow) REFTEST INFO | Total canvas count = 8 Time to start landing patches....
Assignee | ||
Comment 13•10 years ago
|
||
Try push at various points of the patch queue: https://tbpl.mozilla.org/?tree=Try&rev=7c95257b706d https://tbpl.mozilla.org/?tree=Try&rev=0e56443f5ad5 https://tbpl.mozilla.org/?tree=Try&rev=e00f278170c6 https://tbpl.mozilla.org/?tree=Try&rev=71ff62d7fe91
Assignee | ||
Comment 14•10 years ago
|
||
Already landed: 6 patches. https://tbpl.mozilla.org/?tree=Try&rev=c7bb469bec36 https://tbpl.mozilla.org/?tree=Try&rev=a85d210fafdb
Assignee | ||
Comment 15•10 years ago
|
||
Windows-only: https://tbpl.mozilla.org/?tree=Try&rev=00519d28644e
Assignee | ||
Comment 16•10 years ago
|
||
Already landed: 11 patches out of 25.
Assignee | ||
Comment 17•10 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=38d1a6fbb6a6 https://tbpl.mozilla.org/?tree=Try&rev=d5356402b96d
Assignee | ||
Comment 18•10 years ago
|
||
With the landing of bug 968825 and 970747 we are now at: 18 patches landed out of 25.
Assignee | ||
Comment 19•10 years ago
|
||
With the landing of bug 968823 and 974356 we are now at: 23 patches landed out of 25.
Assignee | ||
Comment 20•10 years ago
|
||
...and with bug 968244 landed, now at 24 patches landed out of 25 ....
Assignee | ||
Comment 21•10 years ago
|
||
...and with bug 974353 landed, we are finally done here! Thanks everybody!
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → bjacob
Updated•10 years ago
|
Target Milestone: --- → mozilla30
Assignee | ||
Comment 22•10 years ago
|
||
For the record (and to link to from the wiki page), patch I used to turn on remote IPC (e10s).
Attachment #8370320 -
Attachment is obsolete: true
Assignee | ||
Comment 23•10 years ago
|
||
Assignee | ||
Updated•10 years ago
|
Summary: Tracking: Run Faulty without gfx ipc crashes on desktop Linux with GL layers → Tracking: Run Faulty without parent process crashes on desktop Linux with GL layers and e10s
Updated•5 years ago
|
Blocks: fuzzing-ipc-ipdl
You need to log in
before you can comment on or make changes to this bug.
Description
•