1//===----------------------------------------------------------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8
9#ifndef _LIBCPP___LIBCXX_DEBUG_UTILS_SANITIZERS_H
10#define _LIBCPP___LIBCXX_DEBUG_UTILS_SANITIZERS_H
11
12#include <__config>
13#include <__type_traits/integral_constant.h>
14#include <__type_traits/is_constant_evaluated.h>
15
16#if !defined(_LIBCPP_HAS_NO_PRAGMA_SYSTEM_HEADER)
17# pragma GCC system_header
18#endif
19
20// Within libc++, _LIBCPP_ENABLE_ASAN_CONTAINER_CHECKS determines whether the containers should
21// provide ASAN container overflow checks. That setting attempts to honour ASAN's documented option
22// __SANITIZER_DISABLE_CONTAINER_OVERFLOW__ which can be defined by users to disable container overflow
23// checks.
24//
25// However, since parts of some containers (e.g. std::string) are compiled separately into the built
26// library, there are caveats:
27// - __SANITIZER_DISABLE_CONTAINER_OVERFLOW__ can't always be honoured, i.e. if the built library
28// was compiled with ASAN container checks, it's impossible to turn them off afterwards. We diagnose
29// this with an error to avoid the proliferation of invalid configurations that appear to work.
30//
31// - The container overflow checks themselves are not always available even when the user is compiling
32// with -fsanitize=address. If a container is compiled separately like std::string, it can't provide
33// container checks unless the separately compiled code was built with container checks enabled. These
34// containers need to also conditionalize whether they provide overflow checks on `_LIBCPP_INSTRUMENTED_WITH_ASAN`.
35#if __has_feature(address_sanitizer) && !defined(__SANITIZER_DISABLE_CONTAINER_OVERFLOW__)
36# define _LIBCPP_ENABLE_ASAN_CONTAINER_CHECKS 1
37#else
38# define _LIBCPP_ENABLE_ASAN_CONTAINER_CHECKS 0
39#endif
40
41#if _LIBCPP_INSTRUMENTED_WITH_ASAN && !_LIBCPP_ENABLE_ASAN_CONTAINER_CHECKS
42# error "We can't disable ASAN container checks when libc++ has been built with ASAN container checks enabled"
43#endif
44
45#if _LIBCPP_ENABLE_ASAN_CONTAINER_CHECKS
46
47extern "C" {
48_LIBCPP_EXPORTED_FROM_ABI void
49__sanitizer_annotate_contiguous_container(const void*, const void*, const void*, const void*);
50_LIBCPP_EXPORTED_FROM_ABI void __sanitizer_annotate_double_ended_contiguous_container(
51 const void*, const void*, const void*, const void*, const void*, const void*);
52_LIBCPP_EXPORTED_FROM_ABI int
53__sanitizer_verify_double_ended_contiguous_container(const void*, const void*, const void*, const void*);
54}
55
56#endif // _LIBCPP_ENABLE_ASAN_CONTAINER_CHECKS
57
58_LIBCPP_BEGIN_NAMESPACE_STD
59
60// ASan choices
61#if _LIBCPP_ENABLE_ASAN_CONTAINER_CHECKS
62# define _LIBCPP_HAS_ASAN_CONTAINER_ANNOTATIONS_FOR_ALL_ALLOCATORS 1
63#endif
64
65#ifdef _LIBCPP_HAS_ASAN_CONTAINER_ANNOTATIONS_FOR_ALL_ALLOCATORS
66// __asan_annotate_container_with_allocator determines whether containers with custom allocators are annotated. This is
67// a public customization point to disable annotations if the custom allocator assumes that the memory isn't poisoned.
68// See the https://libcxx.llvm.org/UsingLibcxx.html#turning-off-asan-annotation-in-containers for more information.
69template <class _Alloc>
70struct __asan_annotate_container_with_allocator : true_type {};
71#endif
72
73// Annotate a double-ended contiguous range.
74// - [__first_storage, __last_storage) is the allocated memory region,
75// - [__first_old_contained, __last_old_contained) is the previously allowed (unpoisoned) range, and
76// - [__first_new_contained, __last_new_contained) is the new allowed (unpoisoned) range.
77template <class _Allocator>
78_LIBCPP_HIDE_FROM_ABI void __annotate_double_ended_contiguous_container(
79 const void* __first_storage,
80 const void* __last_storage,
81 const void* __first_old_contained,
82 const void* __last_old_contained,
83 const void* __first_new_contained,
84 const void* __last_new_contained) {
85#if !_LIBCPP_ENABLE_ASAN_CONTAINER_CHECKS
86 (void)__first_storage;
87 (void)__last_storage;
88 (void)__first_old_contained;
89 (void)__last_old_contained;
90 (void)__first_new_contained;
91 (void)__last_new_contained;
92#else
93 if (__asan_annotate_container_with_allocator<_Allocator>::value && __first_storage != nullptr)
94 __sanitizer_annotate_double_ended_contiguous_container(
95 __first_storage,
96 __last_storage,
97 __first_old_contained,
98 __last_old_contained,
99 __first_new_contained,
100 __last_new_contained);
101#endif
102}
103
104// Annotate a contiguous range.
105// [__first_storage, __last_storage) is the allocated memory region,
106// __old_last_contained is the previously last allowed (unpoisoned) element, and
107// __new_last_contained is the new last allowed (unpoisoned) element.
108template <class _Allocator>
109_LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_SINCE_CXX14 void __annotate_contiguous_container(
110 const void* __first_storage,
111 const void* __last_storage,
112 const void* __old_last_contained,
113 const void* __new_last_contained) {
114#if !_LIBCPP_ENABLE_ASAN_CONTAINER_CHECKS
115 (void)__first_storage;
116 (void)__last_storage;
117 (void)__old_last_contained;
118 (void)__new_last_contained;
119#else
120 if (!__libcpp_is_constant_evaluated() && __asan_annotate_container_with_allocator<_Allocator>::value &&
121 __first_storage != nullptr)
122 __sanitizer_annotate_contiguous_container(
123 __first_storage, __last_storage, __old_last_contained, __new_last_contained);
124#endif
125}
126
127_LIBCPP_END_NAMESPACE_STD
128
129#endif // _LIBCPP___LIBCXX_DEBUG_UTILS_SANITIZERS_H
130