16bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker//===-- sanitizer/common_interface_defs.h -----------------------*- C++ -*-===//
26bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker//
36bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker//                     The LLVM Compiler Infrastructure
46bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker//
56bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker// This file is distributed under the University of Illinois Open Source
66bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker// License. See LICENSE.TXT for details.
76bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker//
86bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker//===----------------------------------------------------------------------===//
96bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker//
106bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker// Common part of the public sanitizer interface.
116bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker//===----------------------------------------------------------------------===//
126bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker
136bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#ifndef SANITIZER_COMMON_INTERFACE_DEFS_H
146bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#define SANITIZER_COMMON_INTERFACE_DEFS_H
156bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker
166bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#include <stddef.h>
176bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#include <stdint.h>
186bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker
196bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker// GCC does not understand __has_feature.
206bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#if !defined(__has_feature)
216bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker# define __has_feature(x) 0
226bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#endif
236bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker
246bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#ifdef __cplusplus
256bdbd720989797e8a53237ef3ef213c4114f869gitbuildkickerextern "C" {
266bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#endif
276bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Arguments for __sanitizer_sandbox_on_notify() below.
286bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  typedef struct {
296bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker    // Enable sandbox support in sanitizer coverage.
306bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker    int coverage_sandboxed;
316bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker    // File descriptor to write coverage data to. If -1 is passed, a file will
326bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker    // be pre-opened by __sanitizer_sandobx_on_notify(). This field has no
336bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker    // effect if coverage_sandboxed == 0.
346bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker    intptr_t coverage_fd;
356bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker    // If non-zero, split the coverage data into well-formed blocks. This is
366bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker    // useful when coverage_fd is a socket descriptor. Each block will contain
376bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker    // a header, allowing data from multiple processes to be sent over the same
386bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker    // socket.
396bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker    unsigned int coverage_max_block_size;
406bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  } __sanitizer_sandbox_arguments;
416bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker
426bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Tell the tools to write their reports to "path.<pid>" instead of stderr.
436bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  void __sanitizer_set_report_path(const char *path);
446bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Tell the tools to write their reports to the provided file descriptor
456bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // (casted to void *).
466bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  void __sanitizer_set_report_fd(void *fd);
476bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker
486bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Notify the tools that the sandbox is going to be turned on. The reserved
496bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // parameter will be used in the future to hold a structure with functions
506bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // that the tools may call to bypass the sandbox.
516bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  void __sanitizer_sandbox_on_notify(__sanitizer_sandbox_arguments *args);
526bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker
536bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // This function is called by the tool when it has just finished reporting
546bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // an error. 'error_summary' is a one-line string that summarizes
556bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // the error message. This function can be overridden by the client.
566bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  void __sanitizer_report_error_summary(const char *error_summary);
576bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker
586bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Some of the sanitizers (e.g. asan/tsan) may miss bugs that happen
596bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // in unaligned loads/stores. In order to find such bugs reliably one needs
606bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // to replace plain unaligned loads/stores with these calls.
616bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  uint16_t __sanitizer_unaligned_load16(const void *p);
626bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  uint32_t __sanitizer_unaligned_load32(const void *p);
636bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  uint64_t __sanitizer_unaligned_load64(const void *p);
646bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  void __sanitizer_unaligned_store16(void *p, uint16_t x);
656bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  void __sanitizer_unaligned_store32(void *p, uint32_t x);
666bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  void __sanitizer_unaligned_store64(void *p, uint64_t x);
676bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker
686bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Annotate the current state of a contiguous container, such as
696bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // std::vector, std::string or similar.
706bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // A contiguous container is a container that keeps all of its elements
716bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // in a contiguous region of memory. The container owns the region of memory
726bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // [beg, end); the memory [beg, mid) is used to store the current elements
736bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // and the memory [mid, end) is reserved for future elements;
746bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // beg <= mid <= end. For example, in "std::vector<> v"
756bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  //   beg = &v[0];
766bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  //   end = beg + v.capacity() * sizeof(v[0]);
776bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  //   mid = beg + v.size()     * sizeof(v[0]);
786bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  //
796bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // This annotation tells the Sanitizer tool about the current state of the
806bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // container so that the tool can report errors when memory from [mid, end)
816bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // is accessed. Insert this annotation into methods like push_back/pop_back.
826bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Supply the old and the new values of mid (old_mid/new_mid).
836bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // In the initial state mid == end and so should be the final
846bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // state when the container is destroyed or when it reallocates the storage.
856bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  //
866bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Use with caution and don't use for anything other than vector-like classes.
876bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  //
886bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // For AddressSanitizer, 'beg' should be 8-aligned and 'end' should
896bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // be either 8-aligned or it should point to the end of a separate heap-,
906bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // stack-, or global- allocated buffer. I.e. the following will not work:
916bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  //   int64_t x[2];  // 16 bytes, 8-aligned.
926bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  //   char *beg = (char *)&x[0];
936bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  //   char *end = beg + 12;  // Not 8 aligned, not the end of the buffer.
946bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // This however will work fine:
956bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  //   int32_t x[3];  // 12 bytes, but 8-aligned under AddressSanitizer.
966bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  //   char *beg = (char*)&x[0];
976bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  //   char *end = beg + 12;  // Not 8-aligned, but is the end of the buffer.
986bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  void __sanitizer_annotate_contiguous_container(const void *beg,
996bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker                                                 const void *end,
1006bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker                                                 const void *old_mid,
1016bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker                                                 const void *new_mid);
1026bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Returns true if the contiguous container [beg, end) is properly poisoned
1036bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // (e.g. with __sanitizer_annotate_contiguous_container), i.e. if
1046bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  //  - [beg, mid) is addressable,
1056bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  //  - [mid, end) is unaddressable.
1066bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Full verification requires O(end-beg) time; this function tries to avoid
1076bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // such complexity by touching only parts of the container around beg/mid/end.
1086bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  int __sanitizer_verify_contiguous_container(const void *beg, const void *mid,
1096bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker                                              const void *end);
1106bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker
1116bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Similar to __sanitizer_verify_contiguous_container but returns the address
1126bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // of the first improperly poisoned byte otherwise. Returns null if the area
1136bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // is poisoned properly.
1146bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  const void *__sanitizer_contiguous_container_find_bad_address(
1156bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker      const void *beg, const void *mid, const void *end);
1166bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker
1176bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Print the stack trace leading to this call. Useful for debugging user code.
1186bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  void __sanitizer_print_stack_trace();
1196bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker
1206bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Sets the callback to be called right before death on error.
1216bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Passing 0 will unset the callback.
1226bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  void __sanitizer_set_death_callback(void (*callback)(void));
1236bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker
1246bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Interceptor hooks.
1256bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // Whenever a libc function interceptor is called it checks if the
1266bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // corresponding weak hook is defined, and it so -- calls it.
1276bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // The primary use case is data-flow-guided fuzzing, where the fuzzer needs
1286bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // to know what is being passed to libc functions, e.g. memcmp.
1296bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  // FIXME: implement more hooks.
1306bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  void __sanitizer_weak_hook_memcmp(void *called_pc, const void *s1,
1316bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker                                    const void *s2, size_t n, int result);
1326bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  void __sanitizer_weak_hook_strncmp(void *called_pc, const char *s1,
1336bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker                                    const char *s2, size_t n, int result);
1346bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker  void __sanitizer_weak_hook_strcmp(void *called_pc, const char *s1,
1356bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker                                    const char *s2, int result);
1366bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#ifdef __cplusplus
1376bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker}  // extern "C"
1386bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#endif
1396bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker
1406bdbd720989797e8a53237ef3ef213c4114f869gitbuildkicker#endif  // SANITIZER_COMMON_INTERFACE_DEFS_H
141