1 //===-- sanitizer/common_interface_defs.h -----------------------*- C++ -*-===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // Common part of the public sanitizer interface. 10 //===----------------------------------------------------------------------===// 11 12 #ifndef SANITIZER_COMMON_INTERFACE_DEFS_H 13 #define SANITIZER_COMMON_INTERFACE_DEFS_H 14 15 #include <stddef.h> 16 #include <stdint.h> 17 18 // Windows allows a user to set their default calling convention, but we always 19 // use __cdecl 20 #ifdef _WIN32 21 #define SANITIZER_CDECL __cdecl 22 #else 23 #define SANITIZER_CDECL 24 #endif 25 26 #ifdef __cplusplus 27 extern "C" { 28 #endif 29 // Arguments for __sanitizer_sandbox_on_notify() below. 30 typedef struct { 31 // Enable sandbox support in sanitizer coverage. 32 int coverage_sandboxed; 33 // File descriptor to write coverage data to. If -1 is passed, a file will 34 // be pre-opened by __sanitizer_sandbox_on_notify(). This field has no 35 // effect if coverage_sandboxed == 0. 36 intptr_t coverage_fd; 37 // If non-zero, split the coverage data into well-formed blocks. This is 38 // useful when coverage_fd is a socket descriptor. Each block will contain 39 // a header, allowing data from multiple processes to be sent over the same 40 // socket. 41 unsigned int coverage_max_block_size; 42 } __sanitizer_sandbox_arguments; 43 44 // Tell the tools to write their reports to "path.<pid>" instead of stderr. 45 void SANITIZER_CDECL __sanitizer_set_report_path(const char *path); 46 // Tell the tools to write their reports to the provided file descriptor 47 // (casted to void *). 48 void SANITIZER_CDECL __sanitizer_set_report_fd(void *fd); 49 // Get the current full report file path, if a path was specified by 50 // an earlier call to __sanitizer_set_report_path. Returns null otherwise. 51 const char *SANITIZER_CDECL __sanitizer_get_report_path(); 52 53 // Notify the tools that the sandbox is going to be turned on. The reserved 54 // parameter will be used in the future to hold a structure with functions 55 // that the tools may call to bypass the sandbox. 56 void SANITIZER_CDECL 57 __sanitizer_sandbox_on_notify(__sanitizer_sandbox_arguments *args); 58 59 // This function is called by the tool when it has just finished reporting 60 // an error. 'error_summary' is a one-line string that summarizes 61 // the error message. This function can be overridden by the client. 62 void SANITIZER_CDECL 63 __sanitizer_report_error_summary(const char *error_summary); 64 65 // Some of the sanitizers (for example ASan/TSan) could miss bugs that happen 66 // in unaligned loads/stores. To find such bugs reliably, you need to replace 67 // plain unaligned loads/stores with these calls. 68 69 /// Loads a 16-bit unaligned value. 70 // 71 /// \param p Pointer to unaligned memory. 72 /// 73 /// \returns Loaded value. 74 uint16_t SANITIZER_CDECL __sanitizer_unaligned_load16(const void *p); 75 76 /// Loads a 32-bit unaligned value. 77 /// 78 /// \param p Pointer to unaligned memory. 79 /// 80 /// \returns Loaded value. 81 uint32_t SANITIZER_CDECL __sanitizer_unaligned_load32(const void *p); 82 83 /// Loads a 64-bit unaligned value. 84 /// 85 /// \param p Pointer to unaligned memory. 86 /// 87 /// \returns Loaded value. 88 uint64_t SANITIZER_CDECL __sanitizer_unaligned_load64(const void *p); 89 90 /// Stores a 16-bit unaligned value. 91 /// 92 /// \param p Pointer to unaligned memory. 93 /// \param x 16-bit value to store. 94 void SANITIZER_CDECL __sanitizer_unaligned_store16(void *p, uint16_t x); 95 96 /// Stores a 32-bit unaligned value. 97 /// 98 /// \param p Pointer to unaligned memory. 99 /// \param x 32-bit value to store. 100 void SANITIZER_CDECL __sanitizer_unaligned_store32(void *p, uint32_t x); 101 102 /// Stores a 64-bit unaligned value. 103 /// 104 /// \param p Pointer to unaligned memory. 105 /// \param x 64-bit value to store. 106 void SANITIZER_CDECL __sanitizer_unaligned_store64(void *p, uint64_t x); 107 108 // Returns 1 on the first call, then returns 0 thereafter. Called by the tool 109 // to ensure only one report is printed when multiple errors occur 110 // simultaneously. 111 int SANITIZER_CDECL __sanitizer_acquire_crash_state(); 112 113 /// Annotates the current state of a contiguous container, such as 114 /// <c>std::vector</c>, <c>std::string</c>, or similar. 115 /// 116 /// A contiguous container is a container that keeps all of its elements 117 /// in a contiguous region of memory. The container owns the region of memory 118 /// <c>[beg, end)</c>; the memory <c>[beg, mid)</c> is used to store the 119 /// current elements, and the memory <c>[mid, end)</c> is reserved for future 120 /// elements (<c>beg <= mid <= end</c>). For example, in 121 /// <c>std::vector<> v</c>: 122 /// 123 /// \code 124 /// beg = &v[0]; 125 /// end = beg + v.capacity() * sizeof(v[0]); 126 /// mid = beg + v.size() * sizeof(v[0]); 127 /// \endcode 128 /// 129 /// This annotation tells the Sanitizer tool about the current state of the 130 /// container so that the tool can report errors when memory from 131 /// <c>[mid, end)</c> is accessed. Insert this annotation into methods like 132 /// <c>push_back()</c> or <c>pop_back()</c>. Supply the old and new values of 133 /// <c>mid</c>(<c><i>old_mid</i></c> and <c><i>new_mid</i></c>). In the initial 134 /// state <c>mid == end</c>, so that should be the final state when the 135 /// container is destroyed or when the container reallocates the storage. 136 /// 137 /// For ASan, <c><i>beg</i></c> no longer needs to be 8-aligned, 138 /// first and last granule may be shared with other objects 139 /// and therefore the function can be used for any allocator. 140 /// 141 /// The following example shows how to use the function: 142 /// 143 /// \code 144 /// int32_t x[3]; // 12 bytes 145 /// char *beg = (char*)&x[0]; 146 /// char *end = beg + 12; 147 /// __sanitizer_annotate_contiguous_container(beg, end, beg, end); 148 /// \endcode 149 /// 150 /// \note Use this function with caution and do not use for anything other 151 /// than vector-like classes. 152 /// \note Unaligned <c><i>beg</i></c> or <c><i>end</i></c> may miss bugs in 153 /// these granules. 154 /// 155 /// \param beg Beginning of memory region. 156 /// \param end End of memory region. 157 /// \param old_mid Old middle of memory region. 158 /// \param new_mid New middle of memory region. 159 void SANITIZER_CDECL __sanitizer_annotate_contiguous_container( 160 const void *beg, const void *end, const void *old_mid, const void *new_mid); 161 162 /// Similar to <c>__sanitizer_annotate_contiguous_container</c>. 163 /// 164 /// Annotates the current state of a contiguous container memory, 165 /// such as <c>std::deque</c>'s single chunk, when the boundries are moved. 166 /// 167 /// A contiguous chunk is a chunk that keeps all of its elements 168 /// in a contiguous region of memory. The container owns the region of memory 169 /// <c>[storage_beg, storage_end)</c>; the memory <c>[container_beg, 170 /// container_end)</c> is used to store the current elements, and the memory 171 /// <c>[storage_beg, container_beg), [container_end, storage_end)</c> is 172 /// reserved for future elements (<c>storage_beg <= container_beg <= 173 /// container_end <= storage_end</c>). For example, in <c> std::deque </c>: 174 /// - chunk with a frist deques element will have container_beg equal to address 175 /// of the first element. 176 /// - in every next chunk with elements, true is <c> container_beg == 177 /// storage_beg </c>. 178 /// 179 /// Argument requirements: 180 /// During unpoisoning memory of empty container (before first element is 181 /// added): 182 /// - old_container_beg_p == old_container_end_p 183 /// During poisoning after last element was removed: 184 /// - new_container_beg_p == new_container_end_p 185 /// \param storage_beg Beginning of memory region. 186 /// \param storage_end End of memory region. 187 /// \param old_container_beg Old beginning of used region. 188 /// \param old_container_end End of used region. 189 /// \param new_container_beg New beginning of used region. 190 /// \param new_container_end New end of used region. 191 void SANITIZER_CDECL __sanitizer_annotate_double_ended_contiguous_container( 192 const void *storage_beg, const void *storage_end, 193 const void *old_container_beg, const void *old_container_end, 194 const void *new_container_beg, const void *new_container_end); 195 196 /// Copies memory annotations from a source storage region to a destination 197 /// storage region. After the operation, the destination region has the same 198 /// memory annotations as the source region, as long as sanitizer limitations 199 /// allow it (more bytes may be unpoisoned than in the source region, resulting 200 /// in more false negatives, but never false positives). If the source and 201 /// destination regions overlap, only the minimal required changes are made to 202 /// preserve the correct annotations. Old storage bytes that are not in the new 203 /// storage should have the same annotations, as long as sanitizer limitations 204 /// allow it. 205 /// 206 /// This function is primarily designed to be used when moving trivially 207 /// relocatable objects that may have poisoned memory, making direct copying 208 /// problematic under sanitizer. However, this function does not move memory 209 /// content itself, only annotations. 210 /// 211 /// A contiguous container is a container that keeps all of its elements in a 212 /// contiguous region of memory. The container owns the region of memory 213 /// <c>[src_begin, src_end)</c> and <c>[dst_begin, dst_end)</c>. The memory 214 /// within these regions may be alternately poisoned and non-poisoned, with 215 /// possibly smaller poisoned and unpoisoned regions. 216 /// 217 /// If this function fully poisons a granule, it is marked as "container 218 /// overflow". 219 /// 220 /// Argument requirements: The destination container must have the same size as 221 /// the source container, which is inferred from the beginning and end of the 222 /// source region. Addresses may be granule-unaligned, but this may affect 223 /// performance. 224 /// 225 /// \param src_begin Begin of the source container region. 226 /// \param src_end End of the source container region. 227 /// \param dst_begin Begin of the destination container region. 228 /// \param dst_end End of the destination container region. 229 void SANITIZER_CDECL __sanitizer_copy_contiguous_container_annotations( 230 const void *src_begin, const void *src_end, const void *dst_begin, 231 const void *dst_end); 232 233 /// Returns true if the contiguous container <c>[beg, end)</c> is properly 234 /// poisoned. 235 /// 236 /// Proper poisoning could occur, for example, with 237 /// <c>__sanitizer_annotate_contiguous_container</c>), that is, if 238 /// <c>[beg, mid)</c> is addressable and <c>[mid, end)</c> is unaddressable. 239 /// Full verification requires O (<c>end - beg</c>) time; this function tries 240 /// to avoid such complexity by touching only parts of the container around 241 /// <c><i>beg</i></c>, <c><i>mid</i></c>, and <c><i>end</i></c>. 242 /// 243 /// \param beg Beginning of memory region. 244 /// \param mid Middle of memory region. 245 /// \param end Old end of memory region. 246 /// 247 /// \returns True if the contiguous container <c>[beg, end)</c> is properly 248 /// poisoned. 249 int SANITIZER_CDECL __sanitizer_verify_contiguous_container(const void *beg, 250 const void *mid, 251 const void *end); 252 253 /// Returns true if the double ended contiguous 254 /// container <c>[storage_beg, storage_end)</c> is properly poisoned. 255 /// 256 /// Proper poisoning could occur, for example, with 257 /// <c>__sanitizer_annotate_double_ended_contiguous_container</c>), that is, if 258 /// <c>[storage_beg, container_beg)</c> is not addressable, <c>[container_beg, 259 /// container_end)</c> is addressable and <c>[container_end, end)</c> is 260 /// unaddressable. Full verification requires O (<c>storage_end - 261 /// storage_beg</c>) time; this function tries to avoid such complexity by 262 /// touching only parts of the container around <c><i>storage_beg</i></c>, 263 /// <c><i>container_beg</i></c>, <c><i>container_end</i></c>, and 264 /// <c><i>storage_end</i></c>. 265 /// 266 /// \param storage_beg Beginning of memory region. 267 /// \param container_beg Beginning of used region. 268 /// \param container_end End of used region. 269 /// \param storage_end End of memory region. 270 /// 271 /// \returns True if the double-ended contiguous container <c>[storage_beg, 272 /// container_beg, container_end, end)</c> is properly poisoned - only 273 /// [container_beg; container_end) is addressable. 274 int SANITIZER_CDECL __sanitizer_verify_double_ended_contiguous_container( 275 const void *storage_beg, const void *container_beg, 276 const void *container_end, const void *storage_end); 277 278 /// Similar to <c>__sanitizer_verify_contiguous_container()</c> but also 279 /// returns the address of the first improperly poisoned byte. 280 /// 281 /// Returns NULL if the area is poisoned properly. 282 /// 283 /// \param beg Beginning of memory region. 284 /// \param mid Middle of memory region. 285 /// \param end Old end of memory region. 286 /// 287 /// \returns The bad address or NULL. 288 const void *SANITIZER_CDECL __sanitizer_contiguous_container_find_bad_address( 289 const void *beg, const void *mid, const void *end); 290 291 /// returns the address of the first improperly poisoned byte. 292 /// 293 /// Returns NULL if the area is poisoned properly. 294 /// 295 /// \param storage_beg Beginning of memory region. 296 /// \param container_beg Beginning of used region. 297 /// \param container_end End of used region. 298 /// \param storage_end End of memory region. 299 /// 300 /// \returns The bad address or NULL. 301 const void *SANITIZER_CDECL 302 __sanitizer_double_ended_contiguous_container_find_bad_address( 303 const void *storage_beg, const void *container_beg, 304 const void *container_end, const void *storage_end); 305 306 /// Prints the stack trace leading to this call (useful for calling from the 307 /// debugger). 308 void SANITIZER_CDECL __sanitizer_print_stack_trace(void); 309 310 // Symbolizes the supplied 'pc' using the format string 'fmt'. 311 // Outputs at most 'out_buf_size' bytes into 'out_buf'. 312 // If 'out_buf' is not empty then output is zero or more non empty C strings 313 // followed by single empty C string. Multiple strings can be returned if PC 314 // corresponds to inlined function. Inlined frames are printed in the order 315 // from "most-inlined" to the "least-inlined", so the last frame should be the 316 // not inlined function. 317 // Inlined frames can be removed with 'symbolize_inline_frames=0'. 318 // The format syntax is described in 319 // lib/sanitizer_common/sanitizer_stacktrace_printer.h. 320 void SANITIZER_CDECL __sanitizer_symbolize_pc(void *pc, const char *fmt, 321 char *out_buf, 322 size_t out_buf_size); 323 // Same as __sanitizer_symbolize_pc, but for data section (i.e. globals). 324 void SANITIZER_CDECL __sanitizer_symbolize_global(void *data_ptr, 325 const char *fmt, 326 char *out_buf, 327 size_t out_buf_size); 328 // Determine the return address. 329 #if !defined(_MSC_VER) || defined(__clang__) 330 #define __sanitizer_return_address() \ 331 __builtin_extract_return_addr(__builtin_return_address(0)) 332 #else 333 void *_ReturnAddress(void); 334 #pragma intrinsic(_ReturnAddress) 335 #define __sanitizer_return_address() _ReturnAddress() 336 #endif 337 338 /// Sets the callback to be called immediately before death on error. 339 /// 340 /// Passing 0 will unset the callback. 341 /// 342 /// \param callback User-provided callback. 343 void SANITIZER_CDECL __sanitizer_set_death_callback(void (*callback)(void)); 344 345 // Interceptor hooks. 346 // Whenever a libc function interceptor is called, it checks if the 347 // corresponding weak hook is defined, and calls it if it is indeed defined. 348 // The primary use-case is data-flow-guided fuzzing, where the fuzzer needs 349 // to know what is being passed to libc functions (for example memcmp). 350 // FIXME: implement more hooks. 351 352 /// Interceptor hook for <c>memcmp()</c>. 353 /// 354 /// \param called_pc PC (program counter) address of the original call. 355 /// \param s1 Pointer to block of memory. 356 /// \param s2 Pointer to block of memory. 357 /// \param n Number of bytes to compare. 358 /// \param result Value returned by the intercepted function. 359 void SANITIZER_CDECL __sanitizer_weak_hook_memcmp(void *called_pc, 360 const void *s1, 361 const void *s2, size_t n, 362 int result); 363 364 /// Interceptor hook for <c>strncmp()</c>. 365 /// 366 /// \param called_pc PC (program counter) address of the original call. 367 /// \param s1 Pointer to block of memory. 368 /// \param s2 Pointer to block of memory. 369 /// \param n Number of bytes to compare. 370 /// \param result Value returned by the intercepted function. 371 void SANITIZER_CDECL __sanitizer_weak_hook_strncmp(void *called_pc, 372 const char *s1, 373 const char *s2, size_t n, 374 int result); 375 376 /// Interceptor hook for <c>strncasecmp()</c>. 377 /// 378 /// \param called_pc PC (program counter) address of the original call. 379 /// \param s1 Pointer to block of memory. 380 /// \param s2 Pointer to block of memory. 381 /// \param n Number of bytes to compare. 382 /// \param result Value returned by the intercepted function. 383 void SANITIZER_CDECL __sanitizer_weak_hook_strncasecmp(void *called_pc, 384 const char *s1, 385 const char *s2, size_t n, 386 int result); 387 388 /// Interceptor hook for <c>strcmp()</c>. 389 /// 390 /// \param called_pc PC (program counter) address of the original call. 391 /// \param s1 Pointer to block of memory. 392 /// \param s2 Pointer to block of memory. 393 /// \param result Value returned by the intercepted function. 394 void SANITIZER_CDECL __sanitizer_weak_hook_strcmp(void *called_pc, 395 const char *s1, 396 const char *s2, int result); 397 398 /// Interceptor hook for <c>strcasecmp()</c>. 399 /// 400 /// \param called_pc PC (program counter) address of the original call. 401 /// \param s1 Pointer to block of memory. 402 /// \param s2 Pointer to block of memory. 403 /// \param result Value returned by the intercepted function. 404 void SANITIZER_CDECL __sanitizer_weak_hook_strcasecmp(void *called_pc, 405 const char *s1, 406 const char *s2, 407 int result); 408 409 /// Interceptor hook for <c>strstr()</c>. 410 /// 411 /// \param called_pc PC (program counter) address of the original call. 412 /// \param s1 Pointer to block of memory. 413 /// \param s2 Pointer to block of memory. 414 /// \param result Value returned by the intercepted function. 415 void SANITIZER_CDECL __sanitizer_weak_hook_strstr(void *called_pc, 416 const char *s1, 417 const char *s2, char *result); 418 419 void SANITIZER_CDECL __sanitizer_weak_hook_strcasestr(void *called_pc, 420 const char *s1, 421 const char *s2, 422 char *result); 423 424 void SANITIZER_CDECL __sanitizer_weak_hook_memmem(void *called_pc, 425 const void *s1, size_t len1, 426 const void *s2, size_t len2, 427 void *result); 428 429 // Prints stack traces for all live heap allocations ordered by total 430 // allocation size until top_percent of total live heap is shown. top_percent 431 // should be between 1 and 100. At most max_number_of_contexts contexts 432 // (stack traces) are printed. 433 // Experimental feature currently available only with ASan on Linux/x86_64. 434 void SANITIZER_CDECL __sanitizer_print_memory_profile( 435 size_t top_percent, size_t max_number_of_contexts); 436 437 /// Notify ASan that a fiber switch has started (required only if implementing 438 /// your own fiber library). 439 /// 440 /// Before switching to a different stack, you must call 441 /// <c>__sanitizer_start_switch_fiber()</c> with a pointer to the bottom of the 442 /// destination stack and with its size. When code starts running on the new 443 /// stack, it must call <c>__sanitizer_finish_switch_fiber()</c> to finalize 444 /// the switch. The <c>__sanitizer_start_switch_fiber()</c> function takes a 445 /// <c>void**</c> pointer argument to store the current fake stack if there is 446 /// one (it is necessary when the runtime option 447 /// <c>detect_stack_use_after_return</c> is enabled). 448 /// 449 /// When restoring a stack, this <c>void**</c> pointer must be given to the 450 /// <c>__sanitizer_finish_switch_fiber()</c> function. In most cases, this 451 /// pointer can be stored on the stack immediately before switching. When 452 /// leaving a fiber definitely, NULL must be passed as the first argument to 453 /// the <c>__sanitizer_start_switch_fiber()</c> function so that the fake stack 454 /// is destroyed. If your program does not need stack use-after-return 455 /// detection, you can always pass NULL to these two functions. 456 /// 457 /// \note The fake stack mechanism is disabled during fiber switch, so if a 458 /// signal callback runs during the switch, it will not benefit from stack 459 /// use-after-return detection. 460 /// 461 /// \param[out] fake_stack_save Fake stack save location. 462 /// \param bottom Bottom address of stack. 463 /// \param size Size of stack in bytes. 464 void SANITIZER_CDECL __sanitizer_start_switch_fiber(void **fake_stack_save, 465 const void *bottom, 466 size_t size); 467 468 /// Notify ASan that a fiber switch has completed (required only if 469 /// implementing your own fiber library). 470 /// 471 /// When code starts running on the new stack, it must call 472 /// <c>__sanitizer_finish_switch_fiber()</c> to finalize 473 /// the switch. For usage details, see the description of 474 /// <c>__sanitizer_start_switch_fiber()</c>. 475 /// 476 /// \param fake_stack_save Fake stack save location. 477 /// \param[out] bottom_old Bottom address of old stack. 478 /// \param[out] size_old Size of old stack in bytes. 479 void SANITIZER_CDECL __sanitizer_finish_switch_fiber(void *fake_stack_save, 480 const void **bottom_old, 481 size_t *size_old); 482 483 // Get full module name and calculate pc offset within it. 484 // Returns 1 if pc belongs to some module, 0 if module was not found. 485 int SANITIZER_CDECL __sanitizer_get_module_and_offset_for_pc( 486 void *pc, char *module_path, size_t module_path_len, void **pc_offset); 487 488 #ifdef __cplusplus 489 } // extern "C" 490 #endif 491 492 #endif // SANITIZER_COMMON_INTERFACE_DEFS_H 493