1//===-- sanitizer/common_interface_defs.h -----------------------*- C++ -*-===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// Common part of the public sanitizer interface.
10//===----------------------------------------------------------------------===//
11
12#ifndef SANITIZER_COMMON_INTERFACE_DEFS_H
13#define SANITIZER_COMMON_INTERFACE_DEFS_H
14
15#include <stddef.h>
16#include <stdint.h>
17
18// Windows allows a user to set their default calling convention, but we always
19// use __cdecl
20#ifdef _WIN32
21#define SANITIZER_CDECL __cdecl
22#else
23#define SANITIZER_CDECL
24#endif
25
26#ifdef __cplusplus
27extern "C" {
28#endif
29// Arguments for __sanitizer_sandbox_on_notify() below.
30typedef struct {
31 // Enable sandbox support in sanitizer coverage.
32 int coverage_sandboxed;
33 // File descriptor to write coverage data to. If -1 is passed, a file will
34 // be pre-opened by __sanitizer_sandbox_on_notify(). This field has no
35 // effect if coverage_sandboxed == 0.
36 intptr_t coverage_fd;
37 // If non-zero, split the coverage data into well-formed blocks. This is
38 // useful when coverage_fd is a socket descriptor. Each block will contain
39 // a header, allowing data from multiple processes to be sent over the same
40 // socket.
41 unsigned int coverage_max_block_size;
42} __sanitizer_sandbox_arguments;
43
44// Tell the tools to write their reports to "path.<pid>" instead of stderr.
45void SANITIZER_CDECL __sanitizer_set_report_path(const char *path);
46// Tell the tools to write their reports to the provided file descriptor
47// (casted to void *).
48void SANITIZER_CDECL __sanitizer_set_report_fd(void *fd);
49// Get the current full report file path, if a path was specified by
50// an earlier call to __sanitizer_set_report_path. Returns null otherwise.
51const char *SANITIZER_CDECL __sanitizer_get_report_path();
52
53// Notify the tools that the sandbox is going to be turned on. The reserved
54// parameter will be used in the future to hold a structure with functions
55// that the tools may call to bypass the sandbox.
56void SANITIZER_CDECL
57__sanitizer_sandbox_on_notify(__sanitizer_sandbox_arguments *args);
58
59// This function is called by the tool when it has just finished reporting
60// an error. 'error_summary' is a one-line string that summarizes
61// the error message. This function can be overridden by the client.
62void SANITIZER_CDECL
63__sanitizer_report_error_summary(const char *error_summary);
64
65// Some of the sanitizers (for example ASan/TSan) could miss bugs that happen
66// in unaligned loads/stores. To find such bugs reliably, you need to replace
67// plain unaligned loads/stores with these calls.
68
69/// Loads a 16-bit unaligned value.
70//
71/// \param p Pointer to unaligned memory.
72///
73/// \returns Loaded value.
74uint16_t SANITIZER_CDECL __sanitizer_unaligned_load16(const void *p);
75
76/// Loads a 32-bit unaligned value.
77///
78/// \param p Pointer to unaligned memory.
79///
80/// \returns Loaded value.
81uint32_t SANITIZER_CDECL __sanitizer_unaligned_load32(const void *p);
82
83/// Loads a 64-bit unaligned value.
84///
85/// \param p Pointer to unaligned memory.
86///
87/// \returns Loaded value.
88uint64_t SANITIZER_CDECL __sanitizer_unaligned_load64(const void *p);
89
90/// Stores a 16-bit unaligned value.
91///
92/// \param p Pointer to unaligned memory.
93/// \param x 16-bit value to store.
94void SANITIZER_CDECL __sanitizer_unaligned_store16(void *p, uint16_t x);
95
96/// Stores a 32-bit unaligned value.
97///
98/// \param p Pointer to unaligned memory.
99/// \param x 32-bit value to store.
100void SANITIZER_CDECL __sanitizer_unaligned_store32(void *p, uint32_t x);
101
102/// Stores a 64-bit unaligned value.
103///
104/// \param p Pointer to unaligned memory.
105/// \param x 64-bit value to store.
106void SANITIZER_CDECL __sanitizer_unaligned_store64(void *p, uint64_t x);
107
108// Returns 1 on the first call, then returns 0 thereafter. Called by the tool
109// to ensure only one report is printed when multiple errors occur
110// simultaneously.
111int SANITIZER_CDECL __sanitizer_acquire_crash_state();
112
113/// Annotates the current state of a contiguous container, such as
114/// <c>std::vector</c>, <c>std::string</c>, or similar.
115///
116/// A contiguous container is a container that keeps all of its elements
117/// in a contiguous region of memory. The container owns the region of memory
118/// <c>[beg, end)</c>; the memory <c>[beg, mid)</c> is used to store the
119/// current elements, and the memory <c>[mid, end)</c> is reserved for future
120/// elements (<c>beg <= mid <= end</c>). For example, in
121/// <c>std::vector<> v</c>:
122///
123/// \code
124/// beg = &v[0];
125/// end = beg + v.capacity() * sizeof(v[0]);
126/// mid = beg + v.size() * sizeof(v[0]);
127/// \endcode
128///
129/// This annotation tells the Sanitizer tool about the current state of the
130/// container so that the tool can report errors when memory from
131/// <c>[mid, end)</c> is accessed. Insert this annotation into methods like
132/// <c>push_back()</c> or <c>pop_back()</c>. Supply the old and new values of
133/// <c>mid</c>(<c><i>old_mid</i></c> and <c><i>new_mid</i></c>). In the initial
134/// state <c>mid == end</c>, so that should be the final state when the
135/// container is destroyed or when the container reallocates the storage.
136///
137/// For ASan, <c><i>beg</i></c> no longer needs to be 8-aligned,
138/// first and last granule may be shared with other objects
139/// and therefore the function can be used for any allocator.
140///
141/// The following example shows how to use the function:
142///
143/// \code
144/// int32_t x[3]; // 12 bytes
145/// char *beg = (char*)&x[0];
146/// char *end = beg + 12;
147/// __sanitizer_annotate_contiguous_container(beg, end, beg, end);
148/// \endcode
149///
150/// \note Use this function with caution and do not use for anything other
151/// than vector-like classes.
152/// \note Unaligned <c><i>beg</i></c> or <c><i>end</i></c> may miss bugs in
153/// these granules.
154///
155/// \param beg Beginning of memory region.
156/// \param end End of memory region.
157/// \param old_mid Old middle of memory region.
158/// \param new_mid New middle of memory region.
159void SANITIZER_CDECL __sanitizer_annotate_contiguous_container(
160 const void *beg, const void *end, const void *old_mid, const void *new_mid);
161
162/// Similar to <c>__sanitizer_annotate_contiguous_container</c>.
163///
164/// Annotates the current state of a contiguous container memory,
165/// such as <c>std::deque</c>'s single chunk, when the boundries are moved.
166///
167/// A contiguous chunk is a chunk that keeps all of its elements
168/// in a contiguous region of memory. The container owns the region of memory
169/// <c>[storage_beg, storage_end)</c>; the memory <c>[container_beg,
170/// container_end)</c> is used to store the current elements, and the memory
171/// <c>[storage_beg, container_beg), [container_end, storage_end)</c> is
172/// reserved for future elements (<c>storage_beg <= container_beg <=
173/// container_end <= storage_end</c>). For example, in <c> std::deque </c>:
174/// - chunk with a frist deques element will have container_beg equal to address
175/// of the first element.
176/// - in every next chunk with elements, true is <c> container_beg ==
177/// storage_beg </c>.
178///
179/// Argument requirements:
180/// During unpoisoning memory of empty container (before first element is
181/// added):
182/// - old_container_beg_p == old_container_end_p
183/// During poisoning after last element was removed:
184/// - new_container_beg_p == new_container_end_p
185/// \param storage_beg Beginning of memory region.
186/// \param storage_end End of memory region.
187/// \param old_container_beg Old beginning of used region.
188/// \param old_container_end End of used region.
189/// \param new_container_beg New beginning of used region.
190/// \param new_container_end New end of used region.
191void SANITIZER_CDECL __sanitizer_annotate_double_ended_contiguous_container(
192 const void *storage_beg, const void *storage_end,
193 const void *old_container_beg, const void *old_container_end,
194 const void *new_container_beg, const void *new_container_end);
195
196/// Returns true if the contiguous container <c>[beg, end)</c> is properly
197/// poisoned.
198///
199/// Proper poisoning could occur, for example, with
200/// <c>__sanitizer_annotate_contiguous_container</c>), that is, if
201/// <c>[beg, mid)</c> is addressable and <c>[mid, end)</c> is unaddressable.
202/// Full verification requires O (<c>end - beg</c>) time; this function tries
203/// to avoid such complexity by touching only parts of the container around
204/// <c><i>beg</i></c>, <c><i>mid</i></c>, and <c><i>end</i></c>.
205///
206/// \param beg Beginning of memory region.
207/// \param mid Middle of memory region.
208/// \param end Old end of memory region.
209///
210/// \returns True if the contiguous container <c>[beg, end)</c> is properly
211/// poisoned.
212int SANITIZER_CDECL __sanitizer_verify_contiguous_container(const void *beg,
213 const void *mid,
214 const void *end);
215
216/// Returns true if the double ended contiguous
217/// container <c>[storage_beg, storage_end)</c> is properly poisoned.
218///
219/// Proper poisoning could occur, for example, with
220/// <c>__sanitizer_annotate_double_ended_contiguous_container</c>), that is, if
221/// <c>[storage_beg, container_beg)</c> is not addressable, <c>[container_beg,
222/// container_end)</c> is addressable and <c>[container_end, end)</c> is
223/// unaddressable. Full verification requires O (<c>storage_end -
224/// storage_beg</c>) time; this function tries to avoid such complexity by
225/// touching only parts of the container around <c><i>storage_beg</i></c>,
226/// <c><i>container_beg</i></c>, <c><i>container_end</i></c>, and
227/// <c><i>storage_end</i></c>.
228///
229/// \param storage_beg Beginning of memory region.
230/// \param container_beg Beginning of used region.
231/// \param container_end End of used region.
232/// \param storage_end End of memory region.
233///
234/// \returns True if the double-ended contiguous container <c>[storage_beg,
235/// container_beg, container_end, end)</c> is properly poisoned - only
236/// [container_beg; container_end) is addressable.
237int SANITIZER_CDECL __sanitizer_verify_double_ended_contiguous_container(
238 const void *storage_beg, const void *container_beg,
239 const void *container_end, const void *storage_end);
240
241/// Similar to <c>__sanitizer_verify_contiguous_container()</c> but also
242/// returns the address of the first improperly poisoned byte.
243///
244/// Returns NULL if the area is poisoned properly.
245///
246/// \param beg Beginning of memory region.
247/// \param mid Middle of memory region.
248/// \param end Old end of memory region.
249///
250/// \returns The bad address or NULL.
251const void *SANITIZER_CDECL __sanitizer_contiguous_container_find_bad_address(
252 const void *beg, const void *mid, const void *end);
253
254/// returns the address of the first improperly poisoned byte.
255///
256/// Returns NULL if the area is poisoned properly.
257///
258/// \param storage_beg Beginning of memory region.
259/// \param container_beg Beginning of used region.
260/// \param container_end End of used region.
261/// \param storage_end End of memory region.
262///
263/// \returns The bad address or NULL.
264const void *SANITIZER_CDECL
265__sanitizer_double_ended_contiguous_container_find_bad_address(
266 const void *storage_beg, const void *container_beg,
267 const void *container_end, const void *storage_end);
268
269/// Prints the stack trace leading to this call (useful for calling from the
270/// debugger).
271void SANITIZER_CDECL __sanitizer_print_stack_trace(void);
272
273// Symbolizes the supplied 'pc' using the format string 'fmt'.
274// Outputs at most 'out_buf_size' bytes into 'out_buf'.
275// If 'out_buf' is not empty then output is zero or more non empty C strings
276// followed by single empty C string. Multiple strings can be returned if PC
277// corresponds to inlined function. Inlined frames are printed in the order
278// from "most-inlined" to the "least-inlined", so the last frame should be the
279// not inlined function.
280// Inlined frames can be removed with 'symbolize_inline_frames=0'.
281// The format syntax is described in
282// lib/sanitizer_common/sanitizer_stacktrace_printer.h.
283void SANITIZER_CDECL __sanitizer_symbolize_pc(void *pc, const char *fmt,
284 char *out_buf,
285 size_t out_buf_size);
286// Same as __sanitizer_symbolize_pc, but for data section (i.e. globals).
287void SANITIZER_CDECL __sanitizer_symbolize_global(void *data_ptr,
288 const char *fmt,
289 char *out_buf,
290 size_t out_buf_size);
291// Determine the return address.
292#if !defined(_MSC_VER) || defined(__clang__)
293#define __sanitizer_return_address() \
294 __builtin_extract_return_addr(__builtin_return_address(0))
295#else
296void *_ReturnAddress(void);
297#pragma intrinsic(_ReturnAddress)
298#define __sanitizer_return_address() _ReturnAddress()
299#endif
300
301/// Sets the callback to be called immediately before death on error.
302///
303/// Passing 0 will unset the callback.
304///
305/// \param callback User-provided callback.
306void SANITIZER_CDECL __sanitizer_set_death_callback(void (*callback)(void));
307
308// Interceptor hooks.
309// Whenever a libc function interceptor is called, it checks if the
310// corresponding weak hook is defined, and calls it if it is indeed defined.
311// The primary use-case is data-flow-guided fuzzing, where the fuzzer needs
312// to know what is being passed to libc functions (for example memcmp).
313// FIXME: implement more hooks.
314
315/// Interceptor hook for <c>memcmp()</c>.
316///
317/// \param called_pc PC (program counter) address of the original call.
318/// \param s1 Pointer to block of memory.
319/// \param s2 Pointer to block of memory.
320/// \param n Number of bytes to compare.
321/// \param result Value returned by the intercepted function.
322void SANITIZER_CDECL __sanitizer_weak_hook_memcmp(void *called_pc,
323 const void *s1,
324 const void *s2, size_t n,
325 int result);
326
327/// Interceptor hook for <c>strncmp()</c>.
328///
329/// \param called_pc PC (program counter) address of the original call.
330/// \param s1 Pointer to block of memory.
331/// \param s2 Pointer to block of memory.
332/// \param n Number of bytes to compare.
333/// \param result Value returned by the intercepted function.
334void SANITIZER_CDECL __sanitizer_weak_hook_strncmp(void *called_pc,
335 const char *s1,
336 const char *s2, size_t n,
337 int result);
338
339/// Interceptor hook for <c>strncasecmp()</c>.
340///
341/// \param called_pc PC (program counter) address of the original call.
342/// \param s1 Pointer to block of memory.
343/// \param s2 Pointer to block of memory.
344/// \param n Number of bytes to compare.
345/// \param result Value returned by the intercepted function.
346void SANITIZER_CDECL __sanitizer_weak_hook_strncasecmp(void *called_pc,
347 const char *s1,
348 const char *s2, size_t n,
349 int result);
350
351/// Interceptor hook for <c>strcmp()</c>.
352///
353/// \param called_pc PC (program counter) address of the original call.
354/// \param s1 Pointer to block of memory.
355/// \param s2 Pointer to block of memory.
356/// \param result Value returned by the intercepted function.
357void SANITIZER_CDECL __sanitizer_weak_hook_strcmp(void *called_pc,
358 const char *s1,
359 const char *s2, int result);
360
361/// Interceptor hook for <c>strcasecmp()</c>.
362///
363/// \param called_pc PC (program counter) address of the original call.
364/// \param s1 Pointer to block of memory.
365/// \param s2 Pointer to block of memory.
366/// \param result Value returned by the intercepted function.
367void SANITIZER_CDECL __sanitizer_weak_hook_strcasecmp(void *called_pc,
368 const char *s1,
369 const char *s2,
370 int result);
371
372/// Interceptor hook for <c>strstr()</c>.
373///
374/// \param called_pc PC (program counter) address of the original call.
375/// \param s1 Pointer to block of memory.
376/// \param s2 Pointer to block of memory.
377/// \param result Value returned by the intercepted function.
378void SANITIZER_CDECL __sanitizer_weak_hook_strstr(void *called_pc,
379 const char *s1,
380 const char *s2, char *result);
381
382void SANITIZER_CDECL __sanitizer_weak_hook_strcasestr(void *called_pc,
383 const char *s1,
384 const char *s2,
385 char *result);
386
387void SANITIZER_CDECL __sanitizer_weak_hook_memmem(void *called_pc,
388 const void *s1, size_t len1,
389 const void *s2, size_t len2,
390 void *result);
391
392// Prints stack traces for all live heap allocations ordered by total
393// allocation size until top_percent of total live heap is shown. top_percent
394// should be between 1 and 100. At most max_number_of_contexts contexts
395// (stack traces) are printed.
396// Experimental feature currently available only with ASan on Linux/x86_64.
397void SANITIZER_CDECL __sanitizer_print_memory_profile(
398 size_t top_percent, size_t max_number_of_contexts);
399
400/// Notify ASan that a fiber switch has started (required only if implementing
401/// your own fiber library).
402///
403/// Before switching to a different stack, you must call
404/// <c>__sanitizer_start_switch_fiber()</c> with a pointer to the bottom of the
405/// destination stack and with its size. When code starts running on the new
406/// stack, it must call <c>__sanitizer_finish_switch_fiber()</c> to finalize
407/// the switch. The <c>__sanitizer_start_switch_fiber()</c> function takes a
408/// <c>void**</c> pointer argument to store the current fake stack if there is
409/// one (it is necessary when the runtime option
410/// <c>detect_stack_use_after_return</c> is enabled).
411///
412/// When restoring a stack, this <c>void**</c> pointer must be given to the
413/// <c>__sanitizer_finish_switch_fiber()</c> function. In most cases, this
414/// pointer can be stored on the stack immediately before switching. When
415/// leaving a fiber definitely, NULL must be passed as the first argument to
416/// the <c>__sanitizer_start_switch_fiber()</c> function so that the fake stack
417/// is destroyed. If your program does not need stack use-after-return
418/// detection, you can always pass NULL to these two functions.
419///
420/// \note The fake stack mechanism is disabled during fiber switch, so if a
421/// signal callback runs during the switch, it will not benefit from stack
422/// use-after-return detection.
423///
424/// \param[out] fake_stack_save Fake stack save location.
425/// \param bottom Bottom address of stack.
426/// \param size Size of stack in bytes.
427void SANITIZER_CDECL __sanitizer_start_switch_fiber(void **fake_stack_save,
428 const void *bottom,
429 size_t size);
430
431/// Notify ASan that a fiber switch has completed (required only if
432/// implementing your own fiber library).
433///
434/// When code starts running on the new stack, it must call
435/// <c>__sanitizer_finish_switch_fiber()</c> to finalize
436/// the switch. For usage details, see the description of
437/// <c>__sanitizer_start_switch_fiber()</c>.
438///
439/// \param fake_stack_save Fake stack save location.
440/// \param[out] bottom_old Bottom address of old stack.
441/// \param[out] size_old Size of old stack in bytes.
442void SANITIZER_CDECL __sanitizer_finish_switch_fiber(void *fake_stack_save,
443 const void **bottom_old,
444 size_t *size_old);
445
446// Get full module name and calculate pc offset within it.
447// Returns 1 if pc belongs to some module, 0 if module was not found.
448int SANITIZER_CDECL __sanitizer_get_module_and_offset_for_pc(
449 void *pc, char *module_path, size_t module_path_len, void **pc_offset);
450
451#ifdef __cplusplus
452} // extern "C"
453#endif
454
455#endif // SANITIZER_COMMON_INTERFACE_DEFS_H
456