[webkit-dev] WTFCrash()

Michael Catanzaro mcatanzaro at igalia.com
Tue Mar 6 21:09:18 PST 2018


After [1], WTFCrash() is used only in debug builds on Darwin. For 
Darwin release builds, inline assembly is used to trigger a SIGTRAP. I 
experimented with this today and found it works quite badly on Linux, 
somehow confusing gdb and clobbering the top frames of the stacktrace, 
so I think we should leave that unchanged and keep it Darwin-only. So 
this mail applies only to debug builds on Darwin, and to non-Darwin 

Now, currently, WTFCrash() does three things:

 (1) Calls a user-configurable crash hook
 (2) Print a low-quality backtrace to stderr
 (3) Crash somehow:
   - If ASAN is used, with __builtin_trap() (that's SIGILL on Linux 
   - Then with *(int *)(uintptr_t)0xbbadbeef = 0, which might fail to 
crash if 0xbadbeef is a valid address, and is SIGSEGV otherwise
   - Then with __builtin_trap() if COMPILER(GCC_OR_CLANG)
   - Then with ((void(*)())0)() otherwise (presumably SIGSEGV or 
SIGBUS, dunno)

This is all rather more complicated than it needs to be.

First off, the crash hook is (almost) unused and should simply be 
removed, see [2].

Next, the low-quality backtrace. Does anyone think this is useful? It's 
mainly annoying to me, because it's not anywhere near as good as a 
proper backtrace that shows stack members, it's mangled so function 
names are unnecessarily-difficult to read, and it takes all of five 
seconds to get a much nicer one with modern Linux developer tools. If 
other developers like it, perhaps we could keep it for debug builds 
only, and skip right to the crashing in release builds? I suppose we 
could keep printing it always if there is desire to do this, because it 
has never caused any problems with Linux crash telemetry and doesn't 
seem to be harming anything, but otherwise my instinct is to simplify.

Now, as for how exactly to crash. Current logic, with asan disabled, 
prefers SIGSEGV, then SIGILL if that fails, then SIGSEGV again. I don't 
like that WTFCrash() triggers a SIGSEGV. This is not very clean; at 
least on Linux, it's conventional for assertion failures and other 
intentional crashes to cause SIGABRT instead of trying to write to 
0xbadbeef. SIGILL is also quite unusual. I  think I'd be happy if we 
replace all of WTFCrash() with a single call to abort(). Any objections 
to this? Is there a special reason for the current convoluted logic?


[1] https://bugs.webkit.org/show_bug.cgi?id=153996
[2] https://bugs.webkit.org/show_bug.cgi?id=183369

More information about the webkit-dev mailing list