Thank you Paul for pushing this forward! PHC is a vital contribution to overall Firefox security and stability. If you as a developer see a bug with additional PHC information being filed in your component, I kindly ask you to prioritize this over regular crash investigation to fully utilize this new tool. In 2024, Paul will also be working with Suhaib and willkg to get these crashes to you automatically just like regular crash-stats bugs.
If you are interested to learn more about this tool, we do have a paper on it published at ICSE together with our colleagues from other companies that utilize the same technology: https://arxiv.org/abs/2311.09394 Happy holidays! - Chris On Fri, 22 Dec 2023 at 07:19, Paul Bone <[email protected]> wrote: > > TL;DR: we're rolling out PHC, currently at 1% soon at 10%. If you already > know about PHC that's the new information. > > I've been filing a few extra crash reports with memory errors such as > buffer overruns and use after frees. I found a comment on one of them this > morning "Where do these extra stacks come from?". That's a great question > and tells me I haven't communicated this widely enough yet. I'd like to do > that properly later, but for now I'd like this e-mail to serve as an > informal introduction. > > The Probabilistic Heap Checker (PHC) is a component in Firefox that will, > probabilistically, redirect a `malloc()` request into a special area where > it can perform extra checking for memory errors. It can detect buffer > overruns and use-after-free errors. But the really cool thing is that it > records the stack at the time of allocation and free. So that for a > use-after-free, the crash report constrains not only the stack where the > error occurred, but stacks that describe the object's lifetime. > > It also records the address and size of the memory allocation. > > This information is behind "Protected Data Access", engineers with the > appropriate crash-stats permission have access, it's also not symbolicised > so far. So most people are going to notice it when bugs are filed against > their components. They'll see the extra stacks in the bug report and might > wonder where it came from if they don't have protected data access. > > Right now this runs for everybody in Firefox Nightly (and has done for > years), now we're rolling it out in Firefox Release, it's enabled for > roughly 1% of our population in Firefox 120 and 121 and we already have 13 > crash reports annotated with PHC stacks from december (not all of them are > genuine). We're planning to roll out to 10% of release in January which > means we could expect ~130 crash reports (some percentage of which will be > genuine bugs). > > We're looking forward to having this new capability to find and diagnose > memory errors. I'll be filing bugs for these as appropriate and attaching > these extra stacks. I'll also continue to be making improvements to PHC in > the new year. Until then, if you're taking a break this time of year have > a safe and happy holiday season. > > Cheers. > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CANdLaqBq3JsDrbRSOPCMAFQF41N%3D%3DRjCFvojF4%3DpV9K2Tq2zAQ%40mail.gmail.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CANdLaqBq3JsDrbRSOPCMAFQF41N%3D%3DRjCFvojF4%3DpV9K2Tq2zAQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAE%2BHeTDc0aEurZxszd-Lz29GJnG%3Dk-nSsUSzAsdjX5zB-b9zVw%40mail.gmail.com.
