xref: /freebsd/contrib/llvm-project/compiler-rt/include/sanitizer/common_interface_defs.h (revision da5432eda807c4b7232d030d5157d5b417ea4f52)
1 //===-- sanitizer/common_interface_defs.h -----------------------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // Common part of the public sanitizer interface.
10 //===----------------------------------------------------------------------===//
11 
12 #ifndef SANITIZER_COMMON_INTERFACE_DEFS_H
13 #define SANITIZER_COMMON_INTERFACE_DEFS_H
14 
15 #include <stddef.h>
16 #include <stdint.h>
17 
18 // GCC does not understand __has_feature.
19 #if !defined(__has_feature)
20 #define __has_feature(x) 0
21 #endif
22 
23 #ifdef __cplusplus
24 extern "C" {
25 #endif
26 // Arguments for __sanitizer_sandbox_on_notify() below.
27 typedef struct {
28   // Enable sandbox support in sanitizer coverage.
29   int coverage_sandboxed;
30   // File descriptor to write coverage data to. If -1 is passed, a file will
31   // be pre-opened by __sanitizer_sandbox_on_notify(). This field has no
32   // effect if coverage_sandboxed == 0.
33   intptr_t coverage_fd;
34   // If non-zero, split the coverage data into well-formed blocks. This is
35   // useful when coverage_fd is a socket descriptor. Each block will contain
36   // a header, allowing data from multiple processes to be sent over the same
37   // socket.
38   unsigned int coverage_max_block_size;
39 } __sanitizer_sandbox_arguments;
40 
41 // Tell the tools to write their reports to "path.<pid>" instead of stderr.
42 void __sanitizer_set_report_path(const char *path);
43 // Tell the tools to write their reports to the provided file descriptor
44 // (casted to void *).
45 void __sanitizer_set_report_fd(void *fd);
46 // Get the current full report file path, if a path was specified by
47 // an earlier call to __sanitizer_set_report_path. Returns null otherwise.
48 const char *__sanitizer_get_report_path();
49 
50 // Notify the tools that the sandbox is going to be turned on. The reserved
51 // parameter will be used in the future to hold a structure with functions
52 // that the tools may call to bypass the sandbox.
53 void __sanitizer_sandbox_on_notify(__sanitizer_sandbox_arguments *args);
54 
55 // This function is called by the tool when it has just finished reporting
56 // an error. 'error_summary' is a one-line string that summarizes
57 // the error message. This function can be overridden by the client.
58 void __sanitizer_report_error_summary(const char *error_summary);
59 
60 // Some of the sanitizers (for example ASan/TSan) could miss bugs that happen
61 // in unaligned loads/stores. To find such bugs reliably, you need to replace
62 // plain unaligned loads/stores with these calls.
63 
64 /// Loads a 16-bit unaligned value.
65 ///
66 /// \param p Pointer to unaligned memory.
67 ///
68 /// \returns Loaded value.
69 uint16_t __sanitizer_unaligned_load16(const void *p);
70 
71 /// Loads a 32-bit unaligned value.
72 ///
73 /// \param p Pointer to unaligned memory.
74 ///
75 /// \returns Loaded value.
76 uint32_t __sanitizer_unaligned_load32(const void *p);
77 
78 /// Loads a 64-bit unaligned value.
79 ///
80 /// \param p Pointer to unaligned memory.
81 ///
82 /// \returns Loaded value.
83 uint64_t __sanitizer_unaligned_load64(const void *p);
84 
85 /// Stores a 16-bit unaligned value.
86 ///
87 /// \param p Pointer to unaligned memory.
88 /// \param x 16-bit value to store.
89 void __sanitizer_unaligned_store16(void *p, uint16_t x);
90 
91 /// Stores a 32-bit unaligned value.
92 ///
93 /// \param p Pointer to unaligned memory.
94 /// \param x 32-bit value to store.
95 void __sanitizer_unaligned_store32(void *p, uint32_t x);
96 
97 /// Stores a 64-bit unaligned value.
98 ///
99 /// \param p Pointer to unaligned memory.
100 /// \param x 64-bit value to store.
101 void __sanitizer_unaligned_store64(void *p, uint64_t x);
102 
103 // Returns 1 on the first call, then returns 0 thereafter.  Called by the tool
104 // to ensure only one report is printed when multiple errors occur
105 // simultaneously.
106 int __sanitizer_acquire_crash_state();
107 
108 /// Annotates the current state of a contiguous container, such as
109 /// <c>std::vector</c>, <c>std::string</c>, or similar.
110 ///
111 /// A contiguous container is a container that keeps all of its elements
112 /// in a contiguous region of memory. The container owns the region of memory
113 /// <c>[beg, end)</c>; the memory <c>[beg, mid)</c> is used to store the
114 /// current elements, and the memory <c>[mid, end)</c> is reserved for future
115 /// elements (<c>beg <= mid <= end</c>). For example, in
116 /// <c>std::vector<> v</c>:
117 ///
118 /// \code
119 ///   beg = &v[0];
120 ///   end = beg + v.capacity() * sizeof(v[0]);
121 ///   mid = beg + v.size()     * sizeof(v[0]);
122 /// \endcode
123 ///
124 /// This annotation tells the Sanitizer tool about the current state of the
125 /// container so that the tool can report errors when memory from
126 /// <c>[mid, end)</c> is accessed. Insert this annotation into methods like
127 /// <c>push_back()</c> or <c>pop_back()</c>. Supply the old and new values of
128 /// <c>mid</c>(<c><i>old_mid</i></c> and <c><i>new_mid</i></c>). In the initial
129 /// state <c>mid == end</c>, so that should be the final state when the
130 /// container is destroyed or when the container reallocates the storage.
131 ///
132 /// For ASan, <c><i>beg</i></c> should be 8-aligned and <c><i>end</i></c>
133 /// should be either 8-aligned or it should point to the end of a separate
134 /// heap-, stack-, or global-allocated buffer. So the following example will
135 /// not work:
136 ///
137 /// \code
138 ///   int64_t x[2]; // 16 bytes, 8-aligned
139 ///   char *beg = (char *)&x[0];
140 ///   char *end = beg + 12; // Not 8-aligned, not the end of the buffer
141 /// \endcode
142 ///
143 /// The following, however, will work:
144 /// \code
145 ///   int32_t x[3]; // 12 bytes, but 8-aligned under ASan.
146 ///   char *beg = (char*)&x[0];
147 ///   char *end = beg + 12; // Not 8-aligned, but is the end of the buffer
148 /// \endcode
149 ///
150 /// \note  Use this function with caution and do not use for anything other
151 /// than vector-like classes.
152 ///
153 /// \param beg Beginning of memory region.
154 /// \param end End of memory region.
155 /// \param old_mid Old middle of memory region.
156 /// \param new_mid New middle of memory region.
157 void __sanitizer_annotate_contiguous_container(const void *beg,
158                                                const void *end,
159                                                const void *old_mid,
160                                                const void *new_mid);
161 
162 /// Similar to <c>__sanitizer_annotate_contiguous_container</c>.
163 ///
164 /// Annotates the current state of a contiguous container memory,
165 /// such as <c>std::deque</c>'s single chunk, when the boundries are moved.
166 ///
167 /// A contiguous chunk is a chunk that keeps all of its elements
168 /// in a contiguous region of memory. The container owns the region of memory
169 /// <c>[storage_beg, storage_end)</c>; the memory <c>[container_beg,
170 /// container_end)</c> is used to store the current elements, and the memory
171 /// <c>[storage_beg, container_beg), [container_end, storage_end)</c> is
172 /// reserved for future elements (<c>storage_beg <= container_beg <=
173 /// container_end <= storage_end</c>). For example, in <c> std::deque </c>:
174 /// - chunk with a frist deques element will have container_beg equal to address
175 ///  of the first element.
176 /// - in every next chunk with elements, true is  <c> container_beg ==
177 /// storage_beg </c>.
178 ///
179 /// Argument requirements:
180 /// During unpoisoning memory of empty container (before first element is
181 /// added):
182 /// - old_container_beg_p == old_container_end_p
183 /// During poisoning after last element was removed:
184 /// - new_container_beg_p == new_container_end_p
185 /// \param storage_beg Beginning of memory region.
186 /// \param storage_end End of memory region.
187 /// \param old_container_beg Old beginning of used region.
188 /// \param old_container_end End of used region.
189 /// \param new_container_beg New beginning of used region.
190 /// \param new_container_end New end of used region.
191 void __sanitizer_annotate_double_ended_contiguous_container(
192     const void *storage_beg, const void *storage_end,
193     const void *old_container_beg, const void *old_container_end,
194     const void *new_container_beg, const void *new_container_end);
195 
196 /// Returns true if the contiguous container <c>[beg, end)</c> is properly
197 /// poisoned.
198 ///
199 /// Proper poisoning could occur, for example, with
200 /// <c>__sanitizer_annotate_contiguous_container</c>), that is, if
201 /// <c>[beg, mid)</c> is addressable and <c>[mid, end)</c> is unaddressable.
202 /// Full verification requires O (<c>end - beg</c>) time; this function tries
203 /// to avoid such complexity by touching only parts of the container around
204 /// <c><i>beg</i></c>, <c><i>mid</i></c>, and <c><i>end</i></c>.
205 ///
206 /// \param beg Beginning of memory region.
207 /// \param mid Middle of memory region.
208 /// \param end Old end of memory region.
209 ///
210 /// \returns True if the contiguous container <c>[beg, end)</c> is properly
211 ///  poisoned.
212 int __sanitizer_verify_contiguous_container(const void *beg, const void *mid,
213                                             const void *end);
214 
215 /// Returns true if the double ended contiguous
216 /// container <c>[storage_beg, storage_end)</c> is properly poisoned.
217 ///
218 /// Proper poisoning could occur, for example, with
219 /// <c>__sanitizer_annotate_double_ended_contiguous_container</c>), that is, if
220 /// <c>[storage_beg, container_beg)</c> is not addressable, <c>[container_beg,
221 /// container_end)</c> is addressable and <c>[container_end, end)</c> is
222 /// unaddressable. Full verification requires O (<c>storage_end -
223 /// storage_beg</c>) time; this function tries to avoid such complexity by
224 /// touching only parts of the container around <c><i>storage_beg</i></c>,
225 /// <c><i>container_beg</i></c>, <c><i>container_end</i></c>, and
226 /// <c><i>storage_end</i></c>.
227 ///
228 /// \param storage_beg Beginning of memory region.
229 /// \param container_beg Beginning of used region.
230 /// \param container_end End of used region.
231 /// \param storage_end End of memory region.
232 ///
233 /// \returns True if the double-ended contiguous container <c>[storage_beg,
234 /// container_beg, container_end, end)</c> is properly poisoned - only
235 /// [container_beg; container_end) is addressable.
236 int __sanitizer_verify_double_ended_contiguous_container(
237     const void *storage_beg, const void *container_beg,
238     const void *container_end, const void *storage_end);
239 
240 /// Similar to <c>__sanitizer_verify_contiguous_container()</c> but also
241 /// returns the address of the first improperly poisoned byte.
242 ///
243 /// Returns NULL if the area is poisoned properly.
244 ///
245 /// \param beg Beginning of memory region.
246 /// \param mid Middle of memory region.
247 /// \param end Old end of memory region.
248 ///
249 /// \returns The bad address or NULL.
250 const void *__sanitizer_contiguous_container_find_bad_address(const void *beg,
251                                                               const void *mid,
252                                                               const void *end);
253 
254 /// returns the address of the first improperly poisoned byte.
255 ///
256 /// Returns NULL if the area is poisoned properly.
257 ///
258 /// \param storage_beg Beginning of memory region.
259 /// \param container_beg Beginning of used region.
260 /// \param container_end End of used region.
261 /// \param storage_end End of memory region.
262 ///
263 /// \returns The bad address or NULL.
264 const void *__sanitizer_double_ended_contiguous_container_find_bad_address(
265     const void *storage_beg, const void *container_beg,
266     const void *container_end, const void *storage_end);
267 
268 /// Prints the stack trace leading to this call (useful for calling from the
269 /// debugger).
270 void __sanitizer_print_stack_trace(void);
271 
272 // Symbolizes the supplied 'pc' using the format string 'fmt'.
273 // Outputs at most 'out_buf_size' bytes into 'out_buf'.
274 // If 'out_buf' is not empty then output is zero or more non empty C strings
275 // followed by single empty C string. Multiple strings can be returned if PC
276 // corresponds to inlined function. Inlined frames are printed in the order
277 // from "most-inlined" to the "least-inlined", so the last frame should be the
278 // not inlined function.
279 // Inlined frames can be removed with 'symbolize_inline_frames=0'.
280 // The format syntax is described in
281 // lib/sanitizer_common/sanitizer_stacktrace_printer.h.
282 void __sanitizer_symbolize_pc(void *pc, const char *fmt, char *out_buf,
283                               size_t out_buf_size);
284 // Same as __sanitizer_symbolize_pc, but for data section (i.e. globals).
285 void __sanitizer_symbolize_global(void *data_ptr, const char *fmt,
286                                   char *out_buf, size_t out_buf_size);
287 // Determine the return address.
288 #if !defined(_MSC_VER) || defined(__clang__)
289 #define __sanitizer_return_address()                                           \
290   __builtin_extract_return_addr(__builtin_return_address(0))
291 #else
292 extern "C" void *_ReturnAddress(void);
293 #pragma intrinsic(_ReturnAddress)
294 #define __sanitizer_return_address() _ReturnAddress()
295 #endif
296 
297 /// Sets the callback to be called immediately before death on error.
298 ///
299 /// Passing 0 will unset the callback.
300 ///
301 /// \param callback User-provided callback.
302 void __sanitizer_set_death_callback(void (*callback)(void));
303 
304 
305 // Interceptor hooks.
306 // Whenever a libc function interceptor is called, it checks if the
307 // corresponding weak hook is defined, and calls it if it is indeed defined.
308 // The primary use-case is data-flow-guided fuzzing, where the fuzzer needs
309 // to know what is being passed to libc functions (for example memcmp).
310 // FIXME: implement more hooks.
311 
312 /// Interceptor hook for <c>memcmp()</c>.
313 ///
314 /// \param called_pc PC (program counter) address of the original call.
315 /// \param s1 Pointer to block of memory.
316 /// \param s2 Pointer to block of memory.
317 /// \param n Number of bytes to compare.
318 /// \param result Value returned by the intercepted function.
319 void __sanitizer_weak_hook_memcmp(void *called_pc, const void *s1,
320                                   const void *s2, size_t n, int result);
321 
322 /// Interceptor hook for <c>strncmp()</c>.
323 ///
324 /// \param called_pc PC (program counter) address of the original call.
325 /// \param s1 Pointer to block of memory.
326 /// \param s2 Pointer to block of memory.
327 /// \param n Number of bytes to compare.
328 /// \param result Value returned by the intercepted function.
329 void __sanitizer_weak_hook_strncmp(void *called_pc, const char *s1,
330                                   const char *s2, size_t n, int result);
331 
332 /// Interceptor hook for <c>strncasecmp()</c>.
333 ///
334 /// \param called_pc PC (program counter) address of the original call.
335 /// \param s1 Pointer to block of memory.
336 /// \param s2 Pointer to block of memory.
337 /// \param n Number of bytes to compare.
338 /// \param result Value returned by the intercepted function.
339 void __sanitizer_weak_hook_strncasecmp(void *called_pc, const char *s1,
340                                        const char *s2, size_t n, int result);
341 
342 /// Interceptor hook for <c>strcmp()</c>.
343 ///
344 /// \param called_pc PC (program counter) address of the original call.
345 /// \param s1 Pointer to block of memory.
346 /// \param s2 Pointer to block of memory.
347 /// \param result Value returned by the intercepted function.
348 void __sanitizer_weak_hook_strcmp(void *called_pc, const char *s1,
349                                   const char *s2, int result);
350 
351 /// Interceptor hook for <c>strcasecmp()</c>.
352 ///
353 /// \param called_pc PC (program counter) address of the original call.
354 /// \param s1 Pointer to block of memory.
355 /// \param s2 Pointer to block of memory.
356 /// \param result Value returned by the intercepted function.
357 void __sanitizer_weak_hook_strcasecmp(void *called_pc, const char *s1,
358                                       const char *s2, int result);
359 
360 /// Interceptor hook for <c>strstr()</c>.
361 ///
362 /// \param called_pc PC (program counter) address of the original call.
363 /// \param s1 Pointer to block of memory.
364 /// \param s2 Pointer to block of memory.
365 /// \param result Value returned by the intercepted function.
366 void __sanitizer_weak_hook_strstr(void *called_pc, const char *s1,
367                                   const char *s2, char *result);
368 
369 void __sanitizer_weak_hook_strcasestr(void *called_pc, const char *s1,
370                                       const char *s2, char *result);
371 
372 void __sanitizer_weak_hook_memmem(void *called_pc,
373                                   const void *s1, size_t len1,
374                                   const void *s2, size_t len2, void *result);
375 
376 // Prints stack traces for all live heap allocations ordered by total
377 // allocation size until top_percent of total live heap is shown. top_percent
378 // should be between 1 and 100. At most max_number_of_contexts contexts
379 // (stack traces) are printed.
380 // Experimental feature currently available only with ASan on Linux/x86_64.
381 void __sanitizer_print_memory_profile(size_t top_percent,
382                                       size_t max_number_of_contexts);
383 
384 /// Notify ASan that a fiber switch has started (required only if implementing
385 /// your own fiber library).
386 ///
387 /// Before switching to a different stack, you must call
388 /// <c>__sanitizer_start_switch_fiber()</c> with a pointer to the bottom of the
389 /// destination stack and with its size. When code starts running on the new
390 /// stack, it must call <c>__sanitizer_finish_switch_fiber()</c> to finalize
391 /// the switch. The <c>__sanitizer_start_switch_fiber()</c> function takes a
392 /// <c>void**</c> pointer argument to store the current fake stack if there is
393 /// one (it is necessary when the runtime option
394 /// <c>detect_stack_use_after_return</c> is enabled).
395 ///
396 /// When restoring a stack, this <c>void**</c> pointer must be given to the
397 /// <c>__sanitizer_finish_switch_fiber()</c> function. In most cases, this
398 /// pointer can be stored on the stack immediately before switching. When
399 /// leaving a fiber definitely, NULL must be passed as the first argument to
400 /// the <c>__sanitizer_start_switch_fiber()</c> function so that the fake stack
401 /// is destroyed. If your program does not need stack use-after-return
402 /// detection, you can always pass NULL to these two functions.
403 ///
404 /// \note The fake stack mechanism is disabled during fiber switch, so if a
405 /// signal callback runs during the switch, it will not benefit from stack
406 /// use-after-return detection.
407 ///
408 /// \param[out] fake_stack_save Fake stack save location.
409 /// \param bottom Bottom address of stack.
410 /// \param size Size of stack in bytes.
411 void __sanitizer_start_switch_fiber(void **fake_stack_save,
412                                     const void *bottom, size_t size);
413 
414 /// Notify ASan that a fiber switch has completed (required only if
415 /// implementing your own fiber library).
416 ///
417 /// When code starts running on the new stack, it must call
418 /// <c>__sanitizer_finish_switch_fiber()</c> to finalize
419 /// the switch. For usage details, see the description of
420 /// <c>__sanitizer_start_switch_fiber()</c>.
421 ///
422 /// \param fake_stack_save Fake stack save location.
423 /// \param[out] bottom_old Bottom address of old stack.
424 /// \param[out] size_old Size of old stack in bytes.
425 void __sanitizer_finish_switch_fiber(void *fake_stack_save,
426                                      const void **bottom_old,
427                                      size_t *size_old);
428 
429 // Get full module name and calculate pc offset within it.
430 // Returns 1 if pc belongs to some module, 0 if module was not found.
431 int __sanitizer_get_module_and_offset_for_pc(void *pc, char *module_path,
432                                              size_t module_path_len,
433                                              void **pc_offset);
434 
435 #ifdef __cplusplus
436 }  // extern "C"
437 #endif
438 
439 #endif  // SANITIZER_COMMON_INTERFACE_DEFS_H
440