crash-reporter/anomaly_detector.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2018 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 // anomaly_detector examines the log files, namely /var/log/messages,
 // /var/log/upstart.log, and /var/log/audit/audit.log, using
 // anomaly::LogReader and looks for messages matching particular patterns. When
 // it finds one, it invokes crash_reporter appropriately to report the issue.

 // This file (and the associated .cc file) contains logic to parse log
 // entries and determine whether to invoke crash_reporter (or how to invoke it).
 // The logic to read from plaintext files lives in
 // anomaly_detector_text_file_reader.h and anomaly_detector_log_reader.h. The
 // logic to setup LogReader, pass entries to corresponding parser and execute
 // crash_reporter lives in anomaly_detector_main.cc.

 #ifndef CRASH_REPORTER_ANOMALY_DETECTOR_H_
 #define CRASH_REPORTER_ANOMALY_DETECTOR_H_

 #include <base/optional.h>
 #include <base/time/time.h>
 #include <dbus/bus.h>

 #include <ostream>
 #include <string>
 #include <vector>

 #include <inttypes.h>

 namespace anomaly {

 struct CrashReport {
   CrashReport(std::string t, std::vector<std::string> f);
   std::string text;
   std::vector<std::string> flags;
 };

 // Aids for testing
 bool operator==(const CrashReport& lhs, const CrashReport& rhs);
 std::ostream& operator<<(std::ostream& out, const CrashReport& cr);

 using MaybeCrashReport = base::Optional<CrashReport>;

 constexpr size_t HASH_BITMAP_SIZE(1 << 15);

 class Parser {
  public:
   virtual ~Parser() = 0;

   virtual MaybeCrashReport ParseLogEntry(const std::string& line) = 0;

   virtual bool WasAlreadySeen(uint32_t hash);

   // Called once every 10-20 seconds to allow Parser to update state in ways
   // that aren't always tied to receiving a message.
   virtual MaybeCrashReport PeriodicUpdate();

  protected:
   enum class LineType {
     None,
     Header,
     Start,
     Body,
   };

  private:
   std::bitset<HASH_BITMAP_SIZE> hash_bitmap_;
 };

 class ServiceParser : public Parser {
  public:
   explicit ServiceParser(bool testonly_send_all);

   MaybeCrashReport ParseLogEntry(const std::string& line) override;

  private:
   const bool testonly_send_all_;
 };

 class SELinuxParser : public Parser {
  public:
   explicit SELinuxParser(bool testonly_send_all);
   MaybeCrashReport ParseLogEntry(const std::string& line) override;

  private:
   const bool testonly_send_all_;
 };

 class KernelParser : public Parser {
  public:
   MaybeCrashReport ParseLogEntry(const std::string& line) override;

  private:
   // Iwlwifi is the name of Intel WiFi driver that we want to parse its error
   // dumps.
   enum class IwlwifiLineType {
     // The following enum values are used to parse the iwlwifi error. The None
     // value means that there is no error detected in the log. The Start value
     // means that the first line of the dump was found. The Lmac value means
     // that the lmac end was found and should continue parsing the umac. The
     // first part of the dump is the lmac. The umac comes after the lmac, if it
     // exists.
     None,
     Start,
     Lmac,
   };
   LineType last_line_ = LineType::None;
   IwlwifiLineType iwlwifi_last_line_ = IwlwifiLineType::None;
   std::string iwlwifi_text_;
   std::string text_;
   std::string flag_;

   // Timestamp of last time crash_reporter failed.
   base::TimeTicks crash_reporter_last_crashed_ = base::TimeTicks();
 };

 class SuspendParser : public Parser {
  public:
   MaybeCrashReport ParseLogEntry(const std::string& line) override;

  private:
   LineType last_line_ = LineType::None;
   std::string dev_str_;
   std::string errno_str_;
   std::string step_str_;
 };

 class TerminaParser {
  public:
   explicit TerminaParser(scoped_refptr<dbus::Bus> dbus);
   MaybeCrashReport ParseLogEntry(int cid, const std::string& line);

  private:
   scoped_refptr<dbus::Bus> dbus_;
 };

 }  // namespace anomaly

 #endif  // CRASH_REPORTER_ANOMALY_DETECTOR_H_
	// Copyright 2018 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	// anomaly_detector examines the log files, namely /var/log/messages,
	// /var/log/upstart.log, and /var/log/audit/audit.log, using
	// anomaly::LogReader and looks for messages matching particular patterns. When
	// it finds one, it invokes crash_reporter appropriately to report the issue.

	// This file (and the associated .cc file) contains logic to parse log
	// entries and determine whether to invoke crash_reporter (or how to invoke it).
	// The logic to read from plaintext files lives in
	// anomaly_detector_text_file_reader.h and anomaly_detector_log_reader.h. The
	// logic to setup LogReader, pass entries to corresponding parser and execute
	// crash_reporter lives in anomaly_detector_main.cc.

	#ifndef CRASH_REPORTER_ANOMALY_DETECTOR_H_
	#define CRASH_REPORTER_ANOMALY_DETECTOR_H_

	#include <base/optional.h>
	#include <base/time/time.h>
	#include <dbus/bus.h>

	#include <ostream>
	#include <string>
	#include <vector>

	#include <inttypes.h>

	namespace anomaly {

	struct CrashReport {
	CrashReport(std::string t, std::vector<std::string> f);
	std::string text;
	std::vector<std::string> flags;
	};

	// Aids for testing
	bool operator==(const CrashReport& lhs, const CrashReport& rhs);
	std::ostream& operator<<(std::ostream& out, const CrashReport& cr);

	using MaybeCrashReport = base::Optional<CrashReport>;

	constexpr size_t HASH_BITMAP_SIZE(1 << 15);

	class Parser {
	public:
	virtual ~Parser() = 0;

	virtual MaybeCrashReport ParseLogEntry(const std::string& line) = 0;

	virtual bool WasAlreadySeen(uint32_t hash);

	// Called once every 10-20 seconds to allow Parser to update state in ways
	// that aren't always tied to receiving a message.
	virtual MaybeCrashReport PeriodicUpdate();

	protected:
	enum class LineType {
	None,
	Header,
	Start,
	Body,
	};

	private:
	std::bitset<HASH_BITMAP_SIZE> hash_bitmap_;
	};

	class ServiceParser : public Parser {
	public:
	explicit ServiceParser(bool testonly_send_all);

	MaybeCrashReport ParseLogEntry(const std::string& line) override;

	private:
	const bool testonly_send_all_;
	};

	class SELinuxParser : public Parser {
	public:
	explicit SELinuxParser(bool testonly_send_all);
	MaybeCrashReport ParseLogEntry(const std::string& line) override;

	private:
	const bool testonly_send_all_;
	};

	class KernelParser : public Parser {
	public:
	MaybeCrashReport ParseLogEntry(const std::string& line) override;

	private:
	// Iwlwifi is the name of Intel WiFi driver that we want to parse its error
	// dumps.
	enum class IwlwifiLineType {
	// The following enum values are used to parse the iwlwifi error. The None
	// value means that there is no error detected in the log. The Start value
	// means that the first line of the dump was found. The Lmac value means
	// that the lmac end was found and should continue parsing the umac. The
	// first part of the dump is the lmac. The umac comes after the lmac, if it
	// exists.
	None,
	Start,
	Lmac,
	};
	LineType last_line_ = LineType::None;
	IwlwifiLineType iwlwifi_last_line_ = IwlwifiLineType::None;
	std::string iwlwifi_text_;
	std::string text_;
	std::string flag_;

	// Timestamp of last time crash_reporter failed.
	base::TimeTicks crash_reporter_last_crashed_ = base::TimeTicks();
	};

	class SuspendParser : public Parser {
	public:
	MaybeCrashReport ParseLogEntry(const std::string& line) override;

	private:
	LineType last_line_ = LineType::None;
	std::string dev_str_;
	std::string errno_str_;
	std::string step_str_;
	};

	class TerminaParser {
	public:
	explicit TerminaParser(scoped_refptr<dbus::Bus> dbus);
	MaybeCrashReport ParseLogEntry(int cid, const std::string& line);

	private:
	scoped_refptr<dbus::Bus> dbus_;
	};

	} // namespace anomaly

	#endif // CRASH_REPORTER_ANOMALY_DETECTOR_H_