[apple/xnu.git] / san / ubsan.h

/*
 * Copyright (c) 2018 Apple Inc. All rights reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 *
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */

#ifndef _UBSAN_H_
#define _UBSAN_H_

#include <stdint.h>
#include <stdbool.h>

struct san_type_desc {
	uint16_t type; // 0: integer, 1: float
	union {
		struct {
			uint16_t issigned : 1;
			uint16_t width    : 15;
		}; /* int descriptor */
		struct {
			uint16_t float_desc;
		}; /* float descriptor */
	};
	const char name[];
};

struct san_src_loc {
	const char *filename;
	uint32_t line;
	uint32_t col;
};

struct ubsan_overflow_desc {
	struct san_src_loc loc;
	struct san_type_desc *ty;
};

struct ubsan_unreachable_desc {
	struct san_src_loc loc;
};

struct ubsan_shift_desc {
	struct san_src_loc loc;
	struct san_type_desc *lhs_t;
	struct san_type_desc *rhs_t;
};

struct ubsan_align_desc {
	struct san_src_loc loc;
	struct san_type_desc *ty;
	uint8_t align;
	uint8_t kind;
};

struct ubsan_ptroverflow_desc {
	struct san_src_loc loc;
};

struct ubsan_oob_desc {
	struct san_src_loc loc;
	struct san_type_desc *array_ty;
	struct san_type_desc *index_ty;
};

struct ubsan_load_invalid_desc {
	struct san_src_loc loc;
	struct san_type_desc *type;
};

struct ubsan_nullability_arg_desc {
	struct san_src_loc loc;
	struct san_src_loc attr_loc;
	int arg_index;
};

struct ubsan_nullability_ret_desc {
	struct san_src_loc loc;
};

struct ubsan_missing_ret_desc {
	struct san_src_loc loc;
};

struct ubsan_float_desc {
	struct san_src_loc loc;
	struct san_type_desc *type_from;
	struct san_type_desc *type_to;
};

struct ubsan_implicit_conv_desc {
	struct san_src_loc loc;
	struct san_type_desc *type_from;
	struct san_type_desc *type_to;
	unsigned char kind;
};

struct ubsan_func_type_mismatch_desc {
	struct san_src_loc loc;
	struct san_type_desc *type;
};

struct ubsan_vla_bound_desc {
	struct san_src_loc loc;
	struct san_type_desc *type;
};

struct ubsan_invalid_builtin {
	struct san_src_loc loc;
	unsigned char kind;
};

enum {
	UBSAN_OVERFLOW_add = 1,
	UBSAN_OVERFLOW_sub,
	UBSAN_OVERFLOW_mul,
	UBSAN_OVERFLOW_divrem,
	UBSAN_OVERFLOW_negate,
	UBSAN_UNREACHABLE,
	UBSAN_SHIFT,
	UBSAN_ALIGN,
	UBSAN_POINTER_OVERFLOW,
	UBSAN_OOB,
	UBSAN_TYPE_MISMATCH,
	UBSAN_LOAD_INVALID_VALUE,
	UBSAN_NULLABILITY_ARG,
	UBSAN_NULLABILITY_RETURN,
	UBSAN_MISSING_RETURN,
	UBSAN_FLOAT_CAST_OVERFLOW,
	UBSAN_IMPLICIT_CONVERSION,
	UBSAN_FUNCTION_TYPE_MISMATCH,
	UBSAN_VLA_BOUND_NOT_POSITIVE,
	UBSAN_INVALID_BUILTIN,
	UBSAN_VIOLATION_MAX
};

struct ubsan_violation {
	uint8_t ubsan_type;
	uint64_t lhs;
	uint64_t rhs;
	union {
		struct ubsan_overflow_desc *overflow;
		struct ubsan_unreachable_desc *unreachable;
		struct ubsan_shift_desc *shift;
		struct ubsan_align_desc *align;
		struct ubsan_ptroverflow_desc *ptroverflow;
		struct ubsan_oob_desc *oob;
		struct ubsan_load_invalid_desc *invalid;
		struct ubsan_nullability_arg_desc *nonnull_arg;
		struct ubsan_nullability_ret_desc *nonnull_ret;
		struct ubsan_missing_ret_desc *missing_ret;
		struct ubsan_float_desc *flt;
		struct ubsan_implicit_conv_desc *implicit;
		struct ubsan_func_type_mismatch_desc *func_mismatch;
		struct ubsan_vla_bound_desc *vla_bound;
		struct ubsan_invalid_builtin *invalid_builtin;
		const char *func;
	};
	struct san_src_loc *loc;
};

struct ubsan_buf {
	size_t  ub_logged;
	size_t  ub_buf_size;
	char    *ub_buf;
};

void ubsan_log_append(struct ubsan_violation *);
void ubsan_format(struct ubsan_violation *, struct ubsan_buf *);

/*
 * UBSan ABI
 */

void __ubsan_handle_add_overflow(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
void __ubsan_handle_add_overflow_abort(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
void __ubsan_handle_builtin_unreachable(struct ubsan_unreachable_desc *);
void __ubsan_handle_divrem_overflow(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
void __ubsan_handle_divrem_overflow_abort(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
void __ubsan_handle_float_cast_overflow(struct ubsan_float_desc *, uint64_t);
void __ubsan_handle_float_cast_overflow_abort(struct ubsan_float_desc *, uint64_t);
void __ubsan_handle_function_type_mismatch(struct ubsan_func_type_mismatch_desc*, uint64_t);
void __ubsan_handle_function_type_mismatch_abort(struct ubsan_func_type_mismatch_desc *, uint64_t);
void __ubsan_handle_implicit_conversion(struct ubsan_implicit_conv_desc *, uint64_t, uint64_t);
void __ubsan_handle_implicit_conversion_abort(struct ubsan_implicit_conv_desc *, uint64_t, uint64_t);
void __ubsan_handle_invalid_builtin(struct ubsan_invalid_builtin *);
void __ubsan_handle_invalid_builtin_abort(struct ubsan_invalid_builtin *);
void __ubsan_handle_load_invalid_value(struct ubsan_load_invalid_desc *, uint64_t);
void __ubsan_handle_load_invalid_value_abort(struct ubsan_load_invalid_desc *, uint64_t);
void __ubsan_handle_missing_return(struct ubsan_missing_ret_desc *);
void __ubsan_handle_missing_return_abort(struct ubsan_missing_ret_desc *);
void __ubsan_handle_mul_overflow(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
void __ubsan_handle_mul_overflow_abort(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
void __ubsan_handle_negate_overflow(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
void __ubsan_handle_negate_overflow_abort(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
void __ubsan_handle_nonnull_arg(struct ubsan_nullability_arg_desc *);
void __ubsan_handle_nonnull_arg_abort(struct ubsan_nullability_arg_desc *);
void __ubsan_handle_nonnull_return_v1(struct ubsan_nullability_ret_desc *, uint64_t);
void __ubsan_handle_nonnull_return_v1_abort(struct ubsan_nullability_ret_desc *, uint64_t);
void __ubsan_handle_nullability_arg(struct ubsan_nullability_arg_desc *);
void __ubsan_handle_nullability_arg_abort(struct ubsan_nullability_arg_desc *);
void __ubsan_handle_nullability_return_v1(struct ubsan_nullability_ret_desc *, uint64_t);
void __ubsan_handle_nullability_return_v1_abort(struct ubsan_nullability_ret_desc *, uint64_t);
void __ubsan_handle_out_of_bounds(struct ubsan_oob_desc *, uint64_t idx);
void __ubsan_handle_out_of_bounds_abort(struct ubsan_oob_desc *, uint64_t idx);
void __ubsan_handle_pointer_overflow(struct ubsan_ptroverflow_desc *, uint64_t lhs, uint64_t rhs);
void __ubsan_handle_pointer_overflow_abort(struct ubsan_ptroverflow_desc *, uint64_t lhs, uint64_t rhs);
void __ubsan_handle_shift_out_of_bounds(struct ubsan_shift_desc *, uint64_t lhs, uint64_t rhs);
void __ubsan_handle_shift_out_of_bounds_abort(struct ubsan_shift_desc *, uint64_t lhs, uint64_t rhs);
void __ubsan_handle_sub_overflow(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
void __ubsan_handle_sub_overflow_abort(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
void __ubsan_handle_type_mismatch_v1(struct ubsan_align_desc *, uint64_t val);
void __ubsan_handle_type_mismatch_v1_abort(struct ubsan_align_desc *, uint64_t val);
void __ubsan_handle_vla_bound_not_positive(struct ubsan_vla_bound_desc *, uint64_t);
void __ubsan_handle_vla_bound_not_positive_abort(struct ubsan_vla_bound_desc *, uint64_t);

#endif /* _UBSAN_H_ */
Commit	Line	Data
d9a64523 A	1	/*
	2	* Copyright (c) 2018 Apple Inc. All rights reserved.
	3	*
	4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. The rights granted to you under the License
	10	* may not be used to create, or enable the creation or redistribution of,
	11	* unlawful or unlicensed copies of an Apple operating system, or to
	12	* circumvent, violate, or enable the circumvention or violation of, any
	13	* terms of an Apple operating system software license agreement.
	14	*
	15	* Please obtain a copy of the License at
	16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
	17	*
	18	* The Original Code and all software distributed under the License are
	19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	23	* Please see the License for the specific language governing rights and
	24	* limitations under the License.
	25	*
	26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
	27	*/
	28
	29	#ifndef _UBSAN_H_
	30	#define _UBSAN_H_
	31
	32	#include <stdint.h>
	33	#include <stdbool.h>
	34
	35	struct san_type_desc {
	36	uint16_t type; // 0: integer, 1: float
	37	union {
	38	struct {
	39	uint16_t issigned : 1;
	40	uint16_t width : 15;
	41	}; /* int descriptor */
	42	struct {
	43	uint16_t float_desc;
	44	}; /* float descriptor */
	45	};
	46	const char name[];
	47	};
	48
	49	struct san_src_loc {
	50	const char *filename;
	51	uint32_t line;
	52	uint32_t col;
	53	};
	54
	55	struct ubsan_overflow_desc {
	56	struct san_src_loc loc;
	57	struct san_type_desc *ty;
	58	};
	59
	60	struct ubsan_unreachable_desc {
	61	struct san_src_loc loc;
	62	};
	63
	64	struct ubsan_shift_desc {
65	struct san_src_loc loc;
66	struct san_type_desc *lhs_t;
67	struct san_type_desc *rhs_t;
68	};
69
70	struct ubsan_align_desc {
71	struct san_src_loc loc;
72	struct san_type_desc *ty;
73	uint8_t align;
74	uint8_t kind;
75	};
76
77	struct ubsan_ptroverflow_desc {
78	struct san_src_loc loc;
79	};
80
81	struct ubsan_oob_desc {
82	struct san_src_loc loc;
83	struct san_type_desc *array_ty;
84	struct san_type_desc *index_ty;
85	};
86
f427ee49 A	87	struct ubsan_load_invalid_desc {
	88	struct san_src_loc loc;
	89	struct san_type_desc *type;
	90	};
	91
c3c9b80d A	92	struct ubsan_nullability_arg_desc {
	93	struct san_src_loc loc;
	94	struct san_src_loc attr_loc;
	95	int arg_index;
	96	};
	97
	98	struct ubsan_nullability_ret_desc {
	99	struct san_src_loc loc;
	100	};
	101
	102	struct ubsan_missing_ret_desc {
	103	struct san_src_loc loc;
	104	};
	105
	106	struct ubsan_float_desc {
	107	struct san_src_loc loc;
	108	struct san_type_desc *type_from;
	109	struct san_type_desc *type_to;
	110	};
	111
	112	struct ubsan_implicit_conv_desc {
	113	struct san_src_loc loc;
	114	struct san_type_desc *type_from;
	115	struct san_type_desc *type_to;
	116	unsigned char kind;
	117	};
	118
	119	struct ubsan_func_type_mismatch_desc {
	120	struct san_src_loc loc;
	121	struct san_type_desc *type;
	122	};
	123
	124	struct ubsan_vla_bound_desc {
	125	struct san_src_loc loc;
	126	struct san_type_desc *type;
	127	};
	128
	129	struct ubsan_invalid_builtin {
	130	struct san_src_loc loc;
	131	unsigned char kind;
	132	};
	133
d9a64523 A	134	enum {
	135	UBSAN_OVERFLOW_add = 1,
	136	UBSAN_OVERFLOW_sub,
	137	UBSAN_OVERFLOW_mul,
	138	UBSAN_OVERFLOW_divrem,
	139	UBSAN_OVERFLOW_negate,
	140	UBSAN_UNREACHABLE,
	141	UBSAN_SHIFT,
	142	UBSAN_ALIGN,
	143	UBSAN_POINTER_OVERFLOW,
	144	UBSAN_OOB,
cb323159	145	UBSAN_TYPE_MISMATCH,
f427ee49	146	UBSAN_LOAD_INVALID_VALUE,
c3c9b80d A	147	UBSAN_NULLABILITY_ARG,
	148	UBSAN_NULLABILITY_RETURN,
	149	UBSAN_MISSING_RETURN,
	150	UBSAN_FLOAT_CAST_OVERFLOW,
	151	UBSAN_IMPLICIT_CONVERSION,
	152	UBSAN_FUNCTION_TYPE_MISMATCH,
	153	UBSAN_VLA_BOUND_NOT_POSITIVE,
	154	UBSAN_INVALID_BUILTIN,
	155	UBSAN_VIOLATION_MAX
d9a64523 A	156	};
	157
	158	struct ubsan_violation {
	159	uint8_t ubsan_type;
	160	uint64_t lhs;
	161	uint64_t rhs;
	162	union {
	163	struct ubsan_overflow_desc *overflow;
	164	struct ubsan_unreachable_desc *unreachable;
	165	struct ubsan_shift_desc *shift;
	166	struct ubsan_align_desc *align;
	167	struct ubsan_ptroverflow_desc *ptroverflow;
	168	struct ubsan_oob_desc *oob;
f427ee49	169	struct ubsan_load_invalid_desc *invalid;
c3c9b80d A	170	struct ubsan_nullability_arg_desc *nonnull_arg;
	171	struct ubsan_nullability_ret_desc *nonnull_ret;
	172	struct ubsan_missing_ret_desc *missing_ret;
	173	struct ubsan_float_desc *flt;
	174	struct ubsan_implicit_conv_desc *implicit;
	175	struct ubsan_func_type_mismatch_desc *func_mismatch;
	176	struct ubsan_vla_bound_desc *vla_bound;
	177	struct ubsan_invalid_builtin *invalid_builtin;
cb323159	178	const char *func;
d9a64523 A	179	};
	180	struct san_src_loc *loc;
	181	};
	182
c3c9b80d A	183	struct ubsan_buf {
	184	size_t ub_logged;
	185	size_t ub_buf_size;
	186	char *ub_buf;
	187	};
	188
d9a64523	189	void ubsan_log_append(struct ubsan_violation *);
c3c9b80d	190	void ubsan_format(struct ubsan_violation , struct ubsan_buf );
d9a64523 A	191
	192	/*
	193	* UBSan ABI
	194	*/
	195
	196	void __ubsan_handle_add_overflow(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
d9a64523	197	void __ubsan_handle_add_overflow_abort(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
cb323159 A	198	void __ubsan_handle_builtin_unreachable(struct ubsan_unreachable_desc *);
cb323159 A	199	void __ubsan_handle_divrem_overflow(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
d9a64523	200	void __ubsan_handle_divrem_overflow_abort(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
c3c9b80d A	201	void __ubsan_handle_float_cast_overflow(struct ubsan_float_desc *, uint64_t);
	202	void __ubsan_handle_float_cast_overflow_abort(struct ubsan_float_desc *, uint64_t);
	203	void __ubsan_handle_function_type_mismatch(struct ubsan_func_type_mismatch_desc*, uint64_t);
	204	void __ubsan_handle_function_type_mismatch_abort(struct ubsan_func_type_mismatch_desc *, uint64_t);
	205	void __ubsan_handle_implicit_conversion(struct ubsan_implicit_conv_desc *, uint64_t, uint64_t);
	206	void __ubsan_handle_implicit_conversion_abort(struct ubsan_implicit_conv_desc *, uint64_t, uint64_t);
	207	void __ubsan_handle_invalid_builtin(struct ubsan_invalid_builtin *);
	208	void __ubsan_handle_invalid_builtin_abort(struct ubsan_invalid_builtin *);
	209	void __ubsan_handle_load_invalid_value(struct ubsan_load_invalid_desc *, uint64_t);
	210	void __ubsan_handle_load_invalid_value_abort(struct ubsan_load_invalid_desc *, uint64_t);
	211	void __ubsan_handle_missing_return(struct ubsan_missing_ret_desc *);
	212	void __ubsan_handle_missing_return_abort(struct ubsan_missing_ret_desc *);
cb323159 A	213	void __ubsan_handle_mul_overflow(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
	214	void __ubsan_handle_mul_overflow_abort(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
	215	void __ubsan_handle_negate_overflow(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
d9a64523	216	void __ubsan_handle_negate_overflow_abort(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
c3c9b80d A	217	void __ubsan_handle_nonnull_arg(struct ubsan_nullability_arg_desc *);
	218	void __ubsan_handle_nonnull_arg_abort(struct ubsan_nullability_arg_desc *);
	219	void __ubsan_handle_nonnull_return_v1(struct ubsan_nullability_ret_desc *, uint64_t);
	220	void __ubsan_handle_nonnull_return_v1_abort(struct ubsan_nullability_ret_desc *, uint64_t);
	221	void __ubsan_handle_nullability_arg(struct ubsan_nullability_arg_desc *);
	222	void __ubsan_handle_nullability_arg_abort(struct ubsan_nullability_arg_desc *);
	223	void __ubsan_handle_nullability_return_v1(struct ubsan_nullability_ret_desc *, uint64_t);
	224	void __ubsan_handle_nullability_return_v1_abort(struct ubsan_nullability_ret_desc *, uint64_t);
cb323159 A	225	void __ubsan_handle_out_of_bounds(struct ubsan_oob_desc *, uint64_t idx);
	226	void __ubsan_handle_out_of_bounds_abort(struct ubsan_oob_desc *, uint64_t idx);
	227	void __ubsan_handle_pointer_overflow(struct ubsan_ptroverflow_desc *, uint64_t lhs, uint64_t rhs);
	228	void __ubsan_handle_pointer_overflow_abort(struct ubsan_ptroverflow_desc *, uint64_t lhs, uint64_t rhs);
d9a64523 A	229	void __ubsan_handle_shift_out_of_bounds(struct ubsan_shift_desc *, uint64_t lhs, uint64_t rhs);
d9a64523 A	230	void __ubsan_handle_shift_out_of_bounds_abort(struct ubsan_shift_desc *, uint64_t lhs, uint64_t rhs);
cb323159 A	231	void __ubsan_handle_sub_overflow(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
cb323159 A	232	void __ubsan_handle_sub_overflow_abort(struct ubsan_overflow_desc *, uint64_t lhs, uint64_t rhs);
d9a64523 A	233	void __ubsan_handle_type_mismatch_v1(struct ubsan_align_desc *, uint64_t val);
d9a64523 A	234	void __ubsan_handle_type_mismatch_v1_abort(struct ubsan_align_desc *, uint64_t val);
c3c9b80d A	235	void __ubsan_handle_vla_bound_not_positive(struct ubsan_vla_bound_desc *, uint64_t);
c3c9b80d A	236	void __ubsan_handle_vla_bound_not_positive_abort(struct ubsan_vla_bound_desc *, uint64_t);
d9a64523 A	237
d9a64523 A	238	#endif /* _UBSAN_H_ */