1//===-- sanitizer/common_interface_defs.h -----------------------*- C++ -*-===// 2// 3// This file is distributed under the University of Illinois Open Source 4// License. See LICENSE.TXT for details. 5// 6//===----------------------------------------------------------------------===// 7// 8// Common part of the public sanitizer interface. 9//===----------------------------------------------------------------------===// 10 11#ifndef SANITIZER_COMMON_INTERFACE_DEFS_H 12#define SANITIZER_COMMON_INTERFACE_DEFS_H 13 14#include <stddef.h> 15#include <stdint.h> 16 17// GCC does not understand __has_feature. 18#if !defined(__has_feature) 19# define __has_feature(x) 0 20#endif 21 22#ifdef __cplusplus 23extern "C" { 24#endif 25 // Arguments for __sanitizer_sandbox_on_notify() below. 26 typedef struct { 27 // Enable sandbox support in sanitizer coverage. 28 int coverage_sandboxed; 29 // File descriptor to write coverage data to. If -1 is passed, a file will 30 // be pre-opened by __sanitizer_sandobx_on_notify(). This field has no 31 // effect if coverage_sandboxed == 0. 32 intptr_t coverage_fd; 33 // If non-zero, split the coverage data into well-formed blocks. This is 34 // useful when coverage_fd is a socket descriptor. Each block will contain 35 // a header, allowing data from multiple processes to be sent over the same 36 // socket. 37 unsigned int coverage_max_block_size; 38 } __sanitizer_sandbox_arguments; 39 40 // Tell the tools to write their reports to "path.<pid>" instead of stderr. 41 void __sanitizer_set_report_path(const char *path); 42 // Tell the tools to write their reports to the provided file descriptor 43 // (casted to void *). 44 void __sanitizer_set_report_fd(void *fd); 45 46 // Notify the tools that the sandbox is going to be turned on. The reserved 47 // parameter will be used in the future to hold a structure with functions 48 // that the tools may call to bypass the sandbox. 49 void __sanitizer_sandbox_on_notify(__sanitizer_sandbox_arguments *args); 50 51 // This function is called by the tool when it has just finished reporting 52 // an error. 'error_summary' is a one-line string that summarizes 53 // the error message. This function can be overridden by the client. 54 void __sanitizer_report_error_summary(const char *error_summary); 55 56 // Some of the sanitizers (e.g. asan/tsan) may miss bugs that happen 57 // in unaligned loads/stores. In order to find such bugs reliably one needs 58 // to replace plain unaligned loads/stores with these calls. 59 uint16_t __sanitizer_unaligned_load16(const void *p); 60 uint32_t __sanitizer_unaligned_load32(const void *p); 61 uint64_t __sanitizer_unaligned_load64(const void *p); 62 void __sanitizer_unaligned_store16(void *p, uint16_t x); 63 void __sanitizer_unaligned_store32(void *p, uint32_t x); 64 void __sanitizer_unaligned_store64(void *p, uint64_t x); 65 66 // Returns 1 on the first call, then returns 0 thereafter. Called by the tool 67 // to ensure only one report is printed when multiple errors occur 68 // simultaneously. 69 int __sanitizer_acquire_crash_state(); 70 71 // Annotate the current state of a contiguous container, such as 72 // std::vector, std::string or similar. 73 // A contiguous container is a container that keeps all of its elements 74 // in a contiguous region of memory. The container owns the region of memory 75 // [beg, end); the memory [beg, mid) is used to store the current elements 76 // and the memory [mid, end) is reserved for future elements; 77 // beg <= mid <= end. For example, in "std::vector<> v" 78 // beg = &v[0]; 79 // end = beg + v.capacity() * sizeof(v[0]); 80 // mid = beg + v.size() * sizeof(v[0]); 81 // 82 // This annotation tells the Sanitizer tool about the current state of the 83 // container so that the tool can report errors when memory from [mid, end) 84 // is accessed. Insert this annotation into methods like push_back/pop_back. 85 // Supply the old and the new values of mid (old_mid/new_mid). 86 // In the initial state mid == end and so should be the final 87 // state when the container is destroyed or when it reallocates the storage. 88 // 89 // Use with caution and don't use for anything other than vector-like classes. 90 // 91 // For AddressSanitizer, 'beg' should be 8-aligned and 'end' should 92 // be either 8-aligned or it should point to the end of a separate heap-, 93 // stack-, or global- allocated buffer. I.e. the following will not work: 94 // int64_t x[2]; // 16 bytes, 8-aligned. 95 // char *beg = (char *)&x[0]; 96 // char *end = beg + 12; // Not 8 aligned, not the end of the buffer. 97 // This however will work fine: 98 // int32_t x[3]; // 12 bytes, but 8-aligned under AddressSanitizer. 99 // char *beg = (char*)&x[0]; 100 // char *end = beg + 12; // Not 8-aligned, but is the end of the buffer. 101 void __sanitizer_annotate_contiguous_container(const void *beg, 102 const void *end, 103 const void *old_mid, 104 const void *new_mid); 105 // Returns true if the contiguous container [beg, end) is properly poisoned 106 // (e.g. with __sanitizer_annotate_contiguous_container), i.e. if 107 // - [beg, mid) is addressable, 108 // - [mid, end) is unaddressable. 109 // Full verification requires O(end-beg) time; this function tries to avoid 110 // such complexity by touching only parts of the container around beg/mid/end. 111 int __sanitizer_verify_contiguous_container(const void *beg, const void *mid, 112 const void *end); 113 114 // Similar to __sanitizer_verify_contiguous_container but returns the address 115 // of the first improperly poisoned byte otherwise. Returns null if the area 116 // is poisoned properly. 117 const void *__sanitizer_contiguous_container_find_bad_address( 118 const void *beg, const void *mid, const void *end); 119 120 // Print the stack trace leading to this call. Useful for debugging user code. 121 void __sanitizer_print_stack_trace(void); 122 123 // Symbolizes the supplied 'pc' using the format string 'fmt'. 124 // Outputs at most 'out_buf_size' bytes into 'out_buf'. 125 // If 'out_buf' is not empty then output is zero or more non empty C strings 126 // followed by single empty C string. Multiple strings can be returned if PC 127 // corresponds to inlined function. Inlined frames are printed in the order 128 // from "most-inlined" to the "least-inlined", so the last frame should be the 129 // not inlined function. 130 // Inlined frames can be removed with 'symbolize_inline_frames=0'. 131 // The format syntax is described in 132 // lib/sanitizer_common/sanitizer_stacktrace_printer.h. 133 void __sanitizer_symbolize_pc(void *pc, const char *fmt, char *out_buf, 134 size_t out_buf_size); 135 // Same as __sanitizer_symbolize_pc, but for data section (i.e. globals). 136 void __sanitizer_symbolize_global(void *data_ptr, const char *fmt, 137 char *out_buf, size_t out_buf_size); 138 139 // Sets the callback to be called right before death on error. 140 // Passing 0 will unset the callback. 141 void __sanitizer_set_death_callback(void (*callback)(void)); 142 143 // Interceptor hooks. 144 // Whenever a libc function interceptor is called it checks if the 145 // corresponding weak hook is defined, and it so -- calls it. 146 // The primary use case is data-flow-guided fuzzing, where the fuzzer needs 147 // to know what is being passed to libc functions, e.g. memcmp. 148 // FIXME: implement more hooks. 149 void __sanitizer_weak_hook_memcmp(void *called_pc, const void *s1, 150 const void *s2, size_t n, int result); 151 void __sanitizer_weak_hook_strncmp(void *called_pc, const char *s1, 152 const char *s2, size_t n, int result); 153 void __sanitizer_weak_hook_strncasecmp(void *called_pc, const char *s1, 154 const char *s2, size_t n, int result); 155 void __sanitizer_weak_hook_strcmp(void *called_pc, const char *s1, 156 const char *s2, int result); 157 void __sanitizer_weak_hook_strcasecmp(void *called_pc, const char *s1, 158 const char *s2, int result); 159 void __sanitizer_weak_hook_strstr(void *called_pc, const char *s1, 160 const char *s2, char *result); 161 void __sanitizer_weak_hook_strcasestr(void *called_pc, const char *s1, 162 const char *s2, char *result); 163 void __sanitizer_weak_hook_memmem(void *called_pc, 164 const void *s1, size_t len1, 165 const void *s2, size_t len2, void *result); 166 167 // Prints stack traces for all live heap allocations ordered by total 168 // allocation size until `top_percent` of total live heap is shown. 169 // `top_percent` should be between 1 and 100. 170 // At most `max_number_of_contexts` contexts (stack traces) is printed. 171 // Experimental feature currently available only with asan on Linux/x86_64. 172 void __sanitizer_print_memory_profile(size_t top_percent, 173 size_t max_number_of_contexts); 174 175 // Fiber annotation interface. 176 // Before switching to a different stack, one must call 177 // __sanitizer_start_switch_fiber with a pointer to the bottom of the 178 // destination stack and its size. When code starts running on the new stack, 179 // it must call __sanitizer_finish_switch_fiber to finalize the switch. 180 // The start_switch function takes a void** to store the current fake stack if 181 // there is one (it is needed when detect_stack_use_after_return is enabled). 182 // When restoring a stack, this pointer must be given to the finish_switch 183 // function. In most cases, this void* can be stored on the stack just before 184 // switching. When leaving a fiber definitely, null must be passed as first 185 // argument to the start_switch function so that the fake stack is destroyed. 186 // If you do not want support for stack use-after-return detection, you can 187 // always pass null to these two functions. 188 // Note that the fake stack mechanism is disabled during fiber switch, so if a 189 // signal callback runs during the switch, it will not benefit from the stack 190 // use-after-return detection. 191 void __sanitizer_start_switch_fiber(void **fake_stack_save, 192 const void *bottom, size_t size); 193 void __sanitizer_finish_switch_fiber(void *fake_stack_save, 194 const void **bottom_old, 195 size_t *size_old); 196 197 // Get full module name and calculate pc offset within it. 198 // Returns 1 if pc belongs to some module, 0 if module was not found. 199 int __sanitizer_get_module_and_offset_for_pc(void *pc, char *module_path, 200 size_t module_path_len, 201 void **pc_offset); 202 203#ifdef __cplusplus 204} // extern "C" 205#endif 206 207#endif // SANITIZER_COMMON_INTERFACE_DEFS_H 208