1 //===-- sanitizer/common_interface_defs.h -----------------------*- C++ -*-===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // Common part of the public sanitizer interface.
11 //===----------------------------------------------------------------------===//
13 #ifndef SANITIZER_COMMON_INTERFACE_DEFS_H
14 #define SANITIZER_COMMON_INTERFACE_DEFS_H
19 // GCC does not understand __has_feature.
20 #if !defined(__has_feature)
21 # define __has_feature(x) 0
27 // Arguments for __sanitizer_sandbox_on_notify() below.
29 // Enable sandbox support in sanitizer coverage.
30 int coverage_sandboxed;
31 // File descriptor to write coverage data to. If -1 is passed, a file will
32 // be pre-opened by __sanitizer_sandobx_on_notify(). This field has no
33 // effect if coverage_sandboxed == 0.
35 // If non-zero, split the coverage data into well-formed blocks. This is
36 // useful when coverage_fd is a socket descriptor. Each block will contain
37 // a header, allowing data from multiple processes to be sent over the same
39 unsigned int coverage_max_block_size;
40 } __sanitizer_sandbox_arguments;
42 // Tell the tools to write their reports to "path.<pid>" instead of stderr.
43 void __sanitizer_set_report_path(const char *path);
44 // Tell the tools to write their reports to the provided file descriptor
45 // (casted to void *).
46 void __sanitizer_set_report_fd(void *fd);
48 // Notify the tools that the sandbox is going to be turned on. The reserved
49 // parameter will be used in the future to hold a structure with functions
50 // that the tools may call to bypass the sandbox.
51 void __sanitizer_sandbox_on_notify(__sanitizer_sandbox_arguments *args);
53 // This function is called by the tool when it has just finished reporting
54 // an error. 'error_summary' is a one-line string that summarizes
55 // the error message. This function can be overridden by the client.
56 void __sanitizer_report_error_summary(const char *error_summary);
58 // Some of the sanitizers (e.g. asan/tsan) may miss bugs that happen
59 // in unaligned loads/stores. In order to find such bugs reliably one needs
60 // to replace plain unaligned loads/stores with these calls.
61 uint16_t __sanitizer_unaligned_load16(const void *p);
62 uint32_t __sanitizer_unaligned_load32(const void *p);
63 uint64_t __sanitizer_unaligned_load64(const void *p);
64 void __sanitizer_unaligned_store16(void *p, uint16_t x);
65 void __sanitizer_unaligned_store32(void *p, uint32_t x);
66 void __sanitizer_unaligned_store64(void *p, uint64_t x);
68 // Annotate the current state of a contiguous container, such as
69 // std::vector, std::string or similar.
70 // A contiguous container is a container that keeps all of its elements
71 // in a contiguous region of memory. The container owns the region of memory
72 // [beg, end); the memory [beg, mid) is used to store the current elements
73 // and the memory [mid, end) is reserved for future elements;
74 // beg <= mid <= end. For example, in "std::vector<> v"
76 // end = beg + v.capacity() * sizeof(v[0]);
77 // mid = beg + v.size() * sizeof(v[0]);
79 // This annotation tells the Sanitizer tool about the current state of the
80 // container so that the tool can report errors when memory from [mid, end)
81 // is accessed. Insert this annotation into methods like push_back/pop_back.
82 // Supply the old and the new values of mid (old_mid/new_mid).
83 // In the initial state mid == end and so should be the final
84 // state when the container is destroyed or when it reallocates the storage.
86 // Use with caution and don't use for anything other than vector-like classes.
88 // For AddressSanitizer, 'beg' should be 8-aligned and 'end' should
89 // be either 8-aligned or it should point to the end of a separate heap-,
90 // stack-, or global- allocated buffer. I.e. the following will not work:
91 // int64_t x[2]; // 16 bytes, 8-aligned.
92 // char *beg = (char *)&x[0];
93 // char *end = beg + 12; // Not 8 aligned, not the end of the buffer.
94 // This however will work fine:
95 // int32_t x[3]; // 12 bytes, but 8-aligned under AddressSanitizer.
96 // char *beg = (char*)&x[0];
97 // char *end = beg + 12; // Not 8-aligned, but is the end of the buffer.
98 void __sanitizer_annotate_contiguous_container(const void *beg,
101 const void *new_mid);
102 // Returns true if the contiguous container [beg, end) is properly poisoned
103 // (e.g. with __sanitizer_annotate_contiguous_container), i.e. if
104 // - [beg, mid) is addressable,
105 // - [mid, end) is unaddressable.
106 // Full verification requires O(end-beg) time; this function tries to avoid
107 // such complexity by touching only parts of the container around beg/mid/end.
108 int __sanitizer_verify_contiguous_container(const void *beg, const void *mid,
111 // Similar to __sanitizer_verify_contiguous_container but returns the address
112 // of the first improperly poisoned byte otherwise. Returns null if the area
113 // is poisoned properly.
114 const void *__sanitizer_contiguous_container_find_bad_address(
115 const void *beg, const void *mid, const void *end);
117 // Print the stack trace leading to this call. Useful for debugging user code.
118 void __sanitizer_print_stack_trace(void);
120 // Symbolizes the supplied 'pc' using the format string 'fmt'.
121 // Outputs at most 'out_buf_size' bytes into 'out_buf'.
122 // The format syntax is described in
123 // lib/sanitizer_common/sanitizer_stacktrace_printer.h.
124 void __sanitizer_symbolize_pc(void *pc, const char *fmt, char *out_buf,
125 size_t out_buf_size);
126 // Same as __sanitizer_symbolize_pc, but for data section (i.e. globals).
127 void __sanitizer_symbolize_global(void *data_ptr, const char *fmt,
128 char *out_buf, size_t out_buf_size);
130 // Sets the callback to be called right before death on error.
131 // Passing 0 will unset the callback.
132 void __sanitizer_set_death_callback(void (*callback)(void));
134 // Interceptor hooks.
135 // Whenever a libc function interceptor is called it checks if the
136 // corresponding weak hook is defined, and it so -- calls it.
137 // The primary use case is data-flow-guided fuzzing, where the fuzzer needs
138 // to know what is being passed to libc functions, e.g. memcmp.
139 // FIXME: implement more hooks.
140 void __sanitizer_weak_hook_memcmp(void *called_pc, const void *s1,
141 const void *s2, size_t n, int result);
142 void __sanitizer_weak_hook_strncmp(void *called_pc, const char *s1,
143 const char *s2, size_t n, int result);
144 void __sanitizer_weak_hook_strncasecmp(void *called_pc, const char *s1,
145 const char *s2, size_t n, int result);
146 void __sanitizer_weak_hook_strcmp(void *called_pc, const char *s1,
147 const char *s2, int result);
148 void __sanitizer_weak_hook_strcasecmp(void *called_pc, const char *s1,
149 const char *s2, int result);
150 void __sanitizer_weak_hook_strstr(void *called_pc, const char *s1,
151 const char *s2, char *result);
152 void __sanitizer_weak_hook_strcasestr(void *called_pc, const char *s1,
153 const char *s2, char *result);
154 void __sanitizer_weak_hook_memmem(void *called_pc,
155 const void *s1, size_t len1,
156 const void *s2, size_t len2, void *result);
158 // Prints stack traces for all live heap allocations ordered by total
159 // allocation size until `top_percent` of total live heap is shown.
160 // `top_percent` should be between 1 and 100.
161 // At most `max_number_of_contexts` contexts (stack traces) is printed.
162 // Experimental feature currently available only with asan on Linux/x86_64.
163 void __sanitizer_print_memory_profile(size_t top_percent,
164 size_t max_number_of_contexts);
166 // Fiber annotation interface.
167 // Before switching to a different stack, one must call
168 // __sanitizer_start_switch_fiber with a pointer to the bottom of the
169 // destination stack and its size. When code starts running on the new stack,
170 // it must call __sanitizer_finish_switch_fiber to finalize the switch.
171 // The start_switch function takes a void** to store the current fake stack if
172 // there is one (it is needed when detect_stack_use_after_return is enabled).
173 // When restoring a stack, this pointer must be given to the finish_switch
174 // function. In most cases, this void* can be stored on the stack just before
175 // switching. When leaving a fiber definitely, null must be passed as first
176 // argument to the start_switch function so that the fake stack is destroyed.
177 // If you do not want support for stack use-after-return detection, you can
178 // always pass null to these two functions.
179 // Note that the fake stack mechanism is disabled during fiber switch, so if a
180 // signal callback runs during the switch, it will not benefit from the stack
181 // use-after-return detection.
182 void __sanitizer_start_switch_fiber(void **fake_stack_save,
183 const void *bottom, size_t size);
184 void __sanitizer_finish_switch_fiber(void *fake_stack_save,
185 const void **bottom_old,
188 // Get full module name and calculate pc offset within it.
189 // Returns 1 if pc belongs to some module, 0 if module was not found.
190 int __sanitizer_get_module_and_offset_for_pc(void *pc, char *module_path,
191 size_t module_path_len,
198 #endif // SANITIZER_COMMON_INTERFACE_DEFS_H