Add a buildflag to use the handle verifier in a per module mode.

Add a buildflag to use the handle verifier in a per module mode.

The HandleVerifier prevent you from using any ScopedHandle during a module initialization (i.e. if a DLL use one in DllMain this will call back into its host executable that hasn't been initialized yet and things will derail). In this CL I'm adding a build flag to make it possible to use it in a single module mode..

Committed: https://crrev.com/a89708a5c1bfe778ed1615f0bc92f0e9ae2e2192
Cr-Commit-Position: refs/heads/master@{#398361}

BUG=618205
Committed: https://crrev.com/82ef0204161f34381ab832a576c4789e1063e0ee
Cr-Commit-Position: refs/heads/master@{#398575}

[Sébastien Marchand, 2016-05-13 14:49:04]

Description was changed from

==========
g# Enter a description of the change.
Add a buildflag to disable the handle verifier.

BUG=
==========

to

==========
Add a buildflag to disable the handle verifier.
==========

[Sébastien Marchand, 2016-05-13 16:00:47]

sebmarchand@chromium.org changed reviewers:
+ wfh@chromium.org

[Sébastien Marchand, 2016-05-13 16:00:47]

Hey, what do you think of this approach to have a way to disable the handle
verifier code ? It's still a WIP, the gyp changes are not complete and GN is
still missing, I just wanted a first opinion on this.

[Sébastien Marchand, 2016-05-13 16:03:31]

Description was changed from

==========
Add a buildflag to disable the handle verifier.
==========

to

==========
WIP: Add a buildflag to disable the handle verifier.

The HandleVerifier prevent you from using any ScopedHandle during a module
initialization (i.e. if a DLL use one in DllMain this will call back into its
host executable that hasn't been initialized yet and things will derail). In
this CL I'm adding a build flag to make it possible to disable it in the
projects that don't need it.
==========

[Sébastien Marchand, 2016-05-13 18:06:34]

sebmarchand@chromium.org changed reviewers:
+ chrisha@chromium.org

[Sébastien Marchand, 2016-05-13 18:06:34]

+chrisha@, here's a WIP for the handle verifier build flag.

[chrisha, 2016-05-13 18:44:54]

Looks like a sane way to accomplish this to me, but I don't know much about the
build traits system.

https://codereview.chromium.org/1977833003/diff/1/base/base.gyp
File base/base.gyp (right):

https://codereview.chromium.org/1977833003/diff/1/base/base.gyp#newcode1037
base/base.gyp:1037: # Since this generates a file, it most only be referenced in
the target
must*

(could fix this where it was copied from too)

[Will Harris, 2016-05-18 08:51:21]

So the Q about whether we want to expose a way to totally disable the verifier -
the handle verifier can also operate in single module mode - this is here:

https://code.google.com/p/chromium/codesearch#chromium/src/base/win/scoped_ha...

where it does not call cross-module but instead just creates one per module. I'd
be interested if just using this code fixes the issues you are having with
syzygy.

Handle verifier in single module mode still will tell you if you do bad things
like double-close a handle... which is worth keeping if it works in your code.

https://codereview.chromium.org/1977833003/diff/40001/base/win/BUILD.gn
File base/win/BUILD.gn (right):

https://codereview.chromium.org/1977833003/diff/40001/base/win/BUILD.gn#newcode8
base/win/BUILD.gn:8: enable_handle_verifier = true
nit: needs a comment here for the gn help.

[Sébastien Marchand, 2016-05-18 13:39:08]

Yeah, I don't mind keeping it if the overhead is low and if there's no potential
compatibility issue. We ship SyzyAsan as an external DLL that get used by
Chrome, they never use the same revision of base/ so we should try to avoid
using anything that might cause some compatibility issue. Using one verifier per
module seems safe enough.

Chris, wdyt ?

https://codereview.chromium.org/1977833003/diff/1/base/base.gyp
File base/base.gyp (right):

https://codereview.chromium.org/1977833003/diff/1/base/base.gyp#newcode1037
base/base.gyp:1037: # Since this generates a file, it most only be referenced in
the target
On 2016/05/13 18:44:54, chrisha (slow) wrote:
> must*
> 
> (could fix this where it was copied from too)

Done.

[Sébastien Marchand, 2016-05-24 16:58:21]

Chris: ping ? Should we keep the verifier or should we get rid of it ? (see
Will's comment about this).

[chrisha, 2016-05-24 17:20:28]

I'm fine with keeping it if it runs in a 'per module' mode. Whatever is easiest,
IMO.

[Will Harris, 2016-05-27 16:02:49]

On 2016/05/24 17:20:28, chrisha (slow) wrote:
> I'm fine with keeping it if it runs in a 'per module' mode. Whatever is
easiest,
> IMO.

fine with that too, perhaps close this CL unless you are planning on working on
it, and then raise a new one that allows per-module to be set?

[Sébastien Marchand, 2016-05-27 16:04:45]

I'm reworking this CL, I'll update the description and send a request for review
soon-ish.

[Sébastien Marchand, 2016-05-30 20:06:31]

Description was changed from

==========
WIP: Add a buildflag to disable the handle verifier.

The HandleVerifier prevent you from using any ScopedHandle during a module
initialization (i.e. if a DLL use one in DllMain this will call back into its
host executable that hasn't been initialized yet and things will derail). In
this CL I'm adding a build flag to make it possible to disable it in the
projects that don't need it.
==========

to

==========
Add a buildflag to use the handle verifier in a per module mode.

The HandleVerifier prevent you from using any ScopedHandle during a module
initialization (i.e. if a DLL use one in DllMain this will call back into its
host executable that hasn't been initialized yet and things will derail). In
this CL I'm adding a build flag to make it possible to use it in a single module
mode..
==========

[Sébastien Marchand, 2016-05-30 20:07:09]

Ok, reworked this to use this flag on a per module mode, PTAL.

[Will Harris, 2016-06-01 16:46:40]

https://codereview.chromium.org/1977833003/diff/100001/base/win/scoped_handle...
File base/win/scoped_handle_unittest.cc (right):

https://codereview.chromium.org/1977833003/diff/100001/base/win/scoped_handle...
base/win/scoped_handle_unittest.cc:52: #if
BUILDFLAG(SINGLE_MODULE_MODE_HANDLE_VERIFIER)
why do these tests now depend on this, they didn't before

[Sébastien Marchand, 2016-06-01 19:18:48]

Thanks, PTAnL.

https://codereview.chromium.org/1977833003/diff/100001/base/win/scoped_handle...
File base/win/scoped_handle_unittest.cc (right):

https://codereview.chromium.org/1977833003/diff/100001/base/win/scoped_handle...
base/win/scoped_handle_unittest.cc:52: #if
BUILDFLAG(SINGLE_MODULE_MODE_HANDLE_VERIFIER)
On 2016/06/01 16:46:40, Will Harris (slow thru 23 May) wrote:
> why do these tests now depend on this, they didn't before

Hum, I thought that there was a #ifdef COMPONENT_BUILD here but it looks like a
mistake during the switch to SINGLE_MODULE_MODE_HANDLE_VERIFIER ... Sorry !
Fixed.

[Sébastien Marchand, 2016-06-02 19:59:51]

+thakis@ for owner approval.

[Sébastien Marchand, 2016-06-03 13:06:02]

sebmarchand@chromium.org changed reviewers:
+ thakis@chromium.org

[Sébastien Marchand, 2016-06-03 13:06:03]

+thakis for owner approval (for real this time)

[Nico, 2016-06-03 14:41:16]

https://codereview.chromium.org/1977833003/diff/120001/base/BUILD.gn
File base/BUILD.gn (right):

https://codereview.chromium.org/1977833003/diff/120001/base/BUILD.gn#newcode1182
base/BUILD.gn:1182: public_deps += [ "//base/win:base_win_features" ]
it looks like the new feature define is only used in a cc file and its test. if
you add this to public_deps, then every file in every target depending on base
(almost all of them) will get a new -D flag, while it's really only needed in
two files. Maybe this should just be an ordinary dep in base and base_unittests?

[Sébastien Marchand, 2016-06-03 14:44:42]

Thanks for the quick review.

https://codereview.chromium.org/1977833003/diff/120001/base/BUILD.gn
File base/BUILD.gn (right):

https://codereview.chromium.org/1977833003/diff/120001/base/BUILD.gn#newcode1182
base/BUILD.gn:1182: public_deps += [ "//base/win:base_win_features" ]
On 2016/06/03 14:41:16, Nico wrote:
> it looks like the new feature define is only used in a cc file and its test.
if
> you add this to public_deps, then every file in every target depending on base
> (almost all of them) will get a new -D flag, while it's really only needed in
> two files. Maybe this should just be an ordinary dep in base and
base_unittests?

Oh, I thought that we were strongly encouraged to always use the new buildflag
definition for any new build flag. I agree that in this case it make more sense
to just add the define for these 2 targets, I'll do this.

[Nico, 2016-06-03 15:06:20]

no i mean use the buildflag pattern, but rather than use a public_dep, make it a
regular dep in the two places that are needed (3 line diff change from what you
have)

[Sébastien Marchand, 2016-06-03 16:37:19]

Patchset #8 (id:140001) has been deleted

[Sébastien Marchand, 2016-06-03 16:44:15]

Ok, PTAnL.

[Will Harris, 2016-06-03 23:31:10]

don't quite understand the features stuff, happy to leave that to nico to
review, but the .cc files lgtm

[Sébastien Marchand, 2016-06-07 13:06:58]

thakis@ : ping ?

[Nico, 2016-06-07 16:48:18]

lgtm

https://codereview.chromium.org/1977833003/diff/160001/base/win/BUILD.gn
File base/win/BUILD.gn (right):

https://codereview.chromium.org/1977833003/diff/160001/base/win/BUILD.gn#newc...
base/win/BUILD.gn:14: single_module_mode_handle_verifier = true
this means that if you explicitly set single_module_mode_handle_verifier to
false but do a component build, you end up with it true, yes? is that what you
want?

[Will Harris, 2016-06-07 17:34:38]

On 2016/06/07 16:48:18, Nico wrote:
> lgtm
> 
> https://codereview.chromium.org/1977833003/diff/160001/base/win/BUILD.gn
> File base/win/BUILD.gn (right):
> 
>
https://codereview.chromium.org/1977833003/diff/160001/base/win/BUILD.gn#newc...
> base/win/BUILD.gn:14: single_module_mode_handle_verifier = true
> this means that if you explicitly set single_module_mode_handle_verifier to
> false but do a component build, you end up with it true, yes? is that what you
> want?

I think this is fine. In a component build then
SINGLE_MODULE_MODE_HANDLE_VERIFIER should always be forced enabled and override
what single_module_mode_handle_verifier was set to.

[Sébastien Marchand, 2016-06-07 17:47:58]

https://codereview.chromium.org/1977833003/diff/160001/base/win/BUILD.gn
File base/win/BUILD.gn (right):

https://codereview.chromium.org/1977833003/diff/160001/base/win/BUILD.gn#newc...
base/win/BUILD.gn:14: single_module_mode_handle_verifier = true
On 2016/06/07 16:48:18, Nico wrote:
> this means that if you explicitly set single_module_mode_handle_verifier to
> false but do a component build, you end up with it true, yes? is that what you
> want?

Yes, I'll add a comment.

[Sébastien Marchand, 2016-06-07 17:48:04]

The CQ bit was checked by sebmarchand@chromium.org

[Sébastien Marchand, 2016-06-07 17:48:04]

The patchset sent to the CQ was uploaded after l-g-t-m from thakis@chromium.org,
wfh@chromium.org
Link to the patchset: https://codereview.chromium.org/1977833003/#ps180001
(title: "comment.")

[commit-bot: I haz the power, 2016-06-07 17:48:41]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1977833003/180001

[commit-bot: I haz the power, 2016-06-07 19:05:10]

Description was changed from

==========
Add a buildflag to use the handle verifier in a per module mode.

The HandleVerifier prevent you from using any ScopedHandle during a module
initialization (i.e. if a DLL use one in DllMain this will call back into its
host executable that hasn't been initialized yet and things will derail). In
this CL I'm adding a build flag to make it possible to use it in a single module
mode..
==========

to

==========
Add a buildflag to use the handle verifier in a per module mode.

The HandleVerifier prevent you from using any ScopedHandle during a module
initialization (i.e. if a DLL use one in DllMain this will call back into its
host executable that hasn't been initialized yet and things will derail). In
this CL I'm adding a build flag to make it possible to use it in a single module
mode..
==========

[commit-bot: I haz the power, 2016-06-07 19:05:12]

Committed patchset #9 (id:180001)

[commit-bot: I haz the power, 2016-06-07 19:07:56]

Description was changed from

==========
Add a buildflag to use the handle verifier in a per module mode.

The HandleVerifier prevent you from using any ScopedHandle during a module
initialization (i.e. if a DLL use one in DllMain this will call back into its
host executable that hasn't been initialized yet and things will derail). In
this CL I'm adding a build flag to make it possible to use it in a single module
mode..
==========

to

==========
Add a buildflag to use the handle verifier in a per module mode.

The HandleVerifier prevent you from using any ScopedHandle during a module
initialization (i.e. if a DLL use one in DllMain this will call back into its
host executable that hasn't been initialized yet and things will derail). In
this CL I'm adding a build flag to make it possible to use it in a single module
mode..

Committed: https://crrev.com/a89708a5c1bfe778ed1615f0bc92f0e9ae2e2192
Cr-Commit-Position: refs/heads/master@{#398361}
==========

[commit-bot: I haz the power, 2016-06-07 19:07:57]

Patchset 9 (id:??) landed as
https://crrev.com/a89708a5c1bfe778ed1615f0bc92f0e9ae2e2192
Cr-Commit-Position: refs/heads/master@{#398361}

[battre, 2016-06-08 06:52:50]

battre@chromium.org changed reviewers:
+ battre@chromium.org

[battre, 2016-06-08 06:52:51]

This fails on Win7 reliably:
https://build.chromium.org/p/chromium.win/builders/Win7%20Tests%20(dbg)(1)/bu...

Will revert to see whether that fixes the problem.

ScopedHandleTest.ActiveVerifierDoubleTracking (run #1):
[ RUN      ] ScopedHandleTest.ActiveVerifierDoubleTracking
c:uild\slave\win_builder__dbg_uild\srcase\win\scoped_handle_unittest.cc(74):
error: Death test: { base::win::ScopedHandle handle_holder2(handle); }
    Result: failed to die.
 Error msg:
[  DEATH   ] [5396:3224:0607/231233:18621043:WARNING:test_suite.cc(195)] Test
launcher output path
C:\Users\CHROME~2\AppData\Local\TempK2_29056	est_results.xml exists. Not adding
test launcher result printer.
[  DEATH   ]
[  FAILED  ] ScopedHandleTest.ActiveVerifierDoubleTracking (140 ms)

ScopedHandleTest.ActiveVerifierDoubleTracking (run #2):
[ RUN      ] ScopedHandleTest.ActiveVerifierDoubleTracking
c:uild\slave\win_builder__dbg_uild\srcase\win\scoped_handle_unittest.cc(74):
error: Death test: { base::win::ScopedHandle handle_holder2(handle); }
    Result: failed to die.
 Error msg:
[  DEATH   ] [328:4444:0607/231241:18629030:WARNING:test_suite.cc(195)] Test
launcher output path
C:\Users\CHROME~2\AppData\Local\TempK2_12446	est_results.xml exists. Not adding
test launcher result printer.
[  DEATH   ]
[  FAILED  ] ScopedHandleTest.ActiveVerifierDoubleTracking (141 ms)

ScopedHandleTest.ActiveVerifierDoubleTracking (run #3):
[ RUN      ] ScopedHandleTest.ActiveVerifierDoubleTracking
c:uild\slave\win_builder__dbg_uild\srcase\win\scoped_handle_unittest.cc(74):
error: Death test: { base::win::ScopedHandle handle_holder2(handle); }
    Result: failed to die.
 Error msg:
[  DEATH   ] [3584:2092:0607/231242:18630606:WARNING:test_suite.cc(195)] Test
launcher output path
C:\Users\CHROME~2\AppData\Local\TempK2_18644	est_results.xml exists. Not adding
test launcher result printer.
[  DEATH   ]
[  FAILED  ] ScopedHandleTest.ActiveVerifierDoubleTracking (187 ms)

ScopedHandleTest.ActiveVerifierDoubleTracking (run #4):
[ RUN      ] ScopedHandleTest.ActiveVerifierDoubleTracking
c:uild\slave\win_builder__dbg_uild\srcase\win\scoped_handle_unittest.cc(74):
error: Death test: { base::win::ScopedHandle handle_holder2(handle); }
    Result: failed to die.
 Error msg:
[  DEATH   ] [4324:5172:0607/231244:18632135:WARNING:test_suite.cc(195)] Test
launcher output path C:\Users\CHROME~2\AppData\Local\TempK2_6961	est_results.xml
exists. Not adding test launcher result printer.
[  DEATH   ]
[  FAILED  ] ScopedHandleTest.ActiveVerifierDoubleTracking (140 ms)

[battre, 2016-06-08 06:54:03]

A revert of this CL (patchset #9 id:180001) has been created in
https://codereview.chromium.org/2047013003/ by battre@chromium.org.

The reason for reverting is: ScopedHandleTest.* tests fail to die on try bots.

BUG=618205.

[Sébastien Marchand, 2016-06-08 14:44:05]

There was a missing '$' in base/win/BUILD.gn :(, PTAnL.

[Sébastien Marchand, 2016-06-08 14:44:32]

Description was changed from

==========
Add a buildflag to use the handle verifier in a per module mode.

The HandleVerifier prevent you from using any ScopedHandle during a module
initialization (i.e. if a DLL use one in DllMain this will call back into its
host executable that hasn't been initialized yet and things will derail). In
this CL I'm adding a build flag to make it possible to use it in a single module
mode..

Committed: https://crrev.com/a89708a5c1bfe778ed1615f0bc92f0e9ae2e2192
Cr-Commit-Position: refs/heads/master@{#398361}
==========

to

==========
Add a buildflag to use the handle verifier in a per module mode.

The HandleVerifier prevent you from using any ScopedHandle during a module
initialization (i.e. if a DLL use one in DllMain this will call back into its
host executable that hasn't been initialized yet and things will derail). In
this CL I'm adding a build flag to make it possible to use it in a single module
mode..

Committed: https://crrev.com/a89708a5c1bfe778ed1615f0bc92f0e9ae2e2192
Cr-Commit-Position: refs/heads/master@{#398361}
==========

[Sébastien Marchand, 2016-06-08 14:44:51]

Description was changed from

==========
Add a buildflag to use the handle verifier in a per module mode.

The HandleVerifier prevent you from using any ScopedHandle during a module
initialization (i.e. if a DLL use one in DllMain this will call back into its
host executable that hasn't been initialized yet and things will derail). In
this CL I'm adding a build flag to make it possible to use it in a single module
mode..

Committed: https://crrev.com/a89708a5c1bfe778ed1615f0bc92f0e9ae2e2192
Cr-Commit-Position: refs/heads/master@{#398361}
==========

to

==========
Add a buildflag to use the handle verifier in a per module mode.

The HandleVerifier prevent you from using any ScopedHandle during a module
initialization (i.e. if a DLL use one in DllMain this will call back into its
host executable that hasn't been initialized yet and things will derail). In
this CL I'm adding a build flag to make it possible to use it in a single module
mode..

Committed: https://crrev.com/a89708a5c1bfe778ed1615f0bc92f0e9ae2e2192
Cr-Commit-Position: refs/heads/master@{#398361}

BUG=618205
==========

[Nico, 2016-06-08 14:46:45]

still lgtm

1.) For obvious one-byte fixes like this, I think you can just reland and don't
need another review
2.) For fixes like this, it makes things much easier if you upload the cl
unmodified right after rebasing, and then the fix in a separate patchset. then
it's easier to find the fixed part

[Sébastien Marchand, 2016-06-08 14:49:22]

Thanks, I'll do this next time.

[Sébastien Marchand, 2016-06-08 15:03:00]

The CQ bit was checked by sebmarchand@chromium.org

[Sébastien Marchand, 2016-06-08 15:03:01]

The patchset sent to the CQ was uploaded after l-g-t-m from wfh@chromium.org
Link to the patchset: https://codereview.chromium.org/1977833003/#ps200001
(title: "Fix the GN config.")

[commit-bot: I haz the power, 2016-06-08 15:03:44]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1977833003/200001

[commit-bot: I haz the power, 2016-06-08 15:57:54]

Description was changed from

==========
Add a buildflag to use the handle verifier in a per module mode.

The HandleVerifier prevent you from using any ScopedHandle during a module
initialization (i.e. if a DLL use one in DllMain this will call back into its
host executable that hasn't been initialized yet and things will derail). In
this CL I'm adding a build flag to make it possible to use it in a single module
mode..

Committed: https://crrev.com/a89708a5c1bfe778ed1615f0bc92f0e9ae2e2192
Cr-Commit-Position: refs/heads/master@{#398361}

BUG=618205
==========

to

==========
Add a buildflag to use the handle verifier in a per module mode.

The HandleVerifier prevent you from using any ScopedHandle during a module
initialization (i.e. if a DLL use one in DllMain this will call back into its
host executable that hasn't been initialized yet and things will derail). In
this CL I'm adding a build flag to make it possible to use it in a single module
mode..

Committed: https://crrev.com/a89708a5c1bfe778ed1615f0bc92f0e9ae2e2192
Cr-Commit-Position: refs/heads/master@{#398361}

BUG=618205
==========

[commit-bot: I haz the power, 2016-06-08 15:57:56]

Committed patchset #10 (id:200001)

[commit-bot: I haz the power, 2016-06-08 16:01:15]

Description was changed from

==========
Add a buildflag to use the handle verifier in a per module mode.

The HandleVerifier prevent you from using any ScopedHandle during a module
initialization (i.e. if a DLL use one in DllMain this will call back into its
host executable that hasn't been initialized yet and things will derail). In
this CL I'm adding a build flag to make it possible to use it in a single module
mode..

Committed: https://crrev.com/a89708a5c1bfe778ed1615f0bc92f0e9ae2e2192
Cr-Commit-Position: refs/heads/master@{#398361}

BUG=618205
==========

to

==========
Add a buildflag to use the handle verifier in a per module mode.

The HandleVerifier prevent you from using any ScopedHandle during a module
initialization (i.e. if a DLL use one in DllMain this will call back into its
host executable that hasn't been initialized yet and things will derail). In
this CL I'm adding a build flag to make it possible to use it in a single module
mode..

Committed: https://crrev.com/a89708a5c1bfe778ed1615f0bc92f0e9ae2e2192
Cr-Commit-Position: refs/heads/master@{#398361}

BUG=618205

Committed: https://crrev.com/82ef0204161f34381ab832a576c4789e1063e0ee
Cr-Commit-Position: refs/heads/master@{#398575}
==========

[commit-bot: I haz the power, 2016-06-08 16:01:17]

Patchset 10 (id:??) landed as
https://crrev.com/82ef0204161f34381ab832a576c4789e1063e0ee
Cr-Commit-Position: refs/heads/master@{#398575}