libsanitizer/include/sanitizer/common_interface_defs.h

   1 //===-- sanitizer/common_interface_defs.h -----------------------*- C++ -*-===//
   2 //
   3 // This file is distributed under the University of Illinois Open Source
   4 // License. See LICENSE.TXT for details.
   5 //
   6 //===----------------------------------------------------------------------===//
   7 //
   8 // Common part of the public sanitizer interface.
   9 //===----------------------------------------------------------------------===//
  10
  11 #ifndef SANITIZER_COMMON_INTERFACE_DEFS_H
  12 #define SANITIZER_COMMON_INTERFACE_DEFS_H
  13
  14 #include <stddef.h>
  15 #include <stdint.h>
  16
  17 // GCC does not understand __has_feature.
  18 #if !defined(__has_feature)
  19 # define __has_feature(x) 0
  20 #endif
  21
  22 #ifdef __cplusplus
  23 extern "C" {
  24 #endif
  25   // Arguments for __sanitizer_sandbox_on_notify() below.
  26   typedef struct {
  27     // Enable sandbox support in sanitizer coverage.
  28     int coverage_sandboxed;
  29     // File descriptor to write coverage data to. If -1 is passed, a file will
  30     // be pre-opened by __sanitizer_sandobx_on_notify(). This field has no
  31     // effect if coverage_sandboxed == 0.
  32     intptr_t coverage_fd;
  33     // If non-zero, split the coverage data into well-formed blocks. This is
  34     // useful when coverage_fd is a socket descriptor. Each block will contain
  35     // a header, allowing data from multiple processes to be sent over the same
  36     // socket.
  37     unsigned int coverage_max_block_size;
  38   } __sanitizer_sandbox_arguments;
  39
  40   // Tell the tools to write their reports to "path.<pid>" instead of stderr.
  41   void __sanitizer_set_report_path(const char *path);
  42   // Tell the tools to write their reports to the provided file descriptor
  43   // (casted to void *).
  44   void __sanitizer_set_report_fd(void *fd);
  45
  46   // Notify the tools that the sandbox is going to be turned on. The reserved
  47   // parameter will be used in the future to hold a structure with functions
  48   // that the tools may call to bypass the sandbox.
  49   void __sanitizer_sandbox_on_notify(__sanitizer_sandbox_arguments *args);
  50
  51   // This function is called by the tool when it has just finished reporting
  52   // an error. 'error_summary' is a one-line string that summarizes
  53   // the error message. This function can be overridden by the client.
  54   void __sanitizer_report_error_summary(const char *error_summary);
  55
  56   // Some of the sanitizers (e.g. asan/tsan) may miss bugs that happen
  57   // in unaligned loads/stores. In order to find such bugs reliably one needs
  58   // to replace plain unaligned loads/stores with these calls.
  59   uint16_t __sanitizer_unaligned_load16(const void *p);
  60   uint32_t __sanitizer_unaligned_load32(const void *p);
  61   uint64_t __sanitizer_unaligned_load64(const void *p);
  62   void __sanitizer_unaligned_store16(void *p, uint16_t x);
  63   void __sanitizer_unaligned_store32(void *p, uint32_t x);
  64   void __sanitizer_unaligned_store64(void *p, uint64_t x);
  65
  66   // Returns 1 on the first call, then returns 0 thereafter.  Called by the tool
  67   // to ensure only one report is printed when multiple errors occur
  68   // simultaneously.
  69   int __sanitizer_acquire_crash_state();
  70
  71   // Annotate the current state of a contiguous container, such as
  72   // std::vector, std::string or similar.
  73   // A contiguous container is a container that keeps all of its elements
  74   // in a contiguous region of memory. The container owns the region of memory
  75   // [beg, end); the memory [beg, mid) is used to store the current elements
  76   // and the memory [mid, end) is reserved for future elements;
  77   // beg <= mid <= end. For example, in "std::vector<> v"
  78   //   beg = &v[0];
  79   //   end = beg + v.capacity() * sizeof(v[0]);
  80   //   mid = beg + v.size()     * sizeof(v[0]);
  81   //
  82   // This annotation tells the Sanitizer tool about the current state of the
  83   // container so that the tool can report errors when memory from [mid, end)
  84   // is accessed. Insert this annotation into methods like push_back/pop_back.
  85   // Supply the old and the new values of mid (old_mid/new_mid).
  86   // In the initial state mid == end and so should be the final
  87   // state when the container is destroyed or when it reallocates the storage.
  88   //
  89   // Use with caution and don't use for anything other than vector-like classes.
  90   //
  91   // For AddressSanitizer, 'beg' should be 8-aligned and 'end' should
  92   // be either 8-aligned or it should point to the end of a separate heap-,
  93   // stack-, or global- allocated buffer. I.e. the following will not work:
  94   //   int64_t x[2];  // 16 bytes, 8-aligned.
  95   //   char *beg = (char *)&x[0];
  96   //   char *end = beg + 12;  // Not 8 aligned, not the end of the buffer.
  97   // This however will work fine:
  98   //   int32_t x[3];  // 12 bytes, but 8-aligned under AddressSanitizer.
  99   //   char *beg = (char*)&x[0];
 100   //   char *end = beg + 12;  // Not 8-aligned, but is the end of the buffer.
 101   void __sanitizer_annotate_contiguous_container(const void *beg,
 102                                                  const void *end,
 103                                                  const void *old_mid,
 104                                                  const void *new_mid);
 105   // Returns true if the contiguous container [beg, end) is properly poisoned
 106   // (e.g. with __sanitizer_annotate_contiguous_container), i.e. if
 107   //  - [beg, mid) is addressable,
 108   //  - [mid, end) is unaddressable.
 109   // Full verification requires O(end-beg) time; this function tries to avoid
 110   // such complexity by touching only parts of the container around beg/mid/end.
 111   int __sanitizer_verify_contiguous_container(const void *beg, const void *mid,
 112                                               const void *end);
 113
 114   // Similar to __sanitizer_verify_contiguous_container but returns the address
 115   // of the first improperly poisoned byte otherwise. Returns null if the area
 116   // is poisoned properly.
 117   const void *__sanitizer_contiguous_container_find_bad_address(
 118       const void *beg, const void *mid, const void *end);
 119
 120   // Print the stack trace leading to this call. Useful for debugging user code.
 121   void __sanitizer_print_stack_trace(void);
 122
 123   // Symbolizes the supplied 'pc' using the format string 'fmt'.
 124   // Outputs at most 'out_buf_size' bytes into 'out_buf'.
 125   // If 'out_buf' is not empty then output is zero or more non empty C strings
 126   // followed by single empty C string. Multiple strings can be returned if PC
 127   // corresponds to inlined function. Inlined frames are printed in the order
 128   // from "most-inlined" to the "least-inlined", so the last frame should be the
 129   // not inlined function.
 130   // Inlined frames can be removed with 'symbolize_inline_frames=0'.
 131   // The format syntax is described in
 132   // lib/sanitizer_common/sanitizer_stacktrace_printer.h.
 133   void __sanitizer_symbolize_pc(void *pc, const char *fmt, char *out_buf,
 134                                 size_t out_buf_size);
 135   // Same as __sanitizer_symbolize_pc, but for data section (i.e. globals).
 136   void __sanitizer_symbolize_global(void *data_ptr, const char *fmt,
 137                                     char *out_buf, size_t out_buf_size);
 138
 139   // Sets the callback to be called right before death on error.
 140   // Passing 0 will unset the callback.
 141   void __sanitizer_set_death_callback(void (*callback)(void));
 142
 143   // Interceptor hooks.
 144   // Whenever a libc function interceptor is called it checks if the
 145   // corresponding weak hook is defined, and it so -- calls it.
 146   // The primary use case is data-flow-guided fuzzing, where the fuzzer needs
 147   // to know what is being passed to libc functions, e.g. memcmp.
 148   // FIXME: implement more hooks.
 149   void __sanitizer_weak_hook_memcmp(void *called_pc, const void *s1,
 150                                     const void *s2, size_t n, int result);
 151   void __sanitizer_weak_hook_strncmp(void *called_pc, const char *s1,
 152                                     const char *s2, size_t n, int result);
 153   void __sanitizer_weak_hook_strncasecmp(void *called_pc, const char *s1,
 154                                          const char *s2, size_t n, int result);
 155   void __sanitizer_weak_hook_strcmp(void *called_pc, const char *s1,
 156                                     const char *s2, int result);
 157   void __sanitizer_weak_hook_strcasecmp(void *called_pc, const char *s1,
 158                                         const char *s2, int result);
 159   void __sanitizer_weak_hook_strstr(void *called_pc, const char *s1,
 160                                     const char *s2, char *result);
 161   void __sanitizer_weak_hook_strcasestr(void *called_pc, const char *s1,
 162                                         const char *s2, char *result);
 163   void __sanitizer_weak_hook_memmem(void *called_pc,
 164                                     const void *s1, size_t len1,
 165                                     const void *s2, size_t len2, void *result);
 166
 167   // Prints stack traces for all live heap allocations ordered by total
 168   // allocation size until `top_percent` of total live heap is shown.
 169   // `top_percent` should be between 1 and 100.
 170   // At most `max_number_of_contexts` contexts (stack traces) is printed.
 171   // Experimental feature currently available only with asan on Linux/x86_64.
 172   void __sanitizer_print_memory_profile(size_t top_percent,
 173                                         size_t max_number_of_contexts);
 174
 175   // Fiber annotation interface.
 176   // Before switching to a different stack, one must call
 177   // __sanitizer_start_switch_fiber with a pointer to the bottom of the
 178   // destination stack and its size. When code starts running on the new stack,
 179   // it must call __sanitizer_finish_switch_fiber to finalize the switch.
 180   // The start_switch function takes a void** to store the current fake stack if
 181   // there is one (it is needed when detect_stack_use_after_return is enabled).
 182   // When restoring a stack, this pointer must be given to the finish_switch
 183   // function. In most cases, this void* can be stored on the stack just before
 184   // switching.  When leaving a fiber definitely, null must be passed as first
 185   // argument to the start_switch function so that the fake stack is destroyed.
 186   // If you do not want support for stack use-after-return detection, you can
 187   // always pass null to these two functions.
 188   // Note that the fake stack mechanism is disabled during fiber switch, so if a
 189   // signal callback runs during the switch, it will not benefit from the stack
 190   // use-after-return detection.
 191   void __sanitizer_start_switch_fiber(void **fake_stack_save,
 192                                       const void *bottom, size_t size);
 193   void __sanitizer_finish_switch_fiber(void *fake_stack_save,
 194                                        const void **bottom_old,
 195                                        size_t *size_old);
 196
 197   // Get full module name and calculate pc offset within it.
 198   // Returns 1 if pc belongs to some module, 0 if module was not found.
 199   int __sanitizer_get_module_and_offset_for_pc(void *pc, char *module_path,
 200                                                size_t module_path_len,
 201                                                void **pc_offset);
 202
 203 #ifdef __cplusplus
 204 }  // extern "C"
 205 #endif
 206
 207 #endif  // SANITIZER_COMMON_INTERFACE_DEFS_H