1 | //===-- sanitizer/common_interface_defs.h -----------------------*- C++ -*-===// |
2 | // |
3 | // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. |
4 | // See https://llvm.org/LICENSE.txt for license information. |
5 | // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception |
6 | // |
7 | //===----------------------------------------------------------------------===// |
8 | // |
9 | // Common part of the public sanitizer interface. |
10 | //===----------------------------------------------------------------------===// |
11 | |
12 | #ifndef SANITIZER_COMMON_INTERFACE_DEFS_H |
13 | #define SANITIZER_COMMON_INTERFACE_DEFS_H |
14 | |
15 | #include <stddef.h> |
16 | #include <stdint.h> |
17 | |
18 | // GCC does not understand __has_feature. |
19 | #if !defined(__has_feature) |
20 | #define __has_feature(x) 0 |
21 | #endif |
22 | |
23 | #ifdef __cplusplus |
24 | extern "C" { |
25 | #endif |
26 | // Arguments for __sanitizer_sandbox_on_notify() below. |
27 | typedef struct { |
28 | // Enable sandbox support in sanitizer coverage. |
29 | int coverage_sandboxed; |
30 | // File descriptor to write coverage data to. If -1 is passed, a file will |
31 | // be pre-opened by __sanitizer_sandobx_on_notify(). This field has no |
32 | // effect if coverage_sandboxed == 0. |
33 | intptr_t coverage_fd; |
34 | // If non-zero, split the coverage data into well-formed blocks. This is |
35 | // useful when coverage_fd is a socket descriptor. Each block will contain |
36 | // a header, allowing data from multiple processes to be sent over the same |
37 | // socket. |
38 | unsigned int coverage_max_block_size; |
39 | } __sanitizer_sandbox_arguments; |
40 | |
41 | // Tell the tools to write their reports to "path.<pid>" instead of stderr. |
42 | void __sanitizer_set_report_path(const char *path); |
43 | // Tell the tools to write their reports to the provided file descriptor |
44 | // (casted to void *). |
45 | void __sanitizer_set_report_fd(void *fd); |
46 | // Get the current full report file path, if a path was specified by |
47 | // an earlier call to __sanitizer_set_report_path. Returns null otherwise. |
48 | const char *__sanitizer_get_report_path(); |
49 | |
50 | // Notify the tools that the sandbox is going to be turned on. The reserved |
51 | // parameter will be used in the future to hold a structure with functions |
52 | // that the tools may call to bypass the sandbox. |
53 | void __sanitizer_sandbox_on_notify(__sanitizer_sandbox_arguments *args); |
54 | |
55 | // This function is called by the tool when it has just finished reporting |
56 | // an error. 'error_summary' is a one-line string that summarizes |
57 | // the error message. This function can be overridden by the client. |
58 | void __sanitizer_report_error_summary(const char *error_summary); |
59 | |
60 | // Some of the sanitizers (for example ASan/TSan) could miss bugs that happen |
61 | // in unaligned loads/stores. To find such bugs reliably, you need to replace |
62 | // plain unaligned loads/stores with these calls. |
63 | |
64 | /// Loads a 16-bit unaligned value. |
65 | /// |
66 | /// \param p Pointer to unaligned memory. |
67 | /// |
68 | /// \returns Loaded value. |
69 | uint16_t __sanitizer_unaligned_load16(const void *p); |
70 | |
71 | /// Loads a 32-bit unaligned value. |
72 | /// |
73 | /// \param p Pointer to unaligned memory. |
74 | /// |
75 | /// \returns Loaded value. |
76 | uint32_t __sanitizer_unaligned_load32(const void *p); |
77 | |
78 | /// Loads a 64-bit unaligned value. |
79 | /// |
80 | /// \param p Pointer to unaligned memory. |
81 | /// |
82 | /// \returns Loaded value. |
83 | uint64_t __sanitizer_unaligned_load64(const void *p); |
84 | |
85 | /// Stores a 16-bit unaligned value. |
86 | /// |
87 | /// \param p Pointer to unaligned memory. |
88 | /// \param x 16-bit value to store. |
89 | void __sanitizer_unaligned_store16(void *p, uint16_t x); |
90 | |
91 | /// Stores a 32-bit unaligned value. |
92 | /// |
93 | /// \param p Pointer to unaligned memory. |
94 | /// \param x 32-bit value to store. |
95 | void __sanitizer_unaligned_store32(void *p, uint32_t x); |
96 | |
97 | /// Stores a 64-bit unaligned value. |
98 | /// |
99 | /// \param p Pointer to unaligned memory. |
100 | /// \param x 64-bit value to store. |
101 | void __sanitizer_unaligned_store64(void *p, uint64_t x); |
102 | |
103 | // Returns 1 on the first call, then returns 0 thereafter. Called by the tool |
104 | // to ensure only one report is printed when multiple errors occur |
105 | // simultaneously. |
106 | int __sanitizer_acquire_crash_state(); |
107 | |
108 | /// Annotates the current state of a contiguous container, such as |
109 | /// <c>std::vector</c>, <c>std::string</c>, or similar. |
110 | /// |
111 | /// A contiguous container is a container that keeps all of its elements |
112 | /// in a contiguous region of memory. The container owns the region of memory |
113 | /// <c>[beg, end)</c>; the memory <c>[beg, mid)</c> is used to store the |
114 | /// current elements, and the memory <c>[mid, end)</c> is reserved for future |
115 | /// elements (<c>beg <= mid <= end</c>). For example, in |
116 | /// <c>std::vector<> v</c>: |
117 | /// |
118 | /// \code |
119 | /// beg = &v[0]; |
120 | /// end = beg + v.capacity() * sizeof(v[0]); |
121 | /// mid = beg + v.size() * sizeof(v[0]); |
122 | /// \endcode |
123 | /// |
124 | /// This annotation tells the Sanitizer tool about the current state of the |
125 | /// container so that the tool can report errors when memory from |
126 | /// <c>[mid, end)</c> is accessed. Insert this annotation into methods like |
127 | /// <c>push_back()</c> or <c>pop_back()</c>. Supply the old and new values of |
128 | /// <c>mid</c>(<c><i>old_mid</i></c> and <c><i>new_mid</i></c>). In the initial |
129 | /// state <c>mid == end</c>, so that should be the final state when the |
130 | /// container is destroyed or when the container reallocates the storage. |
131 | /// |
132 | /// For ASan, <c><i>beg</i></c> should be 8-aligned and <c><i>end</i></c> |
133 | /// should be either 8-aligned or it should point to the end of a separate |
134 | /// heap-, stack-, or global-allocated buffer. So the following example will |
135 | /// not work: |
136 | /// |
137 | /// \code |
138 | /// int64_t x[2]; // 16 bytes, 8-aligned |
139 | /// char *beg = (char *)&x[0]; |
140 | /// char *end = beg + 12; // Not 8-aligned, not the end of the buffer |
141 | /// \endcode |
142 | /// |
143 | /// The following, however, will work: |
144 | /// \code |
145 | /// int32_t x[3]; // 12 bytes, but 8-aligned under ASan. |
146 | /// char *beg = (char*)&x[0]; |
147 | /// char *end = beg + 12; // Not 8-aligned, but is the end of the buffer |
148 | /// \endcode |
149 | /// |
150 | /// \note Use this function with caution and do not use for anything other |
151 | /// than vector-like classes. |
152 | /// |
153 | /// \param beg Beginning of memory region. |
154 | /// \param end End of memory region. |
155 | /// \param old_mid Old middle of memory region. |
156 | /// \param new_mid New middle of memory region. |
157 | void __sanitizer_annotate_contiguous_container(const void *beg, |
158 | const void *end, |
159 | const void *old_mid, |
160 | const void *new_mid); |
161 | |
162 | /// Returns true if the contiguous container <c>[beg, end)</c> is properly |
163 | /// poisoned. |
164 | /// |
165 | /// Proper poisoning could occur, for example, with |
166 | /// <c>__sanitizer_annotate_contiguous_container</c>), that is, if |
167 | /// <c>[beg, mid)</c> is addressable and <c>[mid, end)</c> is unaddressable. |
168 | /// Full verification requires O (<c>end - beg</c>) time; this function tries |
169 | /// to avoid such complexity by touching only parts of the container around |
170 | /// <c><i>beg</i></c>, <c><i>mid</i></c>, and <c><i>end</i></c>. |
171 | /// |
172 | /// \param beg Beginning of memory region. |
173 | /// \param mid Middle of memory region. |
174 | /// \param end Old end of memory region. |
175 | /// |
176 | /// \returns True if the contiguous container <c>[beg, end)</c> is properly |
177 | /// poisoned. |
178 | int __sanitizer_verify_contiguous_container(const void *beg, const void *mid, |
179 | const void *end); |
180 | |
181 | /// Similar to <c>__sanitizer_verify_contiguous_container()</c> but also |
182 | /// returns the address of the first improperly poisoned byte. |
183 | /// |
184 | /// Returns NULL if the area is poisoned properly. |
185 | /// |
186 | /// \param beg Beginning of memory region. |
187 | /// \param mid Middle of memory region. |
188 | /// \param end Old end of memory region. |
189 | /// |
190 | /// \returns The bad address or NULL. |
191 | const void *__sanitizer_contiguous_container_find_bad_address(const void *beg, |
192 | const void *mid, |
193 | const void *end); |
194 | |
195 | /// Prints the stack trace leading to this call (useful for calling from the |
196 | /// debugger). |
197 | void __sanitizer_print_stack_trace(void); |
198 | |
199 | // Symbolizes the supplied 'pc' using the format string 'fmt'. |
200 | // Outputs at most 'out_buf_size' bytes into 'out_buf'. |
201 | // If 'out_buf' is not empty then output is zero or more non empty C strings |
202 | // followed by single empty C string. Multiple strings can be returned if PC |
203 | // corresponds to inlined function. Inlined frames are printed in the order |
204 | // from "most-inlined" to the "least-inlined", so the last frame should be the |
205 | // not inlined function. |
206 | // Inlined frames can be removed with 'symbolize_inline_frames=0'. |
207 | // The format syntax is described in |
208 | // lib/sanitizer_common/sanitizer_stacktrace_printer.h. |
209 | void __sanitizer_symbolize_pc(void *pc, const char *fmt, char *out_buf, |
210 | size_t out_buf_size); |
211 | // Same as __sanitizer_symbolize_pc, but for data section (i.e. globals). |
212 | void __sanitizer_symbolize_global(void *data_ptr, const char *fmt, |
213 | char *out_buf, size_t out_buf_size); |
214 | |
215 | /// Sets the callback to be called immediately before death on error. |
216 | /// |
217 | /// Passing 0 will unset the callback. |
218 | /// |
219 | /// \param callback User-provided callback. |
220 | void __sanitizer_set_death_callback(void (*callback)(void)); |
221 | |
222 | |
223 | // Interceptor hooks. |
224 | // Whenever a libc function interceptor is called, it checks if the |
225 | // corresponding weak hook is defined, and calls it if it is indeed defined. |
226 | // The primary use-case is data-flow-guided fuzzing, where the fuzzer needs |
227 | // to know what is being passed to libc functions (for example memcmp). |
228 | // FIXME: implement more hooks. |
229 | |
230 | /// Interceptor hook for <c>memcmp()</c>. |
231 | /// |
232 | /// \param called_pc PC (program counter) address of the original call. |
233 | /// \param s1 Pointer to block of memory. |
234 | /// \param s2 Pointer to block of memory. |
235 | /// \param n Number of bytes to compare. |
236 | /// \param result Value returned by the intercepted function. |
237 | void __sanitizer_weak_hook_memcmp(void *called_pc, const void *s1, |
238 | const void *s2, size_t n, int result); |
239 | |
240 | /// Interceptor hook for <c>strncmp()</c>. |
241 | /// |
242 | /// \param called_pc PC (program counter) address of the original call. |
243 | /// \param s1 Pointer to block of memory. |
244 | /// \param s2 Pointer to block of memory. |
245 | /// \param n Number of bytes to compare. |
246 | /// \param result Value returned by the intercepted function. |
247 | void __sanitizer_weak_hook_strncmp(void *called_pc, const char *s1, |
248 | const char *s2, size_t n, int result); |
249 | |
250 | /// Interceptor hook for <c>strncasecmp()</c>. |
251 | /// |
252 | /// \param called_pc PC (program counter) address of the original call. |
253 | /// \param s1 Pointer to block of memory. |
254 | /// \param s2 Pointer to block of memory. |
255 | /// \param n Number of bytes to compare. |
256 | /// \param result Value returned by the intercepted function. |
257 | void __sanitizer_weak_hook_strncasecmp(void *called_pc, const char *s1, |
258 | const char *s2, size_t n, int result); |
259 | |
260 | /// Interceptor hook for <c>strcmp()</c>. |
261 | /// |
262 | /// \param called_pc PC (program counter) address of the original call. |
263 | /// \param s1 Pointer to block of memory. |
264 | /// \param s2 Pointer to block of memory. |
265 | /// \param result Value returned by the intercepted function. |
266 | void __sanitizer_weak_hook_strcmp(void *called_pc, const char *s1, |
267 | const char *s2, int result); |
268 | |
269 | /// Interceptor hook for <c>strcasecmp()</c>. |
270 | /// |
271 | /// \param called_pc PC (program counter) address of the original call. |
272 | /// \param s1 Pointer to block of memory. |
273 | /// \param s2 Pointer to block of memory. |
274 | /// \param result Value returned by the intercepted function. |
275 | void __sanitizer_weak_hook_strcasecmp(void *called_pc, const char *s1, |
276 | const char *s2, int result); |
277 | |
278 | /// Interceptor hook for <c>strstr()</c>. |
279 | /// |
280 | /// \param called_pc PC (program counter) address of the original call. |
281 | /// \param s1 Pointer to block of memory. |
282 | /// \param s2 Pointer to block of memory. |
283 | /// \param result Value returned by the intercepted function. |
284 | void __sanitizer_weak_hook_strstr(void *called_pc, const char *s1, |
285 | const char *s2, char *result); |
286 | |
287 | void __sanitizer_weak_hook_strcasestr(void *called_pc, const char *s1, |
288 | const char *s2, char *result); |
289 | |
290 | void __sanitizer_weak_hook_memmem(void *called_pc, |
291 | const void *s1, size_t len1, |
292 | const void *s2, size_t len2, void *result); |
293 | |
294 | // Prints stack traces for all live heap allocations ordered by total |
295 | // allocation size until top_percent of total live heap is shown. top_percent |
296 | // should be between 1 and 100. At most max_number_of_contexts contexts |
297 | // (stack traces) are printed. |
298 | // Experimental feature currently available only with ASan on Linux/x86_64. |
299 | void __sanitizer_print_memory_profile(size_t top_percent, |
300 | size_t max_number_of_contexts); |
301 | |
302 | /// Notify ASan that a fiber switch has started (required only if implementing |
303 | /// your own fiber library). |
304 | /// |
305 | /// Before switching to a different stack, you must call |
306 | /// <c>__sanitizer_start_switch_fiber()</c> with a pointer to the bottom of the |
307 | /// destination stack and with its size. When code starts running on the new |
308 | /// stack, it must call <c>__sanitizer_finish_switch_fiber()</c> to finalize |
309 | /// the switch. The <c>__sanitizer_start_switch_fiber()</c> function takes a |
310 | /// <c>void**</c> pointer argument to store the current fake stack if there is |
311 | /// one (it is necessary when the runtime option |
312 | /// <c>detect_stack_use_after_return</c> is enabled). |
313 | /// |
314 | /// When restoring a stack, this <c>void**</c> pointer must be given to the |
315 | /// <c>__sanitizer_finish_switch_fiber()</c> function. In most cases, this |
316 | /// pointer can be stored on the stack immediately before switching. When |
317 | /// leaving a fiber definitely, NULL must be passed as the first argument to |
318 | /// the <c>__sanitizer_start_switch_fiber()</c> function so that the fake stack |
319 | /// is destroyed. If your program does not need stack use-after-return |
320 | /// detection, you can always pass NULL to these two functions. |
321 | /// |
322 | /// \note The fake stack mechanism is disabled during fiber switch, so if a |
323 | /// signal callback runs during the switch, it will not benefit from stack |
324 | /// use-after-return detection. |
325 | /// |
326 | /// \param[out] fake_stack_save Fake stack save location. |
327 | /// \param bottom Bottom address of stack. |
328 | /// \param size Size of stack in bytes. |
329 | void __sanitizer_start_switch_fiber(void **fake_stack_save, |
330 | const void *bottom, size_t size); |
331 | |
332 | /// Notify ASan that a fiber switch has completed (required only if |
333 | /// implementing your own fiber library). |
334 | /// |
335 | /// When code starts running on the new stack, it must call |
336 | /// <c>__sanitizer_finish_switch_fiber()</c> to finalize |
337 | /// the switch. For usage details, see the description of |
338 | /// <c>__sanitizer_start_switch_fiber()</c>. |
339 | /// |
340 | /// \param fake_stack_save Fake stack save location. |
341 | /// \param[out] bottom_old Bottom address of old stack. |
342 | /// \param[out] size_old Size of old stack in bytes. |
343 | void __sanitizer_finish_switch_fiber(void *fake_stack_save, |
344 | const void **bottom_old, |
345 | size_t *size_old); |
346 | |
347 | // Get full module name and calculate pc offset within it. |
348 | // Returns 1 if pc belongs to some module, 0 if module was not found. |
349 | int __sanitizer_get_module_and_offset_for_pc(void *pc, char *module_path, |
350 | size_t module_path_len, |
351 | void **pc_offset); |
352 | |
353 | #ifdef __cplusplus |
354 | } // extern "C" |
355 | #endif |
356 | |
357 | #endif // SANITIZER_COMMON_INTERFACE_DEFS_H |
358 | |