ppapi/tests/test_instance_deprecated.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "ppapi/tests/test_instance_deprecated.h"
   6
   7 #include <assert.h>
   8
   9 #include "ppapi/c/ppb_var.h"
  10 #include "ppapi/cpp/module.h"
  11 #include "ppapi/tests/testing_instance.h"
  12
  13 static const char kSetValueFunction[] = "SetValue";
  14 static const char kSetExceptionFunction[] = "SetException";
  15 static const char kReturnValueFunction[] = "ReturnValue";
  16
  17 InstanceSO::InstanceSO(TestInstance* i)
  18     : test_instance_(i),
  19       testing_interface_(i->testing_interface()) {
  20 }
  21
  22 InstanceSO::~InstanceSO() {
  23   if (test_instance_)
  24     test_instance_->clear_instance_so();
  25 }
  26
  27 bool InstanceSO::HasMethod(const pp::Var& name, pp::Var* exception) {
  28   if (!name.is_string())
  29     return false;
  30   return name.AsString() == kSetValueFunction ||
  31          name.AsString() == kSetExceptionFunction ||
  32          name.AsString() == kReturnValueFunction;
  33 }
  34
  35 pp::Var InstanceSO::Call(const pp::Var& method_name,
  36                          const std::vector<pp::Var>& args,
  37                          pp::Var* exception) {
  38   if (!method_name.is_string())
  39     return false;
  40   std::string name = method_name.AsString();
  41
  42   if (name == kSetValueFunction) {
  43     if (args.size() != 1 || !args[0].is_string())
  44       *exception = pp::Var("Bad argument to SetValue(<string>)");
  45     else if (test_instance_)
  46       test_instance_->set_string(args[0].AsString());
  47   } else if (name == kSetExceptionFunction) {
  48     if (args.size() != 1 || !args[0].is_string())
  49       *exception = pp::Var("Bad argument to SetException(<string>)");
  50     else
  51       *exception = args[0];
  52   } else if (name == kReturnValueFunction) {
  53     if (args.size() != 1)
  54       *exception = pp::Var("Need single arg to call ReturnValue");
  55     else
  56       return args[0];
  57   } else {
  58     *exception = pp::Var("Bad function call");
  59   }
  60
  61   return pp::Var();
  62 }
  63
  64 REGISTER_TEST_CASE(Instance);
  65
  66 TestInstance::TestInstance(TestingInstance* instance)
  67     : TestCase(instance),
  68       instance_so_(NULL) {}
  69
  70 bool TestInstance::Init() {
  71   return true;
  72 }
  73
  74 TestInstance::~TestInstance() {
  75   ResetTestObject();
  76   if (testing_interface_->IsOutOfProcess() == PP_FALSE) {
  77     // This should cause the instance object's destructor to be called.
  78     testing_interface_->RunV8GC(instance_->pp_instance());
  79
  80     // Test a post-condition which ensures the instance objects destructor is
  81     // called. This only works reliably in-process. Out-of-process, it only
  82     // can work when the renderer stays alive a short while after the plugin
  83     // instance is destroyed. If the renderer is being shut down, too much
  84     // happens asynchronously for the out-of-process case to work reliably. In
  85     // particular:
  86     //   - The Var ReleaseObject message is asynchronous.
  87     //   - The PPB_Var_Deprecated host-side proxy posts a task to actually
  88     //     release the object when the ReleaseObject message is received.
  89     //   - The PPP_Class Deallocate message is asynchronous.
  90     // At time of writing this comment, if you modify the code so that the above
  91     // happens synchronously, and you remove the restriction that the plugin
  92     // can't be unblocked by a sync message, then this check actually passes
  93     // reliably for out-of-process. But we don't want to make any of those
  94     // changes so we just skip the check.
  95     PP_DCHECK(!instance_so_);
  96   } else {
  97     // Out-of-process, this destructor might not actually get invoked. Clear
  98     // the InstanceSOs reference to the instance so there is no UAF.
  99     if (instance_so_)
 100       instance_so_->clear_test_instance();
 101   }
 102
 103   // Save the fact that we were destroyed in sessionStorage. This tests that
 104   // we can ExecuteScript at instance destruction without crashing. It also
 105   // allows us to check that ExecuteScript will run and succeed in certain
 106   // cases. In particular, when the instance is destroyed by normal DOM
 107   // deletion, ExecuteScript will actually work. See
 108   // TestExecuteScriptInInstanceShutdown for that test. Note, however, that
 109   // ExecuteScript will *not* have an effect when the instance is destroyed
 110   // because the renderer was shut down.
 111   pp::Var ret = instance()->ExecuteScript(
 112       "sessionStorage.setItem('instance_destroyed', 'true');");
 113 }
 114
 115 void TestInstance::RunTests(const std::string& filter) {
 116   RUN_TEST(ExecuteScript, filter);
 117   RUN_TEST(RecursiveObjects, filter);
 118   RUN_TEST(LeakedObjectDestructors, filter);
 119   RUN_TEST(SetupExecuteScriptAtInstanceShutdown, filter);
 120   RUN_TEST(ExecuteScriptAtInstanceShutdown, filter);
 121 }
 122
 123 void TestInstance::LeakReferenceAndIgnore(const pp::Var& leaked) {
 124   static const PPB_Var* var_interface = static_cast<const PPB_Var*>(
 125         pp::Module::Get()->GetBrowserInterface(PPB_VAR_INTERFACE));
 126   var_interface->AddRef(leaked.pp_var());
 127   IgnoreLeakedVar(leaked.pp_var().value.as_id);
 128 }
 129
 130 pp::deprecated::ScriptableObject* TestInstance::CreateTestObject() {
 131   if (!instance_so_)
 132     instance_so_ = new InstanceSO(this);
 133   return instance_so_;
 134 }
 135
 136 std::string TestInstance::TestExecuteScript() {
 137   // Simple call back into the plugin.
 138   pp::Var exception;
 139   pp::Var ret = instance_->ExecuteScript(
 140       "document.getElementById('plugin').SetValue('hello, world');",
 141       &exception);
 142   ASSERT_TRUE(ret.is_undefined());
 143   ASSERT_TRUE(exception.is_undefined());
 144   ASSERT_TRUE(string_ == "hello, world");
 145
 146   // Return values from the plugin should be returned.
 147   ret = instance_->ExecuteScript(
 148       "document.getElementById('plugin').ReturnValue('return value');",
 149       &exception);
 150   ASSERT_TRUE(ret.is_string() && ret.AsString() == "return value");
 151   ASSERT_TRUE(exception.is_undefined());
 152
 153   // Exception thrown by the plugin should be caught.
 154   ret = instance_->ExecuteScript(
 155       "document.getElementById('plugin').SetException('plugin exception');",
 156       &exception);
 157   ASSERT_TRUE(ret.is_undefined());
 158   ASSERT_TRUE(exception.is_string());
 159   // Due to a limitation in the implementation of TryCatch, it doesn't actually
 160   // pass the strings up. Since this is a trusted only interface, we've decided
 161   // not to bother fixing this for now.
 162
 163   // Exception caused by string evaluation should be caught.
 164   exception = pp::Var();
 165   ret = instance_->ExecuteScript("document.doesntExist()", &exception);
 166   ASSERT_TRUE(ret.is_undefined());
 167   ASSERT_TRUE(exception.is_string());  // Don't know exactly what it will say.
 168
 169   PASS();
 170 }
 171
 172 // A scriptable object that contains other scriptable objects recursively. This
 173 // is used to help verify that our scriptable object clean-up code works
 174 // properly.
 175 class ObjectWithChildren : public pp::deprecated::ScriptableObject {
 176  public:
 177   ObjectWithChildren(TestInstance* i, int num_descendents) {
 178     if (num_descendents > 0) {
 179       child_ = pp::VarPrivate(i->instance(),
 180                               new ObjectWithChildren(i, num_descendents - 1));
 181     }
 182   }
 183   struct IgnoreLeaks {};
 184   ObjectWithChildren(TestInstance* i, int num_descendents, IgnoreLeaks) {
 185     if (num_descendents > 0) {
 186       child_ = pp::VarPrivate(i->instance(),
 187                               new ObjectWithChildren(i, num_descendents - 1,
 188                                                      IgnoreLeaks()));
 189       i->IgnoreLeakedVar(child_.pp_var().value.as_id);
 190     }
 191   }
 192  private:
 193   pp::VarPrivate child_;
 194 };
 195
 196 std::string TestInstance::TestRecursiveObjects() {
 197   const int kNumChildren = 20;
 198   {
 199     // These should be deleted when we exit scope, so should not leak.
 200     pp::VarPrivate not_leaked(instance(), new ObjectWithChildren(this,
 201                                                                  kNumChildren));
 202   }
 203   // We need to run the GC multiple times until all of the vars are released.
 204   // Each GC invocation will result in releasing a var, which will result in its
 205   // children not having any references, allowing them also to be collected.
 206   for (int i = 0; i < kNumChildren; ++i)
 207     testing_interface_->RunV8GC(instance_->pp_instance());
 208
 209   // Leak some, but tell TestCase to ignore the leaks. This test is run and then
 210   // reloaded (see ppapi_uitest.cc). If these aren't cleaned up when the first
 211   // run is torn down, they will show up as leaks in the second run.
 212   // NOTE: The ScriptableObjects are actually leaked, but they should be removed
 213   //       from the tracker. See below for a test that verifies that the
 214   //       destructor is not run.
 215   pp::VarPrivate leaked(
 216       instance(),
 217       new ObjectWithChildren(this, kNumChildren,
 218                              ObjectWithChildren::IgnoreLeaks()));
 219   // Now leak a reference to the root object. This should force the root and
 220   // all its descendents to stay in the tracker.
 221   LeakReferenceAndIgnore(leaked);
 222
 223   PASS();
 224 }
 225
 226 // A scriptable object that should cause a crash if its destructor is run. We
 227 // don't run the destructor for objects which the plugin leaks. This is to
 228 // prevent them doing dangerous things at cleanup time, such as executing script
 229 // or creating new objects.
 230 class BadDestructorObject : public pp::deprecated::ScriptableObject {
 231  public:
 232   BadDestructorObject() {}
 233   ~BadDestructorObject() {
 234     assert(false);
 235   }
 236 };
 237
 238 std::string TestInstance::TestLeakedObjectDestructors() {
 239   pp::VarPrivate leaked(instance(), new BadDestructorObject());
 240   // Leak a reference so it gets deleted on instance shutdown.
 241   LeakReferenceAndIgnore(leaked);
 242   PASS();
 243 }
 244
 245 std::string TestInstance::TestSetupExecuteScriptAtInstanceShutdown() {
 246   // This test only exists so that it can be run before
 247   // TestExecuteScriptAtInstanceShutdown. See the comment for that test.
 248   pp::Var exception;
 249   pp::Var result = instance()->ExecuteScript(
 250       "sessionStorage.removeItem('instance_destroyed');", &exception);
 251   ASSERT_TRUE(exception.is_undefined());
 252   ASSERT_TRUE(result.is_undefined());
 253   PASS();
 254 }
 255
 256 std::string TestInstance::TestExecuteScriptAtInstanceShutdown() {
 257   // This test relies on the previous test being run in the same browser
 258   // session, but in such a way that the instance is destroyed. See
 259   // chrome/test/ppapi/ppapi_browsertest.cc for how the navigation happens.
 260   //
 261   // Given those constraints, ~TestInstance should have been invoked to set
 262   // instance_destroyed in sessionStorage. So all we have to do is make sure
 263   // that it was set as expected.
 264   pp::Var result = instance()->ExecuteScript(
 265       "sessionStorage.getItem('instance_destroyed');");
 266   ASSERT_TRUE(result.is_string());
 267   ASSERT_EQ(std::string("true"), result.AsString());
 268   instance()->ExecuteScript("sessionStorage.removeItem('instance_destroyed');");
 269
 270   PASS();
 271 }
 272