16bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker//===-- sanitizer/common_interface_defs.h -----------------------*- C++ -*-===// 26bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker// 36bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker// The LLVM Compiler Infrastructure 46bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker// 56bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker// This file is distributed under the University of Illinois Open Source 66bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker// License. See LICENSE.TXT for details. 76bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker// 86bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker//===----------------------------------------------------------------------===// 96bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker// 106bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker// Common part of the public sanitizer interface. 116bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker//===----------------------------------------------------------------------===// 126bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker 136bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#ifndef SANITIZER_COMMON_INTERFACE_DEFS_H 146bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#define SANITIZER_COMMON_INTERFACE_DEFS_H 156bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker 166bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#include <stddef.h> 176bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#include <stdint.h> 186bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker 196bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker// GCC does not understand __has_feature. 206bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#if !defined(__has_feature) 216bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker# define __has_feature(x) 0 226bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#endif 236bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker 246bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#ifdef __cplusplus 256bdbd720989797e8a53237ef3ef213c4114f869gitbuildkickerextern "C" { 266bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#endif 276bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Arguments for __sanitizer_sandbox_on_notify() below. 286bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker typedef struct { 296bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Enable sandbox support in sanitizer coverage. 306bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker int coverage_sandboxed; 316bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // File descriptor to write coverage data to. If -1 is passed, a file will 326bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // be pre-opened by __sanitizer_sandobx_on_notify(). This field has no 336bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // effect if coverage_sandboxed == 0. 346bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker intptr_t coverage_fd; 356bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // If non-zero, split the coverage data into well-formed blocks. This is 366bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // useful when coverage_fd is a socket descriptor. Each block will contain 376bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // a header, allowing data from multiple processes to be sent over the same 386bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // socket. 396bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker unsigned int coverage_max_block_size; 406bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker } __sanitizer_sandbox_arguments; 416bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker 426bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Tell the tools to write their reports to "path.<pid>" instead of stderr. 436bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker void __sanitizer_set_report_path(const char *path); 446bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Tell the tools to write their reports to the provided file descriptor 456bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // (casted to void *). 466bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker void __sanitizer_set_report_fd(void *fd); 476bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker 486bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Notify the tools that the sandbox is going to be turned on. The reserved 496bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // parameter will be used in the future to hold a structure with functions 506bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // that the tools may call to bypass the sandbox. 516bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker void __sanitizer_sandbox_on_notify(__sanitizer_sandbox_arguments *args); 526bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker 536bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // This function is called by the tool when it has just finished reporting 546bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // an error. 'error_summary' is a one-line string that summarizes 556bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // the error message. This function can be overridden by the client. 566bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker void __sanitizer_report_error_summary(const char *error_summary); 576bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker 586bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Some of the sanitizers (e.g. asan/tsan) may miss bugs that happen 596bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // in unaligned loads/stores. In order to find such bugs reliably one needs 606bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // to replace plain unaligned loads/stores with these calls. 616bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker uint16_t __sanitizer_unaligned_load16(const void *p); 626bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker uint32_t __sanitizer_unaligned_load32(const void *p); 636bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker uint64_t __sanitizer_unaligned_load64(const void *p); 646bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker void __sanitizer_unaligned_store16(void *p, uint16_t x); 656bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker void __sanitizer_unaligned_store32(void *p, uint32_t x); 666bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker void __sanitizer_unaligned_store64(void *p, uint64_t x); 676bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker 686bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Annotate the current state of a contiguous container, such as 696bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // std::vector, std::string or similar. 706bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // A contiguous container is a container that keeps all of its elements 716bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // in a contiguous region of memory. The container owns the region of memory 726bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // [beg, end); the memory [beg, mid) is used to store the current elements 736bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // and the memory [mid, end) is reserved for future elements; 746bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // beg <= mid <= end. For example, in "std::vector<> v" 756bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // beg = &v[0]; 766bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // end = beg + v.capacity() * sizeof(v[0]); 776bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // mid = beg + v.size() * sizeof(v[0]); 786bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // 796bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // This annotation tells the Sanitizer tool about the current state of the 806bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // container so that the tool can report errors when memory from [mid, end) 816bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // is accessed. Insert this annotation into methods like push_back/pop_back. 826bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Supply the old and the new values of mid (old_mid/new_mid). 836bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // In the initial state mid == end and so should be the final 846bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // state when the container is destroyed or when it reallocates the storage. 856bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // 866bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Use with caution and don't use for anything other than vector-like classes. 876bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // 886bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // For AddressSanitizer, 'beg' should be 8-aligned and 'end' should 896bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // be either 8-aligned or it should point to the end of a separate heap-, 906bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // stack-, or global- allocated buffer. I.e. the following will not work: 916bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // int64_t x[2]; // 16 bytes, 8-aligned. 926bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // char *beg = (char *)&x[0]; 936bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // char *end = beg + 12; // Not 8 aligned, not the end of the buffer. 946bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // This however will work fine: 956bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // int32_t x[3]; // 12 bytes, but 8-aligned under AddressSanitizer. 966bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // char *beg = (char*)&x[0]; 976bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // char *end = beg + 12; // Not 8-aligned, but is the end of the buffer. 986bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker void __sanitizer_annotate_contiguous_container(const void *beg, 996bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker const void *end, 1006bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker const void *old_mid, 1016bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker const void *new_mid); 1026bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Returns true if the contiguous container [beg, end) is properly poisoned 1036bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // (e.g. with __sanitizer_annotate_contiguous_container), i.e. if 1046bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // - [beg, mid) is addressable, 1056bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // - [mid, end) is unaddressable. 1066bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Full verification requires O(end-beg) time; this function tries to avoid 1076bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // such complexity by touching only parts of the container around beg/mid/end. 1086bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker int __sanitizer_verify_contiguous_container(const void *beg, const void *mid, 1096bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker const void *end); 1106bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker 1116bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Similar to __sanitizer_verify_contiguous_container but returns the address 1126bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // of the first improperly poisoned byte otherwise. Returns null if the area 1136bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // is poisoned properly. 1146bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker const void *__sanitizer_contiguous_container_find_bad_address( 1156bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker const void *beg, const void *mid, const void *end); 1166bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker 1176bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Print the stack trace leading to this call. Useful for debugging user code. 1186bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker void __sanitizer_print_stack_trace(); 1196bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker 1206bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Sets the callback to be called right before death on error. 1216bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Passing 0 will unset the callback. 1226bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker void __sanitizer_set_death_callback(void (*callback)(void)); 1236bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker 1246bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Interceptor hooks. 1256bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // Whenever a libc function interceptor is called it checks if the 1266bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // corresponding weak hook is defined, and it so -- calls it. 1276bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // The primary use case is data-flow-guided fuzzing, where the fuzzer needs 1286bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // to know what is being passed to libc functions, e.g. memcmp. 1296bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker // FIXME: implement more hooks. 1306bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker void __sanitizer_weak_hook_memcmp(void *called_pc, const void *s1, 1316bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker const void *s2, size_t n, int result); 1326bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker void __sanitizer_weak_hook_strncmp(void *called_pc, const char *s1, 1336bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker const char *s2, size_t n, int result); 1346bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker void __sanitizer_weak_hook_strcmp(void *called_pc, const char *s1, 1356bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker const char *s2, int result); 1366bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#ifdef __cplusplus 1376bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker} // extern "C" 1386bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#endif 1396bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker 1406bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#endif // SANITIZER_COMMON_INTERFACE_DEFS_H 141