1 //===-- sanitizer/common_interface_defs.h -----------------------*- C++ -*-===// 2 // 3 // This file is distributed under the University of Illinois Open Source 4 // License. See LICENSE.TXT for details. 5 // 6 //===----------------------------------------------------------------------===// 7 // 8 // Common part of the public sanitizer interface. 9 //===----------------------------------------------------------------------===// 10 11 #ifndef SANITIZER_COMMON_INTERFACE_DEFS_H 12 #define SANITIZER_COMMON_INTERFACE_DEFS_H 13 14 #include <stddef.h> 15 #include <stdint.h> 16 17 // GCC does not understand __has_feature. 18 #if !defined(__has_feature) 19 # define __has_feature(x) 0 20 #endif 21 22 #ifdef __cplusplus 23 extern "C" { 24 #endif 25 // Arguments for __sanitizer_sandbox_on_notify() below. 26 typedef struct { 27 // Enable sandbox support in sanitizer coverage. 28 int coverage_sandboxed; 29 // File descriptor to write coverage data to. If -1 is passed, a file will 30 // be pre-opened by __sanitizer_sandobx_on_notify(). This field has no 31 // effect if coverage_sandboxed == 0. 32 intptr_t coverage_fd; 33 // If non-zero, split the coverage data into well-formed blocks. This is 34 // useful when coverage_fd is a socket descriptor. Each block will contain 35 // a header, allowing data from multiple processes to be sent over the same 36 // socket. 37 unsigned int coverage_max_block_size; 38 } __sanitizer_sandbox_arguments; 39 40 // Tell the tools to write their reports to "path.<pid>" instead of stderr. 41 void __sanitizer_set_report_path(const char *path); 42 43 // Notify the tools that the sandbox is going to be turned on. The reserved 44 // parameter will be used in the future to hold a structure with functions 45 // that the tools may call to bypass the sandbox. 46 void __sanitizer_sandbox_on_notify(__sanitizer_sandbox_arguments *args); 47 48 // This function is called by the tool when it has just finished reporting 49 // an error. 'error_summary' is a one-line string that summarizes 50 // the error message. This function can be overridden by the client. 51 void __sanitizer_report_error_summary(const char *error_summary); 52 53 // Some of the sanitizers (e.g. asan/tsan) may miss bugs that happen 54 // in unaligned loads/stores. In order to find such bugs reliably one needs 55 // to replace plain unaligned loads/stores with these calls. 56 uint16_t __sanitizer_unaligned_load16(const void *p); 57 uint32_t __sanitizer_unaligned_load32(const void *p); 58 uint64_t __sanitizer_unaligned_load64(const void *p); 59 void __sanitizer_unaligned_store16(void *p, uint16_t x); 60 void __sanitizer_unaligned_store32(void *p, uint32_t x); 61 void __sanitizer_unaligned_store64(void *p, uint64_t x); 62 63 // Annotate the current state of a contiguous container, such as 64 // std::vector, std::string or similar. 65 // A contiguous container is a container that keeps all of its elements 66 // in a contiguous region of memory. The container owns the region of memory 67 // [beg, end); the memory [beg, mid) is used to store the current elements 68 // and the memory [mid, end) is reserved for future elements; 69 // beg <= mid <= end. For example, in "std::vector<> v" 70 // beg = &v[0]; 71 // end = beg + v.capacity() * sizeof(v[0]); 72 // mid = beg + v.size() * sizeof(v[0]); 73 // 74 // This annotation tells the Sanitizer tool about the current state of the 75 // container so that the tool can report errors when memory from [mid, end) 76 // is accessed. Insert this annotation into methods like push_back/pop_back. 77 // Supply the old and the new values of mid (old_mid/new_mid). 78 // In the initial state mid == end and so should be the final 79 // state when the container is destroyed or when it reallocates the storage. 80 // 81 // Use with caution and don't use for anything other than vector-like classes. 82 // 83 // For AddressSanitizer, 'beg' should be 8-aligned and 'end' should 84 // be either 8-aligned or it should point to the end of a separate heap-, 85 // stack-, or global- allocated buffer. I.e. the following will not work: 86 // int64_t x[2]; // 16 bytes, 8-aligned. 87 // char *beg = (char *)&x[0]; 88 // char *end = beg + 12; // Not 8 aligned, not the end of the buffer. 89 // This however will work fine: 90 // int32_t x[3]; // 12 bytes, but 8-aligned under AddressSanitizer. 91 // char *beg = (char*)&x[0]; 92 // char *end = beg + 12; // Not 8-aligned, but is the end of the buffer. 93 void __sanitizer_annotate_contiguous_container(const void *beg, 94 const void *end, 95 const void *old_mid, 96 const void *new_mid); 97 // Returns true if the contiguous container [beg, end) is properly poisoned 98 // (e.g. with __sanitizer_annotate_contiguous_container), i.e. if 99 // - [beg, mid) is addressable, 100 // - [mid, end) is unaddressable. 101 // Full verification requires O(end-beg) time; this function tries to avoid 102 // such complexity by touching only parts of the container around beg/mid/end. 103 int __sanitizer_verify_contiguous_container(const void *beg, const void *mid, 104 const void *end); 105 106 // Similar to __sanitizer_verify_contiguous_container but returns the address 107 // of the first improperly poisoned byte otherwise. Returns null if the area 108 // is poisoned properly. 109 const void *__sanitizer_contiguous_container_find_bad_address( 110 const void *beg, const void *mid, const void *end); 111 112 // Print the stack trace leading to this call. Useful for debugging user code. 113 void __sanitizer_print_stack_trace(); 114 115 // Sets the callback to be called right before death on error. 116 // Passing 0 will unset the callback. 117 void __sanitizer_set_death_callback(void (*callback)(void)); 118 119 // Interceptor hooks. 120 // Whenever a libc function interceptor is called it checks if the 121 // corresponding weak hook is defined, and it so -- calls it. 122 // The primary use case is data-flow-guided fuzzing, where the fuzzer needs 123 // to know what is being passed to libc functions, e.g. memcmp. 124 // FIXME: implement more hooks. 125 void __sanitizer_weak_hook_memcmp(void *called_pc, const void *s1, 126 const void *s2, size_t n); 127 void __sanitizer_weak_hook_strncmp(void *called_pc, const char *s1, 128 const char *s2, size_t n); 129 #ifdef __cplusplus 130 } // extern "C" 131 #endif 132 133 #endif // SANITIZER_COMMON_INTERFACE_DEFS_H 134