Showing preview only (5,043K chars total). Download the full file or copy to clipboard to get everything.
Repository: R-Fuzz/symsan
Branch: main
Commit: 79ebb2e08cc7
Files: 483
Total size: 4.7 MB
Directory structure:
gitextract_05a7zgkf/
├── .github/
│ └── workflows/
│ └── test.yml
├── .gitignore
├── CMakeLists.txt
├── Dockerfile
├── LICENSE
├── README.md
├── backend/
│ ├── CMakeLists.txt
│ └── fastgen.cpp
├── compiler/
│ ├── CMakeLists.txt
│ └── ko_clang.c
├── driver/
│ ├── CMakeLists.txt
│ ├── aflpp/
│ │ ├── CMakeLists.txt
│ │ ├── README.md
│ │ ├── rgd.proto
│ │ └── symsan.cpp
│ ├── fgtest.cpp
│ ├── harness-proxy.c
│ └── launcher/
│ ├── CMakeLists.txt
│ └── launch.c
├── include/
│ ├── alloc_inl.h
│ ├── ast.h
│ ├── cov.h
│ ├── debug.h
│ ├── defs.h
│ ├── launch.h
│ ├── parse-rgd.h
│ ├── parse-z3.h
│ ├── parse.h
│ ├── solver.h
│ ├── task.h
│ ├── task_mgr.h
│ ├── union_find.h
│ └── version.h
├── instrumentation/
│ ├── CMakeLists.txt
│ └── TaintPass.cpp
├── parsers/
│ ├── CMakeLists.txt
│ └── rgd-parser.cpp
├── python/
│ ├── CMakeLists.txt
│ ├── README.md
│ ├── symsan-py.cpp
│ └── test.py
├── runtime/
│ ├── CMakeLists.txt
│ ├── cmake/
│ │ ├── AddCompilerRT.cmake
│ │ ├── BuiltinTests.cmake
│ │ ├── CompilerRTCompile.cmake
│ │ ├── CompilerRTDarwinUtils.cmake
│ │ ├── CompilerRTLink.cmake
│ │ ├── CompilerRTUtils.cmake
│ │ ├── CustomLibcxx/
│ │ │ └── CMakeLists.txt
│ │ ├── HandleCompilerRT.cmake
│ │ └── SanitizerUtils.cmake
│ ├── common_interface_defs.h
│ ├── dfsan/
│ │ ├── .clang-format
│ │ ├── CMakeLists.txt
│ │ ├── dfsan.cpp
│ │ ├── dfsan.h
│ │ ├── dfsan.syms.extra
│ │ ├── dfsan_custom.cpp
│ │ ├── dfsan_flags.inc
│ │ ├── dfsan_interceptors.cpp
│ │ ├── dfsan_platform.h
│ │ ├── done_abilist.txt
│ │ ├── libc++_abilist.txt
│ │ ├── libc_ubuntu1404_abilist.txt
│ │ ├── libc_ubuntu1804_abilist.txt
│ │ ├── libc_ubuntu2204_abilist.txt
│ │ ├── libc_ubuntu2404_abilist.txt
│ │ ├── scripts/
│ │ │ ├── build-libc-list.py
│ │ │ └── check_custom_wrappers.sh
│ │ ├── taint.ld
│ │ ├── taint_allocator.cpp
│ │ ├── taint_allocator.h
│ │ ├── union_hashtable.cpp
│ │ ├── union_hashtable.h
│ │ ├── union_util.cpp
│ │ └── union_util.h
│ ├── interception/
│ │ ├── .clang-format
│ │ ├── CMakeLists.txt
│ │ ├── interception.h
│ │ ├── interception_linux.cpp
│ │ ├── interception_linux.h
│ │ ├── interception_mac.cpp
│ │ ├── interception_mac.h
│ │ ├── interception_type_test.cpp
│ │ ├── interception_win.cpp
│ │ ├── interception_win.h
│ │ └── tests/
│ │ ├── CMakeLists.txt
│ │ ├── interception_linux_test.cpp
│ │ ├── interception_test_main.cpp
│ │ └── interception_win_test.cpp
│ ├── libclang_rt.dfsan-x86_64.a.syms
│ └── sanitizer_common/
│ ├── .clang-format
│ ├── CMakeLists.txt
│ ├── sancov_flags.cpp
│ ├── sancov_flags.h
│ ├── sancov_flags.inc
│ ├── sanitizer_addrhashmap.h
│ ├── sanitizer_allocator.cpp
│ ├── sanitizer_allocator.h
│ ├── sanitizer_allocator_bytemap.h
│ ├── sanitizer_allocator_checks.cpp
│ ├── sanitizer_allocator_checks.h
│ ├── sanitizer_allocator_combined.h
│ ├── sanitizer_allocator_dlsym.h
│ ├── sanitizer_allocator_interface.h
│ ├── sanitizer_allocator_internal.h
│ ├── sanitizer_allocator_local_cache.h
│ ├── sanitizer_allocator_primary32.h
│ ├── sanitizer_allocator_primary64.h
│ ├── sanitizer_allocator_report.cpp
│ ├── sanitizer_allocator_report.h
│ ├── sanitizer_allocator_secondary.h
│ ├── sanitizer_allocator_size_class_map.h
│ ├── sanitizer_allocator_stats.h
│ ├── sanitizer_asm.h
│ ├── sanitizer_atomic.h
│ ├── sanitizer_atomic_clang.h
│ ├── sanitizer_atomic_clang_mips.h
│ ├── sanitizer_atomic_clang_other.h
│ ├── sanitizer_atomic_clang_x86.h
│ ├── sanitizer_atomic_msvc.h
│ ├── sanitizer_bitvector.h
│ ├── sanitizer_bvgraph.h
│ ├── sanitizer_chained_origin_depot.cpp
│ ├── sanitizer_chained_origin_depot.h
│ ├── sanitizer_common.cpp
│ ├── sanitizer_common.h
│ ├── sanitizer_common_interceptors.inc
│ ├── sanitizer_common_interceptors_format.inc
│ ├── sanitizer_common_interceptors_ioctl.inc
│ ├── sanitizer_common_interceptors_netbsd_compat.inc
│ ├── sanitizer_common_interceptors_vfork_aarch64.inc.S
│ ├── sanitizer_common_interceptors_vfork_arm.inc.S
│ ├── sanitizer_common_interceptors_vfork_i386.inc.S
│ ├── sanitizer_common_interceptors_vfork_riscv64.inc.S
│ ├── sanitizer_common_interceptors_vfork_x86_64.inc.S
│ ├── sanitizer_common_interface.inc
│ ├── sanitizer_common_interface_posix.inc
│ ├── sanitizer_common_libcdep.cpp
│ ├── sanitizer_common_nolibc.cpp
│ ├── sanitizer_common_syscalls.inc
│ ├── sanitizer_coverage_fuchsia.cpp
│ ├── sanitizer_coverage_interface.inc
│ ├── sanitizer_coverage_libcdep_new.cpp
│ ├── sanitizer_coverage_win_dll_thunk.cpp
│ ├── sanitizer_coverage_win_dynamic_runtime_thunk.cpp
│ ├── sanitizer_coverage_win_sections.cpp
│ ├── sanitizer_coverage_win_weak_interception.cpp
│ ├── sanitizer_dbghelp.h
│ ├── sanitizer_deadlock_detector.h
│ ├── sanitizer_deadlock_detector1.cpp
│ ├── sanitizer_deadlock_detector2.cpp
│ ├── sanitizer_deadlock_detector_interface.h
│ ├── sanitizer_dense_map.h
│ ├── sanitizer_dense_map_info.h
│ ├── sanitizer_errno.cpp
│ ├── sanitizer_errno.h
│ ├── sanitizer_errno_codes.h
│ ├── sanitizer_file.cpp
│ ├── sanitizer_file.h
│ ├── sanitizer_flag_parser.cpp
│ ├── sanitizer_flag_parser.h
│ ├── sanitizer_flags.cpp
│ ├── sanitizer_flags.h
│ ├── sanitizer_flags.inc
│ ├── sanitizer_flat_map.h
│ ├── sanitizer_freebsd.h
│ ├── sanitizer_fuchsia.cpp
│ ├── sanitizer_fuchsia.h
│ ├── sanitizer_getauxval.h
│ ├── sanitizer_glibc_version.h
│ ├── sanitizer_hash.h
│ ├── sanitizer_interceptors_ioctl_netbsd.inc
│ ├── sanitizer_interface_internal.h
│ ├── sanitizer_internal_defs.h
│ ├── sanitizer_leb128.h
│ ├── sanitizer_lfstack.h
│ ├── sanitizer_libc.cpp
│ ├── sanitizer_libc.h
│ ├── sanitizer_libignore.cpp
│ ├── sanitizer_libignore.h
│ ├── sanitizer_linux.cpp
│ ├── sanitizer_linux.h
│ ├── sanitizer_linux_libcdep.cpp
│ ├── sanitizer_linux_s390.cpp
│ ├── sanitizer_list.h
│ ├── sanitizer_local_address_space_view.h
│ ├── sanitizer_lzw.h
│ ├── sanitizer_mac.cpp
│ ├── sanitizer_mac.h
│ ├── sanitizer_mac_libcdep.cpp
│ ├── sanitizer_malloc_mac.inc
│ ├── sanitizer_mutex.cpp
│ ├── sanitizer_mutex.h
│ ├── sanitizer_netbsd.cpp
│ ├── sanitizer_openbsd.cpp
│ ├── sanitizer_persistent_allocator.cpp
│ ├── sanitizer_persistent_allocator.h
│ ├── sanitizer_placement_new.h
│ ├── sanitizer_platform.h
│ ├── sanitizer_platform_interceptors.h
│ ├── sanitizer_platform_limits_freebsd.cpp
│ ├── sanitizer_platform_limits_freebsd.h
│ ├── sanitizer_platform_limits_linux.cpp
│ ├── sanitizer_platform_limits_netbsd.cpp
│ ├── sanitizer_platform_limits_netbsd.h
│ ├── sanitizer_platform_limits_openbsd.cpp
│ ├── sanitizer_platform_limits_openbsd.h
│ ├── sanitizer_platform_limits_posix.cpp
│ ├── sanitizer_platform_limits_posix.h
│ ├── sanitizer_platform_limits_solaris.cpp
│ ├── sanitizer_platform_limits_solaris.h
│ ├── sanitizer_posix.cpp
│ ├── sanitizer_posix.h
│ ├── sanitizer_posix_libcdep.cpp
│ ├── sanitizer_printf.cpp
│ ├── sanitizer_procmaps.h
│ ├── sanitizer_procmaps_bsd.cpp
│ ├── sanitizer_procmaps_common.cpp
│ ├── sanitizer_procmaps_fuchsia.cpp
│ ├── sanitizer_procmaps_linux.cpp
│ ├── sanitizer_procmaps_mac.cpp
│ ├── sanitizer_procmaps_solaris.cpp
│ ├── sanitizer_ptrauth.h
│ ├── sanitizer_quarantine.h
│ ├── sanitizer_report_decorator.h
│ ├── sanitizer_ring_buffer.h
│ ├── sanitizer_rtems.cpp
│ ├── sanitizer_rtems.h
│ ├── sanitizer_signal_interceptors.inc
│ ├── sanitizer_solaris.cpp
│ ├── sanitizer_stack_store.cpp
│ ├── sanitizer_stack_store.h
│ ├── sanitizer_stackdepot.cpp
│ ├── sanitizer_stackdepot.h
│ ├── sanitizer_stackdepotbase.h
│ ├── sanitizer_stacktrace.cpp
│ ├── sanitizer_stacktrace.h
│ ├── sanitizer_stacktrace_libcdep.cpp
│ ├── sanitizer_stacktrace_printer.cpp
│ ├── sanitizer_stacktrace_printer.h
│ ├── sanitizer_stacktrace_sparc.cpp
│ ├── sanitizer_stoptheworld.h
│ ├── sanitizer_stoptheworld_fuchsia.cpp
│ ├── sanitizer_stoptheworld_fuchsia.h
│ ├── sanitizer_stoptheworld_linux_libcdep.cpp
│ ├── sanitizer_stoptheworld_mac.cpp
│ ├── sanitizer_stoptheworld_netbsd_libcdep.cpp
│ ├── sanitizer_stoptheworld_win.cpp
│ ├── sanitizer_suppressions.cpp
│ ├── sanitizer_suppressions.h
│ ├── sanitizer_symbolizer.cpp
│ ├── sanitizer_symbolizer.h
│ ├── sanitizer_symbolizer_fuchsia.h
│ ├── sanitizer_symbolizer_internal.h
│ ├── sanitizer_symbolizer_libbacktrace.cpp
│ ├── sanitizer_symbolizer_libbacktrace.h
│ ├── sanitizer_symbolizer_libcdep.cpp
│ ├── sanitizer_symbolizer_mac.cpp
│ ├── sanitizer_symbolizer_mac.h
│ ├── sanitizer_symbolizer_markup.cpp
│ ├── sanitizer_symbolizer_posix_libcdep.cpp
│ ├── sanitizer_symbolizer_report.cpp
│ ├── sanitizer_symbolizer_rtems.h
│ ├── sanitizer_symbolizer_win.cpp
│ ├── sanitizer_syscall_generic.inc
│ ├── sanitizer_syscall_linux_aarch64.inc
│ ├── sanitizer_syscall_linux_arm.inc
│ ├── sanitizer_syscall_linux_hexagon.inc
│ ├── sanitizer_syscall_linux_riscv64.inc
│ ├── sanitizer_syscall_linux_x86_64.inc
│ ├── sanitizer_syscalls_netbsd.inc
│ ├── sanitizer_termination.cpp
│ ├── sanitizer_thread_registry.cpp
│ ├── sanitizer_thread_registry.h
│ ├── sanitizer_thread_safety.h
│ ├── sanitizer_tls_get_addr.cpp
│ ├── sanitizer_tls_get_addr.h
│ ├── sanitizer_type_traits.cpp
│ ├── sanitizer_type_traits.h
│ ├── sanitizer_unwind_linux_libcdep.cpp
│ ├── sanitizer_unwind_win.cpp
│ ├── sanitizer_vector.h
│ ├── sanitizer_win.cpp
│ ├── sanitizer_win.h
│ ├── sanitizer_win_defs.h
│ ├── sanitizer_win_dll_thunk.cpp
│ ├── sanitizer_win_dll_thunk.h
│ ├── sanitizer_win_dynamic_runtime_thunk.cpp
│ ├── sanitizer_win_weak_interception.cpp
│ ├── sanitizer_win_weak_interception.h
│ ├── scripts/
│ │ ├── check_lint.sh
│ │ ├── cpplint.py
│ │ ├── gen_dynamic_list.py
│ │ ├── litlint.py
│ │ ├── litlint_test.py
│ │ └── sancov.py
│ ├── symbolizer/
│ │ ├── sanitizer_symbolize.cpp
│ │ ├── sanitizer_wrappers.cpp
│ │ └── scripts/
│ │ ├── ar_to_bc.sh
│ │ ├── build_symbolizer.sh
│ │ └── global_symbols.txt
│ ├── tests/
│ │ ├── CMakeLists.txt
│ │ ├── malloc_stress_transfer_test.cpp
│ │ ├── sanitizer_addrhashmap_test.cpp
│ │ ├── sanitizer_allocator_test.cpp
│ │ ├── sanitizer_allocator_testlib.cpp
│ │ ├── sanitizer_atomic_test.cpp
│ │ ├── sanitizer_bitvector_test.cpp
│ │ ├── sanitizer_bvgraph_test.cpp
│ │ ├── sanitizer_chained_origin_depot_test.cpp
│ │ ├── sanitizer_common_test.cpp
│ │ ├── sanitizer_deadlock_detector_test.cpp
│ │ ├── sanitizer_dense_map_test.cpp
│ │ ├── sanitizer_flags_test.cpp
│ │ ├── sanitizer_flat_map_test.cpp
│ │ ├── sanitizer_format_interceptor_test.cpp
│ │ ├── sanitizer_hash_test.cpp
│ │ ├── sanitizer_ioctl_test.cpp
│ │ ├── sanitizer_leb128_test.cpp
│ │ ├── sanitizer_libc_test.cpp
│ │ ├── sanitizer_linux_test.cpp
│ │ ├── sanitizer_list_test.cpp
│ │ ├── sanitizer_lzw_test.cpp
│ │ ├── sanitizer_mac_test.cpp
│ │ ├── sanitizer_mutex_test.cpp
│ │ ├── sanitizer_nolibc_test.cpp
│ │ ├── sanitizer_nolibc_test_main.cpp
│ │ ├── sanitizer_posix_test.cpp
│ │ ├── sanitizer_printf_test.cpp
│ │ ├── sanitizer_procmaps_test.cpp
│ │ ├── sanitizer_pthread_wrappers.h
│ │ ├── sanitizer_quarantine_test.cpp
│ │ ├── sanitizer_ring_buffer_test.cpp
│ │ ├── sanitizer_stack_store_test.cpp
│ │ ├── sanitizer_stackdepot_test.cpp
│ │ ├── sanitizer_stacktrace_printer_test.cpp
│ │ ├── sanitizer_stacktrace_test.cpp
│ │ ├── sanitizer_stoptheworld_test.cpp
│ │ ├── sanitizer_stoptheworld_testlib.cpp
│ │ ├── sanitizer_suppressions_test.cpp
│ │ ├── sanitizer_symbolizer_test.cpp
│ │ ├── sanitizer_test_config.h
│ │ ├── sanitizer_test_main.cpp
│ │ ├── sanitizer_test_utils.h
│ │ ├── sanitizer_thread_registry_test.cpp
│ │ ├── sanitizer_type_traits_test.cpp
│ │ ├── sanitizer_vector_test.cpp
│ │ └── standalone_malloc_test.cpp
│ └── weak_symbols.txt
├── solvers/
│ ├── CMakeLists.txt
│ ├── i2s-solver.cpp
│ ├── jigsaw/
│ │ ├── CMakeLists.txt
│ │ ├── config.h
│ │ ├── gd.cc
│ │ ├── grad.cc
│ │ ├── grad.h
│ │ ├── input.cc
│ │ ├── input.h
│ │ ├── jit.cc
│ │ ├── jit.h
│ │ └── rgdJit.h
│ ├── jit-solver.cpp
│ ├── wheels/
│ │ ├── concurrentqueue/
│ │ │ └── queue.h
│ │ ├── lockfreehash/
│ │ │ ├── cuckoo/
│ │ │ │ ├── Makefile
│ │ │ │ ├── benchmark_lockfree_ht.h
│ │ │ │ ├── benchmark_unordered_map.h
│ │ │ │ ├── cycle_timer.h
│ │ │ │ ├── hash_table.h
│ │ │ │ ├── lockfree_hash_table.cpp
│ │ │ │ ├── lockfree_hash_table.h
│ │ │ │ ├── main.cpp
│ │ │ │ └── thread_service.h
│ │ │ └── lprobe/
│ │ │ ├── Makefile
│ │ │ ├── alloc.h
│ │ │ ├── benchmark_lprobe.h
│ │ │ ├── benchmark_lprobe_ptr.h
│ │ │ ├── block_allocator.h
│ │ │ ├── concurrent_stack.h
│ │ │ ├── cycle_timer.h
│ │ │ ├── data.h
│ │ │ ├── data_ptr.h
│ │ │ ├── get_time.h
│ │ │ ├── hash_table.h
│ │ │ ├── main.cc
│ │ │ ├── memory_size.h
│ │ │ ├── monoid.h
│ │ │ ├── parallel.h
│ │ │ ├── seq.h
│ │ │ ├── sequence_ops.h
│ │ │ ├── thread_service.h
│ │ │ ├── thread_service_ptr.h
│ │ │ └── utilities.h
│ │ └── threadpool/
│ │ ├── ThreadPool.h
│ │ ├── ctpl.h
│ │ └── threadpool_example.cpp
│ ├── z3-solver.cpp
│ ├── z3-ts.cpp
│ └── z3.cpp
├── tests/
│ ├── CMakeLists.txt
│ ├── aggregate.c
│ ├── atoi_test.c
│ ├── atomicrmw.c
│ ├── bitflip.c
│ ├── bool.c
│ ├── boundary.c
│ ├── boundary2.c
│ ├── boundary3.c
│ ├── boundary4.c
│ ├── boundary5.c
│ ├── boundary6.c
│ ├── boundary7.c
│ ├── bounds.cpp
│ ├── call_fn.c
│ ├── call_fn2.c
│ ├── call_fn3.c
│ ├── cf1.c
│ ├── concrete_haystack.c
│ ├── context.c
│ ├── cpp_fstream.cpp
│ ├── cpp_map.cpp
│ ├── cpp_string.cpp
│ ├── gep.c
│ ├── if_eq.c
│ ├── infer_type.c
│ ├── lib.h
│ ├── lit.cfg
│ ├── lit.site.cfg.in
│ ├── memchr.c
│ ├── memchr_chain.c
│ ├── memchr_mixed_chain.c
│ ├── memcmp.c
│ ├── memmem.c
│ ├── memrchr.c
│ ├── memrchr_chain.c
│ ├── mini.c
│ ├── mini2.c
│ ├── optimistic.c
│ ├── partial_concrete.c
│ ├── partial_concrete2.c
│ ├── partial_concrete3.c
│ ├── pointer.c
│ ├── prefixof.c
│ ├── shift_and.c
│ ├── sign.c
│ ├── str_mem_mixed_chain.c
│ ├── strcat.c
│ ├── strcat_mixed.c
│ ├── strchr.c
│ ├── strchr_chain.c
│ ├── strchr_mixed_chain.c
│ ├── strcmp.c
│ ├── strcmp2.c
│ ├── strdup.c
│ ├── strlen_extend.c
│ ├── strlen_json3.c
│ ├── strlen_null_from_input.c
│ ├── strlen_shrink.c
│ ├── strlen_test.c
│ ├── strncat.c
│ ├── strncpy_simple.c
│ ├── strncpy_substr.c
│ ├── strndup.c
│ ├── strnstr.c
│ ├── strpbrk.c
│ ├── strrchr.c
│ ├── strstr.c
│ ├── strsub.c
│ ├── struct.c
│ ├── switch.c
│ ├── ubsan_div.c
│ ├── ubsan_intovfl.c
│ ├── ubsan_mulovfl.c
│ ├── ubsan_negateovfl.c
│ ├── ubsan_shift.c
│ ├── ubsan_signchange.c
│ ├── ubsan_signed_intovfl.c
│ ├── ubsan_subovfl.c
│ ├── ubsan_trunc.c
│ ├── unaligned_load.c
│ └── xor_bool.c
└── wrappers/
├── CMakeLists.txt
└── zlib_abilist.txt
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/workflows/test.yml
================================================
name: CI
on:
pull_request:
branches: [ main ]
push:
branches:
- main
paths:
- '!README.md'
jobs:
build-and-test:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: install dependencies
run: sudo apt-get update && sudo apt-get install -y llvm-14 clang-14 libc++-14-dev libc++abi-14-dev python3-minimal libgoogle-perftools-dev libboost-container-dev python3-dev libbsd-dev
- name: Cache Z3
id: cache-z3
uses: actions/cache@v4
with:
path: ~/z3
key: z3-4.15.4-x64-glibc-2.39
- name: Install Z3
run: |
if [ ! -d ~/z3 ]; then
wget https://github.com/Z3Prover/z3/releases/download/z3-4.15.4/z3-4.15.4-x64-glibc-2.39.zip
unzip z3-4.15.4-x64-glibc-2.39.zip
mv z3-4.15.4-x64-glibc-2.39 ~/z3
fi
sudo cp ~/z3/bin/z3 /usr/local/bin/
sudo cp ~/z3/bin/libz3.so /usr/local/lib/
sudo cp ~/z3/bin/libz3.a /usr/local/lib/
sudo cp -r ~/z3/include/* /usr/local/include/
sudo ldconfig
# run: |
# wget https://apt.llvm.org/llvm.sh
# chmod +x llvm.sh
# sudo ./llvm.sh 12 all
- name: get aflpp
uses: actions/checkout@v4
with:
repository: AFLplusplus/AFLplusplus
path: ${{ github.workspace }}/aflpp
- name: configure
run: CC=clang-14 CXX=clang++-14 cmake -B ${{ github.workspace }}/build -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=${{ github.workspace }}/install -DAFLPP_PATH=${{ github.workspace }}/aflpp
- name: build
run: CC=clang-14 CXX=clang++-14 cmake --build ${{ github.workspace }}/build
- name: install
run: CC=clang-14 CXX=clang++-14 cmake --install ${{ github.workspace }}/build
- name: install lit
run: pip install lit
- name: test
run: lit --verbose tests
working-directory: ${{ github.workspace }}/build
================================================
FILE: .gitignore
================================================
.vscode
*.taint
*.o
*.so
*.dwo
*.bc
*.ll
GPATH
GRTAGS
GTAGS
GSYMS
output*/
*.tar.gz
*.tar.xz
auto/
/bin/
.DS_Store
/build/
/libcxx/
!/libcxx/build_taint/lib/
/install
================================================
FILE: CMakeLists.txt
================================================
cmake_minimum_required(VERSION 3.13)
project(symsan VERSION 1.2.2 LANGUAGES C CXX ASM)
find_package(LLVM 14 REQUIRED CONFIG)
# Find Z3 (minimum version 4.8.15 required for string theory APIs)
# Prefer /usr/local over system
find_library(Z3_LIBRARY NAMES z3 PATHS /usr/local/lib NO_DEFAULT_PATH)
if (NOT Z3_LIBRARY)
find_library(Z3_LIBRARY NAMES z3)
endif()
find_path(Z3_INCLUDE_DIR NAMES z3.h PATHS /usr/local/include NO_DEFAULT_PATH)
if (NOT Z3_INCLUDE_DIR)
find_path(Z3_INCLUDE_DIR NAMES z3.h)
endif()
# Check Z3 version
if (Z3_INCLUDE_DIR)
file(READ "${Z3_INCLUDE_DIR}/z3_version.h" Z3_VERSION_CONTENT)
string(REGEX MATCH "#define Z3_MAJOR_VERSION[ \t]+([0-9]+)" _ "${Z3_VERSION_CONTENT}")
set(Z3_VERSION_MAJOR ${CMAKE_MATCH_1})
string(REGEX MATCH "#define Z3_MINOR_VERSION[ \t]+([0-9]+)" _ "${Z3_VERSION_CONTENT}")
set(Z3_VERSION_MINOR ${CMAKE_MATCH_1})
string(REGEX MATCH "#define Z3_BUILD_NUMBER[ \t]+([0-9]+)" _ "${Z3_VERSION_CONTENT}")
set(Z3_VERSION_PATCH ${CMAKE_MATCH_1})
set(Z3_VERSION "${Z3_VERSION_MAJOR}.${Z3_VERSION_MINOR}.${Z3_VERSION_PATCH}")
message(STATUS "Found Z3 version: ${Z3_VERSION}")
# Require at least version 4.8.15
if (Z3_VERSION_MAJOR LESS 4 OR
(Z3_VERSION_MAJOR EQUAL 4 AND Z3_VERSION_MINOR LESS 8) OR
(Z3_VERSION_MAJOR EQUAL 4 AND Z3_VERSION_MINOR EQUAL 8 AND Z3_VERSION_PATCH LESS 15))
message(FATAL_ERROR "Z3 version ${Z3_VERSION} found, but version 4.8.15 or later is required (for string theory APIs)")
endif()
endif()
message(STATUS "Z3_LIBRARY: ${Z3_LIBRARY}")
message(STATUS "Z3_INCLUDE_DIR: ${Z3_INCLUDE_DIR}")
message(STATUS "Z3_VERSION: ${Z3_VERSION}")
if (LLVM_FOUND)
message(STATUS "LLVM_VERSION_MAJOR: ${LLVM_VERSION_MAJOR}")
message(STATUS "LLVM_VERSION_MINOR: ${LLVM_VERSION_MINOR}")
message(STATUS "LLVM_VERSION_PATCH: ${LLVM_VERSION_PATCH}")
else()
message(FATAL_ERROR "You haven't install LLVM !")
endif()
if (NOT TARGET LLVMPassConfig)
add_library(LLVMPassConfig INTERFACE IMPORTED)
set_target_properties(LLVMPassConfig PROPERTIES
INTERFACE_COMPILE_OPTIONS "-fno-rtti" #-fpic
INTERFACE_INCLUDE_DIRECTORIES "${LLVM_INCLUDE_DIRS}"
INTERFACE_LINK_DIRECTORIES "${LLVM_LIBRARY_DIRS}"
INTERFACE_COMPILE_DEFINITIONS "LLVM_VERSION_MAJOR=${LLVM_VERSION_MAJOR};LLVM_VERSION_MINOR=${LLVM_VERSION_MINOR};"
# INTERFACE_LINK_OPTIONS "-Wl,-znodelete"
)
endif()
include_directories(${LLVM_INCLUDE_DIRS})
add_definitions(${LLVM_DEFINITIONS})
include_directories(include)
set(SYMSAN_BIN_DIR "bin")
set(SYMSAN_LIB_DIR "lib/symsan")
add_subdirectory(compiler)
add_subdirectory(instrumentation)
add_subdirectory(runtime)
add_subdirectory(wrappers)
add_subdirectory(parsers)
add_subdirectory(solvers)
add_subdirectory(backend)
add_subdirectory(driver)
add_subdirectory(tests)
add_subdirectory(libcxx)
add_subdirectory(python)
================================================
FILE: Dockerfile
================================================
FROM ubuntu:noble
ENV DEBIAN_FRONTEND=noninteractive
ENV TZ=Etc/UTC
ENV DEBIAN_FRONTEND=noninteractive
ENV TZ=Etc/UTC
WORKDIR /work
COPY . /work/symsan
RUN apt-get update
RUN apt-get install -y cmake llvm-14 clang-14 libc++-14-dev libc++abi-14-dev libunwind-14-dev \
python3-minimal python-is-python3 zlib1g-dev git joe libprotobuf-dev
RUN git clone --depth=1 --branch=v4.31c https://github.com/AFLplusplus/AFLplusplus /work/aflpp
RUN cd /work/aflpp && make PERFORMANCE=1 LLVM_CONFIG=llvm-config-14 NO_NYX=1 source-only -j4 && make install
RUN apt-get install -y libz3-dev libgoogle-perftools-dev libboost-container-dev python3-dev
RUN apt clean
RUN cd /work/symsan/ && mkdir -p build && \
cd build && CC=clang-14 CXX=clang++-14 cmake -DCMAKE_INSTALL_PREFIX=. -DAFLPP_PATH=/work/aflpp ../ && \
make -j4 && make install
ENV KO_CC=clang-14
ENV KO_CXX=clang++-14
ENV KO_USE_FASTGEN=1
================================================
FILE: LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: README.md
================================================
[](https://opensource.org/licenses/Apache-2.0)
# SymSan: Time and Space Efficient Concolic Execution via Dynamic Data-Flow Analysis
SymSan (Symbolic Sanitizer) is an efficient concolic execution engine based on the
Data-Floow Sanitizer (DFSan) framework. By modeling forward symbolic execution as
a dynamic data-flow analysis and leveraging the time and space efficient data-flow
tracking infrastructure from DFSan, SymSan imposes much lower runtime overhead
than previous symbolic execution engines.
Similar to other compilation-based symbolic executor like [SymCC](https://github.com/eurecom-s3/symcc),
SymSan uses compile-time `instrumentation` to insert symbolic execution logic into
the target program, and a `runtime` supporting library to maintain symbolic states
during execution.
To learn more, checkout our [paper](https://www.usenix.org/conference/usenixsecurity22/presentation/chen-ju) at USENIX Security 2022.
## Building
Because SymSan leverages the shadow memory implementation from LLVM's sanitizers,
it has more strict dependency on the LLVM version. Right now only LLVM 12 is tested.
### Build Requirements
- Linux-amd64 (Tested on Ubuntu 24.04)
- [LLVM 14.0.6](http://llvm.org/docs/index.html): clang, libc++, libc++abi
### Compilation
Create a `build` directory and execute the following commands in it:
```shell
$ CC=clang-14 CXX=clang++-14 cmake -DCMAKE_INSTALL_PREFIX=/path/to/install -DCMAKE_BUILD_TYPE=Release /path/to/symsan/source
$ make
$ make install
```
### Build in Docker
```
docker build -t symsan .
```
### LIBCXX
The repo contains instrumented libc++ and libc++abi to support C++ programs.
To rebuild these libraries from source, execute the `rebuild.sh` script in the
`libcxx` directory.
**NOTE**: because the in-process solving module (`solver/z3.cpp`) uses Z3's C++ API
and STL containers, so itself depends on the C++ libs. Due to such dependencies,
you'll see linking errors when building C++ targets when using this module.
Though it's possible to resolve these errors by not instrumenting the dependencies
(adding them to the [ABIList](https://clang.llvm.org/docs/DataFlowSanitizer.html#abi-list),
then rebuild the C++ libs), we don't recommend using it for C++ targets.
Instead, it's much cleaner to use ann out-of-process solving module like Fastgen.
## Test
To verify the code works, try some simple tests
(forked from [Angora](https://github.com/AngoraFuzzer/Angora),
adapted by [@insuyun](https://github.com/insuyun) to lit):
```
$ pip install lit
$ cd your_build_dir
$ lit tests
```
### Environment Options
* `KO_CC` specifies the clang to invoke, if the default version isn't clang-12,
set this variable to allow the compiler wrapper to find the correct clang.
* `KO_CXX` specifies the clang++ to invoke, if the default version isn't clang++-12,
set this variable to allow the compiler wrapper to find the correct clang++.
* `KO_USE_Z3` enables the in-process Z3-based solver. By default, it is disabled,
so SymSan will only perform symbolic constraint collection without solving.
SymSan also supports out-of-process solving, which provides better compatiblility.
Check [FastGen](https://github.com/R-Fuzz/fastgen).
* `KO_USE_NATIVE_LIBCXX` enables using the native uninstrumented libc++ and libc++abi.
* `KO_DONT_OPTIMIZE` don't override the optimization level to `O3`.
### Hybrid Fuzzing
SymSan needs a driver to perform hybrid fuzzing, like [FastGen](https://github.com/R-Fuzz/fastgen).
It could also be used as a custom mutator for [AFL++](https://github.com/AFLplusplus/AFLplusplus)
(check the [plugin readme](driver/aflpp/README.md)).
Check out our integration with Magma to see how to compile and run targets:
[aflplusplus_symsan](https://github.com/R-Fuzz/magma/tree/mazerunner/fuzzers/aflplusplus_symsan).
It should also be easy to use the [Python binding](https://github.com/R-Fuzz/symsan/tree/main/python).
NOTE: fgtest is for running tests, not for continnous fuzzing, please don't use it for benchmark.
## Documentation
Still under construction, unfortunately. [DeepWiki](https://deepwiki.com/R-Fuzz/symsan) seems okay.
## Reference
To cite SymSan in scientific work, please use the following BibTeX:
``` bibtex
@inproceedings {chen2022symsan,
author = {Ju Chen and Wookhyun Han and Mingjun Yin and Haochen Zeng and
Chengyu Song and Byoungyong Lee and Heng Yin and Insik Shin},
title = {SymSan: Time and Space Efficient Concolic Execution via Dynamic Data-Flow Analysis},
booktitle = {{USENIX} Security Symposium (Security)},
year = 2022,
url = {https://www.usenix.org/conference/usenixsecurity22/presentation/chen-ju},
publisher = {{USENIX} Association},
month = aug,
}
```
================================================
FILE: backend/CMakeLists.txt
================================================
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g")
add_library(Fastgen STATIC fastgen.cpp)
target_compile_options(Fastgen PRIVATE -stdlib=libc++)
target_include_directories(Fastgen PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}/../runtime
)
install (TARGETS Fastgen DESTINATION ${SYMSAN_LIB_DIR})
================================================
FILE: backend/fastgen.cpp
================================================
/*
The code is for out-of-process constraints solving with fastgen.
------------------------------------------------
Written by Chengyu Song <csong@cs.ucr.edu> and
Ju Chen <jchen757@ucr.edu>
Copyright 2021-2025 UC Riverside. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at:
http://www.apache.org/licenses/LICENSE-2.0
*/
#include "sanitizer_common/sanitizer_common.h"
#include "sanitizer_common/sanitizer_file.h"
#include "sanitizer_common/sanitizer_posix.h"
#include "dfsan/dfsan.h"
using namespace __dfsan;
static uint32_t __instance_id;
static uint32_t __session_id;
static int __pipe_fd;
// filter?
SANITIZER_INTERFACE_ATTRIBUTE THREADLOCAL uint32_t __taint_trace_callstack;
static inline void __solve_cond(dfsan_label label, uint8_t result,
uint8_t add_nested, uint8_t loop_flag,
uint32_t cid, void *addr) {
if (__pipe_fd < 0)
return;
uint16_t flags = 0;
if (add_nested) flags |= F_ADD_CONS;
// set the loop flags according to branching results
switch (loop_flag) {
case TrueBranchLoopExit:
flags |= result ? F_LOOP_EXIT : F_LOOP_LATCH;
break;
case TrueBranchLoopLatch:
flags |= result ? F_LOOP_LATCH : F_LOOP_EXIT;
break;
case FalseBranchLoopExit:
flags |= result ? F_LOOP_LATCH : F_LOOP_EXIT;
break;
case FalseBranchLoopLatch:
flags |= result ? F_LOOP_EXIT : F_LOOP_LATCH;
break;
default:
// No loop flag or unrecognized flag, do nothing
break;
}
// send info
pipe_msg msg = {
.msg_type = cond_type,
.flags = flags,
.instance_id = __instance_id,
.addr = (uptr)addr,
.context = __taint_trace_callstack,
.id = cid,
.label = label,
.result = result
};
if (internal_write(__pipe_fd, &msg, sizeof(msg)) < 0) {
Die();
}
}
static inline void __send_ubi(dfsan_label label, uint64_t result,
uint32_t cid, void *addr) {
if (__pipe_fd < 0)
return;
pipe_msg msg = {
.msg_type = memerr_type,
.flags = F_MEMERR_UBI,
.instance_id = __instance_id,
.addr = (uptr)addr,
.context = __taint_trace_callstack,
.id = cid,
.label = label,
.result = result
};
if (internal_write(__pipe_fd, &msg, sizeof(msg)) < 0) {
Die();
}
}
static struct switch_true_case {
dfsan_label label;
uint32_t cid;
} __switch_true_case = {0};
extern "C" SANITIZER_INTERFACE_ATTRIBUTE void
__taint_trace_cmp(dfsan_label op1, dfsan_label op2, uint32_t size,
uint32_t predicate,
uint64_t c1, uint64_t c2, uint32_t cid) {
if (op1 == 0 && op2 == 0)
return;
void *addr = __builtin_return_address(0);
if (op1 == kInitializingLabel) {
// uninitialized label
AOUT("WARNING: uninitialized label %u @%p\n", op1, addr);
if (flags().solve_ub) __send_ubi(op1, c1, cid, addr);
if (flags().exit_on_memerror) Die();
else return;
}
if (op2 == kInitializingLabel) {
// uninitialized label
AOUT("WARNING: uninitialized label %u @%p\n", op2, addr);
if (flags().solve_ub) __send_ubi(op2, c2, cid, addr);
if (flags().exit_on_memerror) Die();
else return;
}
AOUT("solving cmp: %u %u %u %d %lu %lu 0x%x @%p\n",
op1, op2, size, predicate, c1, c2, cid, addr);
// save info to a union table slot
uint8_t r = get_const_result(c1, c2, predicate);
dfsan_label temp = dfsan_union(op1, op2, (predicate << 8) | ICmp, size, c1, c2);
if (r) {
// for the true case, we want to save it to solve the last,
// so the nested constraint will not affect other cases
__switch_true_case.label = temp;
__switch_true_case.cid = cid;
} else {
// solve without add_nested
__solve_cond(temp, r, 0, 0, cid, addr);
}
}
extern "C" SANITIZER_INTERFACE_ATTRIBUTE void
__taint_trace_switch_end(uint32_t cid) {
if (__switch_true_case.label == 0) {
return;
} else if (__switch_true_case.cid != cid) {
AOUT("WARNING: switch end cid mismatch %u vs %u\n",
__switch_true_case.cid, cid);
return;
}
void *addr = __builtin_return_address(0);
AOUT("solving switch end: %u 0x%x @%p\n",
__switch_true_case.label, cid, addr);
// solve the true case
__solve_cond(__switch_true_case.label, 1, 1, 0, cid, addr);
__switch_true_case.label = 0;
}
extern "C" SANITIZER_INTERFACE_ATTRIBUTE void
__taint_trace_cond(dfsan_label label, bool r, uint8_t flag, uint32_t cid) {
if (label == 0) {
// check for real loop exit
if (!(((flag & FalseBranchLoopExit) && !r) ||
((flag & TrueBranchLoopExit) && r)))
return;
}
void *addr = __builtin_return_address(0);
if (label == kInitializingLabel) {
// uninitialized label
AOUT("WARNING: uninitialized label %u @%p\n", label, addr);
if (flags().solve_ub) __send_ubi(label, r, cid, addr);
if (flags().exit_on_memerror) Die();
else return;
}
AOUT("solving cond: %u %u 0x%x 0x%x %p\n",
label, r, __taint_trace_callstack, cid, addr);
uint8_t add_nested = flag & UndefinedCheck ? 0 : 1;
uint8_t loop_flag = flag & LoopFlagMask;
// always add nested
__solve_cond(label, r, add_nested, loop_flag, cid, addr);
}
extern "C" SANITIZER_INTERFACE_ATTRIBUTE dfsan_label
__taint_trace_select(dfsan_label cond_label, dfsan_label true_label,
dfsan_label false_label, uint8_t r, uint8_t true_op,
uint8_t false_op, uint32_t cid) {
if (cond_label == 0)
return r ? true_label : false_label;
void *addr = __builtin_return_address(0);
if (cond_label == kInitializingLabel) {
// uninitialized label
AOUT("WARNING: uninitialized label %u @%p\n", cond_label, addr);
if (flags().solve_ub) __send_ubi(cond_label, r, cid, addr);
if (flags().exit_on_memerror) Die();
else return r ? true_label : false_label;
}
AOUT("solving select: %u %u %u %u %u %u 0x%x @%p\n",
cond_label, true_label, false_label, r, true_op, false_op, cid, addr);
// check if it's actually a logical AND: select cond, label, false
if (true_label != 0 && false_op == 0) {
dfsan_label land = dfsan_union(cond_label, true_label, And, 1, r, true_op);
uint8_t lr = (r && true_op) ? 1 : 0;
__solve_cond(land, lr, 1, 0, cid, addr);
return land;
} else if (false_label != 0 && true_op == 1) {
// logical OR: select cond, true, label
dfsan_label lor = dfsan_union(cond_label, false_label, Or, 1, r, false_op);
uint8_t lr = (r || false_op) ? 1 : 0;
__solve_cond(lor, lr, 1, 0, cid, addr);
return lor;
} else {
// normal select?
AOUT("normal select?!\n");
__solve_cond(cond_label, r, 1, 0, cid, addr);
return r ? true_label : false_label;
}
}
extern "C" SANITIZER_INTERFACE_ATTRIBUTE void
__taint_trace_indcall(dfsan_label label) {
if (label == 0)
return;
AOUT("tainted indirect call target: %d\n", label);
}
extern "C" SANITIZER_INTERFACE_ATTRIBUTE void
__taint_trace_gep(dfsan_label ptr_label, uint64_t ptr,
dfsan_label index_label, int64_t index,
uint64_t num_elems, uint64_t elem_size,
int64_t current_offset, uint32_t cid) {
if (index_label == 0)
return;
void *addr = __builtin_return_address(0);
if (index_label == kInitializingLabel) {
// uninitialized label
AOUT("WARNING: uninitialized label %u @%p\n", index_label, addr);
if (flags().solve_ub) __send_ubi(index_label, index, cid, addr);
if (flags().exit_on_memerror) Die();
else return;
}
if (ptr_label == kInitializingLabel) {
// uninitialized label
AOUT("WARNING: uninitialized label %u @%p\n", ptr_label, addr);
if (flags().solve_ub) __send_ubi(ptr_label, ptr, cid, addr);
if (flags().exit_on_memerror) Die();
else return;
}
AOUT("tainted GEP index: %ld = %d, ne: %ld, es: %ld, offset: %ld\n",
index, index_label, num_elems, elem_size, current_offset);
if (__pipe_fd < 0)
return;
// send gep info, in two pieces
pipe_msg msg = {
.msg_type = gep_type,
.flags = 0,
.instance_id = __instance_id,
.addr = (uptr)addr,
.context = __taint_trace_callstack,
.label = index_label, // just in case
.result = (uint64_t)index
};
if (internal_write(__pipe_fd, &msg, sizeof(msg)) < 0) {
Die();
}
gep_msg gmsg = {
.ptr_label = ptr_label,
.index_label = index_label,
.ptr = ptr,
.index = index,
.num_elems = num_elems,
.elem_size = elem_size,
.current_offset = current_offset
};
// FIXME: assuming single writer so msg will arrive in the same order
if (internal_write(__pipe_fd, &gmsg, sizeof(gmsg)) < 0) {
Die();
}
return;
}
extern "C" SANITIZER_INTERFACE_ATTRIBUTE void
__taint_trace_offset(dfsan_label offset_label, s64 offset, unsigned size) {
return;
}
extern "C" SANITIZER_INTERFACE_ATTRIBUTE void
__taint_trace_memcmp(dfsan_label label) {
if (label == 0)
return;
void *addr = __builtin_return_address(0);
if (label == kInitializingLabel) {
// uninitialized label
AOUT("WARNING: uninitialized label %u @%p\n", label, addr);
if (flags().solve_ub) __send_ubi(label, 0, 0, addr);
if (flags().exit_on_memerror) Die();
else return;
}
dfsan_label_info *info = get_label_info(label);
AOUT("tainted memcmp: %d, size: %d\n", label, info->size);
if (__pipe_fd < 0)
return;
uint16_t has_content = 1;
// if both operands are symbolic, skip sending the content
if ((info->l1 != CONST_LABEL && info->l2 != CONST_LABEL) || info->size == 0)
has_content = 0;
pipe_msg msg = {
.msg_type = memcmp_type,
.flags = has_content,
.instance_id = __instance_id,
.addr = (uptr)addr,
.context = __taint_trace_callstack,
.label = label, // just in case
.result = (uint64_t)info->size
};
if (internal_write(__pipe_fd, &msg, sizeof(msg)) < 0) {
Die();
}
if (!has_content)
return;
size_t msg_size = sizeof(memcmp_msg) + info->size;
memcmp_msg *mmsg = (memcmp_msg*)__builtin_alloca(msg_size);
mmsg->label = label;
// Copy concrete content: use op1 if l1 is concrete, else op2
void *concrete_ptr = (info->l1 == CONST_LABEL) ? (void*)info->op1.i : (void*)info->op2.i;
internal_memcpy(mmsg->content, concrete_ptr, info->size);
AOUT("sending memcmp content for label %d, size %u, msg_size=%lu\n", label, info->size, msg_size);
// FIXME: assuming single writer so msg will arrive in the same order
if (internal_write(__pipe_fd, mmsg, msg_size) < 0) {
Die();
}
return;
}
extern "C" SANITIZER_INTERFACE_ATTRIBUTE void
__taint_trace_memerr(dfsan_label ptr_label, uptr ptr, dfsan_label size_label,
uint64_t size, uint16_t flag, void *addr) {
if (ptr_label == 0 && size_label == 0)
return;
if (__pipe_fd < 0)
return;
uint64_t r = 0;
switch(flag) {
case F_MEMERR_UAF: r = ptr; break;
case F_MEMERR_OLB: r = ptr; break;
case F_MEMERR_OUB: r = ptr + size; break;
case F_MEMERR_UBI: r = ptr; break;
default: return;
}
pipe_msg msg = {
.msg_type = memerr_type,
.flags = flag,
.instance_id = __instance_id,
.addr = (uptr)addr,
.context = __taint_trace_callstack,
.label = ptr_label, // just in case
.result = r
};
if (internal_write(__pipe_fd, &msg, sizeof(msg)) < 0) {
Die();
}
}
extern "C" void InitializeSolver() {
__instance_id = flags().instance_id;
__session_id = flags().session_id;
__pipe_fd = flags().pipe_fd;
}
================================================
FILE: compiler/CMakeLists.txt
================================================
add_executable(KOClang ko_clang.c)
set_target_properties(KOClang PROPERTIES OUTPUT_NAME "ko-clang")
add_custom_command(TARGET KOClang POST_BUILD
COMMAND ln -sf "ko-clang" "ko-clang++")
install (TARGETS KOClang DESTINATION ${SYMSAN_BIN_DIR})
install (FILES ${CMAKE_CURRENT_BINARY_DIR}/ko-clang++ DESTINATION ${SYMSAN_BIN_DIR})
================================================
FILE: compiler/ko_clang.c
================================================
/*
The code is modified from AFL's LLVM mode and Angora.
------------------------------------------------
Written by Laszlo Szekeres <lszekeres@google.com> and
Michal Zalewski <lcamtuf@google.com>
Copyright 2015, 2016 Google Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at:
http://www.apache.org/licenses/LICENSE-2.0
*/
#define KO_MAIN
#include "alloc_inl.h"
#include "defs.h"
#include "debug.h"
#include "version.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#ifndef PATH_MAX
#define PATH_MAX 4096
#endif
static char *obj_path; /* Path to runtime libraries */
static char *taint_path; /* Path to the taint pass */
static char **cc_params; /* Parameters passed to the real CC */
static u32 cc_par_cnt = 1; /* Param count, including argv0 */
static u8 is_cxx = 0;
static u8 use_native_cxx = 0;
static u8 use_native_zlib = 1; /* Use system zlib by default */
/* Try to find the executable from PATH */
static char *find_executable_in_path(const char *filename) {
char *path = getenv("PATH");
if (path == NULL) {
FATAL("Cannot get PATH env");
return NULL;
}
char *prev = path;
char full_path[PATH_MAX];
size_t filename_len = strlen(filename);
while (1) {
char *colon = strstr(prev, ":");
size_t len = colon ? colon - prev : strlen(prev);
if (len + 1 + filename_len + 1 >= PATH_MAX) {
WARNF("Path too long: %s", prev);
continue;
}
// Construct the full path
memcpy(full_path, prev, len);
full_path[len] = '/';
memcpy(full_path + len + 1, filename, filename_len + 1);
// Check if the file exists and is executable
if (access(full_path, X_OK) == 0) {
return ck_strdup(full_path);
}
if (colon == NULL || *(colon + 1) == '\0') {
break;
}
prev = colon + 1;
}
return NULL;
}
/* Try to find the runtime libraries. If that fails, abort. */
static void find_obj(const char *argv0) {
char *slash;
char path[PATH_MAX];
if (strchr(argv0, '/') == NULL) {
char *exec_path = find_executable_in_path(argv0);
if (exec_path == NULL) {
FATAL("Cannot find the compiler (%s) in PATH", argv0);
}
if (!realpath(exec_path, path)) {
FATAL("Cannot get real path of the compiler (%s): %s", exec_path, strerror(errno));
}
ck_free(exec_path);
} else {
if (!realpath(argv0, path)) {
FATAL("Cannot get real path of the compiler (%s): %s", argv0, strerror(errno));
}
}
slash = strrchr(path, '/');
if (slash) {
char *dir;
*slash = 0;
dir = ck_strdup(path);
*slash = '/';
taint_path = alloc_printf("%s/../lib/symsan/TaintPass.so", dir);
if (!access(taint_path, R_OK)) {
obj_path = alloc_printf("%s/../lib/symsan", dir);
} else {
FATAL("Unable to find 'TaintPass.so' at %s", path);
}
ck_free(dir);
}
}
static void check_type(char *name) {
if (!strcmp(name, "ko-clang++")) {
is_cxx = 1;
}
}
static u8 check_if_assembler(u32 argc, char **argv) {
/* Check if a file with an assembler extension ("s" or "S") appears in argv */
while (--argc) {
const char *cur = *(++argv);
const char *ext = strrchr(cur, '.');
if (ext && (!strcmp(ext + 1, "s") || !strcmp(ext + 1, "S"))) {
return 1;
}
}
return 0;
}
static void add_runtime() {
if (getenv("KO_LIBRARY_PATH")) {
cc_params[cc_par_cnt++] = alloc_printf("-L%s", getenv("KO_LIBRARY_PATH"));
}
cc_params[cc_par_cnt++] = "-Wl,--whole-archive";
cc_params[cc_par_cnt++] = alloc_printf("%s/libdfsan_rt-x86_64.a", obj_path);
cc_params[cc_par_cnt++] = "-Wl,--no-whole-archive";
cc_params[cc_par_cnt++] =
alloc_printf("-Wl,--dynamic-list=%s/libdfsan_rt-x86_64.a.syms", obj_path);
cc_params[cc_par_cnt++] = alloc_printf("-Wl,-T%s/taint.ld", obj_path);
if (is_cxx && !use_native_cxx) {
// cc_params[cc_par_cnt++] = "-Wl,--whole-archive";
cc_params[cc_par_cnt++] = alloc_printf("%s/libc++.a", obj_path);
cc_params[cc_par_cnt++] = alloc_printf("%s/libc++abi.a", obj_path);
cc_params[cc_par_cnt++] = alloc_printf("%s/libunwind.a", obj_path);
// cc_params[cc_par_cnt++] = "-Wl,--no-whole-archive";
} else {
cc_params[cc_par_cnt++] = "-lc++";
cc_params[cc_par_cnt++] = "-lc++abi";
cc_params[cc_par_cnt++] = "-l:libunwind.so";
}
cc_params[cc_par_cnt++] = "-lrt";
cc_params[cc_par_cnt++] = "-Wl,--no-as-needed";
cc_params[cc_par_cnt++] = "-Wl,--gc-sections"; // if darwin -Wl, -dead_strip
cc_params[cc_par_cnt++] = "-ldl";
cc_params[cc_par_cnt++] = "-lpthread";
cc_params[cc_par_cnt++] = "-lm";
if (use_native_zlib) {
cc_params[cc_par_cnt++] = "-lz";
}
if (getenv("KO_USE_Z3")) {
cc_params[cc_par_cnt++] = "-Wl,--whole-archive";
cc_params[cc_par_cnt++] = alloc_printf("%s/libZ3Solver.a", obj_path);
cc_params[cc_par_cnt++] = "-Wl,--no-whole-archive";
cc_params[cc_par_cnt++] = "-L/usr/local/lib";
cc_params[cc_par_cnt++] = "-lz3";
cc_params[cc_par_cnt++] = "-Wl,-rpath,/usr/local/lib";
}
if (getenv("KO_USE_FASTGEN")) {
cc_params[cc_par_cnt++] = "-Wl,--whole-archive";
cc_params[cc_par_cnt++] = alloc_printf("%s/libFastgen.a", obj_path);
cc_params[cc_par_cnt++] = "-Wl,--no-whole-archive";
}
}
static void add_taint_pass() {
cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager";
cc_params[cc_par_cnt++] = alloc_printf("-fplugin=%s", taint_path); // to enable options
cc_params[cc_par_cnt++] = alloc_printf("-fpass-plugin=%s", taint_path);
cc_params[cc_par_cnt++] = "-mllvm";
cc_params[cc_par_cnt++] =
alloc_printf("-taint-abilist=%s/dfsan_abilist.txt", obj_path);
if (use_native_zlib) {
cc_params[cc_par_cnt++] = "-mllvm";
cc_params[cc_par_cnt++] =
alloc_printf("-taint-abilist=%s/zlib_abilist.txt", obj_path);
}
if (getenv("KO_TRACE_FP")) {
cc_params[cc_par_cnt++] = "-mllvm";
cc_params[cc_par_cnt++] = "-taint-trace-float-pointer";
}
if (getenv("KO_NO_TRACE_BOUND")) {
cc_params[cc_par_cnt++] = "-mllvm";
cc_params[cc_par_cnt++] = "-taint-trace-bound=false";
}
if (getenv("KO_SOLVE_UB")) {
cc_params[cc_par_cnt++] = "-mllvm";
cc_params[cc_par_cnt++] = "-taint-solve-ub=true";
}
if (is_cxx && use_native_cxx) {
cc_params[cc_par_cnt++] = "-mllvm";
cc_params[cc_par_cnt++] =
alloc_printf("-taint-abilist=%s/libc++_abilist.txt", obj_path);
}
}
static void edit_params(u32 argc, char **argv) {
u8 fortify_set = 0, asan_set = 0, x_set = 0, maybe_linking = 1, bit_mode = 0;
u8 maybe_assembler = 0;
char *name;
cc_params = ck_alloc((argc + 128) * sizeof(char *));
name = strrchr(argv[0], '/');
if (!name)
name = argv[0];
else
name++;
check_type(name);
if (is_cxx) {
char *alt_cxx = getenv("KO_CXX");
cc_params[0] = alt_cxx ? alt_cxx : "clang++";
} else {
char *alt_cc = getenv("KO_CC");
cc_params[0] = alt_cc ? alt_cc : "clang";
}
maybe_assembler = check_if_assembler(argc, argv);
use_native_cxx = getenv("KO_USE_NATIVE_LIBCXX") ? 1 : 0;
use_native_zlib = getenv("KO_NO_NATIVE_ZLIB") ? 0 : 1;
/* Detect stray -v calls from ./configure scripts. */
if (argc == 1 && !strcmp(argv[1], "-v"))
maybe_linking = 0;
while (--argc) {
char *cur = *(++argv);
// FIXME
if (!strcmp(cur, "-O1") || !strcmp(cur, "-O2") || !strcmp(cur, "-O3")) {
//continue;
}
if (!strcmp(cur, "-m32"))
bit_mode = 32;
if (!strcmp(cur, "-m64"))
bit_mode = 64;
if (!strcmp(cur, "-x"))
x_set = 1;
if (!strcmp(cur, "-c") || !strcmp(cur, "-S") || !strcmp(cur, "-E"))
maybe_linking = 0;
if (!strncmp(cur, "-fsanitize=", strlen("-fsanitize="))) {
continue; // doesn't work together
}
if (!use_native_zlib && !strcmp(cur, "-lz"))
continue; // ignore -lz if we are using our own zlib
if (strstr(cur, "FORTIFY_SOURCE"))
fortify_set = 1;
if (!strcmp(cur, "-shared"))
maybe_linking = 0;
if (!strcmp(cur, "-Wl,-z,defs") || !strcmp(cur, "-Wl,--no-undefined"))
continue;
if (strstr(cur, "-stdlib=") == cur) {
// XXX: use native if the target prefers stdlibc++?
continue;
}
if (!strcmp(cur, "-lc++") || !strcmp(cur, "-lc++abi") || !strcmp(cur, "-lunwind") ||
strstr(cur, "-l:libc++.so") == cur ||
strstr(cur, "-l:libc++abi.so") == cur ||
strstr(cur, "-l:libunwind.so") == cur) {
// skip libc++, libc++abi, and libunwind
continue;
}
if (strstr(cur, "libSymsanProxy.o")) {
char* last = *(argv - 1);
if (last) {
if (!strcmp(last, "-I")) { // remove the -I
cc_params[cc_par_cnt - 1] = cur;
continue;
}
if (!strcmp(last, "-L")) { // remove the -L
cc_params[cc_par_cnt - 1] = cur;
continue;
}
}
}
cc_params[cc_par_cnt++] = cur;
}
if (getenv("KO_CONFIG")) {
cc_params[cc_par_cnt] = NULL;
return;
}
if (!maybe_assembler) {
add_taint_pass();
}
cc_params[cc_par_cnt++] = "-pie";
cc_params[cc_par_cnt++] = "-fpic";
cc_params[cc_par_cnt++] = "-Qunused-arguments";
cc_params[cc_par_cnt++] = "-fno-vectorize";
cc_params[cc_par_cnt++] = "-fno-slp-vectorize";
#if 0
cc_params[cc_par_cnt++] = "-mno-mmx";
cc_params[cc_par_cnt++] = "-mno-sse";
cc_params[cc_par_cnt++] = "-mno-sse2";
cc_params[cc_par_cnt++] = "-mno-avx";
cc_params[cc_par_cnt++] = "-mno-sse3";
cc_params[cc_par_cnt++] = "-mno-sse4.1";
cc_params[cc_par_cnt++] = "-mno-sse4.2";
cc_params[cc_par_cnt++] = "-mno-ssse3";
cc_params[cc_par_cnt++] = "-mno-avx2";
cc_params[cc_par_cnt++] = "-mno-avx512f";
cc_params[cc_par_cnt++] = "-mno-avx512bw";
cc_params[cc_par_cnt++] = "-mno-avx512dq";
cc_params[cc_par_cnt++] = "-mno-avx512vl";
#endif
if (getenv("KO_HARDEN")) {
cc_params[cc_par_cnt++] = "-fstack-protector-all";
if (!fortify_set)
cc_params[cc_par_cnt++] = "-D_FORTIFY_SOURCE=2";
}
if (!getenv("KO_DONT_OPTIMIZE")) {
cc_params[cc_par_cnt++] = "-g";
cc_params[cc_par_cnt++] = "-O3";
cc_params[cc_par_cnt++] = "-funroll-loops";
}
if (is_cxx && !use_native_cxx) {
// FIXME: or use the same header
// cc_params[cc_par_cnt++] = alloc_printf("-I%s/../include/c++/v1", obj_path);
cc_params[cc_par_cnt++] = "-stdlib=libc++";
}
if (maybe_linking) {
if (x_set) {
cc_params[cc_par_cnt++] = "-x";
cc_params[cc_par_cnt++] = "none";
}
add_runtime();
switch (bit_mode) {
case 0:
break;
case 32:
/* if (access(cc_params[cc_par_cnt - 1], R_OK)) */
FATAL("-m32 is not supported by your compiler");
break;
case 64:
/* if (access(cc_params[cc_par_cnt - 1], R_OK)) */
// FATAL("-m64 is not supported by your compiler");
break;
}
}
cc_params[cc_par_cnt] = NULL;
}
/* Main entry point */
int main(int argc, char **argv) {
if (argc < 2) {
SAYF("\n"
"This is a helper application for Kirenenko. It serves as a drop-in "
"replacement\n"
"for clang, letting you recompile third-party code with the required "
"runtime\n"
"instrumentation. A common use pattern would be one of the "
"following:\n\n"
" CC=%s/ko-clang ./configure\n"
" CXX=%s/ko-clang++ ./configure\n\n"
"You can specify custom next-stage toolchain via KO_CC and KO_CXX."
"You can set (e.g., export) KO_CONFIG=1 to avoid problems during "
"configure.\n"
"Setting\n"
"KO_HARDEN enables hardening optimizations in the compiled "
"code.\n\n",
"xx", "xx");
exit(1);
}
find_obj(argv[0]);
edit_params(argc, argv);
for (int i = 0; i < cc_par_cnt; i++) {
printf("%s ", cc_params[i]);
}
printf("\n");
execvp(cc_params[0], (char **)cc_params);
FATAL("Oops, failed to execute '%s' - check your PATH", cc_params[0]);
return 0;
}
================================================
FILE: driver/CMakeLists.txt
================================================
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
set(CMAKE_CXX_STANDARD 14)
## launcher lib
add_subdirectory(launcher)
## simple driver for testing out-of-process solving
add_executable(FGTest fgtest.cpp)
set_target_properties(FGTest PROPERTIES OUTPUT_NAME "fgtest")
target_include_directories(FGTest PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}/../runtime
)
target_link_libraries(FGTest PRIVATE
launcher
z3parser
${Z3_LIBRARY}
rt
)
install (TARGETS FGTest DESTINATION ${SYMSAN_BIN_DIR})
if (DEFINED AFLPP_PATH)
add_subdirectory(aflpp)
endif()
install (CODE "MESSAGE(STATUS \"Build & Install: libSymsanProxy.o\")")
install (CODE "execute_process(COMMAND \
${CMAKE_INSTALL_PREFIX}/${SYMSAN_BIN_DIR}/ko-clang \
-c ${CMAKE_CURRENT_SOURCE_DIR}/harness-proxy.c \
-o ${CMAKE_INSTALL_PREFIX}/${SYMSAN_LIB_DIR}/libSymsanProxy.o)")
================================================
FILE: driver/aflpp/CMakeLists.txt
================================================
## custom_mutation for AFL++
project(SymSanMutator C CXX)
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
set(CMAKE_CXX_STANDARD 17)
# set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -stdlib=libc++")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -O3 -g -mcx16 -march=native -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-free")
if (ASAN_BUILD)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address")
endif()
if (NOT IS_DIRECTORY "${AFLPP_PATH}/include")
message(FATAL_ERROR "Invalid AFL++ directory path! ${AFLPP_PATH}")
endif()
add_library(SymSanMutator SHARED symsan.cpp )
target_include_directories(SymSanMutator PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}/../../runtime
${AFLPP_PATH}/include
)
target_link_libraries(SymSanMutator
launcher
rgd-parser
rgd-solver
)
if (ASAN_BUILD)
target_link_libraries(SymSanMutator
${LLVM_BINARY_DIR}/lib/clang/12.0.1/lib/linux/libclang_rt.asan-x86_64.a
)
endif()
install (TARGETS SymSanMutator DESTINATION ${SYMSAN_BIN_DIR})
================================================
FILE: driver/aflpp/README.md
================================================
# A AFL++ plugin for using SYMSAN as a custom mutator
libafl should be a better option but due to my familarity with C++,
this is a temporary option.
## HowTo
A quick guide to how to use the plugin:
### Compilation
Right now I only have tested on Ubuntu 20.04 and 22.04.
First, install dependencies:
```
apt-get update
apt-get install -y lsb-release wget software-properties-common gnupg
wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 12
apt-get install -y cmake libc++-12-dev libc++abi-12-dev libunwind-12 python3-minimal python-is-python3 zlib1g-dev git gdb joe
apt-get install -y libz3-dev libgoogle-perftools-dev
```
Next, download and build AFL++:
```
git clone --depth=1 https://github.com/AFLplusplus/AFLplusplus /workdir/aflpp
ENV LLVM_CONFIG=llvm-config-14
cd /workdir/aflpp && CC=clang-14 CXX=clang++-14 make source-only && make install
```
Next, download symsan and build
```
git clone https://github.com/R-Fuzz/symsan /workdir/symsan
cd symsan/ && mkdir -p build && \
cd build && CC=clang-14 CXX=clang++-14 cmake -DAFLPP_PATH=/workdir/aflpp ../ && \
make -j && make install
```
### Build target binaries
You need to compile two binaries: one for normal fuzzing and one for symbolic tracing
For the normal fuzzing binary, you can set `AFL_LLVM_CMPLOG=0` to disable `cmplog` as the plugin does a similar job.
Please refer to the AFL++ manual for building options.
For the symbolic tracing binary, set the following env options
* `KO_CC=clang-14`: use clang-14 as the C compiler, because SymSan is compiled as a LLVM-12 pass
* `KO_CXX=clang++-14`: using clang++-14 as the C++ compiler
* `KO_USE_FASTGEN=1`: using the out-of-process solving mode (i.e., decoupled tracing and solving)
* `KO_DONT_OPTIMIZE=1` (optional): keep the original optimization level, otherwise override with `-O3`
* `KO_NO_NATIVE_ZLIB` (optional): if you're using instrumented libz
* `KO_USE_NATIVE_LIBCXX` (optional): if you want to use the native, *uninstrumented* standard C++ lib, the default option uses the instrumented `libc++` and `libc++-abi`.
To build the target, set `CC=/path/to/symsan/bin/ko-clang` and `CXX=/path/to/symsan/bin/ko-clang++`.
If the configuration fails, you can set `KO_CONFIG=1`, and unset it after configuration.
### Fuzz
After the two binaries are built, use AFL++ to fuzz it, use the following env options
to load the plugin and control its behavior:
* `AFL_CUSTOM_MUTATOR_LIBRARY=/path/to/symsan/bin/libSymSanMutator.so`: load the plugin
* `SYMSAN_TARGET=/path/to/symsan-instrumented-binary`: symbolic tracing binary
* `AFL_DISABLE_TRIM=1` (optional): for some targets (e.g., the `mini` test case), you may want to disable trim
* `AFL_CUSTOM_MUTATOR_ONLY=1` (optional): if you only want to test the plugin
* `SYMSAN_OUTPUT_DIR=/none/default/dir` (optional): a different directory to store temporary outputs from SymSan
* `SYMSAN_USE_JIGSAW=1` (optional): use JIGSAW as the solver
* `SYMSAN_USE_Z3=1` (optional): use Z3 as the solver
* `SYMSAN_USE_NESTED=1` (optional): consider nested branches when constructing a solving task
## Some high-level design
The custom mutator works in two main steps:
1. In the interface function `afl_custom_fuzz_count`, the plugin spawns
a symsan-instrumented binary to collect the symbolic traces (i.e., the tracing
stage in libafl). For each event it wants to handle, it constructs a *solving task*.
2. In the interface function `afl_custom_fuzz`, the plugin fetches a *solving task*,
solves it, and generate a new input (i.e., the mutation stage in libafl).
The newly generated input is then evaluated with the main fuzzing binary.
If the input is saved, the task is considered as successfully solved.
## Extensions
One main motivation to move to libafl and afl++ custom mutator is to make the
concolic execution stage more extensible (than in fastgen). Following are some
interfaces that can be customized:
* `rgd::CovManager` is in charge of determine whether an event from symsan should
be used to construct a solving task. The default one uses branch coverage
(similar to sancov `trace-pc-guard`) to filter events.
* `rgd::TaskManager` is in charge of scheduling *solving tasks*. The default one
is a simple FIFO queue.
* `rgd::Solver` is in charge of solving a solving task. Right now there are three
solvers, which works in a layered manner (i2s->jigsaw->z3):
if a task is solved by an earlier solver, it will skip the next solver; otherwise the next solver is invoked.
* The default one is a simple I2S solver, which uses tracing results to map input bytes to comparison
operands and generate a solution based on potential
[input-to-state correspondence](https://www.ndss-symposium.org/ndss-paper/redqueen-fuzzing-with-input-to-state-correspondence/).
* JIGSAW, which is our [JIT-based constraint solver](https://github.com/R-Fuzz/jigsaw).
* Z3
================================================
FILE: driver/aflpp/rgd.proto
================================================
syntax = "proto3";
package rgd;
// AST node for symbolic expressions
message AstNode {
uint32 kind = 1;
uint32 boolvalue = 2; //used by bool expr
uint32 bits = 3;
string value = 4; //used by constant expr
repeated AstNode children = 5;
string name = 6; //used for debugging
uint32 index = 7; //used by read expr for index and extract expr
uint32 label = 8; //for expression dedup
uint32 hash = 9; //for node dedup
uint32 direction = 10;
uint32 sessionid = 11;
uint32 full = 12;
}
================================================
FILE: driver/aflpp/symsan.cpp
================================================
/*
a custom mutator for AFL++
(c) 2023 - 2024 by Chengyu Song <csong@cs.ucr.edu>
License: Apache 2.0
*/
#include "dfsan/dfsan.h"
#include "ast.h"
#include "task.h"
#include "solver.h"
#include "cov.h"
#include "task_mgr.h"
extern "C" {
#include "afl-fuzz.h"
#include "launch.h"
}
#include "parse-rgd.h"
#include <atomic>
#include <unordered_map>
#include <unordered_set>
#include <utility>
#include <vector>
#include <queue>
#include <memory>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/ipc.h>
#include <sys/mman.h>
#include <sys/select.h>
#include <sys/shm.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <fcntl.h>
using namespace __dfsan;
#ifndef DEBUG
#define DEBUG 0
#endif
#if !DEBUG
#undef DEBUGF
#define DEBUGF(_str...) do { } while (0)
#endif
#define PRINT_STATS 0
#define MAX_AST_SIZE 200
#define MIN_TIMEOUT 50U
#define MAX_LOCAL_BRANCH_COUNTER 128
static bool NestedSolving = false;
static int TraceBounds = 0;
static int ExitOnMemError = 1; // default is exit on memory error
static int SolveUB = 0;
static int ForceStdin = 0;
static bool SaveSolved = false;
#undef alloc_printf
#define alloc_printf(_str...) ({ \
char* _tmp; \
s32 _len = snprintf(NULL, 0, _str); \
if (_len < 0) FATAL("Whoa, snprintf() fails?!"); \
_tmp = (char*)ck_alloc(_len + 1); \
snprintf((char*)_tmp, _len + 1, _str); \
_tmp; \
})
using solver_t = std::shared_ptr<rgd::Solver>;
using branch_ctx_t = std::shared_ptr<rgd::BranchContext>;
enum mutation_state_t {
MUTATION_INVALID,
MUTATION_IN_VALIDATION,
MUTATION_VALIDATED,
};
struct my_mutator_t {
my_mutator_t() = delete;
my_mutator_t(const afl_state_t *afl, rgd::TaskManager* tmgr, rgd::CovManager* cmgr) :
afl(afl), out_dir(NULL), out_file(NULL), symsan_bin(NULL),
argv(NULL), out_fd(-1), cur_queue_entry(NULL),
cur_mutation_state(MUTATION_INVALID), output_buf(NULL),
cur_task(nullptr), cur_solver_index(-1),
task_mgr(tmgr), cov_mgr(cmgr) {}
~my_mutator_t() {
if (out_fd >= 0) close(out_fd);
ck_free(out_dir);
ck_free(out_file);
ck_free(output_buf);
ck_free(argv);
delete task_mgr;
delete cov_mgr;
}
const afl_state_t *afl;
char *out_dir;
char *out_file;
char *symsan_bin;
char **argv;
int out_fd;
u8* cur_queue_entry;
int cur_mutation_state;
u8* output_buf;
int log_fd;
std::unordered_set<u32> fuzzed_inputs;
rgd::TaskManager* task_mgr;
rgd::CovManager* cov_mgr;
rgd::RGDAstParser* parser;
std::vector<solver_t> solvers;
// XXX: well, we have to keep track of solving states
rgd::task_t cur_task;
size_t cur_solver_index;
};
// FIXME: find another way to make the union table hash work
static dfsan_label_info *__dfsan_label_info;
static const size_t MAX_LABEL = uniontable_size / sizeof(dfsan_label_info);
dfsan_label_info* __dfsan::get_label_info(dfsan_label label) {
if (unlikely(label >= MAX_LABEL)) {
throw std::out_of_range("label too large " + std::to_string(label));
}
return &__dfsan_label_info[label];
}
// FIXME: local filter?
static std::unordered_map<uint32_t, uint8_t> local_counter;
static std::unordered_set<uint32_t> local_index_filter;
// staticstics
static uint64_t total_branches = 0;
static uint64_t branches_to_solve = 0;
static uint64_t total_tasks = 0;
static std::map<uint64_t, uint64_t> task_size_dist;
static uint64_t solved_tasks = 0;
static uint64_t solved_branches = 0;
static void reset_global_caches(size_t buf_size) {
local_counter.clear();
local_index_filter.clear();
}
static void handle_cond(pipe_msg &msg, my_mutator_t *my_mutator) {
if (unlikely(msg.label == 0)) {
return;
} else if (unlikely(msg.label == kInitializingLabel)) {
WARNF("UBI branch cond @%p\n", (void*)msg.addr);
return;
}
total_branches += 1;
// apply a local (per input) branch filter
auto &lc = local_counter[msg.id];
if (lc > MAX_LOCAL_BRANCH_COUNTER) {
return;
} else {
lc += 1;
}
// prase flags
bool always_solve = (msg.flags & F_ADD_CONS) == 0;
bool loop_latch = (msg.flags & F_LOOP_LATCH) != 0;
bool loop_exit = (msg.flags & F_LOOP_EXIT) != 0;
const branch_ctx_t ctx = my_mutator->cov_mgr->add_branch((void*)msg.addr,
msg.id, msg.result != 0, msg.context, loop_latch, loop_exit);
branch_ctx_t neg_ctx = std::make_shared<rgd::BranchContext>();
*neg_ctx = *ctx;
neg_ctx->direction = !ctx->direction;
if (my_mutator->cov_mgr->is_branch_interesting(neg_ctx) || always_solve) {
// parse the uniont table AST to solving tasks
std::vector<uint64_t> tasks;
if (my_mutator->parser->parse_cond(msg.label, ctx->direction, msg.flags & F_ADD_CONS, tasks) != 0) {
WARNF("Failed to parse the condition %u, from input %s\n", msg.label, my_mutator->cur_queue_entry);
// symsan_terminate();
return;
}
// add the tasks to the task manager
for (auto const& task_id : tasks) {
auto task = my_mutator->parser->retrieve_task(task_id);
my_mutator->task_mgr->add_task(neg_ctx, task);
#if PRINT_STATS
task_size_dist[task->constraints.size()] += 1;
#endif
}
total_tasks += tasks.size();
branches_to_solve += 1;
}
}
static void handle_gep(gep_msg &gmsg, pipe_msg &msg, my_mutator_t *my_mutator) {
// msg.label === gmsg.index_label
if (unlikely(msg.label == 0)) {
return;
} else if (unlikely(msg.label == kInitializingLabel)) {
WARNF("UBI array index @%p\n", (void*)msg.addr);
return;
}
// apply a local (per input) index filter
if (!local_index_filter.insert(msg.label).second) {
return;
}
// parse the uniont table AST to solving tasks
std::vector<uint64_t> tasks;
if (my_mutator->parser->parse_gep(gmsg.ptr_label, gmsg.ptr, gmsg.index_label, gmsg.index,
gmsg.num_elems, gmsg.elem_size, gmsg.current_offset, false, tasks) != 0) {
WARNF("Failed to parse symbolic index %u, from input %s\n", gmsg.index_label, my_mutator->cur_queue_entry);
// symsan_terminate();
return;
}
// add the tasks to the task manager, with a dummy context
branch_ctx_t ctx = std::make_shared<rgd::BranchContext>();
ctx->addr = (void*)msg.addr;
ctx->direction = true;
for (auto const& task_id : tasks) {
auto task = my_mutator->parser->retrieve_task(task_id);
my_mutator->task_mgr->add_task(ctx, task);
#if PRINT_STATS
task_size_dist[task->constraints.size()] += 1;
#endif
}
total_tasks += tasks.size();
}
/// no splice input
extern "C" void afl_custom_splice_optout(my_mutator_t *data) {
(void)(data);
}
/// @brief init the custom mutator
/// @param afl aflpp state
/// @param seed not used
/// @return custom mutator state
extern "C" my_mutator_t *afl_custom_init(afl_state *afl, unsigned int seed) {
(void)(seed);
struct stat st;
rgd::TaskManager *tmgr = new rgd::FIFOTaskManager();
rgd::CovManager *cmgr = new rgd::EdgeCovManager();
my_mutator_t *data = new my_mutator_t(afl, tmgr, cmgr);
if (!data) {
FATAL("afl_custom_init alloc");
return NULL;
}
// always use the simpler i2s solver
data->solvers.emplace_back(std::make_shared<rgd::I2SSolver>());
if (getenv("SYMSAN_USE_JIGSAW"))
data->solvers.emplace_back(std::make_shared<rgd::JITSolver>());
if (getenv("SYMSAN_USE_Z3"))
data->solvers.emplace_back(std::make_shared<rgd::Z3Solver>());
// make nested solving optional too
if (getenv("SYMSAN_USE_NESTED")) {
NestedSolving = true;
}
// enable trace bounds?
if (getenv("SYMSAN_TRACE_BOUNDS")) {
TraceBounds = 1;
}
// disable exit on memory error
if (getenv("SYMSAN_DONT_EXIT_ON_MEMERROR")) {
ExitOnMemError = 0;
}
if (getenv("SYMSAN_SOLVE_UB")) {
TraceBounds = 1; // solve undefined depends on trace bounds
SolveUB = 1;
}
// XXX: force stdin? ugly hack for aixcc
if (getenv("SYMSAN_FORCE_STDIN")) {
ForceStdin = 1;
}
// enable saving solved tasks
if (getenv("SYMSAN_SAVE_SOLVED")) {
SaveSolved = true;
}
if (!(data->symsan_bin = getenv("SYMSAN_TARGET"))) {
FATAL(
"SYMSAN_TARGET not defined, this should point to the full path of the "
"symsan compiled binary.");
}
if (!(data->out_dir = getenv("SYMSAN_OUTPUT_DIR"))) {
data->out_dir = alloc_printf("%s/symsan", afl->out_dir);
}
if (stat(data->out_dir, &st) && mkdir(data->out_dir, 0755)) {
PFATAL("Could not create the output directory %s", data->out_dir);
}
// setup output file
char *out_file;
if (afl->file_extension) {
out_file = alloc_printf("%s/.cur_input.%s", data->out_dir, afl->file_extension);
} else {
out_file = alloc_printf("%s/.cur_input", data->out_dir);
}
if (data->out_dir[0] == '/') {
data->out_file = out_file;
} else {
char cwd[PATH_MAX];
if (getcwd(cwd, (size_t)sizeof(cwd)) == NULL) { PFATAL("getcwd() failed"); }
data->out_file = alloc_printf("%s/%s", cwd, out_file);
ck_free(out_file);
}
// create the output file
data->out_fd = open(data->out_file, O_RDWR | O_CREAT | O_TRUNC, 0644);
if (data->out_fd < 0) {
PFATAL("Failed to create output file %s: %s\n", data->out_file, strerror(errno));
}
// setup symsan launcher
__dfsan_label_info = (dfsan_label_info *)symsan_init(data->symsan_bin, uniontable_size);
if (__dfsan_label_info == (void *)-1) {
FATAL("Failed to init symsan launcher: %s\n", strerror(errno));
}
// setup the parser
data->parser = new rgd::RGDAstParser(__dfsan_label_info, uniontable_size, NestedSolving, MAX_AST_SIZE);
if (!data->parser) {
FATAL("Failed to create parser\n");
}
// allocate output buffer
data->output_buf = (u8 *)malloc(MAX_FILE+1);
if (!data->output_buf) {
FATAL("Failed to alloc output buffer\n");
}
#if PRINT_STATS
char *log_f = getenv("SYMSAN_LOG_FILE");
if (log_f) {
data->log_fd = open(log_f, O_RDWR | O_CREAT | O_TRUNC, 0644);
if (data->log_fd < 0) {
PFATAL("Failed to create log file: %s\n", strerror(errno));
}
} else {
data->log_fd = 2; // stderr by default
}
#endif
return data;
}
extern "C" void afl_custom_deinit(my_mutator_t *data) {
symsan_destroy();
delete data;
}
/// @brief the trace stage for symsan
/// @param data the custom mutator state
/// @param buf input buffer
/// @param buf_size
/// @return the number of solving tasks
extern "C" u32 afl_custom_fuzz_count(my_mutator_t *data, const u8 *buf,
size_t buf_size) {
// check the input id to see if it's been run before
// we don't use the afl_custom_queue_new_entry() because we may not
// want to solve all the tasks
u32 input_id = data->afl->queue_cur->id;
u32 timeout = std::min(MIN_TIMEOUT, data->afl->fsrv.exec_tmout);
if (data->fuzzed_inputs.find(input_id) != data->fuzzed_inputs.end()) {
return 0;
}
data->fuzzed_inputs.insert(input_id);
// record the name of the current queue entry
data->cur_queue_entry = data->afl->queue_cur->fname;
DEBUGF("Fuzzing %s\n", data->cur_queue_entry);
// FIXME: should we use the afl->queue_cur->fname instead?
// write the buf to the file
lseek(data->out_fd, 0, SEEK_SET);
ck_write(data->out_fd, buf, buf_size, data->out_file);
fsync(data->out_fd);
if (ftruncate(data->out_fd, buf_size)) {
WARNF("Failed to truncate output file: %s\n", strerror(errno));
return 0;
}
// setup argv in case of initialized
if (unlikely(!data->argv)) {
int argc = 0;
while (data->afl->argv[argc]) { argc++; }
data->argv = (char **)calloc(argc + 1, sizeof(char *));
if (!data->argv) {
FATAL("Failed to alloc argv\n");
}
for (int i = 0; i < argc; i++) {
if (strstr(data->afl->argv[i], (char*)data->afl->tmp_dir)) {
DEBUGF("Replacing %s with %s\n", data->afl->argv[i], data->out_file);
data->argv[i] = data->out_file;
} else {
data->argv[i] = data->afl->argv[i];
}
}
data->argv[argc] = NULL;
// setup symsan launcher
symsan_set_input(data->afl->fsrv.use_stdin ? "stdin" : data->out_file);
symsan_set_args(argc, data->argv);
symsan_set_debug(DEBUG);
symsan_set_bounds_check(TraceBounds);
symsan_set_exit_on_memerror(ExitOnMemError);
symsan_set_solve_ub(SolveUB);
symsan_set_force_stdin(ForceStdin);
}
// launch the symsan child process
int ret = symsan_run(data->out_fd);
if (ret < 0) {
WARNF("Failed to start symsan bin: %s\n", strerror(errno));
return 0;
} else if (ret > 0) {
WARNF("symsan_run failed %d\n", ret);
return 0;
}
pipe_msg msg;
gep_msg gmsg;
memcmp_msg *mmsg;
dfsan_label_info *info;
size_t msg_size;
u32 num_tasks = 0;
u32 num_msgs = 0;
bool timedout = false;
struct timeval start, end;
gettimeofday(&start, NULL);
// clear all caches
std::vector<symsan::input_t> inputs;
inputs.push_back({buf, buf_size});
data->parser->restart(inputs);
reset_global_caches(buf_size);
while (symsan_read_event(&msg, sizeof(msg), timeout) == sizeof(msg)) {
// create solving tasks
switch (msg.msg_type) {
// conditional branch
case cond_type:
handle_cond(msg, data);
break;
case gep_type:
if (symsan_read_event(&gmsg, sizeof(gmsg), 0) != sizeof(gmsg)) {
WARNF("Failed to receive gep msg: %s\n", strerror(errno));
break;
}
// double check
if (msg.label != gmsg.index_label) {
WARNF("Incorrect gep msg: %d vs %d\n", msg.label, gmsg.index_label);
break;
}
handle_gep(gmsg, msg, data);
break;
case memcmp_type:
if (msg.label == 0 || msg.label >= MAX_LABEL) {
WARNF("Invalid memcmp label: %d\n", msg.label);
break;
}
info = get_label_info(msg.label);
// if both operands are symbolic, no content to be read
if (info->l1 != CONST_LABEL && info->l2 != CONST_LABEL)
break;
// flags = 0 means both operands are symbolic thus no content to read
// if (!msg.flags)
// break;
msg_size = sizeof(memcmp_msg) + msg.result;
mmsg = (memcmp_msg*)malloc(msg_size);
if (symsan_read_event(mmsg, msg_size, 0) != msg_size) {
WARNF("Failed to receive memcmp msg: %s\n", strerror(errno));
free(mmsg);
break;
}
// double check
if (msg.label != mmsg->label) {
WARNF("Incorrect memcmp msg: %d vs %d\n", msg.label, mmsg->label);
free(mmsg);
break;
}
// save the content
data->parser->record_memcmp(msg.label, mmsg->content, msg.result);
free(mmsg);
break;
case fsize_type:
break;
case memerr_type:
WARNF("Memory error detected @%p, type = %d\n", (void*)msg.addr, msg.flags);
break;
default:
break;
}
// naive deadloop detection
num_msgs += 1;
if (unlikely((num_msgs & 0xffffe000) != 0)) {
gettimeofday(&end, NULL);
if ((end.tv_sec - start.tv_sec) * 10 > timeout) {
// allow 100x slowdown, sec * 1000 > ms * 100
WARNF("Possible deadloop, break\n");
timedout = true;
break;
}
}
}
if (timedout) {
// kill the symsan process
symsan_terminate();
}
// reinit solving state
data->cur_task = nullptr;
size_t max_stages = data->solvers.size();
// to be conservative, we return the maximum number of possible mutations
return (u32)(data->task_mgr->get_num_tasks() * max_stages);
}
static void print_stats(my_mutator_t *data) {
dprintf(data->log_fd,
"Total branches: %zu,\n"\
"Total tasks: %zu,\n"\
"Solved tasks: %zu,\n"\
"Solved branches: %zu\n",
total_branches, total_tasks, solved_tasks, solved_branches);
dprintf(data->log_fd, "Task size distribution:\n");
for (auto const& kv : task_size_dist) {
dprintf(data->log_fd, "\t %zu: %zu\n", kv.first, kv.second);
}
for (auto &solver : data->solvers) {
solver->print_stats(data->log_fd);
}
}
extern "C"
size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size,
u8 **out_buf, uint8_t *add_buf, size_t add_buf_size,
size_t max_size) {
(void)(add_buf);
(void)(add_buf_size);
(void)(max_size);
if (buf_size > MAX_FILE) {
*out_buf = buf;
return 0;
}
// try to get a task if we don't already have one
// or if we've find a valid solution from the previous mutation
if (!data->cur_task || data->cur_mutation_state == MUTATION_VALIDATED) {
data->cur_task = data->task_mgr->get_next_task();
if (!data->cur_task) {
DEBUGF("No more tasks to solve\n");
data->cur_mutation_state = MUTATION_INVALID;
*out_buf = buf;
#if PRINT_STATS
print_stats(data);
#endif
return 0;
}
// reset the solver and state
data->cur_solver_index = 0;
data->cur_mutation_state = MUTATION_INVALID;
}
// check the previous mutation state
if (data->cur_mutation_state == MUTATION_IN_VALIDATION) {
// oops, not solve, move on to next solver
data->cur_solver_index++;
if (data->cur_solver_index >= data->solvers.size()) {
// if reached the max solver, move on to the next task
data->cur_task = data->task_mgr->get_next_task();
if (!data->cur_task) {
DEBUGF("No more tasks to solve\n");
data->cur_mutation_state = MUTATION_INVALID;
*out_buf = buf;
#if PRINT_STATS
print_stats(data);
#endif
return 0;
}
data->cur_solver_index = 0; // reset solver index
}
}
// default return values
size_t new_buf_size = 0;
*out_buf = buf;
auto &solver = data->solvers[data->cur_solver_index];
auto ret = solver->solve(data->cur_task, buf, buf_size,
data->output_buf, new_buf_size);
if (likely(ret == rgd::SOLVER_SAT)) {
DEBUGF("task solved\n");
data->cur_mutation_state = MUTATION_IN_VALIDATION;
*out_buf = data->output_buf;
if (SaveSolved) {
// save the solved task
char *solved_file = alloc_printf("%s/id_%zu", data->out_dir, solved_tasks);
if (solved_file != NULL) {
int fd = open(solved_file, O_RDWR | O_CREAT | O_TRUNC, 0644);
if (fd < 0) {
WARNF("Failed to create solved file %s: %s\n", solved_file, strerror(errno));
} else {
lseek(fd, 0, SEEK_SET);
ck_write(fd, data->output_buf, new_buf_size, solved_file);
close(fd);
}
free(solved_file);
}
}
solved_tasks += 1;
} else if (ret == rgd::SOLVER_TIMEOUT) {
// if not solved, move on to next stage
data->cur_mutation_state = MUTATION_IN_VALIDATION;
} else if (ret == rgd::SOLVER_UNSAT) {
// at any stage if the task is deemed unsolvable, just skip it
DEBUGF("task not solvable\n");
data->cur_task->skip_next = true;
data->cur_task = nullptr;
} else {
WARNF("Unknown solver return value %d\n", ret);
*out_buf = NULL;
new_buf_size = 0;
}
return new_buf_size;
}
// FIXME: use new queue entry as feedback to see if the last mutation is successful
extern "C"
uint8_t afl_custom_queue_new_entry(my_mutator_t * data,
const uint8_t *filename_new_queue,
const uint8_t *filename_orig_queue) {
// if we're in validation state and the current queue entry is the same as
// mark the constraints as solved
DEBUGF("new queue entry: %s\n", filename_new_queue);
if (data->cur_queue_entry == filename_orig_queue &&
data->cur_mutation_state == MUTATION_IN_VALIDATION) {
data->cur_mutation_state = MUTATION_VALIDATED;
if (data->cur_task) {
data->cur_task->skip_next = true;
solved_branches += 1;
}
}
return 0;
}
================================================
FILE: driver/fgtest.cpp
================================================
#include "defs.h"
#include "debug.h"
#include "version.h"
#include "dfsan/dfsan.h"
extern "C" {
#include "launch.h"
}
#include "parse-z3.h"
#include <algorithm>
#include <memory>
#include <unordered_map>
#include <unordered_set>
#include <utility>
#include <vector>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
using namespace __dfsan;
#define OPTIMISTIC 1
#undef AOUT
# define AOUT(...) \
do { \
printf(__VA_ARGS__); \
} while(false)
// for input
static char *input_buf;
static size_t input_size;
// for output
static const char* __output_dir = ".";
static uint32_t __instance_id = 0;
static uint32_t __session_id = 0;
static uint32_t __current_index = 0;
static int __enum_gep = 0; // GEP enumeration enabled by default
static z3::context __z3_context;
// z3parser
symsan::Z3ParserSolver *__z3_parser = nullptr;
static void generate_input(symsan::Z3ParserSolver::solution_t &solutions) {
using op_t = symsan::Z3ParserSolver::solution_op_t;
// Build the new input in memory to handle INSERT/DELETE properly
std::vector<uint8_t> new_input(input_buf, input_buf + input_size);
// Sort solutions by offset in descending order so INSERT/DELETE don't
// invalidate subsequent offsets
std::vector<size_t> order(solutions.size());
for (size_t i = 0; i < order.size(); ++i) order[i] = i;
std::sort(order.begin(), order.end(), [&solutions](size_t a, size_t b) {
return solutions[a].offset > solutions[b].offset;
});
for (size_t idx : order) {
const auto& sol = solutions[idx];
switch (sol.op) {
case op_t::SET:
if (sol.offset < new_input.size()) {
AOUT("SET offset %d = %x\n", sol.offset, sol.val);
new_input[sol.offset] = sol.val;
}
break;
case op_t::INSERT:
if (sol.offset <= new_input.size()) {
AOUT("INSERT %zu bytes at offset %d\n", sol.data.size(), sol.offset);
new_input.insert(new_input.begin() + sol.offset,
sol.data.begin(), sol.data.end());
}
break;
case op_t::DELETE:
if (sol.offset < new_input.size()) {
size_t del_len = std::min((size_t)sol.len,
new_input.size() - sol.offset);
AOUT("DELETE %zu bytes at offset %d\n", del_len, sol.offset);
new_input.erase(new_input.begin() + sol.offset,
new_input.begin() + sol.offset + del_len);
}
break;
}
}
// Write the new input to file
char path[PATH_MAX];
snprintf(path, PATH_MAX, "%s/id-%d-%d-%d", __output_dir,
__instance_id, __session_id, __current_index++);
int fd = open(path, O_CREAT | O_WRONLY | O_TRUNC, S_IRUSR | S_IWUSR);
if (fd == -1) {
AOUT("failed to open new input file for write");
return;
}
AOUT("generate #%d output (size: %zu -> %zu)\n",
__current_index - 1, input_size, new_input.size());
if (write(fd, new_input.data(), new_input.size()) == -1) {
AOUT("failed to write new input\n");
}
close(fd);
}
static void __solve_cond(dfsan_label label, uint8_t r, bool add_nested, void *addr) {
AOUT("solving label %d = %d, add_nested: %d\n", label, r, add_nested);
std::vector<uint64_t> tasks;
if (__z3_parser->parse_cond(label, r, add_nested, tasks)) {
AOUT("WARNING: failed to parse condition %d @%p\n", label, addr);
return;
}
for (auto id : tasks) {
// solve
symsan::Z3ParserSolver::solution_t solutions;
auto status = __z3_parser->solve_task(id, 30000U, solutions); // 30 seconds
if (solutions.size() != 0) {
AOUT("branch solved\n");
generate_input(solutions);
} else {
AOUT("branch not solvable @%p\n", addr);
}
solutions.clear();
}
}
static void __handle_gep(dfsan_label ptr_label, uptr ptr,
dfsan_label index_label, int64_t index,
uint64_t num_elems, uint64_t elem_size,
int64_t current_offset, void* addr) {
AOUT("tainted GEP index: %ld = %d, ne: %ld, es: %ld, offset: %ld\n",
index, index_label, num_elems, elem_size, current_offset);
std::vector<uint64_t> tasks;
if (__z3_parser->parse_gep(ptr_label, ptr, index_label, index, num_elems,
elem_size, current_offset, __enum_gep, tasks)) {
AOUT("WARNING: failed to parse gep %d @%p\n", index_label, addr);
return;
}
for (auto id : tasks) {
symsan::Z3ParserSolver::solution_t solutions;
auto status = __z3_parser->solve_task(id, 30000U, solutions); // 30 seconds
if (solutions.size() != 0) {
AOUT("gep solved\n");
generate_input(solutions);
} else {
AOUT("gep not solvable @%p\n", addr);
}
solutions.clear();
}
}
int main(int argc, char* const argv[]) {
if (argc != 3) {
fprintf(stderr, "Usage: %s target input\n", argv[0]);
exit(1);
}
char *program = argv[1];
char *input = argv[2];
int is_stdin = 0;
int solve_ub = 0;
int debug = 0;
char *options = getenv("TAINT_OPTIONS");
if (options) {
// setup output dir
char *output = strstr(options, "output_dir=");
if (output) {
output += 11; // skip "output_dir="
char *end = strchr(output, ':'); // try ':' first, then ' '
if (end == NULL) end = strchr(output, ' ');
size_t n = end == NULL? strlen(output) : (size_t)(end - output);
__output_dir = strndup(output, n);
}
// check if input is stdin
char *taint_file = strstr(options, "taint_file=");
if (taint_file) {
taint_file += strlen("taint_file="); // skip "taint_file="
char *end = strchr(taint_file, ':');
if (end == NULL) end = strchr(taint_file, ' ');
size_t n = end == NULL? strlen(taint_file) : (size_t)(end - taint_file);
if (n == 5 && !strncmp(taint_file, "stdin", 5))
is_stdin = 1;
}
// check for debug
char *debug_opt = strstr(options, "debug=");
if (debug_opt) {
debug_opt += strlen("debug="); // skip "debug="
if (strcmp(debug_opt, "1") == 0 || strcmp(debug_opt, "true") == 0)
debug = 1;
}
// check for session_id
char *session_opt = strstr(options, "session_id=");
if (session_opt) {
session_opt += strlen("session_id=");
__session_id = atoi(session_opt);
}
// check if solve_ub is enabled
char *solve_ub_opt = strstr(options, "solve_ub=");
if (solve_ub_opt) {
solve_ub_opt += strlen("solve_ub="); // skip "solve_ub="
if (strcmp(solve_ub_opt, "1") == 0 || strcmp(solve_ub_opt, "true") == 0)
solve_ub = 1;
}
// check if GEP enumeration is disabled
char *enum_gep_opt = strstr(options, "enum_gep=");
if (enum_gep_opt) {
enum_gep_opt += strlen("enum_gep="); // skip "enum_gep="
if (strncmp(enum_gep_opt, "0", 1) == 0 || strncmp(enum_gep_opt, "false", 5) == 0)
__enum_gep = 0;
}
}
// load input file
struct stat st;
int input_fd = open(input, O_RDONLY);
if (input_fd == -1) {
fprintf(stderr, "Failed to open input file: %s\n", strerror(errno));
exit(1);
}
fstat(input_fd, &st);
input_size = st.st_size;
input_buf = (char *)mmap(NULL, input_size, PROT_READ, MAP_PRIVATE, input_fd, 0);
if (input_buf == (void *)-1) {
fprintf(stderr, "Failed to map input file: %s\n", strerror(errno));
exit(1);
}
// setup launcher
void *shm_base = symsan_init(program, uniontable_size);
if (shm_base == (void *)-1) {
fprintf(stderr, "Failed to map shm: %s\n", strerror(errno));
exit(1);
}
if (symsan_set_input(is_stdin ? "stdin" : input) != 0) {
fprintf(stderr, "Failed to set input\n");
exit(1);
}
char* args[3];
args[0] = program;
args[1] = input;
args[2] = NULL;
if (symsan_set_args(2, args) != 0) {
fprintf(stderr, "Failed to set args\n");
exit(1);
}
symsan_set_debug(debug);
symsan_set_bounds_check(1);
symsan_set_solve_ub(solve_ub);
// launch the target
int ret = symsan_run(input_fd);
if (ret < 0) {
fprintf(stderr, "Failed to launch target: %s\n", strerror(errno));
exit(1);
} else if (ret > 0) {
fprintf(stderr, "SymSan launch error %d\n", ret);
exit(1);
}
close(input_fd);
// setup z3 parser
__z3_parser = new symsan::Z3ParserSolver(shm_base, uniontable_size, __z3_context);
std::vector<symsan::input_t> inputs;
inputs.push_back({(uint8_t*)input_buf, input_size});
if (__z3_parser->restart(inputs) != 0) {
fprintf(stderr, "Failed to restart parser\n");
exit(1);
}
pipe_msg msg;
gep_msg gmsg;
size_t msg_size;
memcmp_msg *mmsg = nullptr;
while (symsan_read_event(&msg, sizeof(msg), 0) > 0) {
// solve constraints
switch (msg.msg_type) {
case cond_type:
__solve_cond(msg.label, msg.result, msg.flags & F_ADD_CONS, (void*)msg.addr);
break;
case gep_type:
if (symsan_read_event(&gmsg, sizeof(gmsg), 0) != sizeof(gmsg)) {
fprintf(stderr, "Failed to receive gep msg: %s\n", strerror(errno));
break;
}
// double check
if (msg.label != gmsg.index_label) {
fprintf(stderr, "Incorrect gep msg: %d vs %d\n", msg.label, gmsg.index_label);
break;
}
__handle_gep(gmsg.ptr_label, gmsg.ptr, gmsg.index_label, gmsg.index,
gmsg.num_elems, gmsg.elem_size, gmsg.current_offset, (void*)msg.addr);
break;
case memcmp_type:
// flags = 0 means both operands are symbolic thus no content to read
if (!msg.flags)
break;
msg_size = sizeof(memcmp_msg) + msg.result;
mmsg = (memcmp_msg*)malloc(msg_size); // not freed until terminate
if (symsan_read_event(mmsg, msg_size, 0) != msg_size) {
fprintf(stderr, "Failed to receive memcmp msg: %s\n", strerror(errno));
free(mmsg);
break;
}
// double check
if (msg.label != mmsg->label) {
fprintf(stderr, "Incorrect memcmp msg: %d vs %d\n", msg.label, mmsg->label);
free(mmsg);
break;
}
// save the content
__z3_parser->record_memcmp(msg.label, mmsg->content, msg.result);
free(mmsg);
break;
case fsize_type:
break;
default:
break;
}
}
symsan_destroy();
exit(0);
}
================================================
FILE: driver/harness-proxy.c
================================================
// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <stdio.h>
#include <stdint.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <fcntl.h>
extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
__attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv);
__attribute__((weak)) void LLVMFuzzerCleanup(void);
int main(int argc, char* argv[]) {
// Initialize the fuzzer if the function is available
if (LLVMFuzzerInitialize) {
LLVMFuzzerInitialize(&argc, &argv);
}
// open file
int fd = open(argv[1], O_RDONLY);
if (fd < 0) {
perror("open");
return 1;
}
// get file size
struct stat st;
if (fstat(fd, &st) < 0) {
perror("fstat");
close(fd);
return 1;
}
size_t fsize = st.st_size;
// read file contents
char *string = (char*)malloc(fsize);
if (read(fd, string, fsize) != fsize) {
perror("read");
close(fd);
return 1;
}
close(fd);
// Now call into the harness
int retval = LLVMFuzzerTestOneInput((const uint8_t *)string, fsize);
free(string);
// Cleanup if the function is available
if (LLVMFuzzerCleanup) {
LLVMFuzzerCleanup();
}
return retval;
}
================================================
FILE: driver/launcher/CMakeLists.txt
================================================
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
set(CMAKE_CXX_STANDARD 14)
add_library(launcher STATIC launch.c)
================================================
FILE: driver/launcher/launch.c
================================================
#include "defs.h"
#include "debug.h"
#include "version.h"
#include "launch.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/ipc.h>
#include <sys/mman.h>
#include <sys/select.h>
#include <sys/shm.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/resource.h>
#include <fcntl.h>
#undef alloc_printf
#define alloc_printf(_str...) ({ \
char* _tmp; \
s32 _len = snprintf(NULL, 0, _str); \
if (_len < 0) FATAL("Whoa, snprintf() fails?!"); \
_tmp = (char*)malloc(_len + 1); \
snprintf((char*)_tmp, _len + 1, _str); \
_tmp; \
})
struct symsan_config {
char *symsan_bin;
char *input_file;
char **argv;
char *shm_name;
int shm_fd;
void *label_info;
int pipefds[2];
char *symsan_env;
int symsan_pid;
size_t shm_size;
int is_input_file;
int is_input_sdtin;
int is_input_network;
int enable_debug;
int enable_bounds_check;
int enable_solve_ub;
int exit_on_memerror;
int trace_file_size;
int force_stdin;
int dev_null_fd;
int exit_status;
int is_killed;
};
static struct symsan_config g_config;
__attribute__((visibility("default")))
void* symsan_init(const char *symsan_bin, const size_t uniontable_size) {
if (!symsan_bin) {
return (void *)-1;
}
g_config.symsan_bin = strdup(symsan_bin);
g_config.input_file = NULL;
g_config.argv = NULL;
g_config.shm_name = NULL;
g_config.shm_fd = -1;
g_config.label_info = NULL;
g_config.shm_size = uniontable_size;
g_config.pipefds[0] = -1;
g_config.pipefds[1] = -1;
g_config.symsan_env = NULL;
g_config.symsan_pid = -1;
g_config.is_input_file = 0;
g_config.is_input_sdtin = 0;
g_config.is_input_network = 0;
g_config.enable_debug = 0;
g_config.enable_bounds_check = 0;
g_config.enable_solve_ub = 0;
g_config.exit_on_memerror = 1;
g_config.trace_file_size = 0;
g_config.force_stdin = 0;
g_config.dev_null_fd = -1;
g_config.exit_status = 0;
g_config.is_killed = 0;
// open /dev/null
g_config.dev_null_fd = open("/dev/null", O_RDWR);
if (g_config.dev_null_fd == -1) {
return (void *)-1;
}
// create a new shm name
g_config.shm_name = alloc_printf("/symsan-union-table-%d", getpid());
if (!g_config.shm_name) {
return (void *)-1;
}
// create shm
g_config.shm_fd = shm_open(g_config.shm_name, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
if (g_config.shm_fd == -1) {
return (void *)-1;
}
// set the size of the shm
if (ftruncate(g_config.shm_fd, uniontable_size) == -1) {
return (void *)-1;
}
// clear O_CLOEXEC flag
fcntl(g_config.shm_fd, F_SETFD, fcntl(g_config.shm_fd, F_GETFD) & ~FD_CLOEXEC);
// mmap the shm
g_config.label_info = mmap(NULL, uniontable_size, PROT_READ, MAP_SHARED,
g_config.shm_fd, 0);
return g_config.label_info;
}
__attribute__((visibility("default")))
int symsan_set_input(const char *input) {
if (!input) {
return SYMSAN_INVALID_ARGS;
}
g_config.input_file = strdup(input);
if (!g_config.input_file) {
return SYMSAN_NO_MEMORY;
}
if (strcmp(input, "stdin") == 0) {
g_config.is_input_sdtin = 1;
} else if (strstr(input, "tcp@") == input) {
g_config.is_input_network = 1;
} else if (strstr(input, "udp@") == input) {
g_config.is_input_network = 1;
} else if (strstr(input, "unix@") == input) {
g_config.is_input_network = 1;
} else {
g_config.is_input_file = 1;
}
return 0;
}
__attribute__((visibility("default")))
int symsan_set_args(const int argc, char* const argv[]) {
if (argc < 1 || !argv) {
return SYMSAN_INVALID_ARGS;
}
g_config.argv = (char **)malloc(sizeof(char *) * (argc + 1));
if (!g_config.argv) {
return SYMSAN_NO_MEMORY;
}
int err = 0, i = 0;
for (;i < argc; i++) {
if (!argv[i]) {
err = SYMSAN_INVALID_ARGS;
goto error;
}
g_config.argv[i] = strdup(argv[i]);
if (!g_config.argv[i]) {
err = SYMSAN_NO_MEMORY;
goto error;
}
}
g_config.argv[argc] = NULL;
return 0;
error:
for (int j = 0; j < i; j++) {
free(g_config.argv[j]);
}
free(g_config.argv);
g_config.argv = NULL;
return err;
}
__attribute__((visibility("default")))
int symsan_set_debug(int enable) {
g_config.enable_debug = !!enable;
return 0;
}
__attribute__((visibility("default")))
int symsan_set_bounds_check(int enable) {
g_config.enable_bounds_check = !!enable;
return 0;
}
__attribute__((visibility("default")))
int symsan_set_solve_ub(int enable) {
g_config.enable_solve_ub = !!enable;
return 0;
}
__attribute__((visibility("default")))
int symsan_set_exit_on_memerror(int enable) {
g_config.exit_on_memerror = !!enable;
return 0;
}
__attribute__((visibility("default")))
int symsan_set_trace_file_size(int enable) {
g_config.trace_file_size = !!enable;
return 0;
}
__attribute__((visibility("default")))
int symsan_set_force_stdin(int enable) {
g_config.force_stdin = !!enable;
return 0;
}
__attribute__((visibility("default")))
int symsan_run(int fd) {
if (fd < 0) {
return SYMSAN_INVALID_ARGS;
}
if (!g_config.symsan_bin) {
return SYMSAN_MISSING_BIN;
}
if (!g_config.label_info) {
return SYMSAN_MISSING_SHM;
}
if (!g_config.input_file) {
return SYMSAN_MISSING_INPUT;
}
if (!g_config.argv) {
return SYMSAN_MISSING_ARGS;
}
if (g_config.is_input_network && !g_config.input_file) {
return SYMSAN_MISSING_INPUT;
}
// unlikely but double check
if (g_config.pipefds[0] != -1) {
close(g_config.pipefds[0]);
}
if (g_config.pipefds[1] != -1) {
close(g_config.pipefds[1]);
}
if (g_config.symsan_env == NULL) {
free(g_config.symsan_env);
}
int ret = pipe(g_config.pipefds);
if (ret != 0) {
return SYMSAN_NO_MEMORY;
}
// fds and configs could have been changed, so always set up new ones
g_config.symsan_env = alloc_printf(
"taint_file=\"%s\":shm_fd=%d:pipe_fd=%d:debug=%d:trace_bounds=%d:"
"solve_ub=%d:exit_on_memerror=%d:trace_fsize=%d:force_stdin=%d",
g_config.input_file, g_config.shm_fd, g_config.pipefds[1],
g_config.enable_debug, g_config.enable_bounds_check,
g_config.enable_solve_ub, g_config.exit_on_memerror,
g_config.trace_file_size, g_config.force_stdin);
if (g_config.symsan_env == NULL) {
return SYMSAN_NO_MEMORY;
}
if (g_config.enable_debug) {
fprintf(stderr, "SYMSAN_ENV: %s\n", g_config.symsan_env);
}
g_config.symsan_pid = fork();
if (g_config.symsan_pid == 0) {
// clear signal handlers and masks
sigset_t set;
sigemptyset(&set);
sigprocmask(SIG_SETMASK, &set, NULL);
// disable core dump as shadow mem is toooooo large
struct rlimit limit;
limit.rlim_cur = limit.rlim_max = 0;
setrlimit(RLIMIT_CORE, &limit);
close(g_config.pipefds[0]); // close the read fd
setenv("TAINT_OPTIONS", (char*)g_config.symsan_env, 1);
unsetenv("LD_PRELOAD"); // don't preload anything
if (g_config.is_input_sdtin) {
close(0);
lseek(fd, 0, SEEK_SET);
dup2(fd, 0);
}
if (!g_config.enable_debug) {
close(1);
close(2);
int dev_null_fd = open("/dev/null", O_RDWR);
dup2(g_config.dev_null_fd, 1);
dup2(g_config.dev_null_fd, 2);
}
ret = execv(g_config.symsan_bin, g_config.argv);
return ret;
} else if (g_config.symsan_pid < 0) {
close(g_config.pipefds[0]);
close(g_config.pipefds[1]);
return g_config.symsan_pid;
}
free(g_config.symsan_env);
g_config.symsan_env = NULL;
close(g_config.pipefds[1]); // close the write fd
g_config.pipefds[1] = -1;
g_config.is_killed = 0; // reset kill flag
return 0;
}
__attribute__((visibility("default")))
ssize_t symsan_read_event(void *buf, size_t size, unsigned int timeout) {
if (size == 0) {
return 0;
}
int ret = 1;
if (timeout) {
fd_set rfds;
struct timeval tv;
FD_ZERO(&rfds);
FD_SET(g_config.pipefds[0], &rfds);
tv.tv_sec = (timeout / 1000);
tv.tv_usec = (timeout % 1000) * 1000;
ret = select(g_config.pipefds[0] + 1, &rfds, NULL, NULL, &tv);
}
ssize_t n = -1;
if (ret > 0) { // no timeout or select okay
n = read(g_config.pipefds[0], buf, size);
} else {
// time out or error on select
kill(g_config.symsan_pid, SIGKILL);
g_config.is_killed = 1;
}
if (n != size) {
// error or EOF
waitpid(g_config.symsan_pid, &g_config.exit_status, 0);
g_config.symsan_pid = -1;
close(g_config.pipefds[0]); // close the read fd
g_config.pipefds[0] = -1;
}
return n;
}
__attribute__((visibility("default")))
int symsan_terminate() {
if (g_config.symsan_pid == -1) {
// already terminated
return 0;
} else if (g_config.symsan_pid > 0) {
kill(g_config.symsan_pid, SIGKILL);
g_config.is_killed = 1;
waitpid(g_config.symsan_pid, &g_config.exit_status, 0);
g_config.symsan_pid = -1;
close(g_config.pipefds[0]);
return 0;
} else {
return -1;
}
}
__attribute__((visibility("default")))
int symsan_get_exit_status(int *status) {
if (!status) {
return -1;
}
*status = g_config.exit_status;
return g_config.is_killed;
}
__attribute__((visibility("default")))
void symsan_destroy() {
symsan_terminate();
if (g_config.label_info != NULL) {
munmap(g_config.label_info, g_config.shm_size);
g_config.label_info = NULL;
}
if (g_config.dev_null_fd != -1) {
close(g_config.dev_null_fd);
g_config.dev_null_fd = -1;
}
if (g_config.shm_fd != -1) {
close(g_config.shm_fd);
g_config.shm_fd = -1;
}
if (g_config.shm_name != NULL) {
shm_unlink(g_config.shm_name);
free(g_config.shm_name);
g_config.shm_name = NULL;
}
if (g_config.input_file != NULL) {
free(g_config.input_file);
g_config.input_file = NULL;
}
if (g_config.argv != NULL) {
for (int i = 0; g_config.argv[i]; i++) {
free(g_config.argv[i]);
}
free(g_config.argv);
g_config.argv = NULL;
}
if (g_config.symsan_env != NULL) {
free(g_config.symsan_env);
g_config.symsan_env = NULL;
}
if (g_config.symsan_bin != NULL) {
free(g_config.symsan_bin);
g_config.symsan_bin = NULL;
}
if (g_config.pipefds[0] != -1) {
close(g_config.pipefds[0]);
g_config.pipefds[0] = -1;
}
if (g_config.pipefds[1] != -1) {
close(g_config.pipefds[1]);
g_config.pipefds[1] = -1;
}
}
================================================
FILE: include/alloc_inl.h
================================================
/*
american fuzzy lop - error-checking, memory-zeroing alloc routines
------------------------------------------------------------------
Written and maintained by Michal Zalewski <lcamtuf@google.com>
Copyright 2013, 2014, 2015 Google Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at:
http://www.apache.org/licenses/LICENSE-2.0
This allocator is not designed to resist malicious attackers (the canaries
are small and predictable), but provides a robust and portable way to detect
use-after-free, off-by-one writes, stale pointers, and so on.
*/
#ifndef _HAVE_ALLOC_INL_H
#define _HAVE_ALLOC_INL_H
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "defs.h"
//#include "types.h"
#include "debug.h"
#define MAX_ALLOC 0x40000000
/* User-facing macro to sprintf() to a dynamically allocated buffer. */
#define alloc_printf(_str...) ({ \
char* _tmp; \
s32 _len = snprintf(NULL, 0, _str); \
if (_len < 0) FATAL("Whoa, snprintf() fails?!"); \
_tmp = ck_alloc(_len + 1); \
snprintf((char*)_tmp, _len + 1, _str); \
_tmp; \
})
/* Macro to enforce allocation limits as a last-resort defense against
integer overflows. */
#define ALLOC_CHECK_SIZE(_s) do { \
if ((_s) > MAX_ALLOC) \
ABORT("Bad alloc request: %u bytes", (_s)); \
} while (0)
/* Macro to check malloc() failures and the like. */
#define ALLOC_CHECK_RESULT(_r, _s) do { \
if (!(_r)) \
ABORT("Out of memory: can't allocate %u bytes", (_s)); \
} while (0)
/* Magic tokens used to mark used / freed chunks. */
#define ALLOC_MAGIC_C1 0xFF00FF00 /* Used head (dword) */
#define ALLOC_MAGIC_F 0xFE00FE00 /* Freed head (dword) */
#define ALLOC_MAGIC_C2 0xF0 /* Used tail (byte) */
/* Positions of guard tokens in relation to the user-visible pointer. */
#define ALLOC_C1(_ptr) (((u32*)(_ptr))[-2])
#define ALLOC_S(_ptr) (((u32*)(_ptr))[-1])
#define ALLOC_C2(_ptr) (((u8*)(_ptr))[ALLOC_S(_ptr)])
#define ALLOC_OFF_HEAD 8
#define ALLOC_OFF_TOTAL (ALLOC_OFF_HEAD + 1)
/* Allocator increments for ck_realloc_block(). */
#define ALLOC_BLK_INC 256
/* Sanity-checking macros for pointers. */
#define CHECK_PTR(_p) do { \
if (_p) { \
if (ALLOC_C1(_p) ^ ALLOC_MAGIC_C1) {\
if (ALLOC_C1(_p) == ALLOC_MAGIC_F) \
ABORT("Use after free."); \
else ABORT("Corrupted head alloc canary."); \
} \
if (ALLOC_C2(_p) ^ ALLOC_MAGIC_C2) \
ABORT("Corrupted tail alloc canary."); \
} \
} while (0)
#define CHECK_PTR_EXPR(_p) ({ \
typeof (_p) _tmp = (_p); \
CHECK_PTR(_tmp); \
_tmp; \
})
/* Allocate a buffer, explicitly not zeroing it. Returns NULL for zero-sized
requests. */
static inline void* DFL_ck_alloc_nozero(u32 size) {
void* ret;
if (!size) return NULL;
ALLOC_CHECK_SIZE(size);
ret = malloc(size + ALLOC_OFF_TOTAL);
ALLOC_CHECK_RESULT(ret, size);
ret += ALLOC_OFF_HEAD;
ALLOC_C1(ret) = ALLOC_MAGIC_C1;
ALLOC_S(ret) = size;
ALLOC_C2(ret) = ALLOC_MAGIC_C2;
return ret;
}
/* Allocate a buffer, returning zeroed memory. */
static inline void* DFL_ck_alloc(u32 size) {
void* mem;
if (!size) return NULL;
mem = DFL_ck_alloc_nozero(size);
return memset(mem, 0, size);
}
/* Free memory, checking for double free and corrupted heap. When DEBUG_BUILD
is set, the old memory will be also clobbered with 0xFF. */
static inline void DFL_ck_free(void* mem) {
if (!mem) return;
CHECK_PTR(mem);
#ifdef DEBUG_BUILD
/* Catch pointer issues sooner. */
memset(mem, 0xFF, ALLOC_S(mem));
#endif /* DEBUG_BUILD */
ALLOC_C1(mem) = ALLOC_MAGIC_F;
free(mem - ALLOC_OFF_HEAD);
}
/* Re-allocate a buffer, checking for issues and zeroing any newly-added tail.
With DEBUG_BUILD, the buffer is always reallocated to a new addresses and the
old memory is clobbered with 0xFF. */
static inline void* DFL_ck_realloc(void* orig, u32 size) {
void* ret;
u32 old_size = 0;
if (!size) {
DFL_ck_free(orig);
return NULL;
}
if (orig) {
CHECK_PTR(orig);
#ifndef DEBUG_BUILD
ALLOC_C1(orig) = ALLOC_MAGIC_F;
#endif /* !DEBUG_BUILD */
old_size = ALLOC_S(orig);
orig -= ALLOC_OFF_HEAD;
ALLOC_CHECK_SIZE(old_size);
}
ALLOC_CHECK_SIZE(size);
#ifndef DEBUG_BUILD
ret = realloc(orig, size + ALLOC_OFF_TOTAL);
ALLOC_CHECK_RESULT(ret, size);
#else
/* Catch pointer issues sooner: force relocation and make sure that the
original buffer is wiped. */
ret = malloc(size + ALLOC_OFF_TOTAL);
ALLOC_CHECK_RESULT(ret, size);
if (orig) {
memcpy(ret + ALLOC_OFF_HEAD, orig + ALLOC_OFF_HEAD, MIN(size, old_size));
memset(orig + ALLOC_OFF_HEAD, 0xFF, old_size);
ALLOC_C1(orig + ALLOC_OFF_HEAD) = ALLOC_MAGIC_F;
free(orig);
}
#endif /* ^!DEBUG_BUILD */
ret += ALLOC_OFF_HEAD;
ALLOC_C1(ret) = ALLOC_MAGIC_C1;
ALLOC_S(ret) = size;
ALLOC_C2(ret) = ALLOC_MAGIC_C2;
if (size > old_size)
memset(ret + old_size, 0, size - old_size);
return ret;
}
/* Re-allocate a buffer with ALLOC_BLK_INC increments (used to speed up
repeated small reallocs without complicating the user code). */
static inline void* DFL_ck_realloc_block(void* orig, u32 size) {
#ifndef DEBUG_BUILD
if (orig) {
CHECK_PTR(orig);
if (ALLOC_S(orig) >= size) return orig;
size += ALLOC_BLK_INC;
}
#endif /* !DEBUG_BUILD */
return DFL_ck_realloc(orig, size);
}
/* Create a buffer with a copy of a string. Returns NULL for NULL inputs. */
static inline char* DFL_ck_strdup(char* str) {
void* ret;
u32 size;
if (!str) return NULL;
size = strlen((char*)str) + 1;
ALLOC_CHECK_SIZE(size);
ret = malloc(size + ALLOC_OFF_TOTAL);
ALLOC_CHECK_RESULT(ret, size);
ret += ALLOC_OFF_HEAD;
ALLOC_C1(ret) = ALLOC_MAGIC_C1;
ALLOC_S(ret) = size;
ALLOC_C2(ret) = ALLOC_MAGIC_C2;
return memcpy(ret, str, size);
}
/* Create a buffer with a copy of a memory block. Returns NULL for zero-sized
or NULL inputs. */
static inline void* DFL_ck_memdup(void* mem, u32 size) {
void* ret;
if (!mem || !size) return NULL;
ALLOC_CHECK_SIZE(size);
ret = malloc(size + ALLOC_OFF_TOTAL);
ALLOC_CHECK_RESULT(ret, size);
ret += ALLOC_OFF_HEAD;
ALLOC_C1(ret) = ALLOC_MAGIC_C1;
ALLOC_S(ret) = size;
ALLOC_C2(ret) = ALLOC_MAGIC_C2;
return memcpy(ret, mem, size);
}
/* Create a buffer with a block of text, appending a NUL terminator at the end.
Returns NULL for zero-sized or NULL inputs. */
static inline u8* DFL_ck_memdup_str(u8* mem, u32 size) {
u8* ret;
if (!mem || !size) return NULL;
ALLOC_CHECK_SIZE(size);
ret = malloc(size + ALLOC_OFF_TOTAL + 1);
ALLOC_CHECK_RESULT(ret, size);
ret += ALLOC_OFF_HEAD;
ALLOC_C1(ret) = ALLOC_MAGIC_C1;
ALLOC_S(ret) = size;
ALLOC_C2(ret) = ALLOC_MAGIC_C2;
memcpy(ret, mem, size);
ret[size] = 0;
return ret;
}
#ifndef DEBUG_BUILD
/* In non-debug mode, we just do straightforward aliasing of the above functions
to user-visible names such as ck_alloc(). */
#define ck_alloc DFL_ck_alloc
#define ck_alloc_nozero DFL_ck_alloc_nozero
#define ck_realloc DFL_ck_realloc
#define ck_realloc_block DFL_ck_realloc_block
#define ck_strdup DFL_ck_strdup
#define ck_memdup DFL_ck_memdup
#define ck_memdup_str DFL_ck_memdup_str
#define ck_free DFL_ck_free
#define alloc_report()
#else
/* In debugging mode, we also track allocations to detect memory leaks, and the
flow goes through one more layer of indirection. */
/* Alloc tracking data structures: */
#define ALLOC_BUCKETS 4096
struct TRK_obj {
void *ptr;
char *file, *func;
u32 line;
};
#ifdef AFL_MAIN
struct TRK_obj* TRK[ALLOC_BUCKETS];
u32 TRK_cnt[ALLOC_BUCKETS];
# define alloc_report() TRK_report()
#else
extern struct TRK_obj* TRK[ALLOC_BUCKETS];
extern u32 TRK_cnt[ALLOC_BUCKETS];
# define alloc_report()
#endif /* ^AFL_MAIN */
/* Bucket-assigning function for a given pointer: */
#define TRKH(_ptr) (((((u32)(_ptr)) >> 16) ^ ((u32)(_ptr))) % ALLOC_BUCKETS)
/* Add a new entry to the list of allocated objects. */
static inline void TRK_alloc_buf(void* ptr, const char* file, const char* func,
u32 line) {
u32 i, bucket;
if (!ptr) return;
bucket = TRKH(ptr);
/* Find a free slot in the list of entries for that bucket. */
for (i = 0; i < TRK_cnt[bucket]; i++)
if (!TRK[bucket][i].ptr) {
TRK[bucket][i].ptr = ptr;
TRK[bucket][i].file = (char*)file;
TRK[bucket][i].func = (char*)func;
TRK[bucket][i].line = line;
return;
}
/* No space available - allocate more. */
TRK[bucket] = DFL_ck_realloc_block(TRK[bucket],
(TRK_cnt[bucket] + 1) * sizeof(struct TRK_obj));
TRK[bucket][i].ptr = ptr;
TRK[bucket][i].file = (char*)file;
TRK[bucket][i].func = (char*)func;
TRK[bucket][i].line = line;
TRK_cnt[bucket]++;
}
/* Remove entry from the list of allocated objects. */
static inline void TRK_free_buf(void* ptr, const char* file, const char* func,
u32 line) {
u32 i, bucket;
if (!ptr) return;
bucket = TRKH(ptr);
/* Find the element on the list... */
for (i = 0; i < TRK_cnt[bucket]; i++)
if (TRK[bucket][i].ptr == ptr) {
TRK[bucket][i].ptr = 0;
return;
}
WARNF("ALLOC: Attempt to free non-allocated memory in %s (%s:%u)",
func, file, line);
}
/* Do a final report on all non-deallocated objects. */
static inline void TRK_report(void) {
u32 i, bucket;
fflush(0);
for (bucket = 0; bucket < ALLOC_BUCKETS; bucket++)
for (i = 0; i < TRK_cnt[bucket]; i++)
if (TRK[bucket][i].ptr)
WARNF("ALLOC: Memory never freed, created in %s (%s:%u)",
TRK[bucket][i].func, TRK[bucket][i].file, TRK[bucket][i].line);
}
/* Simple wrappers for non-debugging functions: */
static inline void* TRK_ck_alloc(u32 size, const char* file, const char* func,
u32 line) {
void* ret = DFL_ck_alloc(size);
TRK_alloc_buf(ret, file, func, line);
return ret;
}
static inline void* TRK_ck_realloc(void* orig, u32 size, const char* file,
const char* func, u32 line) {
void* ret = DFL_ck_realloc(orig, size);
TRK_free_buf(orig, file, func, line);
TRK_alloc_buf(ret, file, func, line);
return ret;
}
static inline void* TRK_ck_realloc_block(void* orig, u32 size, const char* file,
const char* func, u32 line) {
void* ret = DFL_ck_realloc_block(orig, size);
TRK_free_buf(orig, file, func, line);
TRK_alloc_buf(ret, file, func, line);
return ret;
}
static inline void* TRK_ck_strdup(u8* str, const char* file, const char* func,
u32 line) {
void* ret = DFL_ck_strdup(str);
TRK_alloc_buf(ret, file, func, line);
return ret;
}
static inline void* TRK_ck_memdup(void* mem, u32 size, const char* file,
const char* func, u32 line) {
void* ret = DFL_ck_memdup(mem, size);
TRK_alloc_buf(ret, file, func, line);
return ret;
}
static inline void* TRK_ck_memdup_str(void* mem, u32 size, const char* file,
const char* func, u32 line) {
void* ret = DFL_ck_memdup_str(mem, size);
TRK_alloc_buf(ret, file, func, line);
return ret;
}
static inline void TRK_ck_free(void* ptr, const char* file,
const char* func, u32 line) {
TRK_free_buf(ptr, file, func, line);
DFL_ck_free(ptr);
}
/* Aliasing user-facing names to tracking functions: */
#define ck_alloc(_p1) \
TRK_ck_alloc(_p1, __FILE__, __FUNCTION__, __LINE__)
#define ck_alloc_nozero(_p1) \
TRK_ck_alloc(_p1, __FILE__, __FUNCTION__, __LINE__)
#define ck_realloc(_p1, _p2) \
TRK_ck_realloc(_p1, _p2, __FILE__, __FUNCTION__, __LINE__)
#define ck_realloc_block(_p1, _p2) \
TRK_ck_realloc_block(_p1, _p2, __FILE__, __FUNCTION__, __LINE__)
#define ck_strdup(_p1) \
TRK_ck_strdup(_p1, __FILE__, __FUNCTION__, __LINE__)
#define ck_memdup(_p1, _p2) \
TRK_ck_memdup(_p1, _p2, __FILE__, __FUNCTION__, __LINE__)
#define ck_memdup_str(_p1, _p2) \
TRK_ck_memdup_str(_p1, _p2, __FILE__, __FUNCTION__, __LINE__)
#define ck_free(_p1) \
TRK_ck_free(_p1, __FILE__, __FUNCTION__, __LINE__)
#endif /* ^!DEBUG_BUILD */
#endif /* ! _HAVE_ALLOC_INL_H */
================================================
FILE: include/ast.h
================================================
#pragma once
#include <stdint.h>
#include <stdexcept>
#include <string>
#include <vector>
namespace rgd {
enum AstKind {
Bool, // 0
Constant, // 1
Read, // 2
Concat, // 3
Extract, // 4
ZExt, // 5
SExt, // 6
// Arithmetic
Add, // 7
Sub, // 8
Mul, // 9
UDiv, // 10
SDiv, // 11
URem, // 12
SRem, // 13
Neg, // 14
// Bit
Not, // 15
And, // 16
Or, // 17
Xor, // 18
Shl, // 19
LShr, // 20
AShr, // 21
// Compare
Equal, // 22
Distinct, // 23
Ult, // 24
Ule, // 25
Ugt, // 26
Uge, // 27
Slt, // 28
Sle, // 29
Sgt, // 30
Sge, // 31
// Logical
LOr, // 32
LAnd, // 33
LNot, // 34
// Special
Ite, // 35
Load, // 36 to be worked with TT-Fuzzer
Memcmp, //37
MemcmpN, // 38
// Last
LastOp
};
static const char* AstKindName[] = {
"Bool",
"Constant",
"Read",
"Concat",
"Extract",
"ZExt",
"SExt",
"Add",
"Sub",
"Mul",
"UDiv",
"SDiv",
"URem",
"SRem",
"Neg",
"Not",
"And",
"Or",
"Xor",
"Shl",
"LShr",
"AShr",
"Equal",
"Distinct",
"Ult",
"Ule",
"Ugt",
"Uge",
"Slt",
"Sle",
"Sgt",
"Sge",
"LOr",
"LAnd",
"LNot",
"Ite",
"Load",
"Memcmp",
"MemcmpN",
};
static inline bool isRelationalKind(uint16_t kind) {
if (kind >= Equal && kind <= Sge)
return true;
else
return false;
}
static inline bool isBinaryOperation(uint16_t kind) {
if (kind >= Add && kind <= AShr && kind != Neg && kind != Not)
return true;
else
return false;
}
static inline uint16_t negate_cmp(uint16_t kind) {
switch (kind) {
case Equal: return Distinct;
case Distinct: return Equal;
case Ult: return Uge;
case Ule: return Ugt;
case Ugt: return Ule;
case Uge: return Ult;
case Slt: return Sge;
case Sle: return Sgt;
case Sgt: return Sle;
case Sge: return Slt;
default: return Bool;
}
}
static inline bool isSignedCmp(uint16_t kind) {
if (kind >= Slt && kind <= Sge)
return true;
else
return false;
}
class AstNode {
public:
AstNode(size_t size=32) : child0_(0), child1_(0), kind_(0), bits_(0), index_(0),
boolvalue_(0), is_root_(1), label_(0), hash_(0) {
root_ = new std::vector<AstNode>(); // only allocate if is root
root_->reserve(size + 1); // default capacity, +1 for dummy root
root_->emplace_back(AstNode(root_)); // add a dummy root
}
AstNode(std::vector<AstNode> *r) : root_(r), child0_(0), child1_(0),
kind_(0), bits_(0), index_(0), boolvalue_(0), is_root_(0), label_(0),
hash_(0) {} // don't allocate if not root
~AstNode() { if (is_root_) delete root_; }
inline void CopyFrom(const AstNode& other) {
if (this->root_ == other.root_) {
// don't change is_root_ flag
child0_ = other.child0_;
child1_ = other.child1_;
kind_ = other.kind_;
bits_ = other.bits_;
index_ = other.index_;
boolvalue_ = other.boolvalue_;
label_ = other.label_;
hash_ = other.hash_;
} else {
RecursiveCopyFrom(other);
}
}
inline uint32_t children_size() const {
return (!!child0_) + (!!child1_);
}
inline const AstNode& children(uint32_t i) const {
if (i >= 2) throw std::out_of_range("children index out of range");
return i == 0 ? root_->at(child0_) : root_->at(child1_);
}
inline AstNode* mutable_children(uint32_t i) {
if (i >= 2) throw std::out_of_range("children index out of range");
return i == 0 ? &root_->at(child0_) : &root_->at(child1_);
}
AstNode* add_children() {
size_t size = root_->size();
// assert(size < root_->capacity() && "cannot resize");
if (size >= root_->capacity()) return nullptr;
if (child0_ == 0) child0_ = size;
else if (child1_ == 0) child1_ = size;
else return nullptr; //assert(false && "too many children");
root_->emplace_back(AstNode(root_));
return &root_->back();
}
inline void clear_children() { child0_ = child1_ = 0; }
inline void clear_children(uint32_t i) {
if (i >= 2) throw std::out_of_range("children index out of range");
if (i == 1) child1_ = 0;
else child0_ = child1_; // pop child1 to child0
}
inline uint16_t kind() const { return kind_; }
inline void set_kind(uint16_t kind) { kind_ = kind; }
inline uint16_t bits() const { return bits_; }
inline void set_bits(uint16_t bits) { bits_ = bits; }
inline uint32_t index() const { return index_; }
inline void set_index(uint32_t index) { index_ = index; }
inline uint8_t boolvalue() const { return boolvalue_; }
inline void set_boolvalue(uint8_t value) { boolvalue_ = value ? 0 : 1; }
inline uint32_t label() const { return label_; }
inline void set_label(uint32_t label) { label_ = label; }
inline uint32_t hash() const { return hash_; }
inline void set_hash(uint32_t hash) { hash_ = hash; }
private:
std::vector<AstNode> *root_; // root of the AST
uint32_t child0_;
uint32_t child1_;
uint16_t kind_;
uint16_t bits_;
uint32_t index_ : 30; //used by read expr for index and extract expr
uint8_t boolvalue_ : 1; //used by bool expr
uint8_t is_root_ : 1; // true if this is the root of the AST
uint32_t label_; //for expression dedup
uint32_t hash_; //for node dedup
void RecursiveCopyFrom(const AstNode &other) {
// copy children
if (other.child0_) {
if (this->child0_ == 0) {
child0_ = root_->size();
root_->emplace_back(AstNode(root_));
}
root_->at(child0_).RecursiveCopyFrom(other.children(0));
} else {
child0_ = 0;
}
if (other.child1_) {
if (this->child1_ == 0) {
child1_ = root_->size();
root_->emplace_back(AstNode(root_));
}
root_->at(child1_).RecursiveCopyFrom(other.children(1));
} else {
child1_ = 0;
}
// copy other fields
kind_ = other.kind_;
bits_ = other.bits_;
index_ = other.index_;
boolvalue_ = other.boolvalue_;
label_ = other.label_;
hash_ = other.hash_;
}
};
static bool isEqualAstRecursive(const AstNode& lhs, const AstNode& rhs) {
// number of operands and size of the operands must match
const int children_size = lhs.children_size();
if (children_size != rhs.children_size()) return false;
if (lhs.bits() != rhs.bits()) return false;
if (lhs.kind() != rhs.kind()) {
// to maximize the reuse of JIT'ed functions, jigsaw does not
// care about which relational operator is used, as long as
// they are both relational operators
if (isRelationalKind(lhs.kind()) && isRelationalKind(rhs.kind())) {
// do nothing, fall through to compare operands
} else {
return false;
}
} else if (lhs.hash() != rhs.hash()) {
// if the kind is the same, then hash has to match
return false;
}
// compare each operand
for (int i = 0; i < children_size; i++) {
if (!isEqualAstRecursive(lhs.children(i), rhs.children(i)))
return false;
}
return true;
}
static inline bool isEqualAst(const AstNode& lhs, const AstNode& rhs) {
return isEqualAstRecursive(lhs, rhs);
}
static inline uint32_t xxhash(uint32_t h1, uint32_t h2, uint32_t h3) {
const uint32_t PRIME32_1 = 2654435761U;
const uint32_t PRIME32_2 = 2246822519U;
const uint32_t PRIME32_3 = 3266489917U;
const uint32_t PRIME32_4 = 668265263U;
const uint32_t PRIME32_5 = 374761393U;
#define XXH_rotl32(x,r) ((x << r) | (x >> (32 - r)))
uint32_t h32 = PRIME32_5;
h32 += h1 * PRIME32_3;
h32 = XXH_rotl32(h32, 17) * PRIME32_4;
h32 += h2 * PRIME32_3;
h32 = XXH_rotl32(h32, 17) * PRIME32_4;
h32 += h3 * PRIME32_3;
h32 = XXH_rotl32(h32, 17) * PRIME32_4;
#undef XXH_rotl32
h32 ^= h32 >> 15;
h32 *= PRIME32_2;
h32 ^= h32 >> 13;
h32 *= PRIME32_3;
h32 ^= h32 >> 16;
return h32;
}
static inline void buf_to_hex_string(const uint8_t *buf, unsigned length,
std::string &str) {
const char hex_table[16] = {
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
'a', 'b', 'c', 'd', 'e', 'f' };
str.clear();
for (unsigned i = 0; i < length; ++i) {
uint8_t val = buf[i];
str.push_back(hex_table[val >> 4]);
str.push_back(hex_table[val & 0xf]);
}
}
}; // namespace rgd
================================================
FILE: include/cov.h
================================================
#pragma once
#include <stdint.h>
#include <vector>
#include <unordered_map>
#include <memory>
#include <utility>
namespace rgd {
struct BranchContext {
void *addr;
bool direction;
};
struct HybridBranchContext : public BranchContext {
uint32_t id;
};
struct ContextAwareBranchContext : public BranchContext {
uint32_t context;
};
struct LoopAwareBranchContext : public BranchContext {
uint32_t loop_counter;
};
struct HistoryAwareBranchContext : public BranchContext {
uint32_t history;
};
struct FullBranchContext : public HybridBranchContext,
public ContextAwareBranchContext,
public LoopAwareBranchContext,
public HistoryAwareBranchContext {
};
class CovManager {
public:
virtual ~CovManager() {}
virtual const std::shared_ptr<BranchContext> // don't want the saved context to be modified
add_branch(void *addr, uint32_t id, bool direction, uint32_t context, bool is_loop_header, bool is_loop_exit) = 0;
virtual bool
is_branch_interesting(const std::shared_ptr<BranchContext> context) = 0;
};
class EdgeCovManager : public CovManager {
private:
using BranchTargets = std::pair<bool, bool>;
std::unordered_map<void*, BranchTargets> branches;
std::shared_ptr<BranchContext> _ctx;
public:
EdgeCovManager() { _ctx = std::make_shared<BranchContext>(); }
const std::shared_ptr<BranchContext>
add_branch(void *addr, uint32_t id, bool direction, uint32_t context, bool is_loop_header, bool is_loop_exit) override {
auto &itr = branches[addr];
itr.first |= direction? true : false;
itr.second |= direction? false : true;
_ctx->addr = addr;
_ctx->direction = direction;
return _ctx;
}
bool is_branch_interesting(const std::shared_ptr<BranchContext> context) override {
auto itr = branches.find(context->addr);
// assert(itr != branches.end());
if (context->direction) {
return itr->second.first == false;
} else {
return itr->second.second == false;
}
}
};
}; // namespace rgd
================================================
FILE: include/debug.h
================================================
/*
american fuzzy lop - debug / error handling macros
--------------------------------------------------
Written and maintained by Michal Zalewski <lcamtuf@google.com>
Copyright 2013, 2014, 2015, 2016 Google Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at:
http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef _HAVE_DEBUG_H
#define _HAVE_DEBUG_H
#include <errno.h>
#include "defs.h"
/*******************
* Terminal colors *
*******************/
#ifdef USE_COLOR
# define cBLK "\x1b[0;30m"
# define cRED "\x1b[0;31m"
# define cGRN "\x1b[0;32m"
# define cBRN "\x1b[0;33m"
# define cBLU "\x1b[0;34m"
# define cMGN "\x1b[0;35m"
# define cCYA "\x1b[0;36m"
# define cLGR "\x1b[0;37m"
# define cGRA "\x1b[1;90m"
# define cLRD "\x1b[1;91m"
# define cLGN "\x1b[1;92m"
# define cYEL "\x1b[1;93m"
# define cLBL "\x1b[1;94m"
# define cPIN "\x1b[1;95m"
# define cLCY "\x1b[1;96m"
# define cBRI "\x1b[1;97m"
# define cRST "\x1b[0m"
# define bgBLK "\x1b[40m"
# define bgRED "\x1b[41m"
# define bgGRN "\x1b[42m"
# define bgBRN "\x1b[43m"
# define bgBLU "\x1b[44m"
# define bgMGN "\x1b[45m"
# define bgCYA "\x1b[46m"
# define bgLGR "\x1b[47m"
# define bgGRA "\x1b[100m"
# define bgLRD "\x1b[101m"
# define bgLGN "\x1b[102m"
# define bgYEL "\x1b[103m"
# define bgLBL "\x1b[104m"
# define bgPIN "\x1b[105m"
# define bgLCY "\x1b[106m"
# define bgBRI "\x1b[107m"
#else
# define cBLK ""
# define cRED ""
# define cGRN ""
# define cBRN ""
# define cBLU ""
# define cMGN ""
# define cCYA ""
# define cLGR ""
# define cGRA ""
# define cLRD ""
# define cLGN ""
# define cYEL ""
# define cLBL ""
# define cPIN ""
# define cLCY ""
# define cBRI ""
# define cRST ""
# define bgBLK ""
# define bgRED ""
# define bgGRN ""
# define bgBRN ""
# define bgBLU ""
# define bgMGN ""
# define bgCYA ""
# define bgLGR ""
# define bgGRA ""
# define bgLRD ""
# define bgLGN ""
# define bgYEL ""
# define bgLBL ""
# define bgPIN ""
# define bgLCY ""
# define bgBRI ""
#endif /* ^USE_COLOR */
/*************************
* Box drawing sequences *
*************************/
#ifdef FANCY_BOXES
# define SET_G1 "\x1b)0" /* Set G1 for box drawing */
# define RESET_G1 "\x1b)B" /* Reset G1 to ASCII */
# define bSTART "\x0e" /* Enter G1 drawing mode */
# define bSTOP "\x0f" /* Leave G1 drawing mode */
# define bH "q" /* Horizontal line */
# define bV "x" /* Vertical line */
# define bLT "l" /* Left top corner */
# define bRT "k" /* Right top corner */
# define bLB "m" /* Left bottom corner */
# define bRB "j" /* Right bottom corner */
# define bX "n" /* Cross */
# define bVR "t" /* Vertical, branch right */
# define bVL "u" /* Vertical, branch left */
# define bHT "v" /* Horizontal, branch top */
# define bHB "w" /* Horizontal, branch bottom */
#else
# define SET_G1 ""
# define RESET_G1 ""
# define bSTART ""
# define bSTOP ""
# define bH "-"
# define bV "|"
# define bLT "+"
# define bRT "+"
# define bLB "+"
# define bRB "+"
# define bX "+"
# define bVR "+"
# define bVL "+"
# define bHT "+"
# define bHB "+"
#endif /* ^FANCY_BOXES */
/***********************
* Misc terminal codes *
***********************/
#define TERM_HOME "\x1b[H"
#define TERM_CLEAR TERM_HOME "\x1b[2J"
#define cEOL "\x1b[0K"
#define CURSOR_HIDE "\x1b[?25l"
#define CURSOR_SHOW "\x1b[?25h"
/************************
* Debug & error macros *
************************/
/* Just print stuff to the appropriate stream. */
#ifdef MESSAGES_TO_STDOUT
# define SAYF(x...) printf(x)
#else
# define SAYF(x...) fprintf(stderr, x)
#endif /* ^MESSAGES_TO_STDOUT */
/* Show a prefixed warning. */
#define WARNF(x...) do { \
SAYF(cYEL "[!] " cBRI "WARNING: " cRST x); \
SAYF(cRST "\n"); \
} while (0)
/* Show a prefixed "doing something" message. */
#define ACTF(x...) do { \
SAYF(cLBL "[*] " cRST x); \
SAYF(cRST "\n"); \
} while (0)
/* Show a prefixed "success" message. */
#define OKF(x...) do { \
SAYF(cLGN "[+] " cRST x); \
SAYF(cRST "\n"); \
} while (0)
/* Show a prefixed fatal error message (not used in afl). */
#define BADF(x...) do { \
SAYF(cLRD "\n[-] " cRST x); \
SAYF(cRST "\n"); \
} while (0)
/* Die with a verbose non-OS fatal error message. */
#define FATAL(x...) do { \
SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD "\n[-] PROGRAM ABORT : " \
cBRI x); \
SAYF(cLRD "\n Location : " cRST "%s(), %s:%u\n\n", \
__FUNCTION__, __FILE__, __LINE__); \
exit(1); \
} while (0)
/* Die by calling abort() to provide a core dump. */
#define ABORT(x...) do { \
SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD "\n[-] PROGRAM ABORT : " \
cBRI x); \
SAYF(cLRD "\n Stop location : " cRST "%s(), %s:%u\n\n", \
__FUNCTION__, __FILE__, __LINE__); \
abort(); \
} while (0)
/* Die while also including the output of perror(). */
#define PFATAL(x...) do { \
fflush(stdout); \
SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD "\n[-] SYSTEM ERROR : " \
cBRI x); \
SAYF(cLRD "\n Stop location : " cRST "%s(), %s:%u\n", \
__FUNCTION__, __FILE__, __LINE__); \
SAYF(cLRD " OS message : " cRST "%s\n", strerror(errno)); \
exit(1); \
} while (0)
/* Die with FAULT() or PFAULT() depending on the value of res (used to
interpret different failure modes for read(), write(), etc). */
#define RPFATAL(res, x...) do { \
if (res < 0) PFATAL(x); else FATAL(x); \
} while (0)
/* Error-checking versions of read() and write() that call RPFATAL() as
appropriate. */
#define ck_write(fd, buf, len, fn) do { \
u32 _len = (len); \
s32 _res = write(fd, buf, _len); \
if (_res != _len) RPFATAL(_res, "Short write to %s", fn); \
} while (0)
#define ck_read(fd, buf, len, fn) do { \
u32 _len = (len); \
s32 _res = read(fd, buf, _len); \
if (_res != _len) RPFATAL(_res, "Short read from %s", fn); \
} while (0)
#endif /* ! _HAVE_DEBUG_H */
================================================
FILE: include/defs.h
================================================
#ifndef _HAVE_DEFS_H
#define _HAVE_DEFS_H
#ifdef DEBUG_INFO
// #define DEBUG_PRINTF printf
#define DEBUG_PRINTF(...) \
do { \
printf(__VA_ARGS__); \
} while (0)
#else
#define DEBUG_PRINTF(...) \
do { \
} while (0)
#endif
#ifndef MIN
#define MIN(_a, _b) ((_a) > (_b) ? (_b) : (_a))
#define MAX(_a, _b) ((_a) > (_b) ? (_a) : (_b))
#endif /* !MIN */
#ifndef RRR
#define RRR(x) (random() % (x))
#endif
#include <stdint.h>
#include <stdlib.h>
typedef uint32_t dfsan_label;
typedef uint8_t u8;
typedef uint16_t u16;
typedef uint32_t u32;
#ifdef __x86_64__
typedef unsigned long long u64;
typedef long long s64;
#else
typedef uint64_t u64;
typedef int64_t s64;
#endif
typedef int8_t s8;
typedef int16_t s16;
typedef int32_t s32;
#endif /* ! _HAVE_DEFS_H */
================================================
FILE: include/launch.h
================================================
#ifndef SYMSAN_LAUNCH_H
#define SYMSAN_LAUNCH_H
#include <stdint.h>
#define SYMSAN_INVALID_ARGS 1;
#define SYMSAN_NO_MEMORY 2;
#define SYMSAN_MISSING_BIN 3;
#define SYMSAN_MISSING_SHM 4;
#define SYMSAN_MISSING_INPUT 5;
#define SYMSAN_MISSING_ARGS 6;
/// @brief initialize symsan launcher
/// @param symsan_bin: path to symsan binary
/// @param uniontable_size: size of union table
/// @return pointer to the mapped union table
void* symsan_init(const char *symsan_bin, size_t uniontable_size);
/// @brief set the input file for the target binary
/// @param input: "stdin" or "file_path" or "protocol@host:port"
/// @return success or error code
int symsan_set_input(const char *input);
/// @brief set the arguments for the target binary
/// @param argc: number of arguments
/// @param argv: array of arguments
/// @return success or error code
int symsan_set_args(const int argc, char* const argv[]);
/// @brief set the debug mode for the target binary
int symsan_set_debug(int enable);
/// @brief set the bounds check mode for the target binary
int symsan_set_bounds_check(int enable);
/// @brief set the solve UB mode for the target binary
int symsan_set_solve_ub(int enable);
/// @brief set the exit on memory error mode for the target binary
int symsan_set_exit_on_memerror(int enable);
/// @brief set the trace file size mode for the target binary
int symsan_set_trace_file_size(int enable);
/// @brief set the force stdin mode for the target binary
int symsan_set_force_stdin(int enable);
/// @brief run the target binary with the input file descriptor
/// @param fd: input file descriptor, only used if input is "stdin"
/// @return < 0 on syscall error, > 0 on setup error, 0 on success
int symsan_run(int fd);
/// @brief read event from target binary, will perform cleanup on timeout and EOF
/// @param buf: buffer to read into
/// @param size: size of buffer
/// @param timeout: timeout in milliseconds, 0 for no timeout
/// @return -1 on error, otherwise number of bytes read
ssize_t symsan_read_event(void *buf, size_t size, unsigned int timeout);
/// @brief terminate target binary
int symsan_terminate();
/// @brief retrieve exit status
int symsan_get_exit_status(int *status);
/// @brief teardown shared men
void symsan_destroy();
#endif /* !SYMSAN_LAUNCH_H */
================================================
FILE: include/parse-rgd.h
================================================
#pragma once
#include "parse.h"
#include "task.h"
#include "union_find.h"
#include "boost/dynamic_bitset.hpp"
namespace rgd {
class RGDAstParser : public symsan::ASTParser<SearchTask> {
public:
RGDAstParser() = delete;
RGDAstParser(void *base, size_t size, bool solve_nested = false, size_t max_ast_size = 200)
: symsan::ASTParser<SearchTask>(base, size),
solve_nested_(solve_nested), max_ast_size_(max_ast_size) {}
~RGDAstParser() {}
int restart(std::vector<symsan::input_t> &inputs) override;
int parse_cond(dfsan_label label, bool result, bool add_nested,
std::vector<uint64_t> &tasks) override;
int parse_gep(dfsan_label ptr_label, uptr ptr,
dfsan_label index_label, int64_t index,
uint64_t num_elems, uint64_t elem_size,
int64_t current_offset, bool enum_index,
std::vector<uint64_t> &tasks) override;
int add_constraints(dfsan_label label, uint64_t result) override;
protected:
const bool solve_nested_;
const size_t max_ast_size_;
private:
enum ast_node_t {
NONE_CMP_NODE = 0,
CMP_NODE = 1,
INVALID_NODE = 2,
CONCRETIZE_NODE = 4,
};
using expr_t = std::shared_ptr<rgd::AstNode>;
using constraint_t = std::shared_ptr<rgd::Constraint>;
using clause_t = std::vector<const rgd::AstNode*>;
using formula_t = std::vector<clause_t>;
// caches
std::vector<symsan::input_t> inputs_cache; // input cache
std::unordered_map<dfsan_label, expr_t> root_expr_cache; // label -> root expr
std::unordered_map<dfsan_label, constraint_t> constraint_cache; // label -> constraint
std::vector<uint32_t> ast_size_cache; // label -> size of the AST
std::vector<uint8_t> nested_cmp_cache; // label -> nested comparison
std::unordered_map<dfsan_label, uint8_t> concretize_node; // label -> concretize node
// dependencies tracking
size_t input_size_; // record the whole input size
using input_dep_t = boost::dynamic_bitset<>;
std::vector<input_dep_t> branch_to_inputs; // label -> flattened input dependencies
// <input_id, offset> will be flattened to bit \sigma_{i=0}^{input_id}{size_of(input_i)} + offset
inline size_t input_to_dep_idx(uint32_t input_id, uint32_t offset) {
size_t idx = 0;
for (uint32_t i = 0; i < input_id; ++i) {
idx += inputs_cache[i].second;
}
return idx + offset;
}
UnionFind data_flow_deps;
std::vector<std::vector<expr_t> > input_to_branches;
[[nodiscard]] expr_t get_root_expr(dfsan_label label);
[[nodiscard]] bool scan_labels(dfsan_label label);
[[nodiscard]] int find_roots(dfsan_label label, AstNode *ret,
std::unordered_set<dfsan_label> &subroots);
inline dfsan_label strip_zext(dfsan_label label);
[[nodiscard]] int to_nnf(bool expected_r, rgd::AstNode *node);
void to_dnf(const rgd::AstNode *node, formula_t &formula);
[[nodiscard]] task_t construct_task(const clause_t &clause);
[[nodiscard]] constraint_t parse_constraint(dfsan_label label);
[[nodiscard]] bool do_uta_rel(dfsan_label label, rgd::AstNode *ret,
constraint_t constraint,
std::unordered_set<dfsan_label> &visited);
uint32_t map_arg(uint32_t input_id, uint32_t offset, uint32_t length,
constraint_t constraint);
bool save_constraint(expr_t expr, bool result);
inline void add_nested_constraint(task_t task, const clause_t &nested_caluse);
};
}; // namespace rgd
================================================
FILE: include/parse-z3.h
================================================
#pragma once
#include "parse.h"
#include <z3++.h>
namespace symsan {
using z3_task_t = std::vector<z3::expr>;
class Z3AstParser : public ASTParser<z3_task_t> {
public:
Z3AstParser() = delete;
Z3AstParser(void *base, size_t size, z3::context &context);
~Z3AstParser() {
for (Z3_ast ast : expr_cache_) {
if (ast != nullptr) {
Z3_dec_ref(context_, ast); // decrement reference count
}
}
}
int restart(std::vector<input_t> &inputs) override;
int parse_cond(dfsan_label label, bool result, bool add_nested,
std::vector<uint64_t> &tasks) override;
int parse_gep(dfsan_label ptr_label, uptr ptr,
dfsan_label index_label, int64_t index,
uint64_t num_elems, uint64_t elem_size,
int64_t current_offset, bool enum_index,
std::vector<uint64_t> &tasks) override;
int add_constraints(dfsan_label label, uint64_t result) override;
protected:
z3::context &context_;
const char* input_name_format;
const char* atoi_name_format;
const char* strlen_name_format;
// String ranges for null-byte post-processing (input_id -> list of (start, end))
std::unordered_map<uint32_t, std::vector<std::pair<uint32_t, uint32_t>>> string_ranges_;
// String info cache: label -> (input_id, offset, length)
struct string_info_t {
uint32_t input_id;
uint32_t offset;
uint32_t length;
};
std::unordered_map<dfsan_label, string_info_t> string_info_cache_;
private:
// Original input cache
std::vector<input_t> inputs_cache_;
// fsize flag
bool has_fsize;
// input deps
using input_dep_set_t = std::unordered_set<offset_t, offset_hash>;
// caches
std::vector<uint32_t> tsize_cache_;
std::vector<input_dep_set_t> deps_cache_;
std::vector<Z3_ast> expr_cache_;
std::vector<uint64_t> value_cache_;
static const size_t SIZE_INCREMENT = 2048;
// dependencies
struct expr_hash {
std::size_t operator()(const z3::expr &expr) const {
return expr.hash();
}
};
struct expr_equal {
bool operator()(const z3::expr &lhs, const z3::expr &rhs) const {
return lhs.id() == rhs.id();
}
};
using expr_set_t = std::unordered_set<z3::expr, expr_hash, expr_equal>;
struct branch_dependency {
expr_set_t expr_deps;
input_dep_set_t input_deps;
};
using branch_dep_t = std::unique_ptr<struct branch_dependency>;
using offset_dep_t = std::vector<branch_dep_t>;
std::vector<offset_dep_t> branch_deps_;
inline struct branch_dependency* get_branch_dep(offset_t off) {
auto &offset_deps = branch_deps_.at(off.first);
return offset_deps.at(off.second).get();
}
inline void set_branch_dep(offset_t off, branch_dep_t dep) {
auto &offset_deps = branch_deps_.at(off.first);
if (off.second >= offset_deps.size()) {
offset_deps.resize(off.second + 1);
}
offset_deps[off.second] = std::move(dep);
}
inline void cache_expr(dfsan_label label, z3::expr const &e) {
if (label != expr_cache_.size()) {
// fprintf(stderr, "expected label %zu, got %u\n",
// expr_cache_.size(), label);
throw z3::exception("missing or adding too many expressions");
}
Z3_ast ast = e;
Z3_inc_ref(context_, ast); // increment reference count
expr_cache_.emplace_back(ast);
}
inline z3::expr get_cached_expr(dfsan_label label, input_dep_set_t &deps) {
if (label >= expr_cache_.size()) {
throw z3::exception("invalid label");
}
Z3_ast ast = expr_cache_[label];
if (ast == nullptr) {
throw z3::exception("cannot find cached expression");
}
deps.insert(deps_cache_[label].begin(), deps_cache_[label].end());
return z3::expr(context_, ast);
}
inline void dump_value_cache(dfsan_label label);
z3::expr read_concrete(dfsan_label label, uint16_t size);
z3::expr serialize(dfsan_label label, input_dep_set_t &deps);
inline void collect_more_deps(input_dep_set_t &deps);
inline size_t add_nested_constraints(input_dep_set_t &deps, z3_task_t *task);
inline void save_constraint(z3::expr expr, input_dep_set_t &inputs);
void construct_index_tasks(z3::expr &index, uint64_t curr,
uint64_t lb, uint64_t ub, uint64_t step,
z3_task_t &nested, std::vector<uint64_t> &tasks);
// String theory helpers for strchr/strstr
z3::expr build_string_from_label(dfsan_label content_label, input_dep_set_t &deps);
z3::expr get_byte_expr(uint32_t input, uint32_t offset, input_dep_set_t &deps);
bool label_contains_indexof(dfsan_label label);
};
class Z3ParserSolver : public Z3AstParser {
public:
Z3ParserSolver() = delete;
Z3ParserSolver(void *base, size_t size, z3::context &context)
: Z3AstParser(base, size, context) {}
~Z3ParserSolver() {}
// Solution operation types
enum class solution_op_t : uint8_t {
SET, // Set byte at offset to val
INSERT, // Insert bytes at offset (shifts following bytes right)
DELETE // Delete len bytes starting at offset (shifts following bytes left)
};
struct solution_val {
solution_op_t op;
uint32_t id; // input id
uint32_t offset; // position in file
union {
uint8_t val; // for SET: the byte value
uint32_t len; // for DELETE: number of bytes to delete
};
std::vector<uint8_t> data; // for INSERT: bytes to insert
// Constructors for convenience
// SET: set single byte at offset
solution_val(uint32_t id, uint32_t offset, uint8_t val)
: op(solution_op_t::SET), id(id), offset(offset), val(val) {}
// INSERT: insert bytes at offset
solution_val(uint32_t id, uint32_t offset, std::vector<uint8_t> data)
: op(solution_op_t::INSERT), id(id), offset(offset), data(std::move(data)) {}
// DELETE: delete len bytes at offset
solution_val(solution_op_t op, uint32_t id, uint32_t offset, uint32_t len)
: op(op), id(id), offset(offset), len(len) {}
};
enum solving_status {
invalid_task = 1,
opt_sat = 2,
opt_unsat = 3,
opt_timeout = 4,
nested_sat = 5,
opt_sat_nested_unsat = 6,
opt_sat_nested_timeout = 7,
unknown_error,
};
using solution_t = std::vector<struct solution_val>;
solving_status solve_task(uint64_t task_id, unsigned timeout, solution_t &solutions);
private:
void generate_solution(z3::model &m, solution_t &solutions);
};
};
================================================
FILE: include/parse.h
================================================
#pragma once
#include "dfsan/dfsan.h"
#include <stdint.h>
#include <string.h>
#include <memory>
#include <stdexcept>
#include <string>
#include <tuple>
#include <vector>
#include <unordered_map>
#include <unordered_set>
#include <utility>
namespace symsan {
using input_t = std::pair<const uint8_t*, size_t>;
using offset_t = std::pair<uint32_t, uint32_t>;
struct offset_hash {
std::size_t operator()(const offset_t &off) const {
uint64_t key = off.first;
key <<= 32;
key |= off.second;
return std::hash<uint64_t>{}(key);
}
};
template <class T>
class ASTParser {
public:
ASTParser() = delete;
ASTParser(void *base, size_t size)
: base_(static_cast<dfsan_label_info*>(base)),
size_(size / sizeof(dfsan_label_info)),
prev_task_id_(0) {}
virtual ~ASTParser() {}
virtual int restart(std::vector<input_t> &inputs) {
(void)inputs;
memcmp_cache_.clear();
return 0;
}
/// @brief Parse a conditional branch
/// @param label the label of the condition
/// @param result the result of the condition
/// @param add_nested whether to add nested constraints
/// @param tasks the tasks to be added
/// @return 0 on success, -1 on failure
virtual int parse_cond(dfsan_label label, bool result, bool add_nested,
std::vector<uint64_t> &tasks) = 0;
/// @brief Parse a GEP instruction with symbolic index
/// @param ptr_label symbol label of the pointer (e.g., bounds info)
/// @param ptr actual pointer value
/// @param index_label symbolic label of the index
/// @param index actual index value
/// @param num_elems number of elements if ptr is an array
/// @param elem_size size of each element
/// @param current_offset current offset from previous GEP
/// @param enum_index whether to enumerate all possible indices
/// @param tasks tasks to be added
/// @return 0 on success, -1 on failure
virtual int parse_gep(dfsan_label ptr_label, uptr ptr,
dfsan_label index_label, int64_t index,
uint64_t num_elems, uint64_t elem_size,
int64_t current_offset, bool enum_index,
std::vector<uint64_t> &tasks) = 0;
/// @brief Add a constraint, typically from symbolic offset
/// @param label symbolic label of the constraint
/// @param result concrete value of the constraint
/// @return 0 on success, -1 on failure
virtual int add_constraints(dfsan_label label, uint64_t result) = 0;
virtual int record_memcmp(dfsan_label label, uint8_t* buf, size_t size) {
auto content = std::make_unique<uint8_t[]>(size);
memcpy(content.get(), buf, size);
memcmp_cache_.insert({label, std::move(content)});
return 0;
};
// use shared_ptr to auto-free task
virtual std::shared_ptr<T> retrieve_task(uint64_t id) {
auto it = tasks_.find(id);
if (it == tasks_.end()) {
return nullptr;
}
auto tmp = std::move(it->second);
tasks_.erase(it);
return tmp;
}
protected:
inline dfsan_label_info* get_label_info(dfsan_label label) {
if (label >= size_) {
throw std::out_of_range("label too large " + std::to_string(label));
}
return &base_[label];
}
inline uint64_t save_task(std::shared_ptr<T> task) {
uint64_t tid = prev_task_id_++;
tasks_.insert({tid, task});
return tid;
}
dfsan_label_info *base_;
size_t size_;
uint64_t prev_task_id_;
std::unordered_map<uint64_t, std::shared_ptr<T>> tasks_;
std::unordered_map<dfsan_label, std::unique_ptr<uint8_t[]>> memcmp_cache_;
};
}; // namespace symsan
================================================
FILE: include/solver.h
================================================
#pragma once
#include "task.h"
#include <stdint.h>
#include <z3++.h>
#include <vector>
#include <unordered_map>
#include <utility>
#include <memory>
#include <atomic>
namespace rgd {
enum solver_result_t {
SOLVER_ERROR,
SOLVER_SAT,
SOLVER_UNSAT,
SOLVER_TIMEOUT,
};
class Solver {
public:
virtual ~Solver() {};
virtual solver_result_t solve(std::shared_ptr<SearchTask> task,
const uint8_t *in_buf, size_t in_size,
uint8_t *out_buf, size_t &out_size) = 0;
virtual void print_stats(int fd) = 0;
};
class Z3Solver : public Solver {
public:
Z3Solver();
solver_result_t solve(std::shared_ptr<SearchTask> task,
const uint8_t *in_buf, size_t in_size,
uint8_t *out_buf, size_t &out_size) override;
void print_stats(int fd) override {} ;
private:
z3::expr serialize_rel(uint32_t comparison,
const AstNode* node,
const std::vector<std::pair<bool, uint64_t>> &input_args,
std::unordered_map<uint32_t,z3::expr> &expr_cache);
z3::expr serialize(const AstNode* node,
const std::vector<std::pair<bool, uint64_t>> &input_args,
std::unordered_map<uint32_t,z3::expr> &expr_cache);
z3::context &context_;
z3::solver solver_;
};
class JITSolver : public Solver {
public:
JITSolver();
solver_result_t solve(std::shared_ptr<SearchTask> task,
const uint8_t *in_buf, size_t in_size,
uint8_t *out_buf, size_t &out_size) override;
void print_stats(int fd) override;
private:
std::atomic_ulong uuid;
std::atomic_ulong cache_hits;
std::atomic_ulong cache_misses;
std::atomic_ulong num_timeout;
std::atomic_ulong num_solved;
std::atomic_ulong process_time;
std::atomic_ulong jit_time;
std::atomic_ulong solving_time;
};
class I2SSolver : public Solver {
public:
I2SSolver();
solver_result_t solve(std::shared_ptr<SearchTask> task,
const uint8_t *in_buf, size_t in_size,
uint8_t *out_buf, size_t &out_size) override;
void print_stats(int fd) override {};
private:
uint64_t matches;
uint64_t mismatches;
std::bitset<rgd::LastOp> binop_mask;
solver_result_t solve_icmp(std::shared_ptr<const Constraint> const& c,
std::unique_ptr<ConsMeta> const& cm,
uint32_t comparison,
const uint8_t *in_buf, size_t in_size,
uint8_t *out_buf, size_t &out_size);
solver_result_t solve_memcmp(std::shared_ptr<const Constraint> const& c,
std::unique_ptr<ConsMeta> const& cm,
const uint8_t *in_buf, size_t in_size,
uint8_t *out_buf, size_t &out_size);
};
}; // namespace rgd
================================================
FILE: include/task.h
================================================
#pragma once
#include <stdint.h>
#include <bitset>
#include <cassert>
#include <map>
#include <memory>
#include <stdexcept>
#include <tuple>
#include <unordered_map>
#include <vector>
#include "ast.h"
#include "cov.h"
namespace rgd {
// JIT'ed function for each relational constraint
typedef void(*test_fn_type)(uint64_t*);
// the first two slots of the arguments for reseved for the left and right operands
static const int RET_OFFSET = 2;
struct Constraint {
Constraint() = delete;
Constraint(int ast_size): fn(nullptr), const_num(0) {
ast = std::make_shared<AstNode>(ast_size);
}
Constraint(const Constraint&) = default; // XXX: okay to use default?
const AstNode *get_root() const { return const_cast<const AstNode*>(ast.get()); }
// JIT'ed function for a comparison expression
test_fn_type fn;
// the AST
std::shared_ptr<AstNode> ast;
// During constraint collection, (symbolic) input bytes are recorded
// as offsets from the beginning of the input. However, the JIT'ed
// function consumes inputs as an input array. So, when building the
// function, we need to map the offset to the idx in input array,
// which is stored in local_map.
std::map<size_t, uint32_t> local_map;
// if const {false, const value}, if symbolic {true, index in the inputs}
// during local search, we use a single global array (to avoid memory
// allocation and free) to prepare the inputs, so we need to know where
// to load the input values into the input array.
std::vector<std::pair<bool, uint64_t>> input_args;
// map the offset to iv (initial value)
std::unordered_map<uint32_t, uint8_t> inputs;
// shape information about the input (e.g., 1, 2, 4, 8 bytes)
std::unordered_map<uint32_t, uint32_t> shapes;
// special infomation for atoi: offset -> (result_length, base, str_length)
std::unordered_map<uint32_t, std::tuple<uint32_t, uint32_t, uint32_t>> atoi_info;
// record the involved operations
std::bitset<rgd::LastOp> ops;
// number of constant in the input array
uint32_t const_num;
// recorded comparison operands
uint64_t op1, op2;
};
struct ConsMeta {
// per-constraint arg mapping, so we can share the constraints
std::vector<std::pair<bool, uint64_t>> input_args;
// per-constraint relational operator, so we can share the AST
uint32_t comparison;
// input2state inference related
std::vector<std::pair<size_t, uint32_t>> i2s_candidates;
uint64_t op1, op2;
};
class SearchTask {
public:
SearchTask(): scratch_args(nullptr), max_const_num_(0),
stopped(false), attempts(0), solved(false), skip_next(false),
base_task(nullptr) {}
SearchTask(const SearchTask&) = delete;
~SearchTask() { if (scratch_args) free(scratch_args); }
inline bool has_finalized() const { return scratch_args != nullptr; }
using constraint_t = std::shared_ptr<const Constraint>;
using consmeta_t = std::unique_ptr<ConsMeta>;
using input_t = std::pair<uint32_t, uint8_t>;
inline bool empty() const {
return constraints_.empty();
}
inline size_t size() const {
return constraints_.size();
}
inline void add_constraint(constraint_t constraint, uint32_t comparison) {
if (has_finalized()) {
throw std::runtime_error("Cannot add constraints after finalization");
}
constraints_.push_back(constraint);
comparisons_.push_back(comparison);
}
inline const constraint_t& constraints(size_t i) const {
return constraints_.at(i);
}
inline const uint32_t comparisons(size_t i) const {
return comparisons_.at(i);
}
inline consmeta_t& consmetas(size_t i) {
// consmeta can be changed, but the vector cannot
return consmetas_.at(i);
}
inline size_t inputs_size() const {
return inputs_.size();
}
inline auto const& inputs() const {
return inputs_;
}
inline const uint32_t shapes(uint32_t offset) const {
auto itr = shapes_.find(offset);
if (itr == shapes_.end()) {
throw std::runtime_error("Cannot find shape information");
}
return itr->second;
}
inline auto const& atoi_info() const {
return atoi_info_;
}
inline auto const& cmap(uint32_t index) const {
if (index >= inputs_.size()) {
throw std::out_of_range("index out of range");
}
auto itr = cmap_.find(index);
if (itr == cmap_.end()) {
throw std::runtime_error("Cannot find constraint mapping");
}
return itr->second;
}
private:
// varaible that should not change after finalization
// constraints, could be shared, strictly read-only
std::vector<constraint_t> constraints_;
// temporary storage for the comparison operation
std::vector<uint32_t> comparisons_;
// per-constraint mutable metadata
std::vector<consmeta_t> consmetas_;
// inputs as pairs of <offset (from the beginning of the input, and value>
std::vector<std::pair<uint32_t, uint8_t>> inputs_;
// shape information at each offset
std::unordered_map<uint32_t, uint32_t> shapes_;
// aggreated atoi info
std::unordered_map<uint32_t, std::tuple<uint32_t, uint32_t, uint32_t>> atoi_info_;
// max number of constants in the input array
uint32_t max_const_num_;
// record constraints that use a certain input byte
std::unordered_map<uint32_t, std::vector<size_t>> cmap_;
public:
// scratching area for solving the task
// the input array used for all JIT'ed functions
// all input bytes are extended to 64 bits
uint64_t* scratch_args;
// intermediate states for the search
std::vector<uint64_t> min_distances; // current best
std::vector<uint64_t> distances; // general scratch
std::vector<uint64_t> plus_distances; // used in partial derivation
std::vector<uint64_t> minus_distances; // used in partial derivation
// statistics
uint64_t start; //start time
bool stopped;
int attempts;
// solutions
bool solved;
std::unordered_map<size_t, uint8_t> solution;
// base task
std::shared_ptr<SearchTask> base_task;
bool skip_next; // FIXME: an ugly hack to skip the next task
void finalize() {
// aggregate the contraints, map each input byte to a constraint to
// an index in the "global" input array (i.e., the scratch_args)
std::unordered_map<uint32_t, uint32_t> sym_map;
uint32_t gidx = 0;
size_t num_const = constraints_.size();
for (size_t i = 0; i < num_const; i++) {
auto const& constraint = constraints_[i];
std::unique_ptr<ConsMeta> cm = std::make_unique<ConsMeta>();
cm->input_args = constraint->input_args;
cm->comparison = comparisons_[i];
uint32_t last_offset = -1;
uint32_t size = 0;
for (const auto& [offset, lidx] : constraint->local_map) {
auto gitr = sym_map.find(offset);
if (gitr == sym_map.end()) {
gidx = inputs_.size();
sym_map[offset] = gidx;
inputs_.push_back(std::make_pair(offset, constraint->inputs.at(offset)));
shapes_[offset] = constraint->shapes.at(offset);
} else {
gidx = gitr->second;
}
// record input to constraint mapping
// skip memcmp constraints
if (cm->comparison != rgd::Memcmp && cm->comparison != rgd::MemcmpN) {
auto slot = cmap_.find(gidx);
if (slot != cmap_.end()) {
slot->second.push_back(i);
} else {
cmap_.emplace(std::make_pair(gidx, std::vector<size_t>{i}));
}
}
// save the mapping between the local index (i.e., where the JIT'ed
// function is going to read the input from) and the global index
// (i.e., where the current value corresponding to the input byte
// is stored in MutInput)
cm->input_args[lidx].second = gidx;
// check if the input bytes are consecutive
// using std::map ensures that the offsets (keys) are sorted
if (last_offset != -1 && last_offset + 1 != offset) {
// a new set of consecutive input bytes, save the info
// and resset
cm->i2s_candidates.push_back({last_offset + 1 - size, size});
size = 0;
}
last_offset = offset;
size++;
}
// save the last set of consecutive input bytes
cm->i2s_candidates.push_back({last_offset + 1 - size, size});
// process atoi
for (const auto& [offset, info] : constraint->atoi_info) {
// check dependencies
uint32_t length = std::get<2>(info);
for (auto j = 0; j < length; ++j) {
auto ditr = cmap_.find(offset + j);
if (ditr != cmap_.end()) {
fprintf(stderr, "atoi bytes (%d) used in other constraints\n", offset + j);
}
}
auto itr = atoi_info_.find(offset);
if (itr != atoi_info_.end()) {
fprintf(stderr, "atoi bytes (%d) already exists\n", offset);
assert(info == itr->second);
}
atoi_info_[offset] = info;
}
// update the number of required constants in the input array
if (max_const_num_ < constraint->const_num)
max_const_num_ = constraint->const_num;
// insert the constraint metadata
consmetas_.push_back(std::move(cm));
}
// fill the gap in cmap_
for (size_t i = 0; i < inputs_.size(); i++) {
auto slot = cmap_.find(i);
if (slot == cmap_.end()) {
cmap_.emplace(std::make_pair(i, std::vector<size_t>{}));
}
}
// allocate the input array, reserver 2 for comparison operands a,b
scratch_args = (uint64_t*)aligned_alloc(sizeof(*scratch_args),
(2 + inputs_.size() + max_const_num_ + 1) * sizeof(*scratch_args));
min_distances.resize(num_const, 0);
distances.resize(num_const, 0);
plus_distances.resize(num_const, 0);
minus_distances.resize(num_const, 0);
}
void load_hint() { // load hint from base task
if (!base_task || !base_task->solved) return;
for (auto itr = inputs_.begin(), e = inputs_.end(); itr != e; itr++) {
auto got = base_task->solution.find(itr->first);
if (got != base_task->solution.end())
itr->second = got->second;
}
}
};
using task_t = std::shared_ptr<rgd::SearchTask>;
}; // namespace rgd
================================================
FILE: include/task_mgr.h
================================================
#pragma once
#include "task.h"
#include <deque>
#include <memory>
namespace rgd {
class TaskManager {
public:
virtual ~TaskManager() {}
virtual bool add_task(std::shared_ptr<BranchContext> ctx, std::shared_ptr<SearchTask> task) = 0;
virtual std::shared_ptr<SearchTask> get_next_task() = 0;
virtual size_t get_num_tasks() = 0;
};
class FIFOTaskManager : public TaskManager {
public:
bool add_task(std::shared_ptr<BranchContext> ctx, std::shared_ptr<SearchTask> task) override {
(void)ctx;
tasks.push_back(std::move(task));
return true;
}
std::shared_ptr<SearchTask> get_next_task() override {
if (tasks.empty()) return nullptr;
auto task = std::move(tasks.front());
tasks.pop_front();
return task;
}
size_t get_num_tasks() override {
return tasks.size();
}
private:
std::deque<task_t> tasks;
};
}; // namespace rgd
================================================
FILE: include/union_find.h
================================================
#pragma once
#include <stdint.h>
#include <vector>
#include <unordered_set>
namespace rgd {
// disjoint set data structure
class UnionFind {
public:
static const size_t INVALID = (size_t)-1;
UnionFind() : size_(0) {};
UnionFind(size_t size) {
reset(size);
};
void reset(size_t size) {
size_ = size;
parent.resize(size);
next.resize(size);
rank.resize(size);
for (size_t i = 0; i < size; ++i) {
parent[i] = i;
next[i] = i;
rank[i] = 0;
}
}
// find the root of the set containing x
size_t find(size_t x) {
if (x >= size_) return INVALID;
size_t p = parent[x];
while (x != p) {
size_t gp = parent[p];
parent[x] = gp;
x = p;
p = gp;
}
return x;
}
// merge the sets containing x and y, return new root
size_t merge(size_t x, size_t y) {
if (x >= size_) return INVALID;
if (y >= size_) return INVALID;
size_t x_root = find(x);
size_t y_root = find(y);
if (x_root == y_root) return x_root;
// merge link list
size_t x_next = next[x_root];
next[x_root] = next[y_root];
next[y_root] = x_next;
if (rank[x_root] < rank[y_root]) {
parent[x_root] = y_root;
return y_root;
} else if (rank[x_root] > rank[y_root]) {
parent[y_root] = x_root;
return x_root;
} else {
parent[y_root] = x_root;
rank[x_root]++;
return x_root;
}
}
// get the set containing x
size_t get_set(size_t x, std::unordered_set<size_t> &set) {
if (x >= size_) return INVALID;
size_t temp = x;
set.clear();
set.insert(temp);
while (next[temp] != x) {
temp = next[temp];
set.insert(temp);
}
return set.size();
}
private:
size_t size_;
std::vector<size_t> parent;
std::vector<size_t> next;
std::vector<size_t> rank;
};
};
================================================
FILE: include/version.h
================================================
#ifndef _ANGORA_LLVM_VERSION_H
#define _ANGORA_LLVM_VERSION_H
#define LLVM_VERSION(major, minor) ((major)*100 + (minor))
#define LLVM_VERSION_CODE LLVM_VERSION(LLVM_VERSION_MAJOR, LLVM_VERSION_MINOR)
#if LLVM_VERSION_CODE >= LLVM_VERSION(5, 0)
#define LLVM_ATTRIBUTE_LIST AttributeList
#define LLVM_NEW_ALLOCINST(ty, name, insertp) \
(new AllocaInst(ty, getDataLayout().getAllocaAddrSpace(), name, insertp))
#define LLVM_REMOVE_ATTRIBUTE(func, attr, attrbuilder) \
func->removeAttributes(attr, attrbuilder)
#else
#define LLVM_ATTRIBUTE_LIST AttributeSet
#define LLVM_NEW_ALLOCINST(ty, name, insertp) \
(new AllocaInst(ty, name, insertp))
#define LLVM_REMOVE_ATTRIBUTE(func, attr, attrbuilder) \
func->removeAttributes( \
attr, LLVM_ATTRIBUTE_LIST::get(func->getContext(), attr, attrbuilder))
#endif
#if LLVM_VERSION_CODE >= LLVM_VERSION(6, 0)
#define SCL_INSECTION(scl, section, prefix, query, category) \
scl->inSection(section, prefix, query, category)
#define LLVM_ADD_PARAM_ATTR(func, argno, attr) func->addParamAttr(argno, attr)
#else
#define SCL_INSECTION(scl, section, prefix, query, category) \
scl->inSection(prefix, query, category)
#define LLVM_ADD_PARAM_ATTR(func, argno, attr) \
func->addAttribute(argno + 1, attr)
#endif
#endif
================================================
FILE: instrumentation/CMakeLists.txt
================================================
set (CMAKE_CXX_STANDARD 14)
set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g")
# fix pass bug: https://github.com/sampsyo/llvm-pass-skeleton/issues/7#issuecomment-401834287
set (CMAKE_MODULE_LINKER_FLAGS "${CMAKE_CXX_LINK_FLAGS} -Wl,-znodelete")
if(APPLE)
# User teor2345 reports that this is required to make things work on MacOS X.
set (CMAKE_MODULE_LINK_FLAGS "${CMAKE_CXX_LINK_FLAGS} -Wl,-flat_namespace -Wl,-undefined,suppress")
endif(APPLE)
include(AddLLVM)
add_llvm_pass_plugin(TaintPass TaintPass.cpp)
install (TARGETS TaintPass DESTINATION ${SYMSAN_LIB_DIR})
================================================
FILE: instrumentation/TaintPass.cpp
================================================
//===- Taint.cpp - dynamic taint analysis --------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
/// \file
/// This file is a part of Taint, a specialized taint analysis for symbolic
/// execution.
//
//===----------------------------------------------------------------------===//
//#include "defs.h"
#include "version.h"
#include "llvm/ADT/DenseMap.h"
#include "llvm/ADT/DenseSet.h"
#include "llvm/ADT/DepthFirstIterator.h"
#include "llvm/ADT/None.h"
#include "llvm/ADT/SmallPtrSet.h"
#include "llvm/ADT/SmallVector.h"
#include "llvm/ADT/StringExtras.h"
#include "llvm/ADT/StringRef.h"
#include "llvm/ADT/Triple.h"
#include "llvm/ADT/iterator.h"
#include "llvm/Analysis/ValueTracking.h"
#include "llvm/IR/Argument.h"
#include "llvm/IR/Attributes.h"
#include "llvm/IR/BasicBlock.h"
#include "llvm/IR/Constant.h"
#include "llvm/IR/Constants.h"
#include "llvm/IR/DataLayout.h"
#include "llvm/IR/DerivedTypes.h"
#include "llvm/IR/Dominators.h"
#include "llvm/IR/Function.h"
#include "llvm/IR/GlobalAlias.h"
#include "llvm/IR/GlobalValue.h"
#include "llvm/IR/GlobalVariable.h"
#include "llvm/IR/IRBuilder.h"
#include "llvm/IR/InlineAsm.h"
#include "llvm/IR/InstVisitor.h"
#include "llvm/IR/InstrTypes.h"
#include "llvm/IR/Instruction.h"
#include "llvm/IR/Instructions.h"
#include "llvm/IR/IntrinsicInst.h"
#include "llvm/IR/LLVMContext.h"
#include "llvm/IR/LegacyPassManager.h"
#include "llvm/IR/MDBuilder.h"
#include "llvm/IR/Module.h"
#include "llvm/IR/PassManager.h"
#include "llvm/IR/Type.h"
#include "llvm/IR/User.h"
#include "llvm/IR/Value.h"
#include "llvm/InitializePasses.h"
#include "llvm/Pass.h"
#include "llvm/Passes/OptimizationLevel.h"
#include "llvm/Passes/PassBuilder.h"
#include "llvm/Passes/PassPlugin.h"
#include "llvm/Support/Alignment.h"
#include "llvm/Support/Casting.h"
#include "llvm/Support/CommandLine.h"
#include "llvm/Support/DJB.h"
#include "llvm/Support/ErrorHandling.h"
#include "llvm/Support/SpecialCaseList.h"
#include "llvm/Support/VirtualFileSystem.h"
#include "llvm/Transforms/Instrumentation.h"
#include "llvm/Transforms/IPO/PassManagerBuilder.h"
#include "llvm/Transforms/Utils/BasicBlockUtils.h"
#include "llvm/Transforms/Utils/Local.h"
#include <algorithm>
#include <cassert>
#include <cstddef>
#include <cstdint>
#include <functional>
#include <iterator>
#include <memory>
#include <set>
#include <string>
#include <utility>
#include <vector>
using namespace llvm;
// This must be consistent with ShadowWidthBits.
static const Align ShadowTLSAlignment = Align(4);
// The size of TLS variables. These constants must be kept in sync with the ones
// in dfsan.cpp.
static const unsigned ArgTLSSize = 800;
static const unsigned RetvalTLSSize = 800;
// The -taint-preserve-alignment flag controls whether this pass assumes that
// alignment requirements provided by the input IR are correct. For example,
// if the input IR contains a load with alignment 8, this flag will cause
// the shadow load to have alignment 16. This flag is disabled by default as
// we have unfortunately encountered too much code (including Clang itself;
// see PR14291) which performs misaligned access.
static cl::opt<bool> ClPreserveAlignment(
"taint-preserve-alignment",
cl::desc("respect alignment requirements provided by input IR"), cl::Hidden,
cl::init(false));
// The ABI list files control how shadow parameters are passed. The pass treats
// every function labelled "uninstrumented" in the ABI list file as conforming
// to the "native" (i.e. unsanitized) ABI. Unless the ABI list contains
// additional annotations for those functions, a call to one of those functions
// will produce a warning message, as the labelling behaviour of the function is
// unknown. The other supported annotations for uninstrumented functions are
// "functional" and "discard", which are described below under
// Taint::WrapperKind.
// Functions will often be labelled with both "uninstrumented" and one of
// "functional" or "discard". This will leave the function unchanged by this
// pass, and create a wrapper function that will call the original.
//
// Instrumented functions can also be annotated as "force_zero_labels", which
// will make all shadow and return values set zero labels.
// Functions should never be labelled with both "force_zero_labels" and
// "uninstrumented" or any of the unistrumented wrapper kinds.
static cl::list<std::string> ClABIListFiles(
"taint-abilist",
cl::desc("File listing native ABI functions and how the pass treats them"),
cl::Hidden);
// Controls whether the pass includes or ignores the labels of pointers in load
// instructions.
static cl::opt<bool> ClCombinePointerLabelsOnLoad(
"taint-combine-pointer-labels-on-load",
cl::desc("Combine the label of the pointer with the label of the data when "
"loading from memory."),
cl::Hidden, cl::init(false));
// Controls whether the pass includes or ignores the labels of pointers in
// stores instructions.
static cl::opt<bool> ClCombinePointerLabelsOnStore(
"taint-combine-pointer-labels-on-store",
cl::desc("Combine the label of the pointer with the label of the data when "
"storing in memory."),
cl::Hidden, cl::init(false));
static cl::opt<bool> ClDebugNonzeroLabels(
"taint-debug-nonzero-labels",
cl::desc("Insert calls to __dfsan_nonzero_label on observing a parameter, "
"load or return with a nonzero label"),
cl::Hidden);
static cl::opt<bool> ClIgnorePersonalityRoutine(
"taint-ignore-personality-routine",
cl::desc("If a personality routine is marked uninstrumented from the ABI "
"list, do not create a wrapper for it."),
cl::Hidden, cl::init(false));
// SYMSAN specific flags, invoke a callback function to trace GEP events
static cl::opt<bool> ClTraceGEPOffset(
"taint-trace-gep",
cl::desc("Trace GEP offset for solving."),
cl::Hidden, cl::init(true));
// Experimental feature, trace floating point operations
static cl::opt<bool> ClTraceFP(
"taint-trace-float-pointer",
cl::desc("Propagate taint for floating pointer instructions."),
cl::Hidden, cl::init(false));
static cl::opt<bool> ClTraceLoop(
"taint-trace-loop",
cl::desc("Trace loop entering and exiting."),
cl::Hidden, cl::init(true));
// SYMSAN specific flags, enable memory safety checks (both spatial and temporal)
static cl::opt<bool> ClTraceBound(
"taint-trace-bound",
cl::desc("Trace buffer bound info."),
cl::Hidden, cl::init(true));
// SYMSAN specific flags, enable generating solving tasks for undefined behaviour
static cl::opt<bool> ClSolveUB(
"taint-solve-ub",
cl::desc("Solve undefined behaviours."),
cl::Hidden, cl::init(false));
// SYMSAN specific flags, only send events for annotated basic blocks
static cl::opt<bool> ClTraceAnnotatedBB(
"taint-trace-annotated-bb",
cl::desc("Only trace annotated basic blocks."),
cl::Hidden, cl::init(false));
static StringRef getGlobalTypeString(const GlobalValue &G) {
// Types of GlobalVariables are always pointer types.
Type *GType = G.getValueType();
// For now we support excluding struct types only.
if (StructType *SGType = dyn_cast<StructType>(GType)) {
if (!SGType->isLiteral())
return SGType->getName();
}
return "<unknown type>";
}
namespace {
// Memory map parameters used in application-to-shadow address calculation.
// Offset = (Addr & ~AndMask) ^ XorMask
// Shadow = ShadowBase + Offset * ShadowWidthBytes
struct MemoryMapParams {
uint64_t AndMask;
uint64_t XorMask;
uint64_t ShadowBase;
};
} // end anonymous namespace
// x86_64 Linux
// NOLINTNEXTLINE(readability-identifier-naming)
static const MemoryMapParams Linux_X86_64_MemoryMapParams = {
0x700000000000, // AndMask (keep old style)
0, // XorMask (not used)
0, // ShadowBase (not used)
};
namespace {
class TaintABIList {
std::unique_ptr<SpecialCaseList> SCL;
public:
TaintABIList() = default;
void set(std::unique_ptr<SpecialCaseList> List) { SCL = std::move(List); }
/// Returns whether either this function or its source file are listed in the
/// given category.
bool isIn(const Function &F, StringRef Category) const {
return isIn(*F.getParent(), Category) ||
SCL->inSection("taint", "fun", F.getName(), Category);
}
/// Returns whether this global alias is listed in the given category.
///
/// If GA aliases a function, the alias's name is matched as a function name
/// would be. Similarly, aliases of globals are matched like globals.
bool isIn(const GlobalAlias &GA, StringRef Category) const {
if (isIn(*GA.getParent(), Category))
return true;
if (isa<FunctionType>(GA.getValueType()))
return SCL->inSection("taint", "fun", GA.getName(), Category);
return SCL->inSection("taint", "global", GA.getName(), Category) ||
SCL->inSection("dataflow", "type", getGlobalTypeString(GA),
Category);
}
/// Returns whether this module is listed in the given category.
bool isIn(const Module &M, StringRef Category) const {
return SCL->inSection("taint", "src", M.getModuleIdentifier(), Category);
}
};
/// TransformedFunction is used to express the result of transforming one
/// function type into another. This struct is immutable. It holds metadata
/// useful for updating calls of the old function to the new type.
struct TransformedFunction {
TransformedFunction(FunctionType* OriginalType,
FunctionType* TransformedType,
std::vector<unsigned> ArgumentIndexMapping)
: OriginalType(OriginalType),
TransformedType(TransformedType),
ArgumentIndexMapping(ArgumentIndexMapping) {}
// Disallow copies.
TransformedFunction(const TransformedFunction &) = delete;
TransformedFunction &operator=(const TransformedFunction &) = delete;
// Allow moves.
TransformedFunction(TransformedFunction &&) = default;
TransformedFunction &operator=(TransformedFunction &&) = default;
/// Type of the function before the transformation.
FunctionType *OriginalType;
/// Type of the function after the transformation.
FunctionType *TransformedType;
/// Transforming a function may change the position of arguments. This
/// member records the mapping from each argument's old position to its new
/// position. Argument positions are zero-indexed. If the transformation
/// from F to F' made the first argument of F into the third argument of F',
/// then ArgumentIndexMapping[0] will equal 2.
std::vector<unsigned> ArgumentIndexMapping;
};
/// Given function attributes from a call site for the original function,
/// return function attributes appropriate for a call to the transformed
/// function.
AttributeList
TransformFunctionAttributes(const TransformedFunction& TransformedFunction,
LLVMContext& Ctx, AttributeList CallSiteAttrs) {
// Construct a vector of AttributeSet for each function argument.
std::vector<llvm::AttributeSet> ArgumentAttributes(
TransformedFunction.TransformedType->getNumParams());
// Copy attributes from the parameter of the original function to the
// transformed version. 'ArgumentIndexMapping' holds the mapping from
// old argument position to new.
for (unsigned I = 0, IE = TransformedFunction.ArgumentIndexMapping.size();
I < IE; ++I) {
unsigned TransformedIndex = TransformedFunction.ArgumentIndexMapping[I];
ArgumentAttributes[TransformedIndex] = CallSiteAttrs.getParamAttrs(I);
}
// Copy annotations on varargs arguments.
for (unsigned I = TransformedFunction.OriginalType->getNumParams(),
IE = CallSiteAttrs.getNumAttrSets();
I < IE; ++I) {
ArgumentAttributes.push_back(CallSiteAttrs.getParamAttrs(I));
}
return AttributeList::get(Ctx, CallSiteAttrs.getFnAttrs(),
CallSiteAttrs.getRetAttrs(),
llvm::makeArrayRef(ArgumentAttributes));
}
class Taint {
friend struct TaintFunction;
friend class TaintVisitor;
enum { ShadowWidthBits = 32, ShadowWidthBytes = ShadowWidthBits / 8 };
/// How should calls to uninstrumented functions be handled?
enum WrapperKind {
/// This function is present in an uninstrumented form but we don't know
/// how it should be handled. Print a warning and call the function anyway.
/// Don't label the return value.
WK_Warning,
/// This function does not write to (user-accessible) memory, and its return
/// value is unlabelled.
WK_Discard,
/// This function does not write to (user-accessible) memory, and the label
/// of its return value is the union of the label of its arguments.
WK_Functional,
/// Instead of calling the function, a custom wrapper __dfsw_F is called,
/// where F is the name of the function. This function may wrap the
/// original function or provide its own implementation. This is similar to
/// the IA_Args ABI, except that IA_Args uses a struct return type to
/// pass the return value shadow in a register, while WK_Custom uses an
/// extra pointer argument to return the shadow. This allows the wrapped
/// form of the function type to be expressed in C.
WK_Custom,
/// Special cases for memcmp, strcmp, strncmp like functions
WK_Memcmp,
WK_Strcmp,
WK_Strncmp,
WK_Strchr, // strchr/memchr - find first char occurrence
WK_Strrchr, // strrchr/memrchr - find last char occurrence
WK_Strstr, // strstr/memmem - find substring
WK_Prefixof, // prefix check (e.g., g_str_has_prefix)
WK_Suffixof, // suffix check (e.g., g_str_has_suffix)
WK_Strcat, // strcat/strncat - string concatenation
WK_Strsub, // substr(s, start, len) - substring from start with len
};
Module *Mod;
LLVMContext *Ctx;
IntegerType *Int8Ty;
IntegerType *Int16Ty;
IntegerType *Int32Ty;
IntegerType *Int64Ty;
/// The shadow type for all primitive types and vector types.
IntegerType *PrimitiveShadowTy;
PointerType *PrimitiveShadowPtrTy;
IntegerType *IntptrTy;
PointerType *VoidPtrTy;
ConstantInt *ZeroPrimitiveShadow;
ConstantInt *UninitializedPrimitiveShadow;
ConstantInt *ShadowPtrAndMask;
ConstantInt *ShadowPtrXorMask;
ConstantInt *ShadowPtrBase;
ConstantInt *ShadowPtrMul;
Constant *ArgTLS;
Constant *RetvalTLS;
FunctionType *TaintUnionFnTy;
FunctionType *TaintUnionLoadFnTy;
FunctionType *TaintUnionStoreFnTy;
FunctionType *TaintUnimplementedFnTy;
FunctionType *TaintSetLabelFnTy;
FunctionType *TaintNonzeroLabelFnTy;
FunctionType *TaintVarargWrapperFnTy;
FunctionType *TaintTraceCmpFnTy;
FunctionType *TaintTraceCondFnTy;
FunctionType *TaintTraceLoopFnTy;
FunctionType *TaintTraceSwitchEndFnTy;
FunctionType *TaintTraceSelectFnTy;
FunctionType *TaintTraceIndirectCallFnTy;
FunctionType *TaintTraceGEPFnTy;
FunctionType *TaintTraceGEPPtrFnTy;
FunctionType *TaintPushStackFrameFnTy;
FunctionType *TaintPopStackFrameFnTy;
FunctionType *TaintTraceAllocaFnTy;
FunctionType *TaintCheckBoundsFnTy;
FunctionType *TaintSolveBoundsFnTy;
FunctionType *TaintSolveSizeFnTy;
FunctionType *TaintTraceGlobalFnTy;
FunctionType *TaintDebugFnTy;
FunctionCallee TaintUnionFn;
FunctionCallee TaintCheckedUnionFn;
FunctionCallee TaintUnionLoadFn;
FunctionCallee TaintUnionStoreFn;
FunctionCallee TaintUnimplementedFn;
FunctionCallee TaintSetLabelFn;
FunctionCallee TaintNonzeroLabelFn;
FunctionCallee TaintVarargWrapperFn;
FunctionCallee TaintTraceCmpFn;
FunctionCallee TaintTraceCondFn;
FunctionCallee TaintTraceLoopFn;
FunctionCallee TaintTraceSwitchEndFn;
FunctionCallee TaintTraceSelectFn;
FunctionCallee TaintTraceIndirectCallFn;
FunctionCallee TaintTraceGEPFn;
FunctionCallee TaintTraceGEPPtrFn;
FunctionCallee TaintPushStackFrameFn;
FunctionCallee TaintPopStackFrameFn;
FunctionCallee TaintTraceAllocaFn;
FunctionCallee TaintCheckBoundsFn;
FunctionCallee TaintSolveBoundsFn;
FunctionCallee TaintSolveSizeFn;
FunctionCallee TaintTraceGlobalFn;
FunctionCallee TaintDebugFn;
SmallPtrSet<Value *, 16> TaintRuntimeFunctions;
Constant *CallStack;
MDNode *ColdCallWeights;
TaintABIList ABIList;
DenseMap<Value *, Function *> UnwrappedFnMap;
AttributeMask ReadOnlyNoneAttrs;
/// Memory map parameters used in calculation mapping application addresses
/// to shadow addresses and origin addresses.
const MemoryMapParams *MapParams;
Value *getShadowOffset(Value *Addr, IRBuilder<> &IRB);
Value *getShadowAddress(Value *Addr, IRBuilder<> &IRB);
bool isInstrumented(const Function *F);
bool isInstrumented(const GlobalAlias *GA);
FunctionType *getArgsFunctionType(FunctionType *T);
bool isForceZeroLabels(const Function *F);
FunctionType *getTrampolineFunctionType(FunctionType *T);
TransformedFunction getCustomFunctionType(FunctionType *T);
WrapperKind getWrapperKind(Function *F);
void addGlobalNameSuffix(GlobalValue *GV);
Function *buildWrapperFunction(Function *F, StringRef NewFName,
GlobalValue::LinkageTypes NewFLink,
FunctionType *NewFT);
Constant *getOrBuildTrampolineFunction(FunctionType *FT, StringRef FName);
void addContextRecording(Function &F);
void addFrameTracing(Function &F);
uint32_t getInstructionId(Instruction *Inst);
const uint32_t InvalidInstructionId = -1;
void initializeRuntimeFunctions(Module &M);
void initializeCallbackFunctions(Module &M);
bool initializeModule(Module &M);
/// Returns a zero constant with the shadow type of OrigTy.
///
/// getZeroShadow({T1,T2,...}) = {getZeroShadow(T1),getZeroShadow(T2,...}
/// getZeroShadow([n x T]) = [n x getZeroShadow(T)]
/// getZeroShadow(other type) = i16(0)
///
/// Note that a zero shadow is always i16(0) when shouldTrackFieldsAndIndices
/// returns false.
Constant *getZeroShadow(Type *OrigTy);
/// Returns a zero constant with the shadow type of V's type.
Constant *getZeroShadow(Value *V);
/// Checks if V is a zero shadow.
bool isZeroShadow(Value *V);
/// Returns the shadow type of OrigTy.
///
/// getShadowTy({T1,T2,...}) = {getShadowTy(T1),getShadowTy(T2),...}
/// getShadowTy([n x T]) = [n x getShadowTy(T)]
/// getShadowTy(other type) = i16
///
/// Note that a shadow type is always i16 when shouldTrackFieldsAndIndices
/// returns false.
Type *getShadowTy(Type *OrigTy);
/// Returns the shadow type of of V's type.
Type *getShadowTy(Value *V);
/// Returns an uninitialized shadow value with the shadow type of OrigTy.
Constant *getUninitializedShadow(Type *OrigTy);
public:
Taint(const std::vector<std::string> &ABIListFiles);
bool runImpl(Module &M);
};
struct TaintFunction {
Taint &TT;
Function *F;
DominatorTree DT;
LoopInfo *LI;
bool IsNativeABI;
bool IsForceZeroLabels;
Value *ArgTLSPtr = nullptr;
Value *RetvalTLSPtr = nullptr;
AllocaInst *LabelReturnAlloca = nullptr;
DenseMap<Value *, Value *> ValShadowMap;
DenseMap<AllocaInst *, AllocaInst *> AllocaShadowMap;
struct PHIFixupElement {
PHINode *Phi;
PHINode *ShadowPhi;
};
std::vector<PHIFixupElement> PHIFixups;
DenseSet<Instruction *> SkipInsts;
std::vector<Value *> NonZeroChecks;
bool AvoidNewBlocks;
std::hash<std::string> HashFn;
struct CachedShadow {
BasicBlock *Block; // The block where Shadow is defined.
Value *Shadow;
};
/// Maps a value to its latest shadow value in terms of domination tree.
DenseMap<std::pair<Value *, Value *>, CachedShadow> CachedShadows;
/// Maps a value to its latest collapsed shadow value it was converted to in
/// terms of domination tree. When ClDebugNonzeroLabels is on, this cache is
/// used at a post process where CFG blocks are split. So it does not cache
/// BasicBlock like CachedShadows, but uses domination between values.
DenseMap<Value *, Value *> CachedCollapsedShadows;
DenseMap<Value *, std::set<Value *>> ShadowElements;
TaintFunction(Taint &TT, Function *F, bool IsNativeABI,
bool IsForceZeroLabels)
: TT(TT), F(F), IsNativeABI(IsNativeABI),
IsForceZeroLabels(IsForceZeroLabels) {
DT.recalculate(*F);
LI = new LoopInfo(DT);
// initialize the pseudo-random number generator with the function name
srandom(std::hash<std::string>{}(F->getName().str()));
}
~TaintFunction() { delete LI; }
/// Computes the shadow address for a given function argument.
///
/// Shadow = ArgTLS+ArgOffset.
Value *getArgTLS(Type *T, unsigned ArgOffset, IRBuilder<> &IRB);
/// Computes the shadow address for a retval.
Value *getRetvalTLS(Type *T, IRBuilder<> &IRB);
Value *getShadow(Value *V);
void setShadow(Instruction *I, Value *Shadow);
/// Returns the shadow value of a global variable GV.
Value *getShadowForGlobal(GlobalVariable *GV, IRBuilder<> &IRB);
// Op Shadow
Value *combineShadows(Value *V1, Value *V2,
uint16_t op, Instruction *Pos);
Value *combineBinaryOperatorShadows(BinaryOperator *BO, uint8_t op);
Value *combineCastInstShadows(CastInst *CI, uint8_t op);
Value *combineCmpInstShadows(CmpInst *CI, uint8_t op);
void visitCmpInst(CmpInst *I);
void visitCondition(Value *Cond, Instruction *I);
void visitSwitchInst(SwitchInst *I);
Value *visitSelectInst(Value *Cond, Value *TS, Value *FS, SelectInst *I);
void visitGEPInst(GetElementPtrInst *I);
Value *visitAllocaInst(AllocaInst *I, Value *ArraySize, Type *ElTy);
void checkBounds(Value *Ptr, Value *Size, Instruction *Pos);
void solveBounds(Value *Ptr, Value *Size, Instruction *Pos);
/// XXX: because we never collapse taint labels for aggregate types,
/// we also do not expand taint labels from an aggreated primitive
/// shadow value. Instead, we always load the label for each
/// primitive field.
///
/// Load all primitive subtypes of T, returning the aggrate shadow value.
///
/// LS({T1,T2, ...}, Addr) = {LS(T1, SubAdrr),LS(T2, SubAddr),...}
/// LS([n x T], Addr) = [n x LS(T, SubAddr)]
/// LS(other types, Addr) = LS(PS, Addr)
Value *loadShadow(Type *T, Value *Addr, uint64_t Size, Align Alignment,
Instruction *Pos);
/// XXX: we do not union taint labels for aggregate types before store;
/// instead, we store each privimitive field individually.
///
/// Store all primitive subtypes of T, using the aggrate shadow value.
///
/// SS(Addr, {T1,T2, ...}) = SS(SubAddr, T1), SS(SubAddr, T2), ...
/// SS(Addr, [T1,T2,...]) = SS(SubAddr, T1), SS(SubAddr, T2), ...
/// SS(Addr, PS) = SS(Addr, PS)
void storeShadow(Value *Addr, Type *T, uint64_t Size, Align Alignment,
Value *Shadow, Instruction *Pos);
Align getShadowAlign(Align InstAlignment);
private:
/// Loads a primitive shadow label
Value *loadPrimitiveShadow(Value *Addr, uint64_t Size, uint64_t Align,
IRBuilder<> &IRB);
/// Loads shadow recursively for aggregate types
void loadShadowRecursive(Value *Shadow, SmallVector<unsigned, 4> &Indices,
Type *SubTy, Value *Addr, uint64_t Size,
uint64_t Align, IRBuilder<> &IRB);
/// Stores an aggregate shadow label
void storeShadowRecursive(Value *Shadow, SmallVector<unsigned, 4> &Indices,
Type *SubShadowTy, Value *ShadowAddr, uint64_t Size,
uint64_t Align, IRBuilder<> &IRB);
/// Returns the shadow value of an argument A.
Value *getShadowForTLSArgument(Argument *A);
static const uint8_t TrueBranchLoopLatch = 0x8;
static const uint8_t FalseBranchLoopLatch = 0x4;
static const uint8_t TrueBranchLoopExit = 0x2;
static const uint8_t FalseBranchLoopExit = 0x1;
static const uint8_t LoopExitBranch = TrueBranchLoopExit | FalseBranchLoopExit;
};
class TaintVisitor : public InstVisitor<TaintVisitor> {
public:
TaintFunction &TF;
TaintVisitor(TaintFunction &TF) : TF(TF) {}
const DataLayout &getDataLayout() const {
return TF.F->getParent()->getDataLayout();
}
//void visitUnaryOperator(UnaryOperator &UO);
void visitBinaryOperator(BinaryOperator &BO);
void visitCastInst(CastInst &CI);
void visitCmpInst(CmpInst &CI);
void visitLandingPadInst(LandingPadInst &LPI);
void visitGetElementPtrInst(GetElementPtrInst &GEPI);
void visitLoadInst(LoadInst &LI);
void visitStoreInst(StoreInst &SI);
void visitAtomicRMWInst(AtomicRMWInst &I);
//void visitAtomicCmpXchgInst(AtomicCmpXchgInst &I);
void visitReturnInst(ReturnInst &RI);
void visitCallBase(CallBase &CB);
void visitPHINode(PHINode &PN);
void visitExtractElementInst(ExtractElementInst &I);
void visitInsertElementInst(InsertElementInst &I);
void visitShuffleVectorInst(ShuffleVectorInst &I);
void visitExtractValueInst(ExtractValueInst &I);
void visitInsertValueInst(InsertValueInst &I);
void visitAllocaInst(AllocaInst &I);
void visitSelectInst(SelectInst &I);
void visitMemSetInst(MemSetInst &I);
void visitMemTransferInst(MemTransferInst &I);
void visitBranchInst(BranchInst &BR);
void visitSwitchInst(SwitchInst &SW);
private:
//void visitCASOrRMW(Align InstAlignment, Instruction &I);
// Returns false when this is an invoke of a custom function.
bool visitWrappedCallBase(Function *F, CallBase &CB);
void addShadowArguments(Function *F, CallBase &CB, std::vector<Value *> &Args,
IRBuilder<> &IRB);
void visitIntrinsicCallBase(Function *F, CallBase &CB);
};
} // end anonymous namespace
Taint::Taint(
const std::vector<std::string> &ABIListFiles) {
std::vector<std::string> AllABIListFiles(std::move(ABIListFiles));
llvm::append_range(AllABIListFiles, ClABIListFiles);
// FIXME: should we propagate vfs::FileSystem to this constructor?
ABIList.set(
SpecialCaseList::createOrDie(AllABIListFiles, *vfs::getRealFileSystem()));
}
FunctionType *Taint::getArgsFunctionType(FunctionType *T) {
SmallVector<Type *, 4> ArgTypes(T->param_begin(), T->param_end());
// we keep the shadow type consistent with the arg type so we don't
// need to collapse or expand the shadow
for (unsigned i = 0, ie = T->getNumParams(); i != ie; ++i) {
Type* param_type = T->getParamType(i);
ArgTypes.push_back(getShadowTy(param_type));
}
// ArgTypes.append(T->getNumParams(), PrimitiveShadowTy);
if (T->isVarArg()) // FIXME: vararg
ArgTypes.push_back(PrimitiveShadowPtrTy);
Type *RetType = T->getReturnType();
if (!RetType->isVoidTy())
RetType = StructType::get(RetType, getShadowTy(RetType));
return FunctionType::get(RetType, ArgTypes, T->isVarArg());
}
FunctionType *Taint::getTrampolineFunctionType(FunctionType *T) {
assert(!T->isVarArg());
SmallVector<Type *, 4> ArgTypes;
ArgTypes.push_back(T->getPointerTo());
ArgTypes.append(T->param_begin(), T->param_end());
// we keep the shadow type consistent with the arg type so we don't
// need to collapse or expand the shadow
for (unsigned i = 0, ie = T->getNumParams(); i != ie; ++i) {
Type* param_type = T->getParamType(i);
ArgTypes.push_back(getShadowTy(param_type));
}
// ArgTypes.append(T->getNumParams(), PrimitiveShadowTy);
Type *RetType = T->getReturnType();
if (!RetType->isVoidTy())
// ArgTypes.push_back(PrimitiveShadowPtrTy);
ArgTypes.push_back(PointerType::getUnqual(getShadowTy(RetType)));
return FunctionType::get(T->getReturnType(), ArgTypes, false);
}
TransformedFunction Taint::getCustomFunctionType(FunctionType *T) {
SmallVector<Type *, 4> ArgTypes;
// Some parameters of the custom function being constructed are
// parameters of T. Record the mapping from parameters of T to
// parameters of the custom function, so that parameter attributes
// at call sites can be updated.
std::vector<unsigned> ArgumentIndexMapping;
for (unsigned I = 0, E = T->getNumParams(); I != E; ++I) {
Type* ParamType = T->getParamType(I);
FunctionType *FT;
if (isa<PointerType>(ParamType) &&
(FT = dyn_cast<FunctionType>(ParamType->getPointerElementType()))) {
ArgumentIndexMapping.push_back(ArgTypes.size());
ArgTypes.push_back(getTrampolineFunctionType(FT)->getPointerTo());
ArgTypes.push_back(Type::getInt8PtrTy(*Ctx));
} else {
ArgumentIndexMapping.push_back(ArgTypes.size());
ArgTypes.push_back(ParamType);
}
}
for (unsigned i = 0, e = T->getNumParams(); i != e; ++i) {
// we keep the shadow type consistent with the arg type so we don't
// need to collapse or expand the shadow
Type* param_type = T->getParamType(i);
ArgTypes.push_back(getShadowTy(param_type));
// ArgTypes.push_back(PrimitiveShadowTy);
}
if (T->isVarArg()) // FIXME: vararg
ArgTypes.push_back(PrimitiveShadowPtrTy);
Type *RetType = T->getReturnType();
if (!RetType->isVoidTy())
ArgTypes.push_back(PointerType::getUnqual(getShadowTy(RetType)));
// ArgTypes.push_back(PrimitiveShadowPtrTy);
return TransformedFunction(
T, FunctionType::get(T->getReturnType(), ArgTypes, T->isVarArg()),
ArgumentIndexMapping);
}
bool Taint::isZeroShadow(Value *V) {
Type *T = V->getType();
if (!isa<ArrayType>(T) && !isa<StructType>(T)) {
if (const ConstantInt *CI = dyn_cast<ConstantInt>(V))
return CI->isZero();
return false;
}
return isa<ConstantAggregateZero>(V);
}
Constant *Taint::getUninitializedShadow(Type *OrigTy) {
if (!isa<ArrayType>(OrigTy) && !isa<StructType>(OrigTy))
return UninitializedPrimitiveShadow;
Type *ShadowTy = getShadowTy(OrigTy);
if (ArrayType *AT = dyn_cast<ArrayType>(ShadowTy)) {
SmallVector<Constant *, 4> Elements(AT->getNumElements(),
getUninitializedShadow(AT->getElementType()));
return ConstantArray::get(AT, Elements);
} else if (StructType *ST = dyn_cast<StructType>(ShadowTy)) {
SmallVector<Constant *, 4> Elements(ST->getNumElements());
for (unsigned I = 0, N = ST->getNumElements(); I < N; ++I)
Elements[I] = getUninitializedShadow(ST->getElementType(I));
return ConstantStruct::get(ST, Elements);
}
llvm_unreachable("Unexpected type for uninitialized shadow");
}
Constant *Taint::getZeroShadow(Type *OrigTy) {
if (!isa<ArrayType>(OrigTy) && !isa<StructType>(OrigTy))
return ZeroPrimitiveShadow;
Type *ShadowTy = getShadowTy(OrigTy);
return ConstantAggregateZero::get(ShadowTy);
}
Constant *Taint::getZeroShadow(Value *V) {
return getZeroShadow(V->getType());
}
Type *Taint::getShadowTy(Type *OrigTy) {
if (!OrigTy->isSized())
return PrimitiveShadowTy;
if (isa<IntegerType>(OrigTy))
return PrimitiveShadowTy;
if (isa<VectorType>(OrigTy))
return PrimitiveShadowTy;
if (ArrayType *AT = dyn_cast<ArrayType>(OrigTy))
return ArrayType::get(getShadowTy(AT->getElementType()),
AT->getNumElements());
if (StructType *ST = dyn_cast<StructType>(OrigTy)) {
SmallVector<Type *, 4> Elements;
for (unsigned I = 0, N = ST->getNumElements(); I < N; ++I)
Elements.push_back(getShadowTy(ST->getElementType(I)));
return StructType::get(*Ctx, Elements);
}
return PrimitiveShadowTy;
}
Type *Taint::getShadowTy(Value *V) {
return getShadowTy(V->getType());
}
uint32_t Taint::getInstructionId(Instruction *Inst) {
// check if there is a bbid annotation
if (MDNode *BBID = Inst->getMetadata("bbid")) {
auto C = dyn_cast<ConstantAsMetadata>(BBID->getOperand(0));
if (ConstantInt *CI = dyn_cast<ConstantInt>(C->getValue())) {
uint64_t BBIDValue = CI->getZExtValue();
assert(BBIDValue < UINT32_MAX &&
"bbid value is too large for 32-bit hash");
return static_cast<uint32_t>(BBIDValue);
}
}
if (ClTraceAnnotatedBB && Inst->isTerminator())
return InvalidInstructionId;
// otherwise, fallback to hash
static uint32_t unamed = 0;
auto SourceInfo = Mod->getSourceFileName();
DILocation *Loc = Inst->getDebugLoc();
if (Loc) {
auto Line = Loc->getLine();
auto Col = Loc->getColumn();
SourceInfo += ":" + std::to_string(Line) + ":" + std::to_string(Col);
} else {
SourceInfo += "unamed:" + std::to_string(unamed++);
}
return djbHash(SourceInfo);
}
void Taint::addContextRecording(Function &F) {
// Most code from Angora
BasicBlock *BB = &F.getEntryBlock();
assert(pred_begin(BB) == pred_end(BB) &&
"Assume that entry block has no predecessors");
// Add ctx ^ hash(fun_name) at the beginning of a function
IRBuilder<> IRB(&*(BB->getFirstInsertionPt()));
// Strip dfs$ prefix
auto FName = F.getName();
if (FName.startswith("dfs")) {
size_t pos = FName.find_first_of('$');
FName = FName.drop_front(pos + 1);
}
// add source file name for static function
if (!F.hasExternalLinkage()) {
FName = StringRef(Mod->getSourceFileName() + "::" + FName.str());
}
uint32_t hash = djbHash(FName);
ConstantInt *CID = ConstantInt::get(Int32Ty, hash);
LoadInst *LCS = IRB.CreateLoad(Int32Ty, CallStack);
LCS->setMetadata(Mod->getMDKindID("nosanitize"), MDNode::get(*Ctx, None));
Value *NCS = IRB.CreateXor(LCS, CID);
StoreInst *SCS = IRB.CreateStore(NCS, CallStack);
SCS->setMetadata(Mod->getMDKindID("nosanitize"), MDNode::get(*Ctx, None));
// Recover ctx at the end of a function
for (auto FI = F.begin(), FE = F.end(); FI != FE; FI++) {
BasicBlock *BB = &*FI;
Instruction *Inst = BB->getTerminator();
if (isa<ReturnInst>(Inst) || isa<ResumeInst>(Inst)) {
IRB.SetInsertPoint(Inst);
SCS = IRB.CreateStore(LCS, CallStack);
SCS->setMetadata(Mod->getMDKindID("nosanitize"), MDNode::get(*Ctx, None));
}
}
}
void Taint::addFrameTracing(Function &F) {
BasicBlock *BB = &F.getEntryBlock();
assert(pred_begin(BB) == pred_end(BB) &&
"Assume that entry block has no predecessors");
IRBuilder<> IRB(&*(BB->getFirstInsertionPt()));
IRB.CreateCall(TaintPushStackFrameFn);
// Recover ctx at the end of a
gitextract_05a7zgkf/
├── .github/
│ └── workflows/
│ └── test.yml
├── .gitignore
├── CMakeLists.txt
├── Dockerfile
├── LICENSE
├── README.md
├── backend/
│ ├── CMakeLists.txt
│ └── fastgen.cpp
├── compiler/
│ ├── CMakeLists.txt
│ └── ko_clang.c
├── driver/
│ ├── CMakeLists.txt
│ ├── aflpp/
│ │ ├── CMakeLists.txt
│ │ ├── README.md
│ │ ├── rgd.proto
│ │ └── symsan.cpp
│ ├── fgtest.cpp
│ ├── harness-proxy.c
│ └── launcher/
│ ├── CMakeLists.txt
│ └── launch.c
├── include/
│ ├── alloc_inl.h
│ ├── ast.h
│ ├── cov.h
│ ├── debug.h
│ ├── defs.h
│ ├── launch.h
│ ├── parse-rgd.h
│ ├── parse-z3.h
│ ├── parse.h
│ ├── solver.h
│ ├── task.h
│ ├── task_mgr.h
│ ├── union_find.h
│ └── version.h
├── instrumentation/
│ ├── CMakeLists.txt
│ └── TaintPass.cpp
├── parsers/
│ ├── CMakeLists.txt
│ └── rgd-parser.cpp
├── python/
│ ├── CMakeLists.txt
│ ├── README.md
│ ├── symsan-py.cpp
│ └── test.py
├── runtime/
│ ├── CMakeLists.txt
│ ├── cmake/
│ │ ├── AddCompilerRT.cmake
│ │ ├── BuiltinTests.cmake
│ │ ├── CompilerRTCompile.cmake
│ │ ├── CompilerRTDarwinUtils.cmake
│ │ ├── CompilerRTLink.cmake
│ │ ├── CompilerRTUtils.cmake
│ │ ├── CustomLibcxx/
│ │ │ └── CMakeLists.txt
│ │ ├── HandleCompilerRT.cmake
│ │ └── SanitizerUtils.cmake
│ ├── common_interface_defs.h
│ ├── dfsan/
│ │ ├── .clang-format
│ │ ├── CMakeLists.txt
│ │ ├── dfsan.cpp
│ │ ├── dfsan.h
│ │ ├── dfsan.syms.extra
│ │ ├── dfsan_custom.cpp
│ │ ├── dfsan_flags.inc
│ │ ├── dfsan_interceptors.cpp
│ │ ├── dfsan_platform.h
│ │ ├── done_abilist.txt
│ │ ├── libc++_abilist.txt
│ │ ├── libc_ubuntu1404_abilist.txt
│ │ ├── libc_ubuntu1804_abilist.txt
│ │ ├── libc_ubuntu2204_abilist.txt
│ │ ├── libc_ubuntu2404_abilist.txt
│ │ ├── scripts/
│ │ │ ├── build-libc-list.py
│ │ │ └── check_custom_wrappers.sh
│ │ ├── taint.ld
│ │ ├── taint_allocator.cpp
│ │ ├── taint_allocator.h
│ │ ├── union_hashtable.cpp
│ │ ├── union_hashtable.h
│ │ ├── union_util.cpp
│ │ └── union_util.h
│ ├── interception/
│ │ ├── .clang-format
│ │ ├── CMakeLists.txt
│ │ ├── interception.h
│ │ ├── interception_linux.cpp
│ │ ├── interception_linux.h
│ │ ├── interception_mac.cpp
│ │ ├── interception_mac.h
│ │ ├── interception_type_test.cpp
│ │ ├── interception_win.cpp
│ │ ├── interception_win.h
│ │ └── tests/
│ │ ├── CMakeLists.txt
│ │ ├── interception_linux_test.cpp
│ │ ├── interception_test_main.cpp
│ │ └── interception_win_test.cpp
│ ├── libclang_rt.dfsan-x86_64.a.syms
│ └── sanitizer_common/
│ ├── .clang-format
│ ├── CMakeLists.txt
│ ├── sancov_flags.cpp
│ ├── sancov_flags.h
│ ├── sancov_flags.inc
│ ├── sanitizer_addrhashmap.h
│ ├── sanitizer_allocator.cpp
│ ├── sanitizer_allocator.h
│ ├── sanitizer_allocator_bytemap.h
│ ├── sanitizer_allocator_checks.cpp
│ ├── sanitizer_allocator_checks.h
│ ├── sanitizer_allocator_combined.h
│ ├── sanitizer_allocator_dlsym.h
│ ├── sanitizer_allocator_interface.h
│ ├── sanitizer_allocator_internal.h
│ ├── sanitizer_allocator_local_cache.h
│ ├── sanitizer_allocator_primary32.h
│ ├── sanitizer_allocator_primary64.h
│ ├── sanitizer_allocator_report.cpp
│ ├── sanitizer_allocator_report.h
│ ├── sanitizer_allocator_secondary.h
│ ├── sanitizer_allocator_size_class_map.h
│ ├── sanitizer_allocator_stats.h
│ ├── sanitizer_asm.h
│ ├── sanitizer_atomic.h
│ ├── sanitizer_atomic_clang.h
│ ├── sanitizer_atomic_clang_mips.h
│ ├── sanitizer_atomic_clang_other.h
│ ├── sanitizer_atomic_clang_x86.h
│ ├── sanitizer_atomic_msvc.h
│ ├── sanitizer_bitvector.h
│ ├── sanitizer_bvgraph.h
│ ├── sanitizer_chained_origin_depot.cpp
│ ├── sanitizer_chained_origin_depot.h
│ ├── sanitizer_common.cpp
│ ├── sanitizer_common.h
│ ├── sanitizer_common_interceptors.inc
│ ├── sanitizer_common_interceptors_format.inc
│ ├── sanitizer_common_interceptors_ioctl.inc
│ ├── sanitizer_common_interceptors_netbsd_compat.inc
│ ├── sanitizer_common_interceptors_vfork_aarch64.inc.S
│ ├── sanitizer_common_interceptors_vfork_arm.inc.S
│ ├── sanitizer_common_interceptors_vfork_i386.inc.S
│ ├── sanitizer_common_interceptors_vfork_riscv64.inc.S
│ ├── sanitizer_common_interceptors_vfork_x86_64.inc.S
│ ├── sanitizer_common_interface.inc
│ ├── sanitizer_common_interface_posix.inc
│ ├── sanitizer_common_libcdep.cpp
│ ├── sanitizer_common_nolibc.cpp
│ ├── sanitizer_common_syscalls.inc
│ ├── sanitizer_coverage_fuchsia.cpp
│ ├── sanitizer_coverage_interface.inc
│ ├── sanitizer_coverage_libcdep_new.cpp
│ ├── sanitizer_coverage_win_dll_thunk.cpp
│ ├── sanitizer_coverage_win_dynamic_runtime_thunk.cpp
│ ├── sanitizer_coverage_win_sections.cpp
│ ├── sanitizer_coverage_win_weak_interception.cpp
│ ├── sanitizer_dbghelp.h
│ ├── sanitizer_deadlock_detector.h
│ ├── sanitizer_deadlock_detector1.cpp
│ ├── sanitizer_deadlock_detector2.cpp
│ ├── sanitizer_deadlock_detector_interface.h
│ ├── sanitizer_dense_map.h
│ ├── sanitizer_dense_map_info.h
│ ├── sanitizer_errno.cpp
│ ├── sanitizer_errno.h
│ ├── sanitizer_errno_codes.h
│ ├── sanitizer_file.cpp
│ ├── sanitizer_file.h
│ ├── sanitizer_flag_parser.cpp
│ ├── sanitizer_flag_parser.h
│ ├── sanitizer_flags.cpp
│ ├── sanitizer_flags.h
│ ├── sanitizer_flags.inc
│ ├── sanitizer_flat_map.h
│ ├── sanitizer_freebsd.h
│ ├── sanitizer_fuchsia.cpp
│ ├── sanitizer_fuchsia.h
│ ├── sanitizer_getauxval.h
│ ├── sanitizer_glibc_version.h
│ ├── sanitizer_hash.h
│ ├── sanitizer_interceptors_ioctl_netbsd.inc
│ ├── sanitizer_interface_internal.h
│ ├── sanitizer_internal_defs.h
│ ├── sanitizer_leb128.h
│ ├── sanitizer_lfstack.h
│ ├── sanitizer_libc.cpp
│ ├── sanitizer_libc.h
│ ├── sanitizer_libignore.cpp
│ ├── sanitizer_libignore.h
│ ├── sanitizer_linux.cpp
│ ├── sanitizer_linux.h
│ ├── sanitizer_linux_libcdep.cpp
│ ├── sanitizer_linux_s390.cpp
│ ├── sanitizer_list.h
│ ├── sanitizer_local_address_space_view.h
│ ├── sanitizer_lzw.h
│ ├── sanitizer_mac.cpp
│ ├── sanitizer_mac.h
│ ├── sanitizer_mac_libcdep.cpp
│ ├── sanitizer_malloc_mac.inc
│ ├── sanitizer_mutex.cpp
│ ├── sanitizer_mutex.h
│ ├── sanitizer_netbsd.cpp
│ ├── sanitizer_openbsd.cpp
│ ├── sanitizer_persistent_allocator.cpp
│ ├── sanitizer_persistent_allocator.h
│ ├── sanitizer_placement_new.h
│ ├── sanitizer_platform.h
│ ├── sanitizer_platform_interceptors.h
│ ├── sanitizer_platform_limits_freebsd.cpp
│ ├── sanitizer_platform_limits_freebsd.h
│ ├── sanitizer_platform_limits_linux.cpp
│ ├── sanitizer_platform_limits_netbsd.cpp
│ ├── sanitizer_platform_limits_netbsd.h
│ ├── sanitizer_platform_limits_openbsd.cpp
│ ├── sanitizer_platform_limits_openbsd.h
│ ├── sanitizer_platform_limits_posix.cpp
│ ├── sanitizer_platform_limits_posix.h
│ ├── sanitizer_platform_limits_solaris.cpp
│ ├── sanitizer_platform_limits_solaris.h
│ ├── sanitizer_posix.cpp
│ ├── sanitizer_posix.h
│ ├── sanitizer_posix_libcdep.cpp
│ ├── sanitizer_printf.cpp
│ ├── sanitizer_procmaps.h
│ ├── sanitizer_procmaps_bsd.cpp
│ ├── sanitizer_procmaps_common.cpp
│ ├── sanitizer_procmaps_fuchsia.cpp
│ ├── sanitizer_procmaps_linux.cpp
│ ├── sanitizer_procmaps_mac.cpp
│ ├── sanitizer_procmaps_solaris.cpp
│ ├── sanitizer_ptrauth.h
│ ├── sanitizer_quarantine.h
│ ├── sanitizer_report_decorator.h
│ ├── sanitizer_ring_buffer.h
│ ├── sanitizer_rtems.cpp
│ ├── sanitizer_rtems.h
│ ├── sanitizer_signal_interceptors.inc
│ ├── sanitizer_solaris.cpp
│ ├── sanitizer_stack_store.cpp
│ ├── sanitizer_stack_store.h
│ ├── sanitizer_stackdepot.cpp
│ ├── sanitizer_stackdepot.h
│ ├── sanitizer_stackdepotbase.h
│ ├── sanitizer_stacktrace.cpp
│ ├── sanitizer_stacktrace.h
│ ├── sanitizer_stacktrace_libcdep.cpp
│ ├── sanitizer_stacktrace_printer.cpp
│ ├── sanitizer_stacktrace_printer.h
│ ├── sanitizer_stacktrace_sparc.cpp
│ ├── sanitizer_stoptheworld.h
│ ├── sanitizer_stoptheworld_fuchsia.cpp
│ ├── sanitizer_stoptheworld_fuchsia.h
│ ├── sanitizer_stoptheworld_linux_libcdep.cpp
│ ├── sanitizer_stoptheworld_mac.cpp
│ ├── sanitizer_stoptheworld_netbsd_libcdep.cpp
│ ├── sanitizer_stoptheworld_win.cpp
│ ├── sanitizer_suppressions.cpp
│ ├── sanitizer_suppressions.h
│ ├── sanitizer_symbolizer.cpp
│ ├── sanitizer_symbolizer.h
│ ├── sanitizer_symbolizer_fuchsia.h
│ ├── sanitizer_symbolizer_internal.h
│ ├── sanitizer_symbolizer_libbacktrace.cpp
│ ├── sanitizer_symbolizer_libbacktrace.h
│ ├── sanitizer_symbolizer_libcdep.cpp
│ ├── sanitizer_symbolizer_mac.cpp
│ ├── sanitizer_symbolizer_mac.h
│ ├── sanitizer_symbolizer_markup.cpp
│ ├── sanitizer_symbolizer_posix_libcdep.cpp
│ ├── sanitizer_symbolizer_report.cpp
│ ├── sanitizer_symbolizer_rtems.h
│ ├── sanitizer_symbolizer_win.cpp
│ ├── sanitizer_syscall_generic.inc
│ ├── sanitizer_syscall_linux_aarch64.inc
│ ├── sanitizer_syscall_linux_arm.inc
│ ├── sanitizer_syscall_linux_hexagon.inc
│ ├── sanitizer_syscall_linux_riscv64.inc
│ ├── sanitizer_syscall_linux_x86_64.inc
│ ├── sanitizer_syscalls_netbsd.inc
│ ├── sanitizer_termination.cpp
│ ├── sanitizer_thread_registry.cpp
│ ├── sanitizer_thread_registry.h
│ ├── sanitizer_thread_safety.h
│ ├── sanitizer_tls_get_addr.cpp
│ ├── sanitizer_tls_get_addr.h
│ ├── sanitizer_type_traits.cpp
│ ├── sanitizer_type_traits.h
│ ├── sanitizer_unwind_linux_libcdep.cpp
│ ├── sanitizer_unwind_win.cpp
│ ├── sanitizer_vector.h
│ ├── sanitizer_win.cpp
│ ├── sanitizer_win.h
│ ├── sanitizer_win_defs.h
│ ├── sanitizer_win_dll_thunk.cpp
│ ├── sanitizer_win_dll_thunk.h
│ ├── sanitizer_win_dynamic_runtime_thunk.cpp
│ ├── sanitizer_win_weak_interception.cpp
│ ├── sanitizer_win_weak_interception.h
│ ├── scripts/
│ │ ├── check_lint.sh
│ │ ├── cpplint.py
│ │ ├── gen_dynamic_list.py
│ │ ├── litlint.py
│ │ ├── litlint_test.py
│ │ └── sancov.py
│ ├── symbolizer/
│ │ ├── sanitizer_symbolize.cpp
│ │ ├── sanitizer_wrappers.cpp
│ │ └── scripts/
│ │ ├── ar_to_bc.sh
│ │ ├── build_symbolizer.sh
│ │ └── global_symbols.txt
│ ├── tests/
│ │ ├── CMakeLists.txt
│ │ ├── malloc_stress_transfer_test.cpp
│ │ ├── sanitizer_addrhashmap_test.cpp
│ │ ├── sanitizer_allocator_test.cpp
│ │ ├── sanitizer_allocator_testlib.cpp
│ │ ├── sanitizer_atomic_test.cpp
│ │ ├── sanitizer_bitvector_test.cpp
│ │ ├── sanitizer_bvgraph_test.cpp
│ │ ├── sanitizer_chained_origin_depot_test.cpp
│ │ ├── sanitizer_common_test.cpp
│ │ ├── sanitizer_deadlock_detector_test.cpp
│ │ ├── sanitizer_dense_map_test.cpp
│ │ ├── sanitizer_flags_test.cpp
│ │ ├── sanitizer_flat_map_test.cpp
│ │ ├── sanitizer_format_interceptor_test.cpp
│ │ ├── sanitizer_hash_test.cpp
│ │ ├── sanitizer_ioctl_test.cpp
│ │ ├── sanitizer_leb128_test.cpp
│ │ ├── sanitizer_libc_test.cpp
│ │ ├── sanitizer_linux_test.cpp
│ │ ├── sanitizer_list_test.cpp
│ │ ├── sanitizer_lzw_test.cpp
│ │ ├── sanitizer_mac_test.cpp
│ │ ├── sanitizer_mutex_test.cpp
│ │ ├── sanitizer_nolibc_test.cpp
│ │ ├── sanitizer_nolibc_test_main.cpp
│ │ ├── sanitizer_posix_test.cpp
│ │ ├── sanitizer_printf_test.cpp
│ │ ├── sanitizer_procmaps_test.cpp
│ │ ├── sanitizer_pthread_wrappers.h
│ │ ├── sanitizer_quarantine_test.cpp
│ │ ├── sanitizer_ring_buffer_test.cpp
│ │ ├── sanitizer_stack_store_test.cpp
│ │ ├── sanitizer_stackdepot_test.cpp
│ │ ├── sanitizer_stacktrace_printer_test.cpp
│ │ ├── sanitizer_stacktrace_test.cpp
│ │ ├── sanitizer_stoptheworld_test.cpp
│ │ ├── sanitizer_stoptheworld_testlib.cpp
│ │ ├── sanitizer_suppressions_test.cpp
│ │ ├── sanitizer_symbolizer_test.cpp
│ │ ├── sanitizer_test_config.h
│ │ ├── sanitizer_test_main.cpp
│ │ ├── sanitizer_test_utils.h
│ │ ├── sanitizer_thread_registry_test.cpp
│ │ ├── sanitizer_type_traits_test.cpp
│ │ ├── sanitizer_vector_test.cpp
│ │ └── standalone_malloc_test.cpp
│ └── weak_symbols.txt
├── solvers/
│ ├── CMakeLists.txt
│ ├── i2s-solver.cpp
│ ├── jigsaw/
│ │ ├── CMakeLists.txt
│ │ ├── config.h
│ │ ├── gd.cc
│ │ ├── grad.cc
│ │ ├── grad.h
│ │ ├── input.cc
│ │ ├── input.h
│ │ ├── jit.cc
│ │ ├── jit.h
│ │ └── rgdJit.h
│ ├── jit-solver.cpp
│ ├── wheels/
│ │ ├── concurrentqueue/
│ │ │ └── queue.h
│ │ ├── lockfreehash/
│ │ │ ├── cuckoo/
│ │ │ │ ├── Makefile
│ │ │ │ ├── benchmark_lockfree_ht.h
│ │ │ │ ├── benchmark_unordered_map.h
│ │ │ │ ├── cycle_timer.h
│ │ │ │ ├── hash_table.h
│ │ │ │ ├── lockfree_hash_table.cpp
│ │ │ │ ├── lockfree_hash_table.h
│ │ │ │ ├── main.cpp
│ │ │ │ └── thread_service.h
│ │ │ └── lprobe/
│ │ │ ├── Makefile
│ │ │ ├── alloc.h
│ │ │ ├── benchmark_lprobe.h
│ │ │ ├── benchmark_lprobe_ptr.h
│ │ │ ├── block_allocator.h
│ │ │ ├── concurrent_stack.h
│ │ │ ├── cycle_timer.h
│ │ │ ├── data.h
│ │ │ ├── data_ptr.h
│ │ │ ├── get_time.h
│ │ │ ├── hash_table.h
│ │ │ ├── main.cc
│ │ │ ├── memory_size.h
│ │ │ ├── monoid.h
│ │ │ ├── parallel.h
│ │ │ ├── seq.h
│ │ │ ├── sequence_ops.h
│ │ │ ├── thread_service.h
│ │ │ ├── thread_service_ptr.h
│ │ │ └── utilities.h
│ │ └── threadpool/
│ │ ├── ThreadPool.h
│ │ ├── ctpl.h
│ │ └── threadpool_example.cpp
│ ├── z3-solver.cpp
│ ├── z3-ts.cpp
│ └── z3.cpp
├── tests/
│ ├── CMakeLists.txt
│ ├── aggregate.c
│ ├── atoi_test.c
│ ├── atomicrmw.c
│ ├── bitflip.c
│ ├── bool.c
│ ├── boundary.c
│ ├── boundary2.c
│ ├── boundary3.c
│ ├── boundary4.c
│ ├── boundary5.c
│ ├── boundary6.c
│ ├── boundary7.c
│ ├── bounds.cpp
│ ├── call_fn.c
│ ├── call_fn2.c
│ ├── call_fn3.c
│ ├── cf1.c
│ ├── concrete_haystack.c
│ ├── context.c
│ ├── cpp_fstream.cpp
│ ├── cpp_map.cpp
│ ├── cpp_string.cpp
│ ├── gep.c
│ ├── if_eq.c
│ ├── infer_type.c
│ ├── lib.h
│ ├── lit.cfg
│ ├── lit.site.cfg.in
│ ├── memchr.c
│ ├── memchr_chain.c
│ ├── memchr_mixed_chain.c
│ ├── memcmp.c
│ ├── memmem.c
│ ├── memrchr.c
│ ├── memrchr_chain.c
│ ├── mini.c
│ ├── mini2.c
│ ├── optimistic.c
│ ├── partial_concrete.c
│ ├── partial_concrete2.c
│ ├── partial_concrete3.c
│ ├── pointer.c
│ ├── prefixof.c
│ ├── shift_and.c
│ ├── sign.c
│ ├── str_mem_mixed_chain.c
│ ├── strcat.c
│ ├── strcat_mixed.c
│ ├── strchr.c
│ ├── strchr_chain.c
│ ├── strchr_mixed_chain.c
│ ├── strcmp.c
│ ├── strcmp2.c
│ ├── strdup.c
│ ├── strlen_extend.c
│ ├── strlen_json3.c
│ ├── strlen_null_from_input.c
│ ├── strlen_shrink.c
│ ├── strlen_test.c
│ ├── strncat.c
│ ├── strncpy_simple.c
│ ├── strncpy_substr.c
│ ├── strndup.c
│ ├── strnstr.c
│ ├── strpbrk.c
│ ├── strrchr.c
│ ├── strstr.c
│ ├── strsub.c
│ ├── struct.c
│ ├── switch.c
│ ├── ubsan_div.c
│ ├── ubsan_intovfl.c
│ ├── ubsan_mulovfl.c
│ ├── ubsan_negateovfl.c
│ ├── ubsan_shift.c
│ ├── ubsan_signchange.c
│ ├── ubsan_signed_intovfl.c
│ ├── ubsan_subovfl.c
│ ├── ubsan_trunc.c
│ ├── unaligned_load.c
│ └── xor_bool.c
└── wrappers/
├── CMakeLists.txt
└── zlib_abilist.txt
Showing preview only (306K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (3610 symbols across 372 files)
FILE: backend/fastgen.cpp
function __solve_cond (line 33) | static inline void __solve_cond(dfsan_label label, uint8_t result,
function __send_ubi (line 79) | static inline void __send_ubi(dfsan_label label, uint64_t result,
type switch_true_case (line 100) | struct switch_true_case {
function SANITIZER_INTERFACE_ATTRIBUTE (line 105) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 147) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 167) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 196) | SANITIZER_INTERFACE_ATTRIBUTE dfsan_label
function SANITIZER_INTERFACE_ATTRIBUTE (line 236) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 244) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 308) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 313) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 373) | SANITIZER_INTERFACE_ATTRIBUTE void
function InitializeSolver (line 406) | void InitializeSolver() {
FILE: compiler/ko_clang.c
function find_obj (line 82) | static void find_obj(const char *argv0) {
function check_type (line 121) | static void check_type(char *name) {
function u8 (line 127) | static u8 check_if_assembler(u32 argc, char **argv) {
function add_runtime (line 142) | static void add_runtime() {
function add_taint_pass (line 194) | static void add_taint_pass() {
function edit_params (line 230) | static void edit_params(u32 argc, char **argv) {
function main (line 404) | int main(int argc, char **argv) {
FILE: driver/aflpp/symsan.cpp
type mutation_state_t (line 83) | enum mutation_state_t {
type my_mutator_t (line 89) | struct my_mutator_t {
method my_mutator_t (line 90) | my_mutator_t() = delete;
method my_mutator_t (line 91) | my_mutator_t(const afl_state_t *afl, rgd::TaskManager* tmgr, rgd::CovM...
function dfsan_label_info (line 134) | dfsan_label_info* __dfsan::get_label_info(dfsan_label label) {
function reset_global_caches (line 152) | static void reset_global_caches(size_t buf_size) {
function handle_cond (line 157) | static void handle_cond(pipe_msg &msg, my_mutator_t *my_mutator) {
function handle_gep (line 210) | static void handle_gep(gep_msg &gmsg, pipe_msg &msg, my_mutator_t *my_mu...
function afl_custom_splice_optout (line 249) | void afl_custom_splice_optout(my_mutator_t *data) {
function my_mutator_t (line 257) | my_mutator_t *afl_custom_init(afl_state *afl, unsigned int seed) {
method my_mutator_t (line 90) | my_mutator_t() = delete;
method my_mutator_t (line 91) | my_mutator_t(const afl_state_t *afl, rgd::TaskManager* tmgr, rgd::CovM...
function afl_custom_deinit (line 369) | void afl_custom_deinit(my_mutator_t *data) {
function u32 (line 379) | u32 afl_custom_fuzz_count(my_mutator_t *data, const u8 *buf,
function print_stats (line 543) | static void print_stats(my_mutator_t *data) {
function afl_custom_fuzz (line 560) | size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size,
function afl_custom_queue_new_entry (line 655) | uint8_t afl_custom_queue_new_entry(my_mutator_t * data,
FILE: driver/fgtest.cpp
function generate_input (line 55) | static void generate_input(symsan::Z3ParserSolver::solution_t &solutions) {
function __solve_cond (line 119) | static void __solve_cond(dfsan_label label, uint8_t r, bool add_nested, ...
function __handle_gep (line 143) | static void __handle_gep(dfsan_label ptr_label, uptr ptr,
function main (line 171) | int main(int argc, char* const argv[]) {
FILE: driver/harness-proxy.c
function main (line 26) | int main(int argc, char* argv[]) {
FILE: driver/launcher/launch.c
type symsan_config (line 32) | struct symsan_config {
type symsan_config (line 60) | struct symsan_config
function symsan_set_input (line 122) | __attribute__((visibility("default")))
function symsan_set_args (line 148) | __attribute__((visibility("default")))
function symsan_set_debug (line 185) | __attribute__((visibility("default")))
function symsan_set_bounds_check (line 191) | __attribute__((visibility("default")))
function symsan_set_solve_ub (line 197) | __attribute__((visibility("default")))
function symsan_set_exit_on_memerror (line 203) | __attribute__((visibility("default")))
function symsan_set_trace_file_size (line 209) | __attribute__((visibility("default")))
function symsan_set_force_stdin (line 215) | __attribute__((visibility("default")))
function symsan_run (line 221) | __attribute__((visibility("default")))
function symsan_read_event (line 319) | __attribute__((visibility("default")))
function symsan_terminate (line 360) | __attribute__((visibility("default")))
function symsan_get_exit_status (line 377) | __attribute__((visibility("default")))
function symsan_destroy (line 387) | __attribute__((visibility("default")))
FILE: include/alloc_inl.h
function DFL_ck_free (line 141) | static inline void DFL_ck_free(void* mem) {
function u8 (line 311) | static inline u8* DFL_ck_memdup_str(u8* mem, u32 size) {
type TRK_obj (line 360) | struct TRK_obj {
type TRK_obj (line 368) | struct TRK_obj
type TRK_obj (line 375) | struct TRK_obj
function TRK_alloc_buf (line 389) | static inline void TRK_alloc_buf(void* ptr, const char* file, const char...
function TRK_free_buf (line 429) | static inline void TRK_free_buf(void* ptr, const char* file, const char*...
function TRK_report (line 457) | static inline void TRK_report(void) {
function TRK_ck_free (line 536) | static inline void TRK_ck_free(void* ptr, const char* file,
FILE: include/ast.h
function namespace (line 8) | namespace rgd {
function CopyFrom (line 157) | inline void CopyFrom(const AstNode& other) {
function AstNode (line 177) | inline const AstNode& children(uint32_t i) const {
function AstNode (line 182) | inline AstNode* mutable_children(uint32_t i) {
function AstNode (line 187) | AstNode* add_children() {
function clear_children (line 198) | inline void clear_children() { child0_ = child1_ = 0; }
function clear_children (line 199) | inline void clear_children(uint32_t i) {
function set_kind (line 206) | inline void set_kind(uint16_t kind) { kind_ = kind; }
function set_bits (line 208) | inline void set_bits(uint16_t bits) { bits_ = bits; }
function set_index (line 210) | inline void set_index(uint32_t index) { index_ = index; }
function set_boolvalue (line 212) | inline void set_boolvalue(uint8_t value) { boolvalue_ = value ? 0 : 1; }
function set_label (line 214) | inline void set_label(uint32_t label) { label_ = label; }
function set_hash (line 216) | inline void set_hash(uint32_t hash) { hash_ = hash; }
function RecursiveCopyFrom (line 229) | void RecursiveCopyFrom(const AstNode &other) {
function isEqualAstRecursive (line 259) | static bool isEqualAstRecursive(const AstNode& lhs, const AstNode& rhs) {
function isEqualAst (line 287) | static inline bool isEqualAst(const AstNode& lhs, const AstNode& rhs) {
function xxhash (line 291) | static inline uint32_t xxhash(uint32_t h1, uint32_t h2, uint32_t h3) {
function buf_to_hex_string (line 317) | static inline void buf_to_hex_string(const uint8_t *buf, unsigned length,
FILE: include/cov.h
function namespace (line 9) | namespace rgd {
FILE: include/defs.h
type dfsan_label (line 28) | typedef uint32_t dfsan_label;
type u8 (line 30) | typedef uint8_t u8;
type u16 (line 31) | typedef uint16_t u16;
type u32 (line 32) | typedef uint32_t u32;
type u64 (line 34) | typedef unsigned long long u64;
type s64 (line 35) | typedef long long s64;
type u64 (line 37) | typedef uint64_t u64;
type s64 (line 38) | typedef int64_t s64;
type s8 (line 40) | typedef int8_t s8;
type s16 (line 41) | typedef int16_t s16;
type s32 (line 42) | typedef int32_t s32;
FILE: include/parse-rgd.h
function namespace (line 10) | namespace rgd {
FILE: include/parse-z3.h
function class (line 10) | class Z3AstParser : public ASTParser<z3_task_t> {
function solution_op_t (line 148) | enum class solution_op_t : uint8_t {
FILE: include/parse.h
function namespace (line 17) | namespace symsan {
FILE: include/solver.h
function namespace (line 14) | namespace rgd {
FILE: include/task.h
function namespace (line 17) | namespace rgd {
type ConsMeta (line 63) | struct ConsMeta {
function class (line 73) | class SearchTask {
function load_hint (line 289) | void load_hint() { // load hint from base task
FILE: include/task_mgr.h
function namespace (line 8) | namespace rgd {
FILE: include/union_find.h
function namespace (line 7) | namespace rgd {
FILE: instrumentation/TaintPass.cpp
function StringRef (line 189) | static StringRef getGlobalTypeString(const GlobalValue &G) {
type MemoryMapParams (line 205) | struct MemoryMapParams {
class TaintABIList (line 223) | class TaintABIList {
method TaintABIList (line 227) | TaintABIList() = default;
method set (line 229) | void set(std::unique_ptr<SpecialCaseList> List) { SCL = std::move(List...
method isIn (line 233) | bool isIn(const Function &F, StringRef Category) const {
method isIn (line 242) | bool isIn(const GlobalAlias &GA, StringRef Category) const {
method isIn (line 255) | bool isIn(const Module &M, StringRef Category) const {
type TransformedFunction (line 263) | struct TransformedFunction {
method TransformedFunction (line 264) | TransformedFunction(FunctionType* OriginalType,
method TransformedFunction (line 272) | TransformedFunction(const TransformedFunction &) = delete;
method TransformedFunction (line 273) | TransformedFunction &operator=(const TransformedFunction &) = delete;
method TransformedFunction (line 276) | TransformedFunction(TransformedFunction &&) = default;
method TransformedFunction (line 277) | TransformedFunction &operator=(TransformedFunction &&) = default;
function AttributeList (line 296) | AttributeList
class Taint (line 325) | class Taint {
type WrapperKind (line 332) | enum WrapperKind {
type TaintFunction (line 505) | struct TaintFunction {
type PHIFixupElement (line 518) | struct PHIFixupElement {
type CachedShadow (line 529) | struct CachedShadow {
method TaintFunction (line 542) | TaintFunction(Taint &TT, Function *F, bool IsNativeABI,
class TaintVisitor (line 631) | class TaintVisitor : public InstVisitor<TaintVisitor> {
method TaintVisitor (line 635) | TaintVisitor(TaintFunction &TF) : TF(TF) {}
method DataLayout (line 637) | const DataLayout &getDataLayout() const {
function FunctionType (line 689) | FunctionType *Taint::getArgsFunctionType(FunctionType *T) {
function FunctionType (line 706) | FunctionType *Taint::getTrampolineFunctionType(FunctionType *T) {
function TransformedFunction (line 725) | TransformedFunction Taint::getCustomFunctionType(FunctionType *T) {
method TransformedFunction (line 264) | TransformedFunction(FunctionType* OriginalType,
method TransformedFunction (line 272) | TransformedFunction(const TransformedFunction &) = delete;
method TransformedFunction (line 273) | TransformedFunction &operator=(const TransformedFunction &) = delete;
method TransformedFunction (line 276) | TransformedFunction(TransformedFunction &&) = default;
method TransformedFunction (line 277) | TransformedFunction &operator=(TransformedFunction &&) = default;
function Constant (line 775) | Constant *Taint::getUninitializedShadow(Type *OrigTy) {
function Constant (line 792) | Constant *Taint::getZeroShadow(Type *OrigTy) {
function Constant (line 799) | Constant *Taint::getZeroShadow(Value *V) {
function Type (line 803) | Type *Taint::getShadowTy(Type *OrigTy) {
function Type (line 822) | Type *Taint::getShadowTy(Value *V) {
function Function (line 1090) | Function *
function Constant (line 1123) | Constant *Taint::getOrBuildTrampolineFunction(FunctionType *FT,
function Value (line 1646) | Value *TaintFunction::getArgTLS(Type *T, unsigned ArgOffset, IRBuilder<>...
function Value (line 1654) | Value *TaintFunction::getRetvalTLS(Type *T, IRBuilder<> &IRB) {
function Value (line 1659) | Value *TaintFunction::getShadowForTLSArgument(Argument *A) {
function Value (line 1690) | Value *TaintFunction::getShadowForGlobal(GlobalVariable *GV, IRBuilder<>...
function Value (line 1706) | Value *TaintFunction::getShadow(Value *V) {
function Value (line 1734) | Value *Taint::getShadowOffset(Value *Addr, IRBuilder<> &IRB) {
function Value (line 1744) | Value *Taint::getShadowAddress(Value *Addr, IRBuilder<> &IRB) {
function isConstantOne (line 1753) | static inline bool isConstantOne(const Value *V) {
function Value (line 1759) | Value *TaintFunction::combineBinaryOperatorShadows(BinaryOperator *BO,
function Value (line 1775) | Value *TaintFunction::combineShadows(Value *V1, Value *V2,
function Value (line 1843) | Value *TaintFunction::combineCastInstShadows(CastInst *CI,
function Value (line 1859) | Value *TaintFunction::combineCmpInstShadows(CmpInst *CI,
function Align (line 1867) | Align TaintFunction::getShadowAlign(Align InstAlignment) {
function Value (line 1913) | Value *TaintFunction::loadPrimitiveShadow(Value *Addr, uint64_t Size,
function Value (line 1978) | Value *TaintFunction::loadShadow(Type *T, Value *Addr, uint64_t Size,
function AtomicOrdering (line 2022) | static AtomicOrdering addAcquireOrdering(AtomicOrdering AO) {
function AtomicOrdering (line 2039) | static AtomicOrdering addReleaseOrdering(AtomicOrdering AO) {
function Value (line 2547) | Value *TaintFunction::visitAllocaInst(AllocaInst *I, Value *ArraySize,
function Value (line 2632) | Value* TaintFunction::visitSelectInst(Value *Cond, Value *TrueShadow,
function isAMustTailRetVal (line 2718) | static bool isAMustTailRetVal(Value *RetVal) {
function isLoopLatch (line 3240) | static inline bool isLoopLatch(const BasicBlock *BB, const BasicBlock *H...
class TaintPass (line 3296) | class TaintPass : public PassInfoMixin<TaintPass> {
method TaintPass (line 3301) | TaintPass(
method PreservedAnalyses (line 3304) | PreservedAnalyses run(Module &M, ModuleAnalysisManager &MAM) {
method isRequired (line 3311) | static bool isRequired() { return true; }
FILE: parsers/rgd-parser.cpp
function is_rel_cmp (line 75) | static inline bool is_rel_cmp(uint16_t op, __dfsan::predicate pred) {
function eval_icmp (line 79) | static inline bool eval_icmp(uint16_t op, uint64_t op1, uint64_t op2) {
function printAst (line 98) | static void printAst(FILE* f, const rgd::AstNode *node, int indent) {
function task_t (line 541) | [[gnu::hot]]
function dfsan_label (line 568) | dfsan_label RGDAstParser::strip_zext(dfsan_label label) {
FILE: python/symsan-py.cpp
function PyObject (line 34) | static PyObject* SymSanInit(PyObject *self, PyObject *args) {
function PyObject (line 59) | static PyObject* SymSanConfig(PyObject *self, PyObject *args, PyObject *...
function PyObject (line 123) | static PyObject* SymSanRun(PyObject *self, PyObject *args, PyObject *key...
function PyObject (line 154) | static PyObject* SymSanReadEvent(PyObject *self, PyObject *args) {
function PyObject (line 184) | static PyObject* SymSanTerminate(PyObject *self) {
function PyObject (line 200) | static PyObject* SymSanDestroy(PyObject *self) {
function PyObject (line 209) | static PyObject* InitParser(PyObject *self, PyObject *args) {
function PyObject (line 250) | static PyObject* ParseCond(PyObject *self, PyObject *args) {
function PyObject (line 280) | static PyObject* ParseGEP(PyObject *self, PyObject *args) {
function PyObject (line 317) | static PyObject* AddConstraint(PyObject *self, PyObject *args) {
function PyObject (line 338) | static PyObject* RecordMemcmp(PyObject *self, PyObject *args) {
function PyObject (line 366) | static PyObject* SolveTask(PyObject *self, PyObject *args) {
function PyMODINIT_FUNC (line 425) | PyMODINIT_FUNC
FILE: python/test.py
class pipe_msg (line 5) | class pipe_msg(ctypes.Structure):
class memcmp_msg (line 16) | class memcmp_msg(ctypes.Structure):
FILE: runtime/common_interface_defs.h
type __sanitizer_sandbox_arguments (line 28) | typedef struct {
FILE: runtime/dfsan/dfsan.cpp
type taint_file (line 66) | struct taint_file
type taint_socket (line 67) | struct taint_socket
function uptr (line 119) | static uptr UnusedAddr() {
function dfsan_check_label (line 124) | static void dfsan_check_label(dfsan_label label) {
function xxhash (line 143) | static inline uint32_t xxhash(uint32_t h1, uint32_t h2, uint32_t h3) {
function dfsan_label_info (line 169) | dfsan_label_info* __dfsan::get_label_info(dfsan_label label) {
function is_constant_label (line 173) | static inline bool is_constant_label(dfsan_label label) {
function is_kind_of_label (line 177) | static inline bool is_kind_of_label(dfsan_label label, uint16_t kind) {
function isZeroOrPowerOfTwo (line 181) | static bool isZeroOrPowerOfTwo(uint16_t x) { return (x & (x - 1)) == 0; }
function is_valid_op (line 183) | static inline bool is_valid_op(uint16_t op) {
function SANITIZER_INTERFACE_ATTRIBUTE (line 191) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 526) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 628) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 683) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 691) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 698) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 722) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_WEAK_DEF (line 755) | SANITIZER_INTERFACE_WEAK_DEF(void, __taint_trace_memerr, dfsan_label, uptr,
function SANITIZER_INTERFACE_ATTRIBUTE (line 763) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 807) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 901) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 979) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 985) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 996) | SANITIZER_INTERFACE_ATTRIBUTE void __dfsan_nonzero_label() {
function SANITIZER_INTERFACE_ATTRIBUTE (line 1003) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 1012) | SANITIZER_INTERFACE_ATTRIBUTE dfsan_label
function SANITIZER_INTERFACE_ATTRIBUTE (line 1018) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1032) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1052) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1057) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1066) | SANITIZER_INTERFACE_ATTRIBUTE dfsan_label
function SANITIZER_INTERFACE_ATTRIBUTE (line 1073) | SANITIZER_INTERFACE_ATTRIBUTE dfsan_label
function SANITIZER_INTERFACE_ATTRIBUTE (line 1080) | SANITIZER_INTERFACE_ATTRIBUTE dfsan_label
function SANITIZER_INTERFACE_ATTRIBUTE (line 1085) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1091) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 1106) | SANITIZER_INTERFACE_ATTRIBUTE uptr
function SANITIZER_INTERFACE_ATTRIBUTE (line 1114) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 1129) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 1135) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 1154) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 1166) | SANITIZER_INTERFACE_ATTRIBUTE off_t
function SANITIZER_INTERFACE_ATTRIBUTE (line 1179) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 1187) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 1193) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 1198) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 1203) | SANITIZER_INTERFACE_ATTRIBUTE off_t
function SANITIZER_INTERFACE_ATTRIBUTE (line 1208) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 1213) | SANITIZER_INTERFACE_ATTRIBUTE dfsan_label
function SANITIZER_INTERFACE_ATTRIBUTE (line 1218) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 1251) | SANITIZER_INTERFACE_ATTRIBUTE off_t
function SANITIZER_INTERFACE_ATTRIBUTE (line 1262) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 1268) | SANITIZER_INTERFACE_ATTRIBUTE void
function RegisterDfsanFlags (line 1282) | static void RegisterDfsanFlags(FlagParser *parser, Flags *f) {
function InitializeTaintFile (line 1289) | static void InitializeTaintFile() {
function InitializeTaintSocket (line 1339) | static void InitializeTaintSocket() {
function uptr (line 1401) | static inline uptr hash_addr(uptr addr, uptr capacity) {
function grow_content_map (line 1408) | static void grow_content_map() {
function grow_indexof_map (line 1431) | static void grow_indexof_map() {
function InitializeStringMaps (line 1452) | static void InitializeStringMaps() {
function taint_set_str_content_label (line 1483) | void taint_set_str_content_label(void *addr, dfsan_label label) {
function dfsan_label (line 1509) | dfsan_label taint_get_str_content_label(const void *addr) {
function taint_set_str_indexof_label (line 1526) | void taint_set_str_indexof_label(void *addr, dfsan_label label) {
function dfsan_label (line 1550) | dfsan_label taint_get_str_indexof_label(const void *addr) {
function InitializeFlags (line 1569) | static void InitializeFlags() {
function InitializePlatformEarly (line 1582) | static void InitializePlatformEarly() {
function dfsan_fini (line 1598) | static void dfsan_fini() {
function dfsan_init (line 1620) | static void dfsan_init(int argc, char **argv, char **envp) {
function SANITIZER_INTERFACE_WEAK_DEF (line 1689) | SANITIZER_INTERFACE_WEAK_DEF(void, InitializeSolver, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 1692) | SANITIZER_INTERFACE_WEAK_DEF(void, __taint_trace_cmp, dfsan_label, dfsan...
function SANITIZER_INTERFACE_WEAK_DEF (line 1694) | SANITIZER_INTERFACE_WEAK_DEF(void, __taint_trace_cond, dfsan_label, bool,
function SANITIZER_INTERFACE_WEAK_DEF (line 1696) | SANITIZER_INTERFACE_WEAK_DEF(void, __taint_trace_loop, uint32_t, uint32_...
function SANITIZER_INTERFACE_WEAK_DEF (line 1697) | SANITIZER_INTERFACE_WEAK_DEF(void, __taint_trace_switch_end, uint32_t) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 1698) | SANITIZER_INTERFACE_WEAK_DEF(dfsan_label, __taint_trace_select, dfsan_la...
function SANITIZER_INTERFACE_WEAK_DEF (line 1701) | SANITIZER_INTERFACE_WEAK_DEF(void, __taint_trace_indcall, dfsan_label) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 1702) | SANITIZER_INTERFACE_WEAK_DEF(void, __taint_trace_gep, dfsan_label, uint6...
function SANITIZER_INTERFACE_WEAK_DEF (line 1705) | SANITIZER_INTERFACE_WEAK_DEF(void, __taint_trace_offset, dfsan_label, in...
function SANITIZER_INTERFACE_WEAK_DEF (line 1707) | SANITIZER_INTERFACE_WEAK_DEF(void, __taint_trace_memcmp, dfsan_label) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 1708) | SANITIZER_INTERFACE_WEAK_DEF(void, __taint_trace_distance, uint64_t, uin...
FILE: runtime/dfsan/dfsan.h
type dfsan_label (line 36) | typedef uint32_t dfsan_label;
type data (line 38) | typedef union {
type dfsan_label_info (line 44) | struct dfsan_label_info {
type taint_file (line 62) | struct taint_file {
type taint_socket (line 75) | struct taint_socket {
function namespace (line 126) | namespace __dfsan {
FILE: runtime/dfsan/dfsan_custom.cpp
function is_string_op (line 67) | static inline bool is_string_op(uint16_t op) {
function is_indexof_op (line 73) | static inline bool is_indexof_op(uint16_t op) {
function is_content_string_op (line 78) | static inline bool is_content_string_op(uint16_t op) {
function dfsan_label (line 85) | static dfsan_label get_base_input_label(dfsan_label label) {
function dfsan_label (line 114) | static dfsan_label find_string_op_source(dfsan_label label) {
function dfsan_label (line 149) | static inline dfsan_label get_str_label_n(const void *s, dfsan_label s_l...
function dfsan_label (line 245) | static inline dfsan_label get_str_label(const char *s, dfsan_label s_lab...
function dfsan_label (line 256) | static inline dfsan_label get_label_for(int fd, off_t offset) {
function dfsan_memset (line 273) | static void dfsan_memset(void *s, int c, dfsan_label c_label, size_t n) {
function SANITIZER_INTERFACE_ATTRIBUTE (line 309) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 325) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 341) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 357) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 374) | SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_fstat(int fd, struct stat *buf,
function SANITIZER_INTERFACE_ATTRIBUTE (line 390) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 407) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 431) | SANITIZER_INTERFACE_ATTRIBUTE char *__dfsw_strchr(char *s, int c,
function SANITIZER_INTERFACE_ATTRIBUTE (line 472) | SANITIZER_INTERFACE_ATTRIBUTE char *__dfsw_strpbrk(const char *s,
function __dfsw_memcmp (line 527) | int __dfsw_memcmp(const void *s1, const void *s2,
function SANITIZER_INTERFACE_ATTRIBUTE (line 558) | SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_bcmp(const void *s1, const void...
function __dfsw_strcmp (line 591) | int __dfsw_strcmp(const char *s1, const char *s2,
function SANITIZER_INTERFACE_ATTRIBUTE (line 625) | SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_prefixof(
function SANITIZER_INTERFACE_ATTRIBUTE (line 660) | SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_suffixof(
function SANITIZER_INTERFACE_ATTRIBUTE (line 696) | SANITIZER_INTERFACE_ATTRIBUTE char *__dfsw_strsub(
function SANITIZER_INTERFACE_ATTRIBUTE (line 761) | SANITIZER_INTERFACE_ATTRIBUTE int
function __dfsw_strncmp (line 792) | int __dfsw_strncmp(const char *s1, const char *s2,
function SANITIZER_INTERFACE_ATTRIBUTE (line 828) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 860) | SANITIZER_INTERFACE_ATTRIBUTE size_t
function SANITIZER_INTERFACE_ATTRIBUTE (line 886) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 900) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 920) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 932) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 939) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 946) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 994) | SANITIZER_INTERFACE_ATTRIBUTE char *
function SANITIZER_INTERFACE_ATTRIBUTE (line 1049) | SANITIZER_INTERFACE_ATTRIBUTE char *
function SANITIZER_INTERFACE_ATTRIBUTE (line 1069) | SANITIZER_INTERFACE_ATTRIBUTE char *
function SANITIZER_INTERFACE_ATTRIBUTE (line 1091) | SANITIZER_INTERFACE_ATTRIBUTE char *
function SANITIZER_INTERFACE_ATTRIBUTE (line 1111) | SANITIZER_INTERFACE_ATTRIBUTE char *
function SANITIZER_INTERFACE_ATTRIBUTE (line 1133) | SANITIZER_INTERFACE_ATTRIBUTE char *
function SANITIZER_INTERFACE_ATTRIBUTE (line 1201) | SANITIZER_INTERFACE_ATTRIBUTE ssize_t
function SANITIZER_INTERFACE_ATTRIBUTE (line 1224) | SANITIZER_INTERFACE_ATTRIBUTE ssize_t
function SANITIZER_INTERFACE_ATTRIBUTE (line 1247) | SANITIZER_INTERFACE_ATTRIBUTE ssize_t
function SANITIZER_INTERFACE_ATTRIBUTE (line 1274) | SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_clock_gettime(clockid_t clk_id,
function dfsan_set_zero_label (line 1286) | static void dfsan_set_zero_label(const void *ptr, uptr size) {
function SANITIZER_INTERFACE_ATTRIBUTE (line 1293) | SANITIZER_INTERFACE_ATTRIBUTE void *
type pthread_create_info (line 1304) | struct pthread_create_info {
function SANITIZER_INTERFACE_ATTRIBUTE (line 1318) | SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_pthread_create(
function SANITIZER_INTERFACE_ATTRIBUTE (line 1337) | SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_pthread_join(pthread_t thread,
type dl_iterate_phdr_info (line 1349) | struct dl_iterate_phdr_info {
type dl_phdr_info (line 1350) | struct dl_phdr_info
function dl_iterate_phdr_cb (line 1358) | int dl_iterate_phdr_cb(struct dl_phdr_info *info, size_t size, void *dat...
function SANITIZER_INTERFACE_ATTRIBUTE (line 1371) | SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_dl_iterate_phdr(
function SANITIZER_INTERFACE_ATTRIBUTE (line 1389) | SANITIZER_INTERFACE_ATTRIBUTE void __dfsw__dl_get_tls_static_info(
function SANITIZER_INTERFACE_ATTRIBUTE (line 1399) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1413) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1426) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1441) | SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_getentropy(void *buffer, size_t...
function SANITIZER_INTERFACE_ATTRIBUTE (line 1454) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1465) | SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_getpeername(
function SANITIZER_INTERFACE_ATTRIBUTE (line 1480) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1492) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1503) | SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_getsockname(
function SANITIZER_INTERFACE_ATTRIBUTE (line 1518) | SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_getsockopt(
function SANITIZER_INTERFACE_ATTRIBUTE (line 1532) | SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_nanosleep(const struct timespec...
function SANITIZER_INTERFACE_ATTRIBUTE (line 1546) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1559) | SANITIZER_INTERFACE_ATTRIBUTE
function dfsan_label (line 1585) | static dfsan_label taint_strtol(const char *nptr, uptr len, size_t ret_s...
function SANITIZER_INTERFACE_ATTRIBUTE (line 1599) | SANITIZER_INTERFACE_ATTRIBUTE
function __dfsw_atol (line 1608) | SANITIZER_INTERFACE_ATTRIBUTE
function __dfsw_atoll (line 1617) | SANITIZER_INTERFACE_ATTRIBUTE
function __dfsw_strtol (line 1626) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1640) | SANITIZER_INTERFACE_ATTRIBUTE
function __dfsw_strtoll (line 1653) | SANITIZER_INTERFACE_ATTRIBUTE
function __dfsw_strtoul (line 1668) | SANITIZER_INTERFACE_ATTRIBUTE
function __dfsw_strtoull (line 1682) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1698) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1708) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1721) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1736) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1754) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1766) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1780) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1805) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1818) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1827) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1840) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1850) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 1865) | SANITIZER_INTERFACE_ATTRIBUTE void *__dfsw_memchr(void *s, int c, size_t n,
function SANITIZER_INTERFACE_ATTRIBUTE (line 1904) | SANITIZER_INTERFACE_ATTRIBUTE char *__dfsw_strrchr(char *s, int c,
function SANITIZER_INTERFACE_ATTRIBUTE (line 1943) | SANITIZER_INTERFACE_ATTRIBUTE void *__dfsw_memrchr(const void *s, int c,...
function SANITIZER_INTERFACE_ATTRIBUTE (line 1982) | SANITIZER_INTERFACE_ATTRIBUTE char *__dfsw_strstr(char *haystack, char *...
function SANITIZER_INTERFACE_ATTRIBUTE (line 2047) | SANITIZER_INTERFACE_ATTRIBUTE char *__dfsw_strnstr(char *haystack, char ...
function SANITIZER_INTERFACE_ATTRIBUTE (line 2098) | SANITIZER_INTERFACE_ATTRIBUTE void *__dfsw_memmem(const void *haystack, ...
function SANITIZER_INTERFACE_ATTRIBUTE (line 2149) | SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_connect(
function SANITIZER_INTERFACE_ATTRIBUTE (line 2162) | SANITIZER_INTERFACE_ATTRIBUTE ssize_t __dfsw_recv(
function SANITIZER_INTERFACE_ATTRIBUTE (line 2192) | SANITIZER_INTERFACE_ATTRIBUTE ssize_t __dfsw_recvfrom(
function taint_handle_msg (line 2226) | static void taint_handle_msg(int sockfd, struct msghdr *msg, size_t msg_...
function SANITIZER_INTERFACE_ATTRIBUTE (line 2253) | SANITIZER_INTERFACE_ATTRIBUTE ssize_t __dfsw_recvmsg(
function SANITIZER_INTERFACE_ATTRIBUTE (line 2264) | SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_recvmmsg(
function SANITIZER_INTERFACE_ATTRIBUTE (line 2278) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 2305) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 2316) | SANITIZER_INTERFACE_ATTRIBUTE int
type Formatter (line 2345) | struct Formatter {
method Formatter (line 2346) | Formatter(char *str_, const char *fmt_, size_t size_)
method format (line 2350) | int format() {
method format (line 2359) | int format(T arg) {
method num_written_bytes (line 2384) | size_t num_written_bytes(int retval) {
function format_buffer (line 2425) | static int format_buffer(char *str, size_t size, const char *fmt,
function SANITIZER_INTERFACE_ATTRIBUTE (line 2572) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 2584) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_WEAK_DEF (line 2598) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard, u32 *...
function SANITIZER_INTERFACE_WEAK_DEF (line 2599) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard_init, ...
function SANITIZER_INTERFACE_WEAK_DEF (line 2601) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_pcs_init, const uptr ...
function SANITIZER_INTERFACE_WEAK_DEF (line 2603) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_indir, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 2605) | SANITIZER_INTERFACE_WEAK_DEF(void, __dfsw___sanitizer_cov_trace_cmp, voi...
function SANITIZER_INTERFACE_WEAK_DEF (line 2606) | SANITIZER_INTERFACE_WEAK_DEF(void, __dfsw___sanitizer_cov_trace_cmp1, vo...
function SANITIZER_INTERFACE_WEAK_DEF (line 2607) | SANITIZER_INTERFACE_WEAK_DEF(void, __dfsw___sanitizer_cov_trace_cmp2, vo...
function SANITIZER_INTERFACE_WEAK_DEF (line 2608) | SANITIZER_INTERFACE_WEAK_DEF(void, __dfsw___sanitizer_cov_trace_cmp4, vo...
function SANITIZER_INTERFACE_WEAK_DEF (line 2609) | SANITIZER_INTERFACE_WEAK_DEF(void, __dfsw___sanitizer_cov_trace_cmp8, vo...
function SANITIZER_INTERFACE_WEAK_DEF (line 2610) | SANITIZER_INTERFACE_WEAK_DEF(void, __dfsw___sanitizer_cov_trace_const_cmp1,
function SANITIZER_INTERFACE_WEAK_DEF (line 2612) | SANITIZER_INTERFACE_WEAK_DEF(void, __dfsw___sanitizer_cov_trace_const_cmp2,
function SANITIZER_INTERFACE_WEAK_DEF (line 2614) | SANITIZER_INTERFACE_WEAK_DEF(void, __dfsw___sanitizer_cov_trace_const_cmp4,
function SANITIZER_INTERFACE_WEAK_DEF (line 2616) | SANITIZER_INTERFACE_WEAK_DEF(void, __dfsw___sanitizer_cov_trace_const_cmp8,
function SANITIZER_INTERFACE_WEAK_DEF (line 2618) | SANITIZER_INTERFACE_WEAK_DEF(void, __dfsw___sanitizer_cov_trace_switch, ...
function SANITIZER_INTERFACE_ATTRIBUTE (line 2620) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 2635) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 2650) | SANITIZER_INTERFACE_ATTRIBUTE FILE *
function SANITIZER_INTERFACE_ATTRIBUTE (line 2663) | SANITIZER_INTERFACE_ATTRIBUTE FILE *
function SANITIZER_INTERFACE_ATTRIBUTE (line 2676) | SANITIZER_INTERFACE_ATTRIBUTE FILE *
function SANITIZER_INTERFACE_ATTRIBUTE (line 2688) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 2695) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 2704) | SANITIZER_INTERFACE_ATTRIBUTE size_t
function SANITIZER_INTERFACE_ATTRIBUTE (line 2752) | SANITIZER_INTERFACE_ATTRIBUTE size_t
function SANITIZER_INTERFACE_ATTRIBUTE (line 2801) | SANITIZER_INTERFACE_ATTRIBUTE ssize_t
function SANITIZER_INTERFACE_ATTRIBUTE (line 2827) | SANITIZER_INTERFACE_ATTRIBUTE ssize_t
function SANITIZER_INTERFACE_ATTRIBUTE (line 2853) | SANITIZER_INTERFACE_ATTRIBUTE ssize_t
function SANITIZER_INTERFACE_ATTRIBUTE (line 2878) | SANITIZER_INTERFACE_ATTRIBUTE char*
function SANITIZER_INTERFACE_ATTRIBUTE (line 2893) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 2903) | SANITIZER_INTERFACE_ATTRIBUTE void
function SANITIZER_INTERFACE_ATTRIBUTE (line 2910) | SANITIZER_INTERFACE_ATTRIBUTE struct utmpx *
function SANITIZER_INTERFACE_ATTRIBUTE (line 2924) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 2954) | SANITIZER_INTERFACE_ATTRIBUTE
function __taint_check_malloc_size (line 2986) | static inline void __taint_check_malloc_size(size_t size, dfsan_label si...
function SANITIZER_INTERFACE_ATTRIBUTE (line 2995) | SANITIZER_INTERFACE_ATTRIBUTE void *
function SANITIZER_INTERFACE_ATTRIBUTE (line 3040) | SANITIZER_INTERFACE_ATTRIBUTE void *
function SANITIZER_INTERFACE_ATTRIBUTE (line 3084) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 3132) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 3179) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 3203) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 3227) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 3245) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 3263) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 3282) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 3301) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 3318) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 3335) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 3353) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 3371) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 3388) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 3405) | SANITIZER_INTERFACE_ATTRIBUTE void __dfsw_free(void *ptr, dfsan_label pt...
function SANITIZER_INTERFACE_ATTRIBUTE (line 3427) | SANITIZER_INTERFACE_ATTRIBUTE
function dfsan_label (line 3449) | static dfsan_label taint_getc(int fd, off_t offset, int ret) {
function SANITIZER_INTERFACE_ATTRIBUTE (line 3457) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 3466) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 3475) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 3484) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 3494) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 3503) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 3511) | SANITIZER_INTERFACE_ATTRIBUTE size_t
function SANITIZER_INTERFACE_ATTRIBUTE (line 3526) | SANITIZER_INTERFACE_ATTRIBUTE void*
function SANITIZER_INTERFACE_ATTRIBUTE (line 3552) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 3563) | SANITIZER_INTERFACE_ATTRIBUTE off_t
function SANITIZER_INTERFACE_ATTRIBUTE (line 3580) | SANITIZER_INTERFACE_ATTRIBUTE off64_t
function SANITIZER_INTERFACE_ATTRIBUTE (line 3597) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 3613) | SANITIZER_INTERFACE_ATTRIBUTE int
function SANITIZER_INTERFACE_ATTRIBUTE (line 3629) | SANITIZER_INTERFACE_ATTRIBUTE int
FILE: runtime/dfsan/dfsan_interceptors.cpp
function ReleaseShadowMemoryPagesToOS (line 27) | void ReleaseShadowMemoryPagesToOS(void *addr, SIZE_T length) {
function INTERCEPTOR (line 37) | INTERCEPTOR(void *, mmap, void *addr, SIZE_T length, int prot, int flags,
function INTERCEPTOR (line 53) | INTERCEPTOR(void *, mmap64, void *addr, SIZE_T length, int prot, int flags,
function INTERCEPTOR (line 61) | INTERCEPTOR(int, munmap, void *addr, SIZE_T length) {
type __dfsan (line 69) | namespace __dfsan {
function InitializeInterceptors (line 70) | void InitializeInterceptors() {
FILE: runtime/dfsan/dfsan_platform.h
function namespace (line 17) | namespace __dfsan {
FILE: runtime/dfsan/scripts/build-libc-list.py
function defined_function_list (line 19) | def defined_function_list(object):
FILE: runtime/dfsan/taint_allocator.cpp
type __taint (line 8) | namespace __taint {
function allocator_init (line 20) | void allocator_init(uptr begin, uptr end) {
function allocator_dealloc (line 39) | void
FILE: runtime/dfsan/taint_allocator.h
function namespace (line 8) | namespace __taint {
FILE: runtime/dfsan/union_hashtable.cpp
type union_hashtable_entry (line 22) | struct union_hashtable_entry
type union_hashtable_entry (line 23) | struct union_hashtable_entry
type union_hashtable_entry (line 27) | struct union_hashtable_entry
function option (line 34) | option
FILE: runtime/dfsan/union_hashtable.h
function namespace (line 17) | namespace __taint {
FILE: runtime/dfsan/union_util.cpp
type __taint (line 3) | namespace __taint {
function option (line 16) | option some_dfsan_label(dfsan_label x) {
function option (line 20) | option none() {
function dfsan_label (line 37) | dfsan_label
FILE: runtime/dfsan/union_util.h
function namespace (line 10) | namespace __taint {
FILE: runtime/interception/interception.h
type __sanitizer (line 27) | typedef __sanitizer::uptr SIZE_T;
type __sanitizer (line 28) | typedef __sanitizer::sptr SSIZE_T;
type __sanitizer (line 29) | typedef __sanitizer::sptr PTRDIFF_T;
type __sanitizer (line 30) | typedef __sanitizer::s64 INTMAX_T;
type __sanitizer (line 31) | typedef __sanitizer::u64 UINTMAX_T;
type __sanitizer (line 32) | typedef __sanitizer::OFF_T OFF_T;
type __sanitizer (line 33) | typedef __sanitizer::OFF64_T OFF64_T;
type interpose_substitution (line 95) | struct interpose_substitution {
function namespace (line 264) | namespace __interception {
FILE: runtime/interception/interception_linux.cpp
type __interception (line 21) | namespace __interception {
function StrCmp (line 24) | static int StrCmp(const char *s1, const char *s2) {
function InterceptFunction (line 59) | bool InterceptFunction(const char *name, uptr *ptr_to_real, uptr func,
function InterceptFunction (line 72) | bool InterceptFunction(const char *name, const char *ver, uptr *ptr_to...
FILE: runtime/interception/interception_linux.h
function namespace (line 24) | namespace __interception {
FILE: runtime/interception/interception_win.cpp
type __interception (line 134) | namespace __interception {
function InterceptionFailed (line 144) | static void InterceptionFailed() {
function DistanceIsWithin2Gig (line 149) | static bool DistanceIsWithin2Gig(uptr from, uptr target) {
function uptr (line 162) | static uptr GetMmapGranularity() {
function UNUSED (line 168) | UNUSED static uptr RoundUpTo(uptr size, uptr boundary) {
function _strlen (line 175) | static size_t _strlen(const char *str) {
function _memset (line 190) | static void _memset(void *p, int value, size_t sz) {
function _memcpy (line 195) | static void _memcpy(void *dst, void *src, size_t sz) {
function ChangeMemoryProtection (line 202) | static bool ChangeMemoryProtection(
function RestoreMemoryProtection (line 209) | static bool RestoreMemoryProtection(
function IsMemoryPadding (line 217) | static bool IsMemoryPadding(uptr address, uptr size) {
function FunctionHasPrefix (line 230) | static bool FunctionHasPrefix(uptr address, const T &pattern) {
function FunctionHasPadding (line 238) | static bool FunctionHasPadding(uptr address, uptr size) {
function WritePadding (line 247) | static void WritePadding(uptr from, uptr size) {
function WriteJumpInstruction (line 251) | static void WriteJumpInstruction(uptr from, uptr target) {
function WriteShortJumpInstruction (line 259) | static void WriteShortJumpInstruction(uptr from, uptr target) {
function WriteIndirectJumpInstruction (line 268) | static void WriteIndirectJumpInstruction(uptr from, uptr indirect_targ...
function WriteBranch (line 284) | static void WriteBranch(
function WriteDirectBranch (line 295) | static void WriteDirectBranch(uptr from, uptr target) {
type TrampolineMemoryRegion (line 306) | struct TrampolineMemoryRegion {
function TestOnlyReleaseTrampolineRegions (line 348) | void TestOnlyReleaseTrampolineRegions() {
function uptr (line 358) | static uptr AllocateMemoryForTrampoline(uptr image_address, size_t siz...
function GetInstructionSize (line 429) | static size_t GetInstructionSize(uptr address, size_t* rel_offset = nu...
function RoundUpToInstrBoundary (line 665) | static size_t RoundUpToInstrBoundary(size_t size, uptr address) {
function CopyInstructions (line 676) | static bool CopyInstructions(uptr to, uptr from, size_t size) {
function OverrideFunctionWithDetour (line 699) | bool OverrideFunctionWithDetour(
function OverrideFunctionWithRedirectJump (line 734) | bool OverrideFunctionWithRedirectJump(
function OverrideFunctionWithHotPatch (line 769) | bool OverrideFunctionWithHotPatch(
function OverrideFunctionWithTrampoline (line 819) | bool OverrideFunctionWithTrampoline(
function OverrideFunction (line 875) | bool OverrideFunction(
class RVAPtr (line 913) | class RVAPtr {
method RVAPtr (line 915) | RVAPtr(void *module, uptr rva)
method T (line 918) | T *operator->() { return ptr_; }
method T (line 919) | T *operator++() { return ++ptr_; }
function uptr (line 931) | uptr InternalGetProcAddress(void *module, const char *func_name) {
function OverrideFunction (line 990) | bool OverrideFunction(
function OverrideImportedFunction (line 1004) | bool OverrideImportedFunction(const char *module_to_patch,
FILE: runtime/interception/interception_win.h
function namespace (line 23) | namespace __interception {
FILE: runtime/interception/tests/interception_linux_test.cpp
function INTERCEPTOR (line 29) | INTERCEPTOR(int, isdigit, int d) {
type __interception (line 34) | namespace __interception {
function TEST (line 36) | TEST(Interception, InterceptFunction) {
function TEST (line 47) | TEST(Interception, Basic) {
FILE: runtime/interception/tests/interception_test_main.cpp
function main (line 17) | int main(int argc, char **argv) {
FILE: runtime/interception/tests/interception_win_test.cpp
type __interception (line 24) | namespace __interception {
type FunctionPrefixKind (line 27) | enum FunctionPrefixKind {
function u8 (line 275) | u8 *AllocateCode2GBAway(u8 *Base) {
function LoadActiveCode (line 295) | static void LoadActiveCode(
function InterceptorFunction (line 348) | int InterceptorFunction(int x) {
function TEST (line 356) | TEST(Interception, InternalGetProcAddress) {
function TestIdentityFunctionPatching (line 370) | static void TestIdentityFunctionPatching(
function TEST (line 414) | TEST(Interception, OverrideFunctionWithDetour) {
function TEST (line 424) | TEST(Interception, OverrideFunctionWithRedirectJump) {
function TEST (line 429) | TEST(Interception, OverrideFunctionWithHotPatch) {
function TEST (line 435) | TEST(Interception, OverrideFunctionWithTrampoline) {
function TEST (line 446) | TEST(Interception, OverrideFunction) {
function TestIdentityFunctionMultiplePatching (line 473) | static void TestIdentityFunctionMultiplePatching(
function TEST (line 497) | TEST(Interception, OverrideFunctionMultiplePatchingIsFailing) {
function TEST (line 513) | TEST(Interception, OverrideFunctionTwice) {
function TestFunctionPatching (line 541) | static bool TestFunctionPatching(
function TEST (line 555) | TEST(Interception, PatchableFunction) {
function TEST (line 580) | TEST(Interception, PatchableFunctionWithDetour) {
function TEST (line 609) | TEST(Interception, PatchableFunctionWithRedirectJump) {
function TEST (line 623) | TEST(Interception, PatchableFunctionWithHotPatch) {
function TEST (line 644) | TEST(Interception, PatchableFunctionWithTrampoline) {
function TEST (line 671) | TEST(Interception, PatchableFunctionPadding) {
function TEST (line 692) | TEST(Interception, EmptyExportTable) {
FILE: runtime/sanitizer_common/sancov_flags.cpp
function SANITIZER_INTERFACE_WEAK_DEF (line 17) | SANITIZER_INTERFACE_WEAK_DEF(const char*, __sancov_default_options, void) {
type __sancov (line 23) | namespace __sancov {
function RegisterSancovFlags (line 33) | static void RegisterSancovFlags(FlagParser *parser, SancovFlags *f) {
function InitializeSancovFlags (line 44) | void InitializeSancovFlags() {
FILE: runtime/sanitizer_common/sancov_flags.h
function namespace (line 18) | namespace __sancov {
FILE: runtime/sanitizer_common/sanitizer_addrhashmap.h
function namespace (line 21) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_allocator.cpp
type __sanitizer (line 22) | namespace __sanitizer {
function InternalAllocator (line 35) | InternalAllocator *internal_allocator() {
function RawInternalFree (line 71) | static void RawInternalFree(void *ptr, InternalAllocatorCache *cache) {
function ReportInternalAllocatorOutOfMemory (line 79) | static void NORETURN ReportInternalAllocatorOutOfMemory(uptr requested...
function InternalFree (line 125) | void InternalFree(void *addr, InternalAllocatorCache *cache) {
function SANITIZER_NO_THREAD_SAFETY_ANALYSIS (line 129) | void InternalAllocatorLock() SANITIZER_NO_THREAD_SAFETY_ANALYSIS {
function SANITIZER_NO_THREAD_SAFETY_ANALYSIS (line 134) | void InternalAllocatorUnlock() SANITIZER_NO_THREAD_SAFETY_ANALYSIS {
function SetLowLevelAllocateMinAlignment (line 163) | void SetLowLevelAllocateMinAlignment(uptr alignment) {
function SetLowLevelAllocateCallback (line 168) | void SetLowLevelAllocateCallback(LowLevelAllocateCallback callback) {
function IsAllocatorOutOfMemory (line 177) | bool IsAllocatorOutOfMemory() {
function SetAllocatorOutOfMemory (line 181) | void SetAllocatorOutOfMemory() {
function AllocatorMayReturnNull (line 185) | bool AllocatorMayReturnNull() {
function SetAllocatorMayReturnNull (line 189) | void SetAllocatorMayReturnNull(bool may_return_null) {
function PrintHintAllocatorCannotReturnNull (line 194) | void PrintHintAllocatorCannotReturnNull() {
function IsRssLimitExceeded (line 201) | bool IsRssLimitExceeded() {
function SetRssLimitExceeded (line 205) | void SetRssLimitExceeded(bool limit_exceeded) {
FILE: runtime/sanitizer_common/sanitizer_allocator.h
function namespace (line 27) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_allocator_bytemap.h
function Init (line 21) | void Init() {
function set (line 25) | void set(uptr idx, u8 val) {
function u8 (line 30) | u8 operator[] (uptr idx) {
function Init (line 50) | void Init() {
function TestOnlyUnmap (line 55) | void TestOnlyUnmap() {
function set (line 68) | void set(uptr idx, u8 val) {
function u8 (line 75) | u8 operator[] (uptr idx) const {
function u8 (line 90) | u8 *GetOrCreate(uptr idx) {
FILE: runtime/sanitizer_common/sanitizer_allocator_checks.cpp
type __sanitizer (line 16) | namespace __sanitizer {
function SetErrnoToENOMEM (line 18) | void SetErrnoToENOMEM() {
FILE: runtime/sanitizer_common/sanitizer_allocator_checks.h
function namespace (line 21) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_allocator_combined.h
function InitLinkerInitialized (line 32) | void InitLinkerInitialized(s32 release_to_os_interval_ms) {
function SetReleaseToOSIntervalMs (line 81) | void SetReleaseToOSIntervalMs(s32 release_to_os_interval_ms) {
function ForceReleaseToOS (line 85) | void ForceReleaseToOS() {
function Deallocate (line 89) | void Deallocate(AllocatorCache *cache, void *p) {
function PointerIsMine (line 115) | bool PointerIsMine(const void *p) const {
function FromPrimary (line 121) | bool FromPrimary(const void *p) const { return primary_.PointerIsMine(p); }
function uptr (line 143) | uptr GetActuallyAllocatedSize(void *p) {
function uptr (line 149) | uptr TotalMemoryUsed() {
function TestOnlyUnmap (line 153) | void TestOnlyUnmap() { primary_.TestOnlyUnmap(); }
function InitCache (line 155) | void InitCache(AllocatorCache *cache) {
function DestroyCache (line 159) | void DestroyCache(AllocatorCache *cache) {
function SwallowCache (line 163) | void SwallowCache(AllocatorCache *cache) {
function GetStats (line 167) | void GetStats(AllocatorStatCounters s) const {
function PrintStats (line 171) | void PrintStats() {
function ForceLock (line 178) | void ForceLock() SANITIZER_NO_THREAD_SAFETY_ANALYSIS {
function ForceUnlock (line 183) | void ForceUnlock() SANITIZER_NO_THREAD_SAFETY_ANALYSIS {
function ForEachChunk (line 190) | void ForEachChunk(ForEachChunkCallback callback, void *arg) {
FILE: runtime/sanitizer_common/sanitizer_allocator_dlsym.h
function namespace (line 19) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_allocator_internal.h
function namespace (line 19) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_allocator_local_cache.h
type SizeClassAllocator (line 19) | typedef SizeClassAllocator Allocator;
type MemoryMapper (line 20) | typedef MemoryMapper<Allocator> MemoryMapperT;
function Init (line 22) | void Init(AllocatorGlobalStats *s) {
function Destroy (line 28) | void Destroy(SizeClassAllocator *allocator, AllocatorGlobalStats *s) {
function Deallocate (line 49) | void Deallocate(SizeClassAllocator *allocator, uptr class_id, void *p) {
function Drain (line 65) | void Drain(SizeClassAllocator *allocator) {
type typename (line 76) | typedef typename Allocator::CompactPtrT CompactPtrT;
type PerClass (line 78) | struct PerClass {
function InitCache (line 87) | void InitCache(PerClass *c) {
function NOINLINE (line 99) | NOINLINE bool Refill(PerClass *c, SizeClassAllocator *allocator,
function NOINLINE (line 110) | NOINLINE void DrainHalfMax(PerClass *c, SizeClassAllocator *allocator,
function Drain (line 116) | void Drain(MemoryMapperT *memory_mapper, PerClass *c,
type SizeClassAllocator (line 129) | typedef SizeClassAllocator Allocator;
type typename (line 130) | typedef typename Allocator::TransferBatch TransferBatch;
function Init (line 132) | void Init(AllocatorGlobalStats *s) {
function TransferBatch (line 139) | TransferBatch *CreateBatch(uptr class_id, SizeClassAllocator *allocator,
function DestroyBatch (line 147) | void DestroyBatch(uptr class_id, SizeClassAllocator *allocator,
function Destroy (line 153) | void Destroy(SizeClassAllocator *allocator, AllocatorGlobalStats *s) {
function Deallocate (line 174) | void Deallocate(SizeClassAllocator *allocator, uptr class_id, void *p) {
function Drain (line 187) | void Drain(SizeClassAllocator *allocator) {
type PerClass (line 206) | struct PerClass {
function InitCache (line 216) | void InitCache(PerClass *c) {
function NOINLINE (line 241) | NOINLINE bool Refill(PerClass *c, SizeClassAllocator *allocator,
function NOINLINE (line 254) | NOINLINE void Drain(PerClass *c, SizeClassAllocator *allocator,
FILE: runtime/sanitizer_common/sanitizer_allocator_primary32.h
type SizeClassAllocator32FlagMasks (line 40) | struct SizeClassAllocator32FlagMasks { // Bit masks.
type typename (line 59) | typedef typename Params::SizeClassMap SizeClassMap;
type typename (line 61) | typedef typename Params::MapUnmapCallback MapUnmapCallback;
function Count (line 76) | struct TransferBatch {
function CopyToArray (line 90) | void CopyToArray(void *to_batch[]) const {
function uptr (line 96) | static uptr AllocationSizeRequiredForNElements(uptr n) {
function uptr (line 99) | static uptr MaxCached(uptr size) {
function uptr (line 114) | static uptr ClassIdToSize(uptr class_id) {
type SizeClassAllocator32 (line 119) | typedef SizeClassAllocator32<Params> ThisT;
type SizeClassAllocator32LocalCache (line 120) | typedef SizeClassAllocator32LocalCache<ThisT> AllocatorCache;
function SetReleaseToOSIntervalMs (line 132) | void SetReleaseToOSIntervalMs(s32 release_to_os_interval_ms) {
function ForceReleaseToOS (line 136) | void ForceReleaseToOS() {
function UnmapWithCallback (line 146) | void UnmapWithCallback(uptr beg, uptr size) {
function CanAllocate (line 151) | static bool CanAllocate(uptr size, uptr alignment) {
function NOINLINE (line 168) | NOINLINE TransferBatch *AllocateBatch(AllocatorStats *stat, AllocatorCac...
function NOINLINE (line 183) | NOINLINE void DeallocateBatch(AllocatorStats *stat, uptr class_id,
function PointerIsMine (line 192) | bool PointerIsMine(const void *p) const {
function uptr (line 201) | uptr GetSizeClass(const void *p) const {
function uptr (line 217) | uptr GetActuallyAllocatedSize(void *p) {
function uptr (line 222) | static uptr ClassID(uptr size) { return SizeClassMap::ClassID(size); }
function uptr (line 224) | uptr TotalMemoryUsed() {
function TestOnlyUnmap (line 233) | void TestOnlyUnmap() {
function ForceLock (line 241) | void ForceLock() SANITIZER_NO_THREAD_SAFETY_ANALYSIS {
function ForceUnlock (line 247) | void ForceUnlock() SANITIZER_NO_THREAD_SAFETY_ANALYSIS {
function ForEachChunk (line 255) | void ForEachChunk(ForEachChunkCallback callback, void *arg) const {
function PrintStats (line 270) | void PrintStats() {}
function uptr (line 272) | static uptr AdditionalSize() { return 0; }
type SizeClassMap (line 274) | typedef SizeClassMap SizeClassMapT;
type ALIGNED (line 281) | struct ALIGNED
function uptr (line 288) | uptr ComputeRegionId(uptr mem) const {
function uptr (line 296) | uptr ComputeRegionBeg(uptr mem) const { return mem & ~(kRegionSize - 1); }
function uptr (line 298) | uptr AllocateRegion(AllocatorStats *stat, uptr class_id) {
function SizeClassInfo (line 311) | SizeClassInfo *GetSizeClassInfo(uptr class_id) {
function PopulateBatches (line 316) | bool PopulateBatches(AllocatorCache *c, SizeClassInfo *sci, uptr class_id,
function PopulateFreeList (line 341) | bool PopulateFreeList(AllocatorStats *stat, AllocatorCache *c,
FILE: runtime/sanitizer_common/sanitizer_allocator_primary64.h
type SizeClassAllocator64FlagMasks (line 39) | struct SizeClassAllocator64FlagMasks { // Bit masks.
function explicit (line 50) | explicit MemoryMapper(const Allocator &allocator) : allocator_(allocator...
function GetAndResetStats (line 52) | bool GetAndResetStats(uptr &ranges, uptr &bytes) {
function u64 (line 60) | u64 *MapPackedCounterArrayBuffer(uptr count) {
function ReleasePageRangeToOS (line 67) | void ReleasePageRangeToOS(uptr class_id, CompactPtrT from, CompactPtrT t...
type typename (line 90) | typedef typename Params::SizeClassMap SizeClassMap;
type typename (line 91) | typedef typename Params::MapUnmapCallback MapUnmapCallback;
type SizeClassAllocator64 (line 96) | typedef SizeClassAllocator64<Params> ThisT;
type SizeClassAllocator64LocalCache (line 97) | typedef SizeClassAllocator64LocalCache<ThisT> AllocatorCache;
type MemoryMapper (line 98) | typedef MemoryMapper<ThisT> MemoryMapperT;
type u32 (line 102) | typedef u32 CompactPtrT;
function CompactPtrT (line 104) | CompactPtrT PointerToCompactPtr(uptr base, uptr ptr) const {
function uptr (line 107) | uptr CompactPtrToPointer(uptr base, CompactPtrT ptr32) const {
function SetReleaseToOSIntervalMs (line 156) | void SetReleaseToOSIntervalMs(s32 release_to_os_interval_ms) {
function ForceReleaseToOS (line 161) | void ForceReleaseToOS() {
function CanAllocate (line 169) | static bool CanAllocate(uptr size, uptr alignment) {
function NOINLINE (line 174) | NOINLINE void ReturnToAllocator(MemoryMapperT *memory_mapper,
function NOINLINE (line 201) | NOINLINE bool GetFromAllocator(AllocatorStats *stat, uptr class_id,
function PointerIsMine (line 233) | bool PointerIsMine(const void *p) const {
function uptr (line 240) | uptr GetRegionBegin(const void *p) {
function uptr (line 248) | uptr GetRegionBeginBySizeClass(uptr class_id) const {
function uptr (line 252) | uptr GetSizeClass(const void *p) {
function uptr (line 274) | uptr GetActuallyAllocatedSize(void *p) {
function uptr (line 279) | static uptr ClassID(uptr size) { return SizeClassMap::ClassID(size); }
function uptr (line 293) | uptr TotalMemoryUsed() {
function TestOnlyUnmap (line 301) | void TestOnlyUnmap() {
function FillMemoryProfile (line 305) | static void FillMemoryProfile(uptr start, uptr rss, bool file, uptr *sta...
function PrintStats (line 311) | void PrintStats(uptr class_id, uptr rss) {
function PrintStats (line 328) | void PrintStats() {
function ForceLock (line 357) | void ForceLock() SANITIZER_NO_THREAD_SAFETY_ANALYSIS {
function ForceUnlock (line 363) | void ForceUnlock() SANITIZER_NO_THREAD_SAFETY_ANALYSIS {
function ForEachChunk (line 371) | void ForEachChunk(ForEachChunkCallback callback, void *arg) {
function uptr (line 387) | static uptr ClassIdToSize(uptr class_id) {
function uptr (line 391) | static uptr AdditionalSize() {
type SizeClassMap (line 396) | typedef SizeClassMap SizeClassMapT;
function class (line 407) | class PackedCounterArray {
function NextPage (line 477) | void NextPage(bool freed) {
function Done (line 489) | void Done() {
type Stats (line 656) | struct Stats {
type ReleaseToOsInfo (line 661) | struct ReleaseToOsInfo {
type ALIGNED (line 668) | struct ALIGNED
function RegionInfo (line 683) | RegionInfo *GetRegionInfo(uptr class_id) const {
function uptr (line 689) | uptr GetMetadataEnd(uptr region_beg) const {
function uptr (line 693) | uptr GetChunkIdx(uptr chunk, uptr size) const {
function CompactPtrT (line 705) | CompactPtrT *GetFreeArray(uptr region_beg) const {
function MapWithCallback (line 709) | bool MapWithCallback(uptr beg, uptr size, const char *name) {
function MapWithCallbackOrDie (line 721) | void MapWithCallbackOrDie(uptr beg, uptr size, const char *name) {
function UnmapWithCallbackOrDie (line 731) | void UnmapWithCallbackOrDie(uptr beg, uptr size) {
function EnsureFreeArraySpace (line 738) | bool EnsureFreeArraySpace(RegionInfo *region, uptr region_beg,
function IsRegionExhausted (line 756) | bool IsRegionExhausted(RegionInfo *region, uptr class_id,
function NOINLINE (line 770) | NOINLINE bool PopulateFreeArray(AllocatorStats *stat, uptr class_id,
function MaybeReleaseToOS (line 860) | void MaybeReleaseToOS(MemoryMapperT *memory_mapper, uptr class_id,
FILE: runtime/sanitizer_common/sanitizer_allocator_report.cpp
type __sanitizer (line 19) | namespace __sanitizer {
class ScopedAllocatorErrorReport (line 21) | class ScopedAllocatorErrorReport {
method ScopedAllocatorErrorReport (line 23) | ScopedAllocatorErrorReport(const char *error_summary_,
function ReportCallocOverflow (line 43) | void NORETURN ReportCallocOverflow(uptr count, uptr size,
function ReportReallocArrayOverflow (line 54) | void NORETURN ReportReallocArrayOverflow(uptr count, uptr size,
function ReportPvallocOverflow (line 66) | void NORETURN ReportPvallocOverflow(uptr size, const StackTrace *stack) {
function ReportInvalidAllocationAlignment (line 76) | void NORETURN ReportInvalidAllocationAlignment(uptr alignment,
function ReportInvalidAlignedAllocAlignment (line 86) | void NORETURN ReportInvalidAlignedAllocAlignment(uptr size, uptr align...
function ReportInvalidPosixMemalignAlignment (line 104) | void NORETURN ReportInvalidPosixMemalignAlignment(uptr alignment,
function ReportAllocationSizeTooBig (line 118) | void NORETURN ReportAllocationSizeTooBig(uptr user_size, uptr max_size,
function ReportOutOfMemory (line 128) | void NORETURN ReportOutOfMemory(uptr requested_size, const StackTrace ...
function ReportRssLimitExceeded (line 137) | void NORETURN ReportRssLimitExceeded(const StackTrace *stack) {
FILE: runtime/sanitizer_common/sanitizer_allocator_report.h
function namespace (line 20) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_allocator_secondary.h
function class (line 19) | class LargeMmapAllocatorPtrArrayStatic {
function class (line 32) | class LargeMmapAllocatorPtrArrayDynamic {
type LargeMmapAllocatorPtrArrayStatic (line 61) | typedef LargeMmapAllocatorPtrArrayStatic DefaultLargeMmapAllocatorPtrArray;
type LargeMmapAllocatorPtrArrayDynamic (line 63) | typedef LargeMmapAllocatorPtrArrayDynamic DefaultLargeMmapAllocatorPtrAr...
function InitLinkerInitialized (line 75) | void InitLinkerInitialized() {
function Init (line 80) | void Init() {
function Deallocate (line 134) | void Deallocate(AllocatorStats *stat, void *p) {
function uptr (line 153) | uptr TotalMemoryUsed() {
function PointerIsMine (line 164) | bool PointerIsMine(const void *p) const {
function uptr (line 168) | uptr GetActuallyAllocatedSize(void *p) {
function EnsureSortedChunks (line 207) | void EnsureSortedChunks() {
function PrintStats (line 255) | void PrintStats() {
function ForceLock (line 270) | void ForceLock() SANITIZER_ACQUIRE(mutex_) { mutex_.Lock(); }
function ForceUnlock (line 272) | void ForceUnlock() SANITIZER_RELEASE(mutex_) { mutex_.Unlock(); }
function ForEachChunk (line 276) | void ForEachChunk(ForEachChunkCallback callback, void *arg) {
type Header (line 289) | struct Header {
function Header (line 296) | Header *GetHeader(uptr p) {
function Header (line 300) | Header *GetHeader(const void *p) {
function uptr (line 309) | uptr RoundUpMapSize(uptr size) {
type Stats (line 318) | struct Stats {
FILE: runtime/sanitizer_common/sanitizer_allocator_size_class_map.h
function uptr (line 145) | static uptr Size(uptr class_id) {
function uptr (line 158) | static uptr ClassID(uptr size) {
function uptr (line 170) | static uptr MaxCachedHint(uptr size) {
function Print (line 183) | static void Print() {
function Validate (line 205) | static void Validate() {
type SizeClassMap (line 231) | typedef SizeClassMap<3, 4, 8, 17, 128, 16> DefaultSizeClassMap;
type SizeClassMap (line 232) | typedef SizeClassMap<3, 4, 8, 17, 64, 14> CompactSizeClassMap;
type SizeClassMap (line 233) | typedef SizeClassMap<2, 5, 9, 16, 64, 14> VeryCompactSizeClassMap;
type SizeClassMap (line 238) | typedef SizeClassMap<3, 4, 8, 17, 8, 10> DenseSizeClassMap;
type SizeClassMap (line 241) | typedef SizeClassMap<2, 5, 9, 16, 8, 10> VeryDenseSizeClassMap;
FILE: runtime/sanitizer_common/sanitizer_allocator_stats.h
type AllocatorStat (line 17) | enum AllocatorStat {
type uptr (line 23) | typedef uptr AllocatorStatCounters[AllocatorStatCount];
function class (line 26) | class AllocatorStats {
function class (line 59) | class AllocatorGlobalStats : public AllocatorStats {
function Init (line 65) | void Init() {
function Register (line 70) | void Register(AllocatorStats *s) {
function Unregister (line 78) | void Unregister(AllocatorStats *s) {
function Get (line 86) | void Get(AllocatorStatCounters s) const {
FILE: runtime/sanitizer_common/sanitizer_atomic.h
function namespace (line 18) | namespace __sanitizer {
type atomic_uintptr_t (line 55) | struct atomic_uintptr_t {
function namespace (line 70) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_atomic_clang.h
function namespace (line 23) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_atomic_clang_mips.h
function namespace (line 17) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_atomic_clang_other.h
function namespace (line 17) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_atomic_clang_x86.h
function namespace (line 17) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_atomic_msvc.h
function atomic_signal_fence (line 57) | inline void atomic_signal_fence(memory_order) {
function atomic_thread_fence (line 61) | inline void atomic_thread_fence(memory_order) {
function proc_yield (line 65) | inline void proc_yield(int cnt) {
function typename (line 71) | typename T::Type atomic_load(
function atomic_store (line 89) | void atomic_store(volatile T *a, typename T::Type v, memory_order mo) {
function u32 (line 105) | inline u32 atomic_fetch_add(volatile atomic_uint32_t *a,
function uptr (line 113) | inline uptr atomic_fetch_add(volatile atomic_uintptr_t *a,
function u32 (line 126) | inline u32 atomic_fetch_sub(volatile atomic_uint32_t *a,
function uptr (line 134) | inline uptr atomic_fetch_sub(volatile atomic_uintptr_t *a,
function u8 (line 147) | inline u8 atomic_exchange(volatile atomic_uint8_t *a,
function u16 (line 154) | inline u16 atomic_exchange(volatile atomic_uint16_t *a,
function u32 (line 161) | inline u32 atomic_exchange(volatile atomic_uint32_t *a,
function atomic_compare_exchange_strong (line 168) | inline bool atomic_compare_exchange_strong(volatile atomic_uint8_t *a,
FILE: runtime/sanitizer_common/sanitizer_bitvector.h
function namespace (line 18) | namespace __sanitizer {
type SizeEnum (line 117) | enum SizeEnum
function clear (line 122) | void clear() {
function setAll (line 127) | void setAll() {
function setBit (line 143) | bool setBit(uptr idx) {
function clearBit (line 158) | bool clearBit(uptr idx) {
function getBit (line 172) | bool getBit(uptr idx) const {
function uptr (line 181) | uptr getAndClearFirstOne() {
function setUnion (line 197) | bool setUnion(const TwoLevelBitVector &v) {
function setIntersection (line 213) | bool setIntersection(const TwoLevelBitVector &v) {
function setDifference (line 233) | bool setDifference(const TwoLevelBitVector &v) {
function copyFrom (line 249) | void copyFrom(const TwoLevelBitVector &v) {
function intersectsWith (line 255) | bool intersectsWith(const TwoLevelBitVector &v) const {
function class (line 273) | class Iterator {
function uptr (line 326) | uptr idx0(uptr idx) const {
function uptr (line 332) | uptr idx1(uptr idx) const {
function uptr (line 338) | uptr idx2(uptr idx) const {
FILE: runtime/sanitizer_common/sanitizer_bvgraph.h
function namespace (line 20) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_chained_origin_depot.cpp
type __sanitizer (line 16) | namespace __sanitizer {
type ChainedOriginDepotDesc (line 19) | struct ChainedOriginDepotDesc {
type ChainedOriginDepotNode (line 24) | struct ChainedOriginDepotNode {
method uptr (line 34) | static uptr allocated() { return 0; }
type Handle (line 44) | struct Handle {
method Handle (line 47) | Handle(const ChainedOriginDepotNode *node, u32 id) : node_(node), ...
method valid (line 48) | bool valid() const { return node_; }
method u32 (line 49) | u32 id() const { return id_; }
method here_id (line 50) | int here_id() const { return node_->here_id; }
method prev_id (line 51) | int prev_id() const { return node_->prev_id; }
function StackDepotStats (line 125) | StackDepotStats ChainedOriginDepot::GetStats() const {
function u32 (line 136) | u32 ChainedOriginDepot::Get(u32 id, u32 *other) {
FILE: runtime/sanitizer_common/sanitizer_chained_origin_depot.h
function namespace (line 17) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_common.cpp
type __sanitizer (line 21) | namespace __sanitizer {
function ReportMmapFailureAndDie (line 36) | void NORETURN ReportMmapFailureAndDie(uptr size, const char *mem_type,
function ReportErrorSummary (line 86) | void ReportErrorSummary(const char *error_message, const char *alt_too...
function RemoveANSIEscapeSequencesFromString (line 96) | void RemoveANSIEscapeSequencesFromString(char *str) {
function IncreaseTotalMmap (line 187) | void IncreaseTotalMmap(uptr size) {
function DecreaseTotalMmap (line 196) | void DecreaseTotalMmap(uptr size) {
function TemplateMatch (line 201) | bool TemplateMatch(const char *templ, const char *str) {
function uptr (line 250) | static uptr ReadProcessName(/*out*/ char *buf, uptr buf_len) {
function UpdateProcessName (line 261) | void UpdateProcessName() {
function CacheBinaryName (line 266) | void CacheBinaryName() {
function uptr (line 273) | uptr ReadBinaryNameCached(/*out*/char *buf, uptr buf_len) {
function uptr (line 284) | uptr ReadBinaryDir(/*out*/ char *buf, uptr buf_len) {
function PrintCmdline (line 293) | void PrintCmdline() {
type MallocFreeHook (line 305) | struct MallocFreeHook {
function RunMallocHooks (line 312) | void RunMallocHooks(const void *ptr, uptr size) {
function RunFreeHooks (line 320) | void RunFreeHooks(const void *ptr) {
function InstallMallocFreeHooks (line 328) | static int InstallMallocFreeHooks(void (*malloc_hook)(const void *, up...
function internal_sleep (line 341) | void internal_sleep(unsigned seconds) {
function SleepForSeconds (line 344) | void SleepForSeconds(unsigned seconds) {
function SleepForMillis (line 347) | void SleepForMillis(unsigned millis) { internal_usleep((u64)millis * 1...
function SANITIZER_INTERFACE_WEAK_DEF (line 354) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_report_error_summary,
function SANITIZER_INTERFACE_ATTRIBUTE (line 359) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 365) | SANITIZER_INTERFACE_ATTRIBUTE
FILE: runtime/sanitizer_common/sanitizer_common.h
function namespace (line 30) | namespace __sanitizer {
function LoadedModule (line 847) | const LoadedModule *begin() const { return modules_.begin(); }
function LoadedModule (line 848) | LoadedModule *begin() { return modules_.begin(); }
function LoadedModule (line 849) | const LoadedModule *end() const { return modules_.end(); }
function LoadedModule (line 850) | LoadedModule *end() { return modules_.end(); }
function LoadedModule (line 852) | const LoadedModule &operator[](uptr i) const {
function LogFullErrorReport (line 894) | inline void LogFullErrorReport(const char *buffer) {}
function WriteOneLineToSyslog (line 901) | inline void WriteOneLineToSyslog(const char *s) {}
function LogMessageOnPrintf (line 902) | inline void LogMessageOnPrintf(const char *str) {}
function AndroidLogInit (line 910) | inline void AndroidLogInit() {}
function SetAbortMessage (line 912) | inline void SetAbortMessage(const char *) {}
function AndroidLogWrite (line 919) | inline void AndroidLogWrite(const char *buffer_unused) {}
function SanitizerInitializeUnwinder (line 920) | inline void SanitizerInitializeUnwinder() {}
function AndroidApiLevel (line 921) | inline AndroidApiLevel AndroidGetApiLevel() { return ANDROID_NOT_ANDROID; }
function uptr (line 924) | inline uptr GetPthreadDestructorIterations() {
function SanitizerBreakOptimization (line 943) | static inline void SanitizerBreakOptimization(void *arg) {
type SignalContext (line 951) | struct SignalContext {
function GetType (line 986) | int GetType() const;
function AvoidCVE_2016_2143 (line 1030) | inline void AvoidCVE_2016_2143() {}
type StackDepotStats (line 1033) | struct StackDepotStats {
function u32 (line 1051) | inline u32 GetNumberOfCPUsCached() {
function T (line 1063) | T *begin() { return begin_; }
function T (line 1064) | T *end() { return end_; }
FILE: runtime/sanitizer_common/sanitizer_common_libcdep.cpp
type __sanitizer (line 20) | namespace __sanitizer {
function SANITIZER_WEAK_ATTRIBUTE (line 24) | SANITIZER_WEAK_ATTRIBUTE StackDepotStats StackDepotGetStats() { return...
function MaybeStartBackgroudThread (line 81) | void MaybeStartBackgroudThread() {
type BackgroudThreadStarted (line 105) | struct BackgroudThreadStarted {
method BackgroudThreadStarted (line 106) | BackgroudThreadStarted() { MaybeStartBackgroudThread(); }
function MaybeStartBackgroudThread (line 111) | void MaybeStartBackgroudThread() {}
function WriteToSyslog (line 114) | void WriteToSyslog(const char *msg) {
function SetSandboxingCallback (line 135) | void SetSandboxingCallback(void (*f)()) {
function uptr (line 139) | uptr ReservedAddressRange::InitAligned(uptr size, uptr align,
function ReserveShadowMemoryRange (line 153) | void ReserveShadowMemoryRange(uptr beg, uptr end, const char *name,
function ProtectGap (line 171) | void ProtectGap(uptr addr, uptr size, uptr zero_base_shadow_start,
function SANITIZER_WEAK_ATTRIBUTE (line 204) | SANITIZER_WEAK_ATTRIBUTE void StackDepotStopBackgroundThread() {}
function StopStackDepotBackgroundThread (line 205) | static void StopStackDepotBackgroundThread() {
function StopStackDepotBackgroundThread (line 210) | static void StopStackDepotBackgroundThread() {}
function SANITIZER_INTERFACE_WEAK_DEF (line 215) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_sandbox_on_notify,
FILE: runtime/sanitizer_common/sanitizer_common_nolibc.cpp
type __sanitizer (line 18) | namespace __sanitizer {
function LogMessageOnPrintf (line 24) | void LogMessageOnPrintf(const char *str) {}
function WriteToSyslog (line 26) | void WriteToSyslog(const char *buffer) {}
function Abort (line 27) | void Abort() { internal__exit(1); }
function CreateDir (line 28) | bool CreateDir(const char *pathname) { return false; }
function InitializePlatformCommonFlags (line 33) | void InitializePlatformCommonFlags(CommonFlags *cf) {}
FILE: runtime/sanitizer_common/sanitizer_coverage_fuchsia.cpp
type __sancov (line 41) | namespace __sancov {
class TracePcGuardController (line 52) | class TracePcGuardController final {
method TracePcGuardController (line 54) | constexpr TracePcGuardController() {}
method InitTracePcGuard (line 72) | void InitTracePcGuard(u32 *start, u32 *end) {
method TracePcGuard (line 84) | void TracePcGuard(u32 *guard, uptr pc) {
method Dump (line 91) | void Dump() {
method DataSize (line 125) | size_t DataSize() const { return next_index_ * sizeof(uintptr_t); }
method u32 (line 127) | u32 Setup(u32 num_guards) {
type __sanitizer (line 197) | namespace __sanitizer {
function InitializeCoverage (line 198) | void InitializeCoverage(bool enabled, const char *dir) {
function SANITIZER_INTERFACE_ATTRIBUTE (line 212) | SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_dump_coverage(const uptr ...
function SANITIZER_INTERFACE_WEAK_DEF (line 217) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard, u32 *...
function SANITIZER_INTERFACE_WEAK_DEF (line 223) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard_init,
function SANITIZER_INTERFACE_ATTRIBUTE (line 230) | SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_dump_trace_pc_guard_cover...
function SANITIZER_INTERFACE_ATTRIBUTE (line 233) | SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_cov_dump() {
function SANITIZER_INTERFACE_WEAK_DEF (line 237) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 238) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp1, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 239) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp2, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 240) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp4, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 241) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp8, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 242) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp1, voi...
function SANITIZER_INTERFACE_WEAK_DEF (line 243) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp2, voi...
function SANITIZER_INTERFACE_WEAK_DEF (line 244) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp4, voi...
function SANITIZER_INTERFACE_WEAK_DEF (line 245) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp8, voi...
function SANITIZER_INTERFACE_WEAK_DEF (line 246) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_switch, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 247) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_div4, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 248) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_div8, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 249) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_gep, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 250) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_indir, void) {}
FILE: runtime/sanitizer_common/sanitizer_coverage_libcdep_new.cpp
type __sancov (line 23) | namespace __sancov {
function fd_t (line 30) | static fd_t OpenFile(const char* path) {
function GetCoverageFilename (line 39) | static void GetCoverageFilename(char* path, const char* name,
function WriteModuleCoverage (line 47) | static void WriteModuleCoverage(char* file_path, const char* module_name,
function SanitizerDumpCoverage (line 57) | static void SanitizerDumpCoverage(const uptr* unsorted_pcs, uptr len) {
class TracePcGuardController (line 107) | class TracePcGuardController {
method Initialize (line 109) | void Initialize() {
method InitTracePcGuard (line 118) | void InitTracePcGuard(u32* start, u32* end) {
method TracePcGuard (line 128) | void TracePcGuard(u32* guard, uptr pc) {
method Reset (line 138) | void Reset() {
method Dump (line 142) | void Dump() {
type SingletonCounterCoverage (line 162) | namespace SingletonCounterCoverage {
function DumpCoverage (line 167) | static void DumpCoverage() {
function Cov8bitCountersInit (line 190) | static void Cov8bitCountersInit(char* beg, char* end) {
function CovPcsInit (line 196) | static void CovPcsInit(const uptr* beg, const uptr* end) {
type __sanitizer (line 206) | namespace __sanitizer {
function InitializeCoverage (line 207) | void InitializeCoverage(bool enabled, const char *dir) {
function SANITIZER_INTERFACE_ATTRIBUTE (line 218) | SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_dump_coverage(const uptr*...
function SANITIZER_INTERFACE_WEAK_DEF (line 223) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard, u32* ...
function SANITIZER_INTERFACE_WEAK_DEF (line 228) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_guard_init,
function SANITIZER_INTERFACE_ATTRIBUTE (line 234) | SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_dump_trace_pc_guard_cover...
function SANITIZER_INTERFACE_ATTRIBUTE (line 237) | SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_cov_dump() {
function SANITIZER_INTERFACE_ATTRIBUTE (line 240) | SANITIZER_INTERFACE_ATTRIBUTE void __sanitizer_cov_reset() {
function SANITIZER_INTERFACE_WEAK_DEF (line 246) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 247) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp1, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 248) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp2, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 249) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp4, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 250) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_cmp8, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 251) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp1, voi...
function SANITIZER_INTERFACE_WEAK_DEF (line 252) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp2, voi...
function SANITIZER_INTERFACE_WEAK_DEF (line 253) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp4, voi...
function SANITIZER_INTERFACE_WEAK_DEF (line 254) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_const_cmp8, voi...
function SANITIZER_INTERFACE_WEAK_DEF (line 255) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_switch, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 256) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_div4, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 257) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_div8, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 258) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_gep, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 259) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_trace_pc_indir, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 260) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_8bit_counters_init,
function SANITIZER_INTERFACE_WEAK_DEF (line 264) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_bool_flag_init, void) {}
function SANITIZER_INTERFACE_WEAK_DEF (line 265) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_cov_pcs_init, const uptr*...
FILE: runtime/sanitizer_common/sanitizer_coverage_win_dynamic_runtime_thunk.cpp
type __sanitizer (line 22) | namespace __sanitizer {
function ForceWholeArchiveIncludeForSanCov (line 25) | void ForceWholeArchiveIncludeForSanCov() {}
FILE: runtime/sanitizer_common/sanitizer_dbghelp.h
function namespace (line 25) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_deadlock_detector.h
function namespace (line 31) | namespace __sanitizer {
function uptr (line 310) | uptr findPathToLock(DeadlockDetectorTLS<BV> *dtls, uptr cur_node, uptr *...
function onUnlock (line 325) | void onUnlock(DeadlockDetectorTLS<BV> *dtls, uptr node) {
function isHeld (line 342) | bool isHeld(DeadlockDetectorTLS<BV> *dtls, uptr node) const {
function testOnlyHasEdge (line 347) | bool testOnlyHasEdge(uptr l1, uptr l2) {
function testOnlyHasEdgeRaw (line 351) | bool testOnlyHasEdgeRaw(uptr idx1, uptr idx2) {
function Print (line 355) | void Print() {
function check_node (line 365) | void check_node(uptr node) const {
function uptr (line 370) | uptr indexToNode(uptr idx) const {
function uptr (line 375) | uptr nodeToIndexUnchecked(uptr node) const { return node % size(); }
function uptr (line 377) | uptr nodeToIndex(uptr node) const {
function uptr (line 382) | uptr nodeToEpoch(uptr node) const { return node / size() * size(); }
function uptr (line 384) | uptr getAvailableNode(uptr data) {
type Edge (line 390) | struct Edge {
FILE: runtime/sanitizer_common/sanitizer_deadlock_detector1.cpp
type __sanitizer (line 21) | namespace __sanitizer {
type DDPhysicalThread (line 25) | struct DDPhysicalThread {
type DDLogicalThread (line 28) | struct DDLogicalThread {
type DD (line 35) | struct DD final : public DDetector {
function DDetector (line 61) | DDetector *DDetector::Create(const DDFlags *flags) {
function DDPhysicalThread (line 72) | DDPhysicalThread* DD::CreatePhysicalThread() {
function DDLogicalThread (line 79) | DDLogicalThread* DD::CreateLogicalThread(u64 ctx) {
function DDReport (line 186) | DDReport *DD::GetReport(DDCallback *cb) {
FILE: runtime/sanitizer_common/sanitizer_deadlock_detector2.cpp
type __sanitizer (line 21) | namespace __sanitizer {
type Id (line 31) | struct Id {
method Id (line 35) | explicit Id(u32 id = 0, u32 seq = 0)
type Link (line 41) | struct Link {
method Link (line 48) | explicit Link(u32 id = 0, u32 seq = 0, u32 tid = 0, u32 s0 = 0, u32 ...
type DDPhysicalThread (line 57) | struct DDPhysicalThread {
type ThreadMutex (line 65) | struct ThreadMutex {
type DDLogicalThread (line 70) | struct DDLogicalThread {
type MutexState (line 76) | struct MutexState {
type DD (line 83) | struct DD final : public DDetector {
function DDetector (line 116) | DDetector *DDetector::Create(const DDFlags *flags) {
function DDPhysicalThread (line 124) | DDPhysicalThread* DD::CreatePhysicalThread() {
function DDLogicalThread (line 135) | DDLogicalThread* DD::CreateLogicalThread(u64 ctx) {
function MutexState (line 155) | MutexState *DD::getMutex(u32 id) { return &mutex[id / kL2Size][id % kL...
function u32 (line 157) | u32 DD::getMutexId(MutexState *m) {
function u32 (line 168) | u32 DD::allocateId(DDCallback *cb) {
function DDReport (line 413) | DDReport *DD::GetReport(DDCallback *cb) {
FILE: runtime/sanitizer_common/sanitizer_deadlock_detector_interface.h
function namespace (line 25) | namespace __sanitizer {
type DDetector (line 74) | struct DDetector {
function DestroyPhysicalThread (line 78) | void DestroyPhysicalThread(DDPhysicalThread *pt) {}
function virtual (line 80) | virtual DDLogicalThread* CreateLogicalThread(u64 ctx) { return nullptr; }
function virtual (line 81) | virtual void DestroyLogicalThread(DDLogicalThread *lt) {}
function virtual (line 83) | virtual void MutexInit(DDCallback *cb, DDMutex *m) {}
function virtual (line 84) | virtual void MutexBeforeLock(DDCallback *cb, DDMutex *m, bool wlock) {}
function virtual (line 85) | virtual void MutexAfterLock(DDCallback *cb, DDMutex *m, bool wlock,
function virtual (line 87) | virtual void MutexBeforeUnlock(DDCallback *cb, DDMutex *m, bool wlock) {}
function virtual (line 88) | virtual void MutexDestroy(DDCallback *cb, DDMutex *m) {}
function virtual (line 90) | virtual DDReport *GetReport(DDCallback *cb) { return nullptr; }
FILE: runtime/sanitizer_common/sanitizer_dense_map.h
function namespace (line 24) | namespace __sanitizer {
function copyFrom (line 623) | void copyFrom(const DenseMap &other) {
function init (line 634) | void init(unsigned InitNumEntries) {
function grow (line 644) | void grow(unsigned AtLeast) {
function setNumEntries (line 664) | void setNumEntries(unsigned Num) { NumEntries = Num; }
function setNumTombstones (line 668) | void setNumTombstones(unsigned Num) { NumTombstones = Num; }
function BucketT (line 670) | BucketT *getBuckets() const { return Buckets; }
function allocateBuckets (line 674) | bool allocateBuckets(unsigned Num) {
function deallocate_buffer (line 698) | static void deallocate_buffer(void *Ptr, uptr Size) {
FILE: runtime/sanitizer_common/sanitizer_dense_map_info.h
function namespace (line 16) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_errno.cpp
type __sanitizer (line 21) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_errno_codes.h
function namespace (line 22) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_file.cpp
type __sanitizer (line 23) | namespace __sanitizer {
function CatastrophicErrorWrite (line 25) | void CatastrophicErrorWrite(const char *buffer, uptr length) {
function RawWrite (line 32) | void RawWrite(const char *buffer) {
function RecursiveCreateParentDirs (line 78) | static void RecursiveCreateParentDirs(char *path) {
function ReadFileToBuffer (line 122) | bool ReadFileToBuffer(const char *file_name, char **buff, uptr *buff_s...
function ReadFileToVector (line 166) | bool ReadFileToVector(const char *file_name,
function __sanitizer_set_report_path (line 232) | void __sanitizer_set_report_path(const char *path) {
function __sanitizer_set_report_fd (line 236) | void __sanitizer_set_report_fd(void *fd) {
FILE: runtime/sanitizer_common/sanitizer_file.h
function namespace (line 23) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_flag_parser.cpp
type __sanitizer (line 20) | namespace __sanitizer {
class UnknownFlags (line 24) | class UnknownFlags {
method Add (line 30) | void Add(const char *name) {
method Report (line 35) | void Report() {
function ReportUnrecognizedFlags (line 46) | void ReportUnrecognizedFlags() {
FILE: runtime/sanitizer_common/sanitizer_flag_parser.h
function namespace (line 20) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_flags.cpp
type __sanitizer (line 21) | namespace __sanitizer {
function SubstituteForFlagValue (line 39) | void SubstituteForFlagValue(const char *s, char *out, uptr out_size) {
class FlagHandlerInclude (line 83) | class FlagHandlerInclude final : public FlagHandlerBase {
method FlagHandlerInclude (line 89) | explicit FlagHandlerInclude(FlagParser *parser, bool ignore_missing)
method Parse (line 91) | bool Parse(const char *value) final {
method Format (line 102) | bool Format(char *buffer, uptr size) override {
function RegisterIncludeFlags (line 110) | void RegisterIncludeFlags(FlagParser *parser, CommonFlags *cf) {
function RegisterCommonFlags (line 122) | void RegisterCommonFlags(FlagParser *parser, CommonFlags *cf) {
function InitializeCommonFlags (line 131) | void InitializeCommonFlags(CommonFlags *cf) {
FILE: runtime/sanitizer_common/sanitizer_flags.h
function namespace (line 18) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_flat_map.h
function namespace (line 22) | namespace __sanitizer {
function Init (line 36) | void Init() { internal_memset(map_, 0, sizeof(map_)); }
function contains (line 40) | bool contains(uptr idx) const {
function T (line 50) | const T &operator[](uptr idx) const {
function Init (line 72) | void Init() {
function TestOnlyUnmap (line 77) | void TestOnlyUnmap() {
function uptr (line 88) | uptr MemoryUsage() const {
function contains (line 103) | bool contains(uptr idx) const {
function T (line 108) | const T &operator[](uptr idx) const {
function T (line 125) | T *Get(uptr idx) const {
function T (line 131) | T *GetOrCreate(uptr idx) const {
function NOINLINE (line 147) | NOINLINE T *Create(uptr idx) const {
FILE: runtime/sanitizer_common/sanitizer_freebsd.h
function namespace (line 28) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_fuchsia.cpp
type __sanitizer (line 29) | namespace __sanitizer {
function internal__exit (line 31) | void NORETURN internal__exit(int exitcode) { _zx_process_exit(exitcode...
function uptr (line 33) | uptr internal_sched_yield() {
function internal_usleep (line 39) | void internal_usleep(u64 useconds) {
function u64 (line 44) | u64 NanoTime() {
function u64 (line 53) | u64 MonotonicNanoTime() { return _zx_clock_get_monotonic(); }
function uptr (line 55) | uptr internal_getpid() {
function internal_dlinfo (line 66) | int internal_dlinfo(void *handle, int request, void *p) { UNIMPLEMENTE...
function uptr (line 68) | uptr GetThreadSelf() { return reinterpret_cast<uptr>(thrd_current()); }
function tid_t (line 70) | tid_t GetTid() { return GetThreadSelf(); }
function Abort (line 72) | void Abort() { abort(); }
function Atexit (line 74) | int Atexit(void (*function)(void)) { return atexit(function); }
function GetThreadStackTopAndBottom (line 76) | void GetThreadStackTopAndBottom(bool, uptr *stack_top, uptr *stack_bot...
function InitializePlatformEarly (line 88) | void InitializePlatformEarly() {}
function MaybeReexec (line 89) | void MaybeReexec() {}
function CheckASLR (line 90) | void CheckASLR() {}
function CheckMPROTECT (line 91) | void CheckMPROTECT() {}
function PlatformPrepareForSandboxing (line 92) | void PlatformPrepareForSandboxing(__sanitizer_sandbox_arguments *args) {}
function DisableCoreDumperIfNecessary (line 93) | void DisableCoreDumperIfNecessary() {}
function InstallDeadlySignalHandlers (line 94) | void InstallDeadlySignalHandlers(SignalHandlerType handler) {}
function SetAlternateSignalStack (line 95) | void SetAlternateSignalStack() {}
function UnsetAlternateSignalStack (line 96) | void UnsetAlternateSignalStack() {}
function InitTlsSize (line 97) | void InitTlsSize() {}
function FutexWait (line 103) | void FutexWait(atomic_uint32_t *p, u32 cmp) {
function FutexWake (line 110) | void FutexWake(atomic_uint32_t *p, u32 count) {
function uptr (line 115) | uptr GetPageSize() { return _zx_system_get_page_size(); }
function uptr (line 117) | uptr GetMmapGranularity() { return _zx_system_get_page_size(); }
function InitShadowBounds (line 121) | void InitShadowBounds() { ShadowBounds = __sanitizer_shadow_bounds(); }
function uptr (line 123) | uptr GetMaxUserVirtualAddress() {
function uptr (line 128) | uptr GetMaxVirtualAddress() { return GetMaxUserVirtualAddress(); }
function uptr (line 176) | uptr ReservedAddressRange::Init(uptr init_size, const char *name,
function uptr (line 196) | static uptr DoMmapFixedOrDie(zx_handle_t vmar, uptr fixed_addr, uptr m...
function uptr (line 225) | uptr ReservedAddressRange::Map(uptr fixed_addr, uptr map_size,
function uptr (line 231) | uptr ReservedAddressRange::MapOrDie(uptr fixed_addr, uptr map_size,
function UnmapOrDieVmar (line 236) | void UnmapOrDieVmar(void *addr, uptr size, zx_handle_t target_vmar) {
function MprotectNoAccess (line 277) | bool MprotectNoAccess(uptr addr, uptr size) {
function MprotectReadOnly (line 281) | bool MprotectReadOnly(uptr addr, uptr size) {
function UnmapOrDie (line 350) | void UnmapOrDie(void *addr, uptr size) {
function ReleaseMemoryPagesToOS (line 354) | void ReleaseMemoryPagesToOS(uptr beg, uptr end) {
function DumpProcessMap (line 367) | void DumpProcessMap() {
function IsAccessibleMemoryRange (line 372) | bool IsAccessibleMemoryRange(uptr beg, uptr size) {
function GetMemoryProfile (line 384) | void GetMemoryProfile(fill_profile_f cb, uptr *stats) {}
function ReadFileToBuffer (line 386) | bool ReadFileToBuffer(const char *file_name, char **buff, uptr *buff_s...
function RawWrite (line 413) | void RawWrite(const char *buffer) {
function CatastrophicErrorWrite (line 441) | void CatastrophicErrorWrite(const char *buffer, uptr length) {
function uptr (line 462) | uptr ReadBinaryName(/*out*/ char *buf, uptr buf_len) {
function uptr (line 471) | uptr ReadLongProcessName(/*out*/ char *buf, uptr buf_len) {
function GetRandom (line 477) | bool GetRandom(void *buffer, uptr length, bool blocking) {
function u32 (line 483) | u32 GetNumberOfCPUs() { return zx_system_get_num_cpus(); }
function uptr (line 485) | uptr GetRSS() { UNIMPLEMENTED(); }
function internal_join_thread (line 488) | void internal_join_thread(void *th) {}
function InitializePlatformCommonFlags (line 490) | void InitializePlatformCommonFlags(CommonFlags *cf) {}
function __sanitizer_startup_hook (line 497) | void __sanitizer_startup_hook(int argc, char **argv, char **envp,
function __sanitizer_set_report_path (line 505) | void __sanitizer_set_report_path(const char *path) {
function __sanitizer_set_report_fd (line 511) | void __sanitizer_set_report_fd(void *fd) {
FILE: runtime/sanitizer_common/sanitizer_fuchsia.h
function namespace (line 23) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_getauxval.h
function getauxval (line 48) | static inline decltype(AuxInfo::a_v) getauxval(decltype(AuxInfo::a_type)...
FILE: runtime/sanitizer_common/sanitizer_hash.h
function namespace (line 17) | namespace __sanitizer {
function class (line 42) | class MurMur2Hash64Builder {
function add (line 50) | void add(u64 k) {
function u64 (line 57) | u64 get() {
FILE: runtime/sanitizer_common/sanitizer_interface_internal.h
type __sanitizer_sandbox_arguments (line 36) | typedef struct {
FILE: runtime/sanitizer_common/sanitizer_internal_defs.h
type uptr (line 139) | typedef unsigned long long uptr;
type sptr (line 140) | typedef signed long long sptr;
type uptr (line 143) | typedef unsigned long uptr;
type sptr (line 144) | typedef signed long sptr;
type uptr (line 146) | typedef unsigned int uptr;
type sptr (line 147) | typedef signed int sptr;
type uhwptr (line 153) | typedef unsigned long long uhwptr;
type uptr (line 155) | typedef uptr uhwptr;
type u8 (line 157) | typedef unsigned char u8;
type u16 (line 158) | typedef unsigned short u16;
type u32 (line 159) | typedef unsigned int u32;
type u64 (line 160) | typedef unsigned long long u64;
type s8 (line 161) | typedef signed char s8;
type s16 (line 162) | typedef signed short s16;
type s32 (line 163) | typedef signed int s32;
type s64 (line 164) | typedef signed long long s64;
type error_t (line 169) | typedef unsigned error_t;
type fd_t (line 171) | typedef int fd_t;
type error_t (line 172) | typedef int error_t;
type pid_t (line 175) | typedef long pid_t;
type pid_t (line 177) | typedef int pid_t;
type u64 (line 183) | typedef u64 OFF_T;
type uptr (line 185) | typedef uptr OFF_T;
type u64 (line 187) | typedef u64 OFF64_T;
type uptr (line 190) | typedef uptr operator_new_size_type;
type operator_new_size_type (line 194) | typedef unsigned long operator_new_size_type;
type u32 (line 196) | typedef u32 operator_new_size_type;
type u64 (line 200) | typedef u64 tid_t;
type uu16 (line 268) | typedef ALIGNED(1) u16 uu16;
type uu32 (line 269) | typedef ALIGNED(1) u32 uu32;
type uu64 (line 270) | typedef ALIGNED(1) u64 uu64;
type us16 (line 271) | typedef ALIGNED(1) s16 us16;
type us32 (line 272) | typedef ALIGNED(1) s32 us32;
type us64 (line 273) | typedef ALIGNED(1) s64 us64;
type DWORD (line 277) | typedef unsigned long DWORD;
function namespace (line 278) | namespace __sanitizer {
function namespace (line 440) | namespace __asan {
function namespace (line 443) | namespace __dsan {
function namespace (line 446) | namespace __dfsan {
function namespace (line 449) | namespace __lsan {
function namespace (line 452) | namespace __msan {
function namespace (line 455) | namespace __hwasan {
function namespace (line 458) | namespace __tsan {
function namespace (line 461) | namespace __scudo {
function namespace (line 464) | namespace __ubsan {
function namespace (line 467) | namespace __xray {
function namespace (line 470) | namespace __interception {
function namespace (line 473) | namespace __hwasan {
function namespace (line 476) | namespace __memprof {
FILE: runtime/sanitizer_common/sanitizer_leb128.h
function namespace (line 15) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_lfstack.h
function namespace (line 23) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_libc.cpp
type __sanitizer (line 17) | namespace __sanitizer {
function s64 (line 19) | s64 internal_atoll(const char *nptr) {
function internal_memcmp (line 40) | int internal_memcmp(const void* s1, const void* s2, uptr n) {
function uptr (line 99) | uptr internal_strcspn(const char *s, const char *reject) {
function internal_strcmp (line 116) | int internal_strcmp(const char *s1, const char *s2) {
function internal_strncmp (line 128) | int internal_strncmp(const char *s1, const char *s2, uptr n) {
function uptr (line 165) | uptr internal_strlen(const char *s) {
function uptr (line 171) | uptr internal_strlcat(char *dst, const char *src, uptr maxlen) {
function uptr (line 193) | uptr internal_strlcpy(char *dst, const char *src, uptr maxlen) {
function uptr (line 212) | uptr internal_strnlen(const char *s, uptr maxlen) {
function s64 (line 230) | s64 internal_simple_strtoll(const char *nptr, const char **endptr, int...
function uptr (line 261) | uptr internal_wcslen(const wchar_t *s) {
function uptr (line 267) | uptr internal_wcsnlen(const wchar_t *s, uptr maxlen) {
function mem_is_zero (line 273) | bool mem_is_zero(const char *beg, uptr size) {
FILE: runtime/sanitizer_common/sanitizer_libc.h
function namespace (line 23) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_libignore.cpp
type __sanitizer (line 19) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_libignore.h
function namespace (line 24) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_linux.cpp
type ps_strings (line 98) | struct ps_strings
type kernel_timeval (line 111) | struct kernel_timeval {
function SetSigProcMask (line 154) | void SetSigProcMask(__sanitizer_sigset_t *set, __sanitizer_sigset_t *old) {
function uptr (line 197) | uptr internal_mmap(void *addr, uptr length, int prot, int flags, int fd,
function uptr (line 211) | uptr internal_munmap(void *addr, uptr length) {
function uptr (line 216) | uptr internal_mremap(void *old_address, uptr old_size, uptr new_size, in...
function internal_mprotect (line 223) | int internal_mprotect(void *addr, uptr length, int prot) {
function internal_madvise (line 227) | int internal_madvise(uptr addr, uptr length, int advice) {
function uptr (line 231) | uptr internal_close(fd_t fd) {
function uptr (line 235) | uptr internal_open(const char *filename, int flags) {
function uptr (line 243) | uptr internal_open(const char *filename, int flags, u32 mode) {
function uptr (line 252) | uptr internal_read(fd_t fd, void *buf, uptr count) {
function uptr (line 259) | uptr internal_write(fd_t fd, const void *buf, uptr count) {
function uptr (line 266) | uptr internal_ftruncate(fd_t fd, uptr size) {
function stat64_to_stat (line 274) | static void stat64_to_stat(struct stat64 *in, struct stat *out) {
function kernel_stat_to_stat (line 310) | static void kernel_stat_to_stat(struct kernel_stat *in, struct stat *out) {
function uptr (line 342) | uptr internal_stat(const char *path, void *buf) {
function uptr (line 366) | uptr internal_lstat(const char *path, void *buf) {
function uptr (line 391) | uptr internal_fstat(fd_t fd, void *buf) {
function uptr (line 410) | uptr internal_filesize(fd_t fd) {
function uptr (line 417) | uptr internal_dup(int oldfd) {
function uptr (line 421) | uptr internal_dup2(int oldfd, int newfd) {
function uptr (line 429) | uptr internal_readlink(const char *path, char *buf, uptr bufsize) {
function uptr (line 438) | uptr internal_unlink(const char *path) {
function uptr (line 446) | uptr internal_rename(const char *oldpath, const char *newpath) {
function uptr (line 458) | uptr internal_sched_yield() {
function internal_usleep (line 462) | void internal_usleep(u64 useconds) {
function uptr (line 469) | uptr internal_execve(const char *filename, char *const argv[],
function internal__exit (line 477) | void internal__exit(int exitcode) {
function FileExists (line 488) | bool FileExists(const char *filename) {
function tid_t (line 503) | tid_t GetTid() {
function TgKill (line 515) | int TgKill(pid_t pid, tid_t tid, int sig) {
function u64 (line 528) | u64 NanoTime() {
function uptr (line 535) | uptr internal_clock_gettime(__sanitizer_clockid_t clk_id, void *tp) {
function u64 (line 539) | u64 NanoTime() {
function ReadNullSepFileToArray (line 595) | static void ReadNullSepFileToArray(const char *path, char ***arr,
function FutexWait (line 671) | void FutexWait(atomic_uint32_t *p, u32 cmp) {
function FutexWake (line 681) | void FutexWake(atomic_uint32_t *p, u32 count) {
type linux_dirent (line 700) | struct linux_dirent {
function uptr (line 718) | uptr internal_ptrace(int request, int pid, void *addr, void *data) {
function uptr (line 723) | uptr internal_waitpid(int pid, int *status, int options) {
function uptr (line 728) | uptr internal_getpid() {
function uptr (line 732) | uptr internal_getppid() {
function internal_dlinfo (line 736) | int internal_dlinfo(void *handle, int request, void *p) {
function uptr (line 744) | uptr internal_getdents(fd_t fd, struct linux_dirent *dirp, unsigned int ...
function uptr (line 754) | uptr internal_lseek(fd_t fd, OFF_T offset, int whence) {
function uptr (line 759) | uptr internal_prctl(int option, uptr arg2, uptr arg3, uptr arg4, uptr ar...
function uptr (line 764) | uptr internal_sigaltstack(const void *ss, void *oss) {
function internal_fork (line 768) | int internal_fork() {
function internal_sysctl (line 777) | int internal_sysctl(const int *name, unsigned int namelen, void *oldp,
function internal_sysctlbyname (line 783) | int internal_sysctlbyname(const char *sname, void *oldp, uptr *oldlenp,
function internal_sigaction_norestorer (line 815) | int internal_sigaction_norestorer(int signum, const void *act, void *old...
function uptr (line 860) | uptr internal_sigprocmask(int how, __sanitizer_sigset_t *set,
function internal_sigfillset (line 872) | void internal_sigfillset(__sanitizer_sigset_t *set) {
function internal_sigemptyset (line 876) | void internal_sigemptyset(__sanitizer_sigset_t *set) {
function internal_sigdelset (line 881) | void internal_sigdelset(__sanitizer_sigset_t *set, int signum) {
function internal_sigismember (line 891) | bool internal_sigismember(__sanitizer_sigset_t *set, int signum) {
function internal_sigdelset (line 901) | void internal_sigdelset(__sanitizer_sigset_t *set, int signum) {
function internal_sigismember (line 906) | bool internal_sigismember(__sanitizer_sigset_t *set, int signum) {
type linux_dirent (line 938) | struct linux_dirent
type linux_dirent (line 947) | struct linux_dirent
type linux_dirent (line 947) | struct linux_dirent
function uptr (line 1004) | static uptr GetKernelAreaSize() {
function uptr (line 1038) | uptr GetMaxVirtualAddress() {
function uptr (line 1071) | uptr GetMaxUserVirtualAddress() {
function uptr (line 1082) | uptr GetPageSize() {
function uptr (line 1102) | uptr ReadBinaryName(/*out*/char *buf, uptr buf_len) {
function uptr (line 1139) | uptr ReadLongProcessName(/*out*/ char *buf, uptr buf_len) {
function LibraryNameIs (line 1155) | bool LibraryNameIs(const char *full_name, const char *base_name) {
function ForEachMappedRegion (line 1168) | void ForEachMappedRegion(link_map *map, void (*cb)(const void *, uptr)) {
function uptr (line 1215) | uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, voi...
function uptr (line 1271) | uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, voi...
function uptr (line 1347) | uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, voi...
function uptr (line 1388) | uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, voi...
function uptr (line 1439) | uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, voi...
function uptr (line 1548) | uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, voi...
function uptr (line 1613) | uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, voi...
function internal_uname (line 1682) | int internal_uname(struct utsname *buf) {
type dl_phdr_info (line 1690) | struct dl_phdr_info
function dl_iterate_phdr_test_cb (line 1693) | static int dl_iterate_phdr_test_cb(struct dl_phdr_info *info, size_t size,
function AndroidApiLevel (line 1707) | static AndroidApiLevel AndroidDetectApiLevelStatic() {
function AndroidApiLevel (line 1717) | static AndroidApiLevel AndroidDetectApiLevel() {
function AndroidApiLevel (line 1731) | AndroidApiLevel AndroidGetApiLevel() {
function HandleSignalMode (line 1743) | static HandleSignalMode GetHandleSignalModeImpl(int signum) {
function HandleSignalMode (line 1761) | HandleSignalMode GetHandleSignalMode(int signum) {
function internal_join_thread (line 1779) | void internal_join_thread(void *th) {
function internal_join_thread (line 1786) | void internal_join_thread(void *th) {}
type __sanitizer_esr_context (line 1791) | struct __sanitizer_esr_context {
type _aarch64_ctx (line 1792) | struct _aarch64_ctx
function Aarch64GetESR (line 1796) | static bool Aarch64GetESR(ucontext_t *ucontext, u64 *esr) {
type sigcontext (line 1894) | struct sigcontext
type sigcontext (line 1894) | struct sigcontext
function GetPcSpBp (line 2022) | static void GetPcSpBp(void *context, uptr *pc, uptr *sp, uptr *bp) {
function InitializePlatformEarly (line 2148) | void InitializePlatformEarly() {
function MaybeReexec (line 2152) | void MaybeReexec() {
function CheckASLR (line 2156) | void CheckASLR() {
function CheckMPROTECT (line 2206) | void CheckMPROTECT() {
function CheckNoDeepBind (line 2230) | void CheckNoDeepBind(const char *filename, int flag) {
function uptr (line 2245) | uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding,
function GetRandom (line 2252) | bool GetRandom(void *buffer, uptr length, bool blocking) {
FILE: runtime/sanitizer_common/sanitizer_linux.h
type link_map (line 26) | struct link_map
type utsname (line 27) | struct utsname
function namespace (line 29) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_linux_libcdep.cpp
type __sanitizer::linux_dirent (line 74) | struct __sanitizer::linux_dirent {
type __sanitizer (line 88) | namespace __sanitizer {
function internal_sigaction (line 93) | int internal_sigaction(int signum, const void *act, void *oldact) {
function GetThreadStackTopAndBottom (line 102) | void GetThreadStackTopAndBottom(bool at_initialization, uptr *stack_top,
function SetEnv (line 158) | bool SetEnv(const char *name, const char *value) {
function GetLibcVersion (line 170) | __attribute__((unused)) static bool GetLibcVersion(int *major, int *mi...
function InitTlsSize (line 201) | void InitTlsSize() {
function InitTlsSize (line 213) | void InitTlsSize() { }
function uptr (line 223) | static uptr ThreadDescriptorSizeFallback() {
function uptr (line 289) | uptr ThreadDescriptorSize() {
function uptr (line 307) | static uptr TlsPreTcbSize() {
type TlsBlock (line 323) | struct TlsBlock {
function uptr (line 333) | static uptr TlsGetOffset(uptr ti_module, uptr ti_offset) {
function CollectStaticTlsBlocks (line 352) | static int CollectStaticTlsBlocks(struct dl_phdr_info *info, size_t size,
function GetStaticTlsBoundary (line 378) | __attribute__((unused)) static void GetStaticTlsBoundary(uptr *addr, u...
type tls_tcb (line 413) | struct tls_tcb
type tls_tcb (line 414) | struct tls_tcb
type tls_tcb (line 416) | struct tls_tcb
type tls_tcb (line 418) | struct tls_tcb
function uptr (line 423) | uptr ThreadSelf() {
function GetSizeFromHdr (line 427) | int GetSizeFromHdr(struct dl_phdr_info *info, size_t size, void *data) {
function GetTls (line 448) | static void GetTls(uptr *addr, uptr *size) {
function uptr (line 551) | uptr GetTlsSize() {
function GetThreadStackAndTls (line 563) | void GetThreadStackAndTls(bool main, uptr *stk_addr, uptr *stk_size,
type DlIteratePhdrData (line 595) | struct DlIteratePhdrData {
function AddModuleSegments (line 600) | static int AddModuleSegments(const char *module_name, dl_phdr_info *info,
function dl_iterate_phdr_cb (line 649) | static int dl_iterate_phdr_cb(dl_phdr_info *info, size_t size, void *a...
type dl_phdr_info (line 670) | struct dl_phdr_info
function requiresProcmaps (line 673) | static bool requiresProcmaps() {
function procmapsInit (line 684) | static void procmapsInit(InternalMmapVectorNoCtor<LoadedModule> *modul...
function uptr (line 713) | static uptr GetRSSFromGetrusage() {
function uptr (line 720) | uptr GetRSS() {
function u32 (line 751) | u32 GetNumberOfCPUs() {
function AndroidLogInit (line 810) | void AndroidLogInit() {
function ShouldLogAfterPrintf (line 815) | static bool ShouldLogAfterPrintf() {
function WriteOneLineToSyslog (line 833) | void WriteOneLineToSyslog(const char *s) {
function SetAbortMessage (line 847) | void SetAbortMessage(const char *str) {
function AndroidLogInit (line 852) | void AndroidLogInit() {}
function ShouldLogAfterPrintf (line 854) | static bool ShouldLogAfterPrintf() { return true; }
function WriteOneLineToSyslog (line 856) | void WriteOneLineToSyslog(const char *s) { syslog(LOG_INFO, "%s", s); }
function SetAbortMessage (line 858) | void SetAbortMessage(const char *str) {}
function LogMessageOnPrintf (line 861) | void LogMessageOnPrintf(const char *str) {
function CanUseVDSO (line 874) | inline bool CanUseVDSO() { return &__progname && __progname && *__prog...
function u64 (line 881) | u64 MonotonicNanoTime() {
function u64 (line 895) | u64 MonotonicNanoTime() {
function ReExec (line 902) | void ReExec() {
function UnmapFromTo (line 934) | void UnmapFromTo(uptr from, uptr to) {
function uptr (line 946) | uptr MapDynamicShadow(uptr shadow_size_bytes, uptr shadow_scale,
function uptr (line 969) | static uptr MmapSharedNoReserve(uptr addr, uptr size) {
function uptr (line 975) | static uptr MremapCreateAlias(uptr base_addr, uptr alias_addr,
function CreateAliases (line 987) | static void CreateAliases(uptr start_addr, uptr alias_size, uptr num_a...
function uptr (line 998) | uptr MapDynamicShadowAndAliases(uptr shadow_size, uptr alias_size,
function InitializePlatformCommonFlags (line 1028) | void InitializePlatformCommonFlags(CommonFlags *cf) {
FILE: runtime/sanitizer_common/sanitizer_linux_s390.cpp
type __sanitizer (line 27) | namespace __sanitizer {
function uptr (line 30) | uptr internal_mmap(void *addr, uptr length, int prot, int flags, int fd,
function uptr (line 58) | uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, v...
function FixedCVE_2016_2143 (line 126) | static bool FixedCVE_2016_2143() {
function AvoidCVE_2016_2143 (line 202) | void AvoidCVE_2016_2143() {
FILE: runtime/sanitizer_common/sanitizer_list.h
function namespace (line 19) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_local_address_space_view.h
function namespace (line 31) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_lzw.h
function namespace (line 18) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_mac.cpp
function uptr (line 128) | uptr internal_mmap(void *addr, size_t length, int prot, int flags,
function uptr (line 140) | uptr internal_munmap(void *addr, uptr length) {
function uptr (line 145) | uptr internal_mremap(void *old_address, uptr old_size, uptr new_size, in...
function internal_mprotect (line 151) | int internal_mprotect(void *addr, uptr length, int prot) {
function internal_madvise (line 155) | int internal_madvise(uptr addr, uptr length, int advice) {
function uptr (line 159) | uptr internal_close(fd_t fd) {
function uptr (line 163) | uptr internal_open(const char *filename, int flags) {
function uptr (line 167) | uptr internal_open(const char *filename, int flags, u32 mode) {
function uptr (line 171) | uptr internal_read(fd_t fd, void *buf, uptr count) {
function uptr (line 175) | uptr internal_write(fd_t fd, const void *buf, uptr count) {
function uptr (line 179) | uptr internal_stat(const char *path, void *buf) {
function uptr (line 183) | uptr internal_lstat(const char *path, void *buf) {
function uptr (line 187) | uptr internal_fstat(fd_t fd, void *buf) {
function uptr (line 191) | uptr internal_filesize(fd_t fd) {
function uptr (line 198) | uptr internal_dup(int oldfd) {
function uptr (line 202) | uptr internal_dup2(int oldfd, int newfd) {
function uptr (line 206) | uptr internal_readlink(const char *path, char *buf, uptr bufsize) {
function uptr (line 210) | uptr internal_unlink(const char *path) {
function uptr (line 214) | uptr internal_sched_yield() {
function internal__exit (line 218) | void internal__exit(int exitcode) {
function internal_usleep (line 222) | void internal_usleep(u64 useconds) { usleep(useconds); }
function uptr (line 224) | uptr internal_getpid() {
function internal_dlinfo (line 228) | int internal_dlinfo(void *handle, int request, void *p) {
function internal_sigaction (line 232) | int internal_sigaction(int signum, const void *act, void *oldact) {
function internal_sigfillset (line 237) | void internal_sigfillset(__sanitizer_sigset_t *set) { sigfillset(set); }
function uptr (line 239) | uptr internal_sigprocmask(int how, __sanitizer_sigset_t *set,
function internal_fork (line 248) | int internal_fork() {
function internal_sysctl (line 254) | int internal_sysctl(const int *name, unsigned int namelen, void *oldp,
function internal_sysctlbyname (line 260) | int internal_sysctlbyname(const char *sname, void *oldp, uptr *oldlenp,
function fd_t (line 266) | static fd_t internal_spawn_impl(const char *argv[], const char *envp[],
function fd_t (line 343) | fd_t internal_spawn(const char *argv[], const char *envp[], pid_t *pid) {
function uptr (line 367) | uptr internal_rename(const char *oldpath, const char *newpath) {
function uptr (line 371) | uptr internal_ftruncate(fd_t fd, uptr size) {
function uptr (line 375) | uptr internal_execve(const char *filename, char *const argv[],
function uptr (line 380) | uptr internal_waitpid(int pid, int *status, int options) {
function FileExists (line 385) | bool FileExists(const char *filename) {
function tid_t (line 395) | tid_t GetTid() {
function GetThreadStackTopAndBottom (line 401) | void GetThreadStackTopAndBottom(bool at_initialization, uptr *stack_top,
function uptr (line 456) | uptr ReadBinaryName(/*out*/char *buf, uptr buf_len) {
function uptr (line 471) | uptr ReadLongProcessName(/*out*/char *buf, uptr buf_len) {
function ReExec (line 475) | void ReExec() {
function CheckASLR (line 479) | void CheckASLR() {
function CheckMPROTECT (line 483) | void CheckMPROTECT() {
function uptr (line 487) | uptr GetPageSize() {
function MprotectMallocZones (line 499) | void MprotectMallocZones(void *addr, int prot) {
function FutexWait (line 514) | void FutexWait(atomic_uint32_t *p, u32 cmp) {
function FutexWake (line 519) | void FutexWake(atomic_uint32_t *p, u32 count) {}
function u64 (line 521) | u64 NanoTime() {
function u64 (line 529) | u64 MonotonicNanoTime() {
function uptr (line 535) | uptr GetTlsSize() {
function InitTlsSize (line 539) | void InitTlsSize() {
function uptr (line 542) | uptr TlsBaseAddr() {
function uptr (line 558) | uptr TlsSize() {
function GetThreadStackAndTls (line 566) | void GetThreadStackAndTls(bool main, uptr *stk_addr, uptr *stk_size,
function HandleSignalMode (line 591) | static HandleSignalMode GetHandleSignalModeImpl(int signum) {
function HandleSignalMode (line 609) | HandleSignalMode GetHandleSignalMode(int signum) {
function u16 (line 621) | constexpr u16 GetOSMajorKernelOffset() {
function uptr (line 629) | static uptr ApproximateOSVersionViaKernelVersion(VersStr vers) {
function GetOSVersion (line 646) | static void GetOSVersion(VersStr vers) {
function ParseVersion (line 677) | void ParseVersion(const char *vers, u16 *major, u16 *minor) {
function MapToMacos (line 689) | static void MapToMacos(u16 *major, u16 *minor) {
function MacosVersion (line 708) | static MacosVersion GetMacosAlignedVersionInternal() {
function MacosVersion (line 723) | MacosVersion GetMacosAlignedVersion() {
function DarwinKernelVersion (line 734) | DarwinKernelVersion GetDarwinKernelVersion() {
function uptr (line 747) | uptr GetRSS() {
function internal_join_thread (line 770) | void internal_join_thread(void *th) { pthread_join((pthread_t)th, 0); }
function WriteOneLineToSyslog (line 776) | void WriteOneLineToSyslog(const char *s) {
function CRAppendCrashLogMessage (line 818) | static void CRAppendCrashLogMessage(const char *msg) {
function LogMessageOnPrintf (line 827) | void LogMessageOnPrintf(const char *str) {
function LogFullErrorReport (line 833) | void LogFullErrorReport(const char *buffer) {
function GetPcSpBp (line 894) | static void GetPcSpBp(void *context, uptr *pc, uptr *sp, uptr *bp) {
function DisableMmapExcGuardExceptions (line 928) | static void DisableMmapExcGuardExceptions() {
function InitializePlatformEarly (line 939) | void InitializePlatformEarly() {
function LeakyResetEnv (line 959) | void LeakyResetEnv(const char *name, const char *name_value) {
function SANITIZER_WEAK_CXX_DEFAULT_IMPL (line 984) | SANITIZER_WEAK_CXX_DEFAULT_IMPL
function DyldNeedsEnvVariable (line 989) | static bool DyldNeedsEnvVariable() {
function MaybeReexec (line 995) | void MaybeReexec() {
type __sanitizer_task_vm_info (line 1142) | struct __sanitizer_task_vm_info {
function uptr (line 1169) | static uptr GetTaskInfoMaxAddress() {
function uptr (line 1176) | uptr GetMaxUserVirtualAddress() {
function uptr (line 1197) | uptr GetMaxUserVirtualAddress() {
function uptr (line 1210) | uptr GetMaxVirtualAddress() {
function uptr (line 1214) | uptr MapDynamicShadow(uptr shadow_size_bytes, uptr shadow_scale,
function uptr (line 1262) | uptr MapDynamicShadowAndAliases(uptr shadow_size, uptr alias_size,
function uptr (line 1268) | uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding,
function GetMemoryProfile (line 1320) | void GetMemoryProfile(fill_profile_f cb, uptr *stats) {}
function CompareBaseAddress (line 1374) | static inline bool CompareBaseAddress(const LoadedModule &a,
function FormatUUID (line 1379) | void FormatUUID(char *out, uptr size, const u8 *uuid) {
function DumpProcessMap (line 1388) | void DumpProcessMap() {
function CheckNoDeepBind (line 1405) | void CheckNoDeepBind(const char *filename, int flag) {
function GetRandom (line 1409) | bool GetRandom(void *buffer, uptr length, bool blocking) {
function u32 (line 1417) | u32 GetNumberOfCPUs() {
function InitializePlatformCommonFlags (line 1421) | void InitializePlatformCommonFlags(CommonFlags *cf) {}
FILE: runtime/sanitizer_common/sanitizer_mac.h
function namespace (line 20) | namespace __sanitizer {
function MacosVersion (line 50) | struct MacosVersion : VersionBase<MacosVersion> {
function DarwinKernelVersion (line 54) | struct DarwinKernelVersion : VersionBase<DarwinKernelVersion> {
FILE: runtime/sanitizer_common/sanitizer_mac_libcdep.cpp
type __sanitizer (line 19) | namespace __sanitizer {
function RestrictMemoryToMaxAddress (line 21) | void RestrictMemoryToMaxAddress(uptr max_address) {
FILE: runtime/sanitizer_common/sanitizer_mutex.cpp
type __sanitizer (line 17) | namespace __sanitizer {
function SANITIZER_WEAK_ATTRIBUTE (line 64) | SANITIZER_WEAK_ATTRIBUTE void PrintMutexPC(uptr pc) {}
function DebugMutexInit (line 72) | void DebugMutexInit() {
type InternalDeadlockDetector (line 140) | struct InternalDeadlockDetector {
type LockDesc (line 141) | struct LockDesc {
method Lock (line 150) | void Lock(MutexType type, uptr pc) {
method Unlock (line 185) | void Unlock(MutexType type) {
method CheckNoLocks (line 197) | void CheckNoLocks() {
method Initialize (line 201) | bool Initialize(MutexType type) {
FILE: runtime/sanitizer_common/sanitizer_mutex.h
function namespace (line 21) | namespace __sanitizer {
function Unlock (line 211) | void Unlock() SANITIZER_RELEASE() {
function ReadLock (line 239) | void ReadLock() SANITIZER_ACQUIRE_SHARED() {
function ReadUnlock (line 276) | void ReadUnlock() SANITIZER_RELEASE_SHARED() {
function CheckWriteLocked (line 302) | void CheckWriteLocked() const SANITIZER_CHECK_LOCKED() {
function SANITIZER_SCOPED_LOCK (line 366) | SANITIZER_SCOPED_LOCK GenericScopedLock {
function SANITIZER_SCOPED_LOCK (line 382) | SANITIZER_SCOPED_LOCK GenericScopedReadLock {
function SANITIZER_SCOPED_LOCK (line 399) | SANITIZER_SCOPED_LOCK GenericScopedRWLock {
type GenericScopedLock (line 425) | typedef GenericScopedLock<StaticSpinMutex> SpinMutexLock;
type GenericScopedLock (line 426) | typedef GenericScopedLock<Mutex> Lock;
type GenericScopedReadLock (line 427) | typedef GenericScopedReadLock<Mutex> ReadLock;
type GenericScopedRWLock (line 428) | typedef GenericScopedRWLock<Mutex> RWLock;
FILE: runtime/sanitizer_common/sanitizer_netbsd.cpp
type __sanitizer (line 75) | namespace __sanitizer {
function uptr (line 97) | uptr internal_mmap(void *addr, uptr length, int prot, int flags, int fd,
function uptr (line 103) | uptr internal_munmap(void *addr, uptr length) {
function uptr (line 108) | uptr internal_mremap(void *old_address, uptr old_size, uptr new_size, ...
function internal_mprotect (line 114) | int internal_mprotect(void *addr, uptr length, int prot) {
function internal_madvise (line 119) | int internal_madvise(uptr addr, uptr length, int advice) {
function uptr (line 124) | uptr internal_close(fd_t fd) {
function uptr (line 129) | uptr internal_open(const char *filename, int flags) {
function uptr (line 134) | uptr internal_open(const char *filename, int flags, u32 mode) {
function uptr (line 139) | uptr internal_read(fd_t fd, void *buf, uptr count) {
function uptr (line 146) | uptr internal_write(fd_t fd, const void *buf, uptr count) {
function uptr (line 153) | uptr internal_ftruncate(fd_t fd, uptr size) {
function uptr (line 160) | uptr internal_stat(const char *path, void *buf) {
function uptr (line 165) | uptr internal_lstat(const char *path, void *buf) {
function uptr (line 170) | uptr internal_fstat(fd_t fd, void *buf) {
function uptr (line 175) | uptr internal_filesize(fd_t fd) {
function uptr (line 182) | uptr internal_dup(int oldfd) {
function uptr (line 187) | uptr internal_dup2(int oldfd, int newfd) {
function uptr (line 192) | uptr internal_readlink(const char *path, char *buf, uptr bufsize) {
function uptr (line 197) | uptr internal_unlink(const char *path) {
function uptr (line 202) | uptr internal_rename(const char *oldpath, const char *newpath) {
function uptr (line 207) | uptr internal_sched_yield() {
function internal__exit (line 212) | void internal__exit(int exitcode) {
function internal_usleep (line 218) | void internal_usleep(u64 useconds) {
function uptr (line 226) | uptr internal_execve(const char *filename, char *const argv[],
function tid_t (line 232) | tid_t GetTid() {
function TgKill (line 237) | int TgKill(pid_t pid, tid_t tid, int sig) {
function u64 (line 243) | u64 NanoTime() {
function uptr (line 251) | uptr internal_clock_gettime(__sanitizer_clockid_t clk_id, void *tp) {
function uptr (line 256) | uptr internal_ptrace(int request, int pid, void *addr, int data) {
function uptr (line 261) | uptr internal_waitpid(int pid, int *status, int options) {
function uptr (line 266) | uptr internal_getpid() {
function uptr (line 271) | uptr internal_getppid() {
function internal_dlinfo (line 276) | int internal_dlinfo(void *handle, int request, void *p) {
function uptr (line 281) | uptr internal_getdents(fd_t fd, void *dirp, unsigned int count) {
function uptr (line 286) | uptr internal_lseek(fd_t fd, OFF_T offset, int whence) {
function uptr (line 291) | uptr internal_prctl(int option, uptr arg2, uptr arg3, uptr arg4, uptr ...
function uptr (line 297) | uptr internal_sigaltstack(const void *ss, void *oss) {
function internal_fork (line 302) | int internal_fork() {
function internal_sysctl (line 307) | int internal_sysctl(const int *name, unsigned int namelen, void *oldp,
function internal_sysctlbyname (line 313) | int internal_sysctlbyname(const char *sname, void *oldp, uptr *oldlenp,
function uptr (line 321) | uptr internal_sigprocmask(int how, __sanitizer_sigset_t *set,
function internal_sigfillset (line 327) | void internal_sigfillset(__sanitizer_sigset_t *set) {
function internal_sigemptyset (line 332) | void internal_sigemptyset(__sanitizer_sigset_t *set) {
function internal_sigdelset (line 337) | void internal_sigdelset(__sanitizer_sigset_t *set, int signo) {
function uptr (line 342) | uptr internal_clone(int (*fn)(void *), void *child_stack, int flags,
FILE: runtime/sanitizer_common/sanitizer_persistent_allocator.cpp
type __sanitizer (line 14) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_persistent_allocator.h
function namespace (line 21) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_platform_limits_freebsd.cpp
type __sanitizer (line 100) | namespace __sanitizer {
type utsname (line 107) | struct utsname
type stat (line 108) | struct stat
type rusage (line 109) | struct rusage
type tm (line 110) | struct tm
type passwd (line 111) | struct passwd
type group (line 112) | struct group
type sigaction (line 114) | struct sigaction
type itimerval (line 116) | struct itimerval
type timezone (line 127) | struct timezone
type tms (line 128) | struct tms
type sigevent (line 129) | struct sigevent
type sched_param (line 130) | struct sched_param
type statfs (line 131) | struct statfs
type sockaddr (line 132) | struct sockaddr
function ucontext_t_sz (line 133) | unsigned ucontext_t_sz(void *ctx) { return sizeof(ucontext_t); }
type rlimit (line 134) | struct rlimit
type timespec (line 135) | struct timespec
type utimbuf (line 136) | struct utimbuf
type itimerspec (line 137) | struct itimerspec
type timeb (line 138) | struct timeb
type msqid_ds (line 139) | struct msqid_ds
type mq_attr (line 140) | struct mq_attr
type statvfs (line 141) | struct statvfs
type shminfo (line 142) | struct shminfo
type shm_info (line 143) | struct shm_info
type fstab (line 146) | struct fstab
type utmpx (line 160) | struct utmpx
function uptr (line 167) | uptr __sanitizer_in_addr_sz(int af) {
type ttyent (line 183) | struct ttyent
type ifreq (line 186) | struct ifreq
type termios (line 187) | struct termios
type winsize (line 188) | struct winsize
type copr_buffer (line 194) | struct copr_buffer
type copr_debug_buf (line 195) | struct copr_debug_buf
type copr_msg (line 196) | struct copr_msg
type midi_info (line 198) | struct midi_info
type mtget (line 199) | struct mtget
type mtop (line 200) | struct mtop
type sbi_instrument (line 201) | struct sbi_instrument
type seq_event_rec (line 202) | struct seq_event_rec
type synth_info (line 203) | struct synth_info
type audio_buf_info (line 204) | struct audio_buf_info
type ppp_stats (line 205) | struct ppp_stats
type sioc_sg_req (line 206) | struct sioc_sg_req
type sioc_vif_req (line 207) | struct sioc_vif_req
type sigaction (line 465) | struct sigaction
FILE: runtime/sanitizer_common/sanitizer_platform_limits_freebsd.h
function namespace (line 27) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_platform_limits_linux.cpp
type __sanitizer (line 60) | namespace __sanitizer {
type statfs64 (line 62) | struct statfs64
type __old_kernel_stat (line 69) | struct __old_kernel_stat
type stat (line 72) | struct stat
type stat64 (line 75) | struct stat64
type __sanitizer_perf_event_attr (line 85) | struct __sanitizer_perf_event_attr
type perf_event_attr (line 86) | struct perf_event_attr
FILE: runtime/sanitizer_common/sanitizer_platform_limits_netbsd.cpp
type ap_control (line 324) | struct ap_control {
type ipftq (line 334) | struct ipftq {
type ipfobj (line 345) | struct ipfobj {
type smbioc_flags (line 366) | struct smbioc_flags {
type smbioc_oshare (line 371) | struct smbioc_oshare {
type smbioc_ossn (line 381) | struct smbioc_ossn {
type sockaddr (line 384) | struct sockaddr
type sockaddr (line 386) | struct sockaddr
type smbioc_lookup (line 400) | struct smbioc_lookup {
type smbioc_ossn (line 403) | struct smbioc_ossn
type smbioc_oshare (line 404) | struct smbioc_oshare
type smbioc_rq (line 406) | struct smbioc_rq {
type smbioc_rw (line 417) | struct smbioc_rw {
type urio_command (line 458) | struct urio_command {
type __sanitizer (line 527) | namespace __sanitizer {
type utsname (line 533) | struct utsname
type stat (line 534) | struct stat
type rusage (line 535) | struct rusage
type tm (line 536) | struct tm
type passwd (line 537) | struct passwd
type group (line 538) | struct group
type sigaction (line 540) | struct sigaction
type itimerval (line 542) | struct itimerval
type timezone (line 552) | struct timezone
type tms (line 553) | struct tms
type sigevent (line 554) | struct sigevent
type sched_param (line 555) | struct sched_param
type sockaddr (line 556) | struct sockaddr
function ucontext_t_sz (line 557) | unsigned ucontext_t_sz(void *ctx) { return sizeof(ucontext_t); }
type rlimit (line 558) | struct rlimit
type timespec (line 559) | struct timespec
type sembuf (line 560) | struct sembuf
type kevent (line 561) | struct kevent
type fstab (line 566) | struct fstab
type utimbuf (line 567) | struct utimbuf
type itimerspec (line 568) | struct itimerspec
type timex (line 569) | struct timex
type msqid_ds (line 570) | struct msqid_ds
type mq_attr (line 571) | struct mq_attr
type statvfs (line 572) | struct statvfs
type ptrace_io_desc (line 621) | struct ptrace_io_desc
type ptrace_lwpinfo (line 622) | struct ptrace_lwpinfo
type __sanitizer_ptrace_lwpstatus (line 624) | struct __sanitizer_ptrace_lwpstatus
type reg (line 629) | struct reg
type fpreg (line 635) | struct fpreg
type dbreg (line 641) | struct dbreg
type utmp (line 648) | struct utmp
type utmpx (line 649) | struct utmpx
function uptr (line 656) | uptr __sanitizer_in_addr_sz(int af) {
type ttyent (line 673) | struct ttyent
type __sanitizer_nvlist_ref_t (line 675) | struct __sanitizer_nvlist_ref_t {
type lua_create (line 868) | struct lua_create
type lua_info (line 869) | struct lua_info
type lua_load (line 870) | struct lua_load
type scsireq (line 1098) | struct scsireq
type vt_mode (line 1102) | struct vt_mode
type _old_mixer_info (line 1103) | struct _old_mixer_info
type _agp_allocate (line 1104) | struct _agp_allocate
type _agp_bind (line 1105) | struct _agp_bind
type _agp_info (line 1106) | struct _agp_info
type _agp_setup (line 1107) | struct _agp_setup
type _agp_unbind (line 1108) | struct _agp_unbind
type atareq (line 1109) | struct atareq
type cpustate (line 1110) | struct cpustate
type dmx_caps (line 1111) | struct dmx_caps
type v4l2_priority (line 1115) | enum v4l2_priority
type envsys_basic_info (line 1116) | struct envsys_basic_info
type envsys_tre_data (line 1117) | struct envsys_tre_data
type fe_sec_mini_cmd (line 1118) | enum fe_sec_mini_cmd
type fe_sec_tone_mode (line 1119) | enum fe_sec_tone_mode
type fe_sec_voltage (line 1120) | enum fe_sec_voltage
type fe_status (line 1121) | enum fe_status
type gdt_ctrt (line 1122) | struct gdt_ctrt
type gdt_event (line 1123) | struct gdt_event
type gdt_osv (line 1124) | struct gdt_osv
type gdt_rescan (line 1125) | struct gdt_rescan
type gdt_statist (line 1126) | struct gdt_statist
type gdt_ucmd (line 1127) | struct gdt_ucmd
type lsenable (line 1146) | struct lsenable
type lsdisable (line 1147) | struct lsdisable
type mixer_ctrl (line 1149) | struct mixer_ctrl
type mixer_devinfo (line 1150) | struct mixer_devinfo
type mixer_info (line 1161) | struct mixer_info
type __sanitizer_nvlist_ref_t (line 1166) | struct __sanitizer_nvlist_ref_t
type sigaction (line 2592) | struct sigaction
type statvfs90 (line 2703) | struct statvfs90 {
type statvfs90 (line 2738) | struct statvfs90
FILE: runtime/sanitizer_common/sanitizer_platform_limits_netbsd.h
function namespace (line 22) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_platform_limits_posix.cpp
type user_fpregs (line 98) | struct user_fpregs
type __sanitizer (line 177) | namespace __sanitizer {
type utsname (line 178) | struct utsname
type stat (line 179) | struct stat
type stat64 (line 181) | struct stat64
type rusage (line 183) | struct rusage
type tm (line 184) | struct tm
type passwd (line 185) | struct passwd
type group (line 186) | struct group
type sigaction (line 188) | struct sigaction
type itimerval (line 190) | struct itimerval
type timezone (line 200) | struct timezone
type tms (line 201) | struct tms
type sigevent (line 202) | struct sigevent
type sched_param (line 203) | struct sched_param
type statfs64 (line 208) | struct statfs64
type fstab (line 212) | struct fstab
type statfs (line 216) | struct statfs
type sockaddr (line 217) | struct sockaddr
function ucontext_t_sz (line 219) | unsigned ucontext_t_sz(void *ctx) {
type epoll_event (line 236) | struct epoll_event
type sysinfo (line 237) | struct sysinfo
type __user_cap_header_struct (line 239) | struct __user_cap_header_struct
type __user_cap_data_struct (line 240) | struct __user_cap_data_struct
type new_utsname (line 241) | struct new_utsname
type old_utsname (line 242) | struct old_utsname
type oldold_utsname (line 243) | struct oldold_utsname
type rlimit (line 247) | struct rlimit
type timespec (line 248) | struct timespec
type utimbuf (line 249) | struct utimbuf
type itimerspec (line 250) | struct itimerspec
type rlimit64 (line 268) | struct rlimit64
type statvfs64 (line 269) | struct statvfs64
type crypt_data (line 270) | struct crypt_data
type timex (line 274) | struct timex
type msqid_ds (line 275) | struct msqid_ds
type mq_attr (line 276) | struct mq_attr
type statvfs (line 277) | struct statvfs
type shminfo (line 291) | struct shminfo
type shm_info (line 292) | struct shm_info
type utmp (line 300) | struct utmp
type utmpx (line 303) | struct utmpx
function uptr (line 311) | uptr __sanitizer_in_addr_sz(int af) {
type pt_regs (line 340) | struct pt_regs
type user_regs_struct (line 343) | struct user_regs_struct
type __riscv_q_ext_state (line 344) | struct __riscv_q_ext_state
type user_pt_regs (line 346) | struct user_pt_regs
type user_fpsimd_state (line 347) | struct user_fpsimd_state
type _user_regs_struct (line 349) | struct _user_regs_struct
type _user_fpregs_struct (line 350) | struct _user_fpregs_struct
type user_regs_struct (line 352) | struct user_regs_struct
type user_fpregs_struct (line 353) | struct user_fpregs_struct
type user_fpxregs_struct (line 360) | struct user_fpxregs_struct
type ifreq (line 424) | struct ifreq
type termios (line 425) | struct termios
type winsize (line 426) | struct winsize
type arpreq (line 429) | struct arpreq
type cdrom_msf (line 430) | struct cdrom_msf
type cdrom_multisession (line 431) | struct cdrom_multisession
type cdrom_read_audio (line 432) | struct cdrom_read_audio
type cdrom_subchnl (line 433) | struct cdrom_subchnl
type cdrom_ti (line 434) | struct cdrom_ti
type cdrom_tocentry (line 435) | struct cdrom_tocentry
type cdrom_tochdr (line 436) | struct cdrom_tochdr
type cdrom_volctrl (line 437) | struct cdrom_volctrl
type ff_effect (line 438) | struct ff_effect
type floppy_drive_params (line 439) | struct floppy_drive_params
type floppy_drive_struct (line 440) | struct floppy_drive_struct
type floppy_fdc_state (line 441) | struct floppy_fdc_state
type floppy_max_errors (line 442) | struct floppy_max_errors
type floppy_raw_cmd (line 443) | struct floppy_raw_cmd
type floppy_struct (line 444) | struct floppy_struct
type floppy_write_errors (line 445) | struct floppy_write_errors
type format_descr (line 446) | struct format_descr
type hd_driveid (line 447) | struct hd_driveid
type hd_geometry (line 448) | struct hd_geometry
type input_absinfo (line 449) | struct input_absinfo
type input_id (line 450) | struct input_id
type mtpos (line 451) | struct mtpos
type rtentry (line 452) | struct rtentry
type termio (line 454) | struct termio
type vt_consize (line 456) | struct vt_consize
type vt_sizes (line 457) | struct vt_sizes
type vt_stat (line 458) | struct vt_stat
type copr_buffer (line 467) | struct copr_buffer
type copr_debug_buf (line 468) | struct copr_debug_buf
type copr_msg (line 469) | struct copr_msg
type midi_info (line 471) | struct midi_info
type mtget (line 472) | struct mtget
type mtop (line 473) | struct mtop
type sbi_instrument (line 474) | struct sbi_instrument
type seq_event_rec (line 475) | struct seq_event_rec
type synth_info (line 476) | struct synth_info
type vt_mode (line 477) | struct vt_mode
type ax25_parms_struct (line 481) | struct ax25_parms_struct
type input_keymap_entry (line 483) | struct input_keymap_entry
type ipx_config_data (line 487) | struct ipx_config_data
type kbdiacrs (line 488) | struct kbdiacrs
type kbentry (line 489) | struct kbentry
type kbkeycode (line 490) | struct kbkeycode
type kbsentry (line 491) | struct kbsentry
type mtconfiginfo (line 492) | struct mtconfiginfo
type nr_parms_struct (line 493) | struct nr_parms_struct
type scc_modem (line 494) | struct scc_modem
type scc_stat (line 495) | struct scc_stat
type serial_multiport_struct (line 497) | struct serial_multiport_struct
type serial_struct (line 498) | struct serial_struct
type sockaddr_ax25 (line 499) | struct sockaddr_ax25
type unimapdesc (line 500) | struct unimapdesc
type unimapinit (line 501) | struct unimapinit
type audio_buf_info (line 503) | struct audio_buf_info
type ppp_stats (line 504) | struct ppp_stats
type sioc_sg_req (line 508) | struct sioc_sg_req
type sioc_vif_req (line 509) | struct sioc_vif_req
type sigaction (line 1087) | struct sigaction
type mallinfo (line 1217) | struct mallinfo
FILE: runtime/sanitizer_common/sanitizer_platform_limits_posix.h
function namespace (line 29) | namespace __sanitizer {
type __sanitizer__obstack_chunk (line 878) | struct __sanitizer__obstack_chunk {
type __sanitizer_obstack (line 883) | struct __sanitizer_obstack {
type uptr (line 891) | typedef uptr (*__sanitizer_cookie_io_read)(void *cookie, char *buf, uptr...
type uptr (line 892) | typedef uptr (*__sanitizer_cookie_io_write)(void *cookie, const char *buf,
type __sanitizer_cookie_io_functions_t (line 898) | struct __sanitizer_cookie_io_functions_t {
FILE: runtime/sanitizer_common/sanitizer_platform_limits_solaris.cpp
type __sanitizer (line 65) | namespace __sanitizer {
type utsname (line 66) | struct utsname
type stat (line 67) | struct stat
type stat64 (line 68) | struct stat64
type rusage (line 69) | struct rusage
type tm (line 70) | struct tm
type passwd (line 71) | struct passwd
type group (line 72) | struct group
type sigaction (line 74) | struct sigaction
type itimerval (line 76) | struct itimerval
type timezone (line 86) | struct timezone
type tms (line 87) | struct tms
type sigevent (line 88) | struct sigevent
type sched_param (line 89) | struct sched_param
type statfs (line 90) | struct statfs
type sockaddr (line 91) | struct sockaddr
function ucontext_t_sz (line 92) | unsigned ucontext_t_sz(void *ctx) { return sizeof(ucontext_t); }
type timespec (line 93) | struct timespec
type statvfs64 (line 95) | struct statvfs64
type statvfs (line 97) | struct statvfs
type utmp (line 106) | struct utmp
type utmpx (line 107) | struct utmpx
function uptr (line 114) | uptr __sanitizer_in_addr_sz(int af) {
type ifreq (line 131) | struct ifreq
type termios (line 132) | struct termios
type winsize (line 133) | struct winsize
type sioc_sg_req (line 135) | struct sioc_sg_req
type sioc_vif_req (line 136) | struct sioc_vif_req
type sigaction (line 272) | struct sigaction
FILE: runtime/sanitizer_common/sanitizer_platform_limits_solaris.h
function namespace (line 22) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_posix.cpp
type __sanitizer (line 37) | namespace __sanitizer {
function uptr (line 40) | uptr GetMmapGranularity() {
function UnmapOrDie (line 55) | void UnmapOrDie(void *addr, uptr size) {
function MprotectNoAccess (line 141) | bool MprotectNoAccess(uptr addr, uptr size) {
function MprotectReadOnly (line 145) | bool MprotectReadOnly(uptr addr, uptr size) {
function MprotectMallocZones (line 150) | void MprotectMallocZones(void *addr, int prot) {}
function fd_t (line 153) | fd_t OpenFile(const char *filename, FileAccessMode mode, error_t *errn...
function CloseFile (line 168) | void CloseFile(fd_t fd) {
function ReadFromFile (line 172) | bool ReadFromFile(fd_t fd, void *buff, uptr buff_size, uptr *bytes_read,
function WriteToFile (line 182) | bool WriteToFile(fd_t fd, const void *buff, uptr buff_size, uptr *byte...
function IntervalsAreSeparate (line 216) | static inline bool IntervalsAreSeparate(uptr start1, uptr end1,
function MemoryRangeIsAvailable (line 227) | bool MemoryRangeIsAvailable(uptr range_start, uptr range_end) {
function DumpProcessMap (line 243) | void DumpProcessMap() {
function IsPathSeparator (line 262) | bool IsPathSeparator(const char c) {
function IsAbsolutePath (line 266) | bool IsAbsolutePath(const char *path) {
function GetCodeRangeForFile (line 276) | bool GetCodeRangeForFile(const char *module, uptr *start, uptr *end) {
function uptr (line 291) | uptr SignalContext::GetAddress() const {
function fd_t (line 323) | fd_t ReserveStandardFds(fd_t fd) {
function ShouldMockFailureToOpen (line 339) | bool ShouldMockFailureToOpen(const char *path) {
function GetNamedMappingFd (line 345) | int GetNamedMappingFd(const char *name, uptr size, int *flags) {
function GetNamedMappingFd (line 371) | int GetNamedMappingFd(const char *name, uptr size, int *flags) {
function DecorateMapping (line 379) | void DecorateMapping(uptr addr, uptr size, const char *name) {
function DecorateMapping (line 385) | void DecorateMapping(uptr addr, uptr size, const char *name) {
function uptr (line 389) | uptr MmapNamed(void *addr, uptr length, int prot, int flags, const cha...
FILE: runtime/sanitizer_common/sanitizer_posix.h
function namespace (line 25) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_posix_libcdep.cpp
type __sanitizer (line 48) | namespace __sanitizer {
function u32 (line 50) | u32 GetUid() {
function uptr (line 54) | uptr GetThreadSelf() {
function ReleaseMemoryPagesToOS (line 58) | void ReleaseMemoryPagesToOS(uptr beg, uptr end) {
function SetShadowRegionHugePageMode (line 67) | void SetShadowRegionHugePageMode(uptr addr, uptr size) {
function DontDumpShadowMemory (line 76) | bool DontDumpShadowMemory(uptr addr, uptr length) {
function rlim_t (line 86) | static rlim_t getlim(int res) {
function setlim (line 92) | static void setlim(int res, rlim_t lim) {
function DisableCoreDumperIfNecessary (line 105) | void DisableCoreDumperIfNecessary() {
function StackSizeIsUnlimited (line 111) | bool StackSizeIsUnlimited() {
function SetStackSizeLimitInBytes (line 116) | void SetStackSizeLimitInBytes(uptr limit) {
function AddressSpaceIsUnlimited (line 121) | bool AddressSpaceIsUnlimited() {
function SetAddressSpaceUnlimited (line 126) | void SetAddressSpaceUnlimited() {
function Abort (line 131) | void Abort() {
function Atexit (line 146) | int Atexit(void (*function)(void)) {
function CreateDir (line 154) | bool CreateDir(const char *pathname) { return mkdir(pathname, 0755) ==...
function SupportsColoredOutput (line 156) | bool SupportsColoredOutput(fd_t fd) {
function uptr (line 162) | static uptr GetAltStackSize() {
function SetAlternateSignalStack (line 169) | void SetAlternateSignalStack() {
function UnsetAlternateSignalStack (line 184) | void UnsetAlternateSignalStack() {
function MaybeInstallSigaction (line 193) | static void MaybeInstallSigaction(int signum,
function InstallDeadlySignalHandlers (line 208) | void InstallDeadlySignalHandlers(SignalHandlerType handler) {
function IsAccessibleMemoryRange (line 271) | bool IsAccessibleMemoryRange(uptr beg, uptr size) {
function PlatformPrepareForSandboxing (line 293) | void PlatformPrepareForSandboxing(__sanitizer_sandbox_arguments *args) {
function MmapFixed (line 301) | static bool MmapFixed(uptr fixed_addr, uptr size, int additional_flags,
function MmapFixedNoReserve (line 319) | bool MmapFixedNoReserve(uptr fixed_addr, uptr size, const char *name) {
function MmapFixedSuperNoReserve (line 323) | bool MmapFixedSuperNoReserve(uptr fixed_addr, uptr size, const char *n...
function uptr (line 337) | uptr ReservedAddressRange::Init(uptr size, const char *name, uptr fixe...
function uptr (line 348) | uptr ReservedAddressRange::Map(uptr fixed_addr, uptr size, const char ...
function uptr (line 353) | uptr ReservedAddressRange::MapOrDie(uptr fixed_addr, uptr size,
function my_pthread_attr_getstack (line 386) | int my_pthread_attr_getstack(void *attr, void **addr, uptr *size) {
function AdjustStackSize (line 396) | void AdjustStackSize(void *attr_) {
function pid_t (line 422) | pid_t StartSubprocess(const char *program, const char *const argv[],
function IsProcessRunning (line 475) | bool IsProcessRunning(pid_t pid) {
function WaitForProcess (line 486) | int WaitForProcess(pid_t pid) {
function IsStateDetached (line 497) | bool IsStateDetached(int state) {
FILE: runtime/sanitizer_common/sanitizer_printf.cpp
type __sanitizer (line 28) | namespace __sanitizer {
function AppendChar (line 30) | static int AppendChar(char **buff, const char *buff_end, char c) {
function AppendNumber (line 41) | static int AppendNumber(char **buff, const char *buff_end, u64 absolut...
function AppendUnsigned (line 82) | static int AppendUnsigned(char **buff, const char *buff_end, u64 num, ...
function AppendSignedDecimal (line 89) | static int AppendSignedDecimal(char **buff, const char *buff_end, s64 ...
function AppendString (line 103) | static int AppendString(char **buff, const char *buff_end, int width,
function AppendPointer (line 119) | static int AppendPointer(char **buff, const char *buff_end, u64 ptr_va...
function VSNPrintf (line 128) | int VSNPrintf(char *buff, int buff_length,
function SetPrintfAndReportCallback (line 227) | void SetPrintfAndReportCallback(void (*callback)(const char *)) {
function SANITIZER_INTERFACE_WEAK_DEF (line 236) | SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_on_print, const char *s...
function CallPrintfAndReportCallback (line 241) | static void CallPrintfAndReportCallback(const char *str) {
function SharedPrintfCodeNoBuffer (line 247) | static void NOINLINE SharedPrintfCodeNoBuffer(bool append_pid,
function SharedPrintfCode (line 302) | static void NOINLINE SharedPrintfCode(bool append_pid, const char *for...
function Printf (line 313) | void Printf(const char *format, ...) {
function Report (line 321) | void Report(const char *format, ...) {
function internal_snprintf (line 332) | int internal_snprintf(char *buffer, uptr length, const char *format, ....
FILE: runtime/sanitizer_common/sanitizer_procmaps.h
function namespace (line 29) | namespace __sanitizer {
function class (line 68) | class MemoryMappingLayoutBase {
function virtual (line 72) | virtual void Reset() { UNIMPLEMENTED(); }
FILE: runtime/sanitizer_common/sanitizer_procmaps_bsd.cpp
type __sanitizer (line 40) | namespace __sanitizer {
function ReadProcMaps (line 42) | void ReadProcMaps(ProcSelfMapsBuff *proc_maps) {
type kinfo_vmentry (line 80) | struct kinfo_vmentry
type kinfo_vmentry (line 81) | struct kinfo_vmentry
FILE: runtime/sanitizer_common/sanitizer_procmaps_common.cpp
type __sanitizer (line 21) | namespace __sanitizer {
function TranslateDigit (line 26) | static int TranslateDigit(char c) {
function uptr (line 37) | static uptr ParseNumber(const char **p, int base) {
function IsDecimal (line 48) | bool IsDecimal(char c) {
function uptr (line 53) | uptr ParseDecimal(const char **p) {
function IsHex (line 57) | bool IsHex(char c) {
function uptr (line 62) | uptr ParseHex(const char **p) {
function GetMemoryProfile (line 148) | void GetMemoryProfile(fill_profile_f cb, uptr *stats) {
function ParseUnixMemoryProfile (line 158) | void ParseUnixMemoryProfile(fill_profile_f cb, uptr *stats, char *smaps,
FILE: runtime/sanitizer_common/sanitizer_procmaps_fuchsia.cpp
type __sanitizer (line 21) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_procmaps_linux.cpp
type __sanitizer (line 17) | namespace __sanitizer {
function ReadProcMaps (line 19) | void ReadProcMaps(ProcSelfMapsBuff *proc_maps) {
function IsOneOf (line 28) | static bool IsOneOf(char c, char c1, char c2) {
FILE: runtime/sanitizer_common/sanitizer_procmaps_mac.cpp
type __sanitizer (line 36) | namespace __sanitizer {
type MemoryMappedSegmentData (line 39) | struct MemoryMappedSegmentData {
function NextSectionLoad (line 49) | static void NextSectionLoad(LoadedModule *module, MemoryMappedSegmentD...
type section (line 74) | struct section
type section_64 (line 77) | struct section_64
function mach_header (line 145) | static mach_header *get_dyld_image_header() {
function mach_header (line 169) | const mach_header *get_dyld_hdr() {
function NextSegmentLoad (line 183) | static bool NextSegmentLoad(MemoryMappedSegment *segment,
function ModuleArch (line 240) | ModuleArch ModuleArchFromCpuType(cpu_type_t cputype, cpu_subtype_t cpu...
function load_command (line 265) | static const load_command *NextCommand(const load_command *lc) {
function FindUUID (line 269) | static void FindUUID(const load_command *first_lc, u8 *uuid_output) {
function IsModuleInstrumented (line 280) | static bool IsModuleInstrumented(const load_command *first_lc) {
type segment_command_64 (line 334) | struct segment_command_64
type segment_command (line 341) | struct segment_command
FILE: runtime/sanitizer_common/sanitizer_procmaps_solaris.cpp
type __sanitizer (line 22) | namespace __sanitizer {
function ReadProcMaps (line 24) | void ReadProcMaps(ProcSelfMapsBuff *proc_maps) {
FILE: runtime/sanitizer_common/sanitizer_ptrauth.h
function ptrauth_strip (line 15) | inline unsigned long ptrauth_strip(void* __value, unsigned int __key) {
FILE: runtime/sanitizer_common/sanitizer_quarantine.h
function namespace (line 23) | namespace __sanitizer {
function explicit (line 80) | explicit Quarantine(LinkerInitialized)
function Put (line 102) | void Put(Cache *c, Callback cb, Node *ptr, uptr size) {
function Drain (line 115) | void NOINLINE Drain(Cache *c, Callback cb) {
function DrainAndRecycle (line 124) | void NOINLINE DrainAndRecycle(Cache *c, Callback cb) {
function Recycle (line 152) | void NOINLINE Recycle(uptr min_size, Callback cb)
function DoRecycle (line 184) | void NOINLINE DoRecycle(Cache *c, Callback cb) {
function Enqueue (line 222) | void Enqueue(Callback cb, void *ptr, uptr size) {
function Transfer (line 234) | void Transfer(QuarantineCache *from_cache) {
function EnqueueBatch (line 241) | void EnqueueBatch(QuarantineBatch *b) {
function QuarantineBatch (line 246) | QuarantineBatch *DequeueBatch() {
function MergeBatches (line 255) | void MergeBatches(QuarantineCache *to_deallocate) {
function PrintStats (line 277) | void PrintStats() const {
function SizeAdd (line 308) | void SizeAdd(uptr add) {
function SizeSub (line 311) | void SizeSub(uptr sub) {
FILE: runtime/sanitizer_common/sanitizer_report_decorator.h
function namespace (line 21) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_ring_buffer.h
function namespace (line 17) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_rtems.cpp
type __sanitizer (line 36) | namespace __sanitizer {
function internal__exit (line 40) | void NORETURN internal__exit(int exitcode) {
function uptr (line 44) | uptr internal_sched_yield() {
function uptr (line 48) | uptr internal_getpid() {
function internal_dlinfo (line 52) | int internal_dlinfo(void *handle, int request, void *p) {
function FileExists (line 56) | bool FileExists(const char *filename) {
function uptr (line 64) | uptr GetThreadSelf() { return static_cast<uptr>(pthread_self()); }
function tid_t (line 66) | tid_t GetTid() { return GetThreadSelf(); }
function Abort (line 68) | void Abort() { abort(); }
function Atexit (line 70) | int Atexit(void (*function)(void)) { return atexit(function); }
function SleepForSeconds (line 72) | void SleepForSeconds(int seconds) { sleep(seconds); }
function SleepForMillis (line 74) | void SleepForMillis(int millis) { usleep(millis * 1000); }
function SupportsColoredOutput (line 76) | bool SupportsColoredOutput(fd_t fd) { return false; }
function GetThreadStackTopAndBottom (line 78) | void GetThreadStackTopAndBottom(bool at_initialization,
function GetThreadStackAndTls (line 92) | void GetThreadStackAndTls(bool main, uptr *stk_addr, uptr *stk_size,
function InitializePlatformEarly (line 101) | void InitializePlatformEarly() {}
function MaybeReexec (line 102) | void MaybeReexec() {}
function CheckASLR (line 103) | void CheckASLR() {}
function CheckMPROTECT (line 104) | void CheckMPROTECT() {}
function DisableCoreDumperIfNecessary (line 105) | void DisableCoreDumperIfNecessary() {}
function InstallDeadlySignalHandlers (line 106) | void InstallDeadlySignalHandlers(SignalHandlerType handler) {}
function SetAlternateSignalStack (line 107) | void SetAlternateSignalStack() {}
function UnsetAlternateSignalStack (line 108) | void UnsetAlternateSignalStack() {}
function InitTlsSize (line 109) | void InitTlsSize() {}
type MutexState (line 114) | enum MutexState { MtxUnlocked = 0, MtxLocked = 1, MtxSleeping = 2 }
function uptr (line 141) | uptr GetPageSize() { return getpagesize(); }
function uptr (line 143) | uptr GetMmapGranularity() { return GetPageSize(); }
function uptr (line 145) | uptr GetMaxVirtualAddress() {
function UnmapOrDie (line 189) | void UnmapOrDie(void *addr, uptr size) {
function fd_t (line 195) | fd_t OpenFile(const char *filename, FileAccessMode mode, error_t *errn...
function CloseFile (line 208) | void CloseFile(fd_t fd) {
function ReadFromFile (line 212) | bool ReadFromFile(fd_t fd, void *buff, uptr buff_size, uptr *bytes_read,
function WriteToFile (line 222) | bool WriteToFile(fd_t fd, const void *buff, uptr buff_size, uptr *byte...
function ReleaseMemoryPagesToOS (line 232) | void ReleaseMemoryPagesToOS(uptr beg, uptr end) {}
function DumpProcessMap (line 233) | void DumpProcessMap() {}
function IsAccessibleMemoryRange (line 236) | bool IsAccessibleMemoryRange(uptr beg, uptr size) {
function uptr (line 247) | uptr ReadBinaryName(/*out*/char *buf, uptr buf_len) {
function uptr (line 252) | uptr ReadLongProcessName(/*out*/ char *buf, uptr buf_len) {
function IsPathSeparator (line 257) | bool IsPathSeparator(const char c) {
function IsAbsolutePath (line 261) | bool IsAbsolutePath(const char *path) {
FILE: runtime/sanitizer_common/sanitizer_solaris.cpp
type __sanitizer (line 41) | namespace __sanitizer {
function DECLARE__REAL_AND_INTERNAL64 (line 64) | DECLARE__REAL_AND_INTERNAL64(uptr, mmap, void *addr, uptr /*size_t*/ l...
function DECLARE__REAL_AND_INTERNAL (line 69) | DECLARE__REAL_AND_INTERNAL(uptr, munmap, void *addr, uptr length) {
function DECLARE__REAL_AND_INTERNAL (line 73) | DECLARE__REAL_AND_INTERNAL(int, mprotect, void *addr, uptr length, int...
function internal_madvise (line 87) | int internal_madvise(uptr addr, uptr length, int advice) {
function DECLARE__REAL_AND_INTERNAL (line 91) | DECLARE__REAL_AND_INTERNAL(uptr, close, fd_t fd) {
function uptr (line 97) | uptr internal_open(const char *filename, int flags) {
function uptr (line 101) | uptr internal_open(const char *filename, int flags, u32 mode) {
function DECLARE__REAL_AND_INTERNAL (line 105) | DECLARE__REAL_AND_INTERNAL(uptr, read, fd_t fd, void *buf, uptr count) {
function DECLARE__REAL_AND_INTERNAL (line 109) | DECLARE__REAL_AND_INTERNAL(uptr, write, fd_t fd, const void *buf, uptr...
function DECLARE__REAL_AND_INTERNAL (line 114) | DECLARE__REAL_AND_INTERNAL(uptr, ftruncate, fd_t fd, uptr size) {
function DECLARE__REAL_AND_INTERNAL64 (line 118) | DECLARE__REAL_AND_INTERNAL64(uptr, stat, const char *path, void *buf) {
function DECLARE__REAL_AND_INTERNAL64 (line 122) | DECLARE__REAL_AND_INTERNAL64(uptr, lstat, const char *path, void *buf) {
function DECLARE__REAL_AND_INTERNAL64 (line 126) | DECLARE__REAL_AND_INTERNAL64(uptr, fstat, fd_t fd, void *buf) {
function uptr (line 130) | uptr internal_filesize(fd_t fd) {
function DECLARE__REAL_AND_INTERNAL (line 137) | DECLARE__REAL_AND_INTERNAL(uptr, dup, int oldfd) {
function DECLARE__REAL_AND_INTERNAL (line 141) | DECLARE__REAL_AND_INTERNAL(uptr, dup2, int oldfd, int newfd) {
function DECLARE__REAL_AND_INTERNAL (line 145) | DECLARE__REAL_AND_INTERNAL(uptr, readlink, const char *path, char *buf,
function DECLARE__REAL_AND_INTERNAL (line 150) | DECLARE__REAL_AND_INTERNAL(uptr, unlink, const char *path) {
function DECLARE__REAL_AND_INTERNAL (line 154) | DECLARE__REAL_AND_INTERNAL(uptr, rename, const char *oldpath,
function DECLARE__REAL_AND_INTERNAL (line 159) | DECLARE__REAL_AND_INTERNAL(uptr, sched_yield, void) {
function DECLARE__REAL_AND_INTERNAL (line 163) | DECLARE__REAL_AND_INTERNAL(void, usleep, u64 useconds) {
function DECLARE__REAL_AND_INTERNAL (line 170) | DECLARE__REAL_AND_INTERNAL(uptr, execve, const char *filename,
function DECLARE__REAL_AND_INTERNAL (line 175) | DECLARE__REAL_AND_INTERNAL(uptr, waitpid, int pid, int *status, int op...
function DECLARE__REAL_AND_INTERNAL (line 179) | DECLARE__REAL_AND_INTERNAL(uptr, getpid, void) {
function DECLARE__REAL_AND_INTERNAL64 (line 184) | DECLARE__REAL_AND_INTERNAL64(uptr, getdents, fd_t fd, struct linux_dir...
function DECLARE__REAL_AND_INTERNAL64 (line 189) | DECLARE__REAL_AND_INTERNAL64(uptr, lseek, fd_t fd, OFF_T offset, int w...
function DECLARE__REAL_AND_INTERNAL (line 195) | DECLARE__REAL_AND_INTERNAL(void, sigfillset, __sanitizer_sigset_t *set) {
function DECLARE__REAL_AND_INTERNAL (line 200) | DECLARE__REAL_AND_INTERNAL(uptr, sigprocmask, int how,
function DECLARE__REAL_AND_INTERNAL (line 206) | DECLARE__REAL_AND_INTERNAL(int, fork, void) {
function u64 (line 211) | u64 NanoTime() {
function uptr (line 215) | uptr internal_clock_gettime(__sanitizer_clockid_t clk_id, void *tp) {
function FutexWait (line 221) | void FutexWait(atomic_uint32_t *p, u32 cmp) {
function FutexWake (line 226) | void FutexWake(atomic_uint32_t *p, u32 count) {}
FILE: runtime/sanitizer_common/sanitizer_stack_store.cpp
type __sanitizer (line 19) | namespace __sanitizer {
type StackTraceHeader (line 22) | struct StackTraceHeader {
method StackTraceHeader (line 27) | explicit StackTraceHeader(const StackTrace &trace)
method StackTraceHeader (line 31) | explicit StackTraceHeader(uptr h)
method uptr (line 34) | uptr ToUptr() const {
function StackTrace (line 53) | StackTrace StackStore::Load(Id id) {
function uptr (line 67) | uptr StackStore::Allocated() const {
function uptr (line 71) | uptr *StackStore::Alloc(uptr count, uptr *idx, uptr *pack) {
function uptr (line 105) | uptr StackStore::Pack(Compression type) {
function uptr (line 124) | uptr *StackStore::BlockInfo::Get() const {
function uptr (line 131) | uptr *StackStore::BlockInfo::Create(StackStore *store) {
function uptr (line 141) | uptr *StackStore::BlockInfo::GetOrCreate(StackStore *store) {
class SLeb128Encoder (line 148) | class SLeb128Encoder {
method SLeb128Encoder (line 150) | SLeb128Encoder(u8 *begin, u8 *end) : begin(begin), end(end) {}
method SLeb128Encoder (line 160) | SLeb128Encoder &operator=(uptr v) {
method SLeb128Encoder (line 166) | SLeb128Encoder &operator*() { return *this; }
method SLeb128Encoder (line 167) | SLeb128Encoder &operator++() { return *this; }
method u8 (line 169) | u8 *base() const { return begin; }
class SLeb128Decoder (line 177) | class SLeb128Decoder {
method SLeb128Decoder (line 179) | SLeb128Decoder(const u8 *begin, const u8 *end) : begin(begin), end(e...
method uptr (line 189) | uptr operator*() {
method SLeb128Decoder (line 195) | SLeb128Decoder &operator++() { return *this; }
method SLeb128Decoder (line 197) | SLeb128Decoder operator++(int) { return *this; }
function u8 (line 205) | static u8 *CompressDelta(const uptr *from, const uptr *from_end, u8 *to,
function uptr (line 212) | static uptr *UncompressDelta(const u8 *from, const u8 *from_end, uptr ...
function u8 (line 221) | static u8 *CompressLzw(const uptr *from, const uptr *from_end, u8 *to,
function uptr (line 228) | static uptr *UncompressLzw(const u8 *from, const u8 *from_end, uptr *to,
type PackedHeader (line 243) | struct PackedHeader {
function uptr (line 253) | uptr *StackStore::BlockInfo::GetOrUnpack(StackStore *store) {
function uptr (line 301) | uptr StackStore::BlockInfo::Pack(Compression type, StackStore *store) {
FILE: runtime/sanitizer_common/sanitizer_stack_store.h
function class (line 20) | class StackStore {
FILE: runtime/sanitizer_common/sanitizer_stackdepot.cpp
type __sanitizer (line 22) | namespace __sanitizer {
type StackDepotNode (line 24) | struct StackDepotNode {
method eq (line 33) | bool eq(hash_type hash, const args_type &args) const {
method hash_type (line 37) | static hash_type hash(const args_type &args) {
method is_valid (line 43) | static bool is_valid(const args_type &args) {
function uptr (line 73) | uptr StackDepotNode::allocated() {
function CompressStackStore (line 77) | static void CompressStackStore() {
class CompressThread (line 92) | class CompressThread {
method CompressThread (line 94) | constexpr CompressThread() = default;
type State (line 101) | enum class State {
method WaitForWork (line 110) | bool WaitForWork() {
function StackDepotStats (line 204) | StackDepotStats StackDepotGetStats() { return theDepot.GetStats(); }
function u32 (line 206) | u32 StackDepotPut(StackTrace stack) { return theDepot.Put(stack); }
function StackDepotHandle (line 208) | StackDepotHandle StackDepotPut_WithHandle(StackTrace stack) {
function StackTrace (line 212) | StackTrace StackDepotGet(u32 id) {
function StackDepotLockAll (line 216) | void StackDepotLockAll() {
function StackDepotUnlockAll (line 222) | void StackDepotUnlockAll() {
function StackDepotPrintAll (line 228) | void StackDepotPrintAll() {
function StackDepotStopBackgroundThread (line 234) | void StackDepotStopBackgroundThread() { compress_thread.Stop(); }
function StackDepotHandle (line 236) | StackDepotHandle StackDepotNode::get_handle(u32 id) {
function StackDepotTestOnlyUnmap (line 240) | void StackDepotTestOnlyUnmap() {
FILE: runtime/sanitizer_common/sanitizer_stackdepot.h
function namespace (line 20) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_stackdepotbase.h
function namespace (line 23) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_stacktrace.cpp
type __sanitizer (line 20) | namespace __sanitizer {
function uptr (line 22) | uptr StackTrace::GetNextInstructionPc(uptr pc) {
function uptr (line 55) | uptr StackTrace::GetCurrentPc() {
function uhwptr (line 74) | static inline uhwptr *GetCanonicFrame(uptr bp,
function uptr (line 158) | static uptr Distance(uptr a, uptr b) { return a < b ? b - a : a - b; }
function uptr (line 160) | uptr BufferedStackTrace::LocatePcInTrace(uptr pc) {
FILE: runtime/sanitizer_common/sanitizer_stacktrace.h
function namespace (line 19) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_stacktrace_libcdep.cpp
type __sanitizer (line 19) | namespace __sanitizer {
class StackTraceTextPrinter (line 23) | class StackTraceTextPrinter {
method StackTraceTextPrinter (line 25) | StackTraceTextPrinter(const char *stack_trace_fmt, char frame_delimi...
method ProcessAddressFrames (line 34) | bool ProcessAddressFrames(uptr pc) {
method ExtendDedupToken (line 59) | void ExtendDedupToken(SymbolizedStack *stack) {
function CopyStringToBuffer (line 80) | static void CopyStringToBuffer(const InternalScopedString &str, char *...
function uptr (line 120) | uptr StackTrace::PrintTo(char *out_buf, uptr out_buf_size) const {
function GetModuleAndOffsetForPc (line 169) | static int GetModuleAndOffsetForPc(uptr pc, char *module_name,
function SANITIZER_INTERFACE_ATTRIBUTE (line 188) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 205) | SANITIZER_INTERFACE_ATTRIBUTE
function SANITIZER_INTERFACE_ATTRIBUTE (line 218) | SANITIZER_INTERFACE_ATTRIBUTE
FILE: runtime/sanitizer_common/sanitizer_stacktrace_printer.cpp
type __sanitizer (line 17) | namespace __sanitizer {
function MaybeBuildIdToBuffer (line 107) | static void MaybeBuildIdToBuffer(const AddressInfo &info, bool PrefixS...
function RenderFrame (line 122) | void RenderFrame(InternalScopedString *buffer, const char *format, int...
function RenderNeedsSymbolization (line 227) | bool RenderNeedsSymbolization(const char *format) {
function RenderData (line 250) | void RenderData(InternalScopedString *buffer, const char *format,
function RenderSourceLocation (line 281) | void RenderSourceLocation(InternalScopedString *buffer, const char *file,
function RenderModuleLocation (line 300) | void RenderModuleLocation(InternalScopedString *buffer, const char *mo...
FILE: runtime/sanitizer_common/sanitizer_stacktrace_printer.h
function namespace (line 18) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_stacktrace_sparc.cpp
type __sanitizer (line 26) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_stoptheworld.h
function namespace (line 19) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_stoptheworld_fuchsia.cpp
type __sanitizer (line 22) | namespace __sanitizer {
function StopTheWorld (line 27) | void StopTheWorld(StopTheWorldCallback callback, void *argument) {
FILE: runtime/sanitizer_common/sanitizer_stoptheworld_fuchsia.h
function namespace (line 14) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cpp
type __sanitizer (line 86) | namespace __sanitizer {
class SuspendedThreadsListLinux (line 88) | class SuspendedThreadsListLinux final : public SuspendedThreadsList {
method SuspendedThreadsListLinux (line 90) | SuspendedThreadsListLinux() { thread_ids_.reserve(1024); }
type TracerThreadArgument (line 106) | struct TracerThreadArgument {
class ThreadSuspender (line 118) | class ThreadSuspender {
method ThreadSuspender (line 120) | explicit ThreadSuspender(pid_t pid, TracerThreadArgument *arg)
method SuspendedThreadsListLinux (line 128) | SuspendedThreadsListLinux &suspended_threads_list() {
function TracerThreadDieCallback (line 241) | static void TracerThreadDieCallback() {
function TracerThreadSignalHandler (line 256) | static void TracerThreadSignalHandler(int signum, __sanitizer_siginfo ...
function TracerThread (line 278) | static int TracerThread(void* argument) {
class ScopedStackSpaceWithGuard (line 331) | class ScopedStackSpaceWithGuard {
method ScopedStackSpaceWithGuard (line 333) | explicit ScopedStackSpaceWithGuard(uptr stack_size) {
class StopTheWorldScope (line 360) | class StopTheWorldScope {
method StopTheWorldScope (line 362) | StopTheWorldScope() {
type ScopedSetTracerPID (line 383) | struct ScopedSetTracerPID {
method ScopedSetTracerPID (line 384) | explicit ScopedSetTracerPID(uptr tracer_pid) {
function StopTheWorld (line 394) | void StopTheWorld(StopTheWorldCallback callback, void *argument) {
type user (line 504) | struct user
type user_pt_regs (line 512) | struct user_pt_regs
type user_regs_struct (line 518) | struct user_regs_struct
function tid_t (line 535) | tid_t SuspendedThreadsListLinux::GetThreadID(uptr index) const {
function uptr (line 540) | uptr SuspendedThreadsListLinux::ThreadCount() const {
function PtraceRegistersStatus (line 555) | PtraceRegistersStatus SuspendedThreadsListLinux::GetRegistersAndSP(
FILE: runtime/sanitizer_common/sanitizer_stoptheworld_mac.cpp
type __sanitizer (line 24) | namespace __sanitizer {
class SuspendedThreadsListMac (line 30) | class SuspendedThreadsListMac final : public SuspendedThreadsList {
method SuspendedThreadsListMac (line 32) | SuspendedThreadsListMac() : threads_(1024) {}
type RunThreadArgs (line 48) | struct RunThreadArgs {
type RunThreadArgs (line 54) | struct RunThreadArgs
type RunThreadArgs (line 54) | struct RunThreadArgs
function StopTheWorld (line 82) | void StopTheWorld(StopTheWorldCallback callback, void *argument) {
function tid_t (line 111) | tid_t SuspendedThreadsListMac::GetThreadID(uptr index) const {
function thread_t (line 116) | thread_t SuspendedThreadsListMac::GetThread(uptr index) const {
function uptr (line 121) | uptr SuspendedThreadsListMac::ThreadCount() const {
function PtraceRegistersStatus (line 144) | PtraceRegistersStatus SuspendedThreadsListMac::GetRegistersAndSP(
FILE: runtime/sanitizer_common/sanitizer_stoptheworld_netbsd_libcdep.cpp
type __sanitizer (line 49) | namespace __sanitizer {
class SuspendedThreadsListNetBSD (line 51) | class SuspendedThreadsListNetBSD final : public SuspendedThreadsList {
method SuspendedThreadsListNetBSD (line 53) | SuspendedThreadsListNetBSD() { thread_ids_.reserve(1024); }
type TracerThreadArgument (line 68) | struct TracerThreadArgument {
class ThreadSuspender (line 76) | class ThreadSuspender {
method ThreadSuspender (line 78) | explicit ThreadSuspender(pid_t pid, TracerThreadArgument *arg)
method SuspendedThreadsListNetBSD (line 85) | SuspendedThreadsListNetBSD &suspended_threads_list() {
type ptrace_lwpstatus (line 124) | struct ptrace_lwpstatus
type ptrace_lwpinfo (line 127) | struct ptrace_lwpinfo
function TracerThreadDieCallback (line 149) | static void TracerThreadDieCallback() {
function TracerThreadSignalHandler (line 158) | static void TracerThreadSignalHandler(int signum, __sanitizer_siginfo ...
function TracerThread (line 180) | static int TracerThread(void *argument) {
class ScopedStackSpaceWithGuard (line 232) | class ScopedStackSpaceWithGuard {
method ScopedStackSpaceWithGuard (line 234) | explicit ScopedStackSpaceWithGuard(uptr stack_size) {
type ScopedSetTracerPID (line 259) | struct ScopedSetTracerPID {
method ScopedSetTracerPID (line 260) | explicit ScopedSetTracerPID(uptr tracer_pid) {
function StopTheWorld (line 270) | void StopTheWorld(StopTheWorldCallback callback, void *argument) {
function tid_t (line 316) | tid_t SuspendedThreadsListNetBSD::GetThreadID(uptr index) const {
function uptr (line 321) | uptr SuspendedThreadsListNetBSD::ThreadCount() const {
function PtraceRegistersStatus (line 337) | PtraceRegistersStatus SuspendedThreadsListNetBSD::GetRegistersAndSP(
FILE: runtime/sanitizer_common/sanitizer_stoptheworld_win.cpp
type __sanitizer (line 24) | namespace __sanitizer {
type SuspendedThreadsListWindows (line 28) | struct SuspendedThreadsListWindows final : public SuspendedThreadsList {
method SuspendedThreadsListWindows (line 32) | SuspendedThreadsListWindows() {
function PtraceRegistersStatus (line 56) | PtraceRegistersStatus SuspendedThreadsListWindows::GetRegistersAndSP(
function tid_t (line 69) | tid_t SuspendedThreadsListWindows::GetThreadID(uptr index) const {
function uptr (line 74) | uptr SuspendedThreadsListWindows::ThreadCount() const {
type RunThreadArgs (line 78) | struct RunThreadArgs {
function DWORD (line 83) | DWORD WINAPI RunThread(void *argument) {
function StopTheWorld (line 161) | void StopTheWorld(StopTheWorldCallback callback, void *argument) {
FILE: runtime/sanitizer_common/sanitizer_suppressions.cpp
type __sanitizer (line 22) | namespace __sanitizer {
function GetPathAssumingFileIsRelativeToExec (line 34) | static bool GetPathAssumingFileIsRelativeToExec(const char *file_path,
function uptr (line 157) | uptr SuppressionContext::SuppressionCount() const {
function Suppression (line 169) | const Suppression *SuppressionContext::SuppressionAt(uptr i) const {
FILE: runtime/sanitizer_common/sanitizer_suppressions.h
function namespace (line 19) | namespace __sanitizer {
function class (line 29) | class SuppressionContext {
FILE: runtime/sanitizer_common/sanitizer_symbolizer.cpp
type __sanitizer (line 21) | namespace __sanitizer {
function SymbolizedStack (line 56) | SymbolizedStack *SymbolizedStack::New(uptr addr) {
FILE: runtime/sanitizer_common/sanitizer_symbolizer.h
function namespace (line 25) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_symbolizer_fuchsia.h
function namespace (line 18) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_symbolizer_internal.h
function namespace (line 20) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_symbolizer_libbacktrace.cpp
type __sanitizer (line 33) | namespace __sanitizer {
type CplusV3DemangleData (line 42) | struct CplusV3DemangleData {
function CplusV3DemangleCallback (line 48) | static void CplusV3DemangleCallback(const char *s, size_t l, void *vda...
type SymbolizeCodeCallbackArg (line 87) | struct SymbolizeCodeCallbackArg {
method AddressInfo (line 92) | AddressInfo *get_new_frame(uintptr_t addr) {
function SymbolizeCodePCInfoCallback (line 109) | static int SymbolizeCodePCInfoCallback(void *vdata, uintptr_t addr,
function SymbolizeCodeCallback (line 124) | static void SymbolizeCodeCallback(void *vdata, uintptr_t addr,
function SymbolizeDataCallback (line 134) | static void SymbolizeDataCallback(void *vdata, uintptr_t, const char *...
function ErrorCallback (line 144) | static void ErrorCallback(void *, const char *, int) {}
function LibbacktraceSymbolizer (line 149) | LibbacktraceSymbolizer *LibbacktraceSymbolizer::get(LowLevelAllocator ...
function LibbacktraceSymbolizer (line 180) | LibbacktraceSymbolizer *LibbacktraceSymbolizer::get(LowLevelAllocator ...
FILE: runtime/sanitizer_common/sanitizer_symbolizer_libbacktrace.h
function namespace (line 29) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_symbolizer_libcdep.cpp
type __sanitizer (line 18) | namespace __sanitizer {
function Symbolizer (line 20) | Symbolizer *Symbolizer::GetOrInit() {
function SymbolizedStack (line 85) | SymbolizedStack *Symbolizer::SymbolizePC(uptr addr) {
function LoadedModule (line 191) | static const LoadedModule *SearchForModule(const ListOfModules &modules,
function LoadedModule (line 201) | const LoadedModule *Symbolizer::FindModuleForAddress(uptr address) {
class LLVMSymbolizerProcess (line 237) | class LLVMSymbolizerProcess final : public SymbolizerProcess {
method LLVMSymbolizerProcess (line 239) | explicit LLVMSymbolizerProcess(const char *path)
method ReachedEndOfOutput (line 243) | bool ReachedEndOfOutput(const char *buffer, uptr length) const overr...
method GetArgV (line 251) | void GetArgV(const char *path_to_binary,
function ParseSymbolizePCOutput (line 325) | void ParseSymbolizePCOutput(const char *str, SymbolizedStack *res) {
function ParseSymbolizeDataOutput (line 370) | void ParseSymbolizeDataOutput(const char *str, DataInfo *info) {
function ParseSymbolizeFrameOutput (line 376) | static void ParseSymbolizeFrameOutput(const char *str,
function IsSameModule (line 468) | static bool IsSameModule(const char* path) {
FILE: runtime/sanitizer_common/sanitizer_symbolizer_mac.cpp
type __sanitizer (line 28) | namespace __sanitizer {
class AtosSymbolizerProcess (line 60) | class AtosSymbolizerProcess final : public SymbolizerProcess {
method AtosSymbolizerProcess (line 62) | explicit AtosSymbolizerProcess(const char *path)
method StartSymbolizerSubprocess (line 68) | bool StartSymbolizerSubprocess() override {
method ReachedEndOfOutput (line 77) | bool ReachedEndOfOutput(const char *buffer, uptr length) const overr...
method GetArgV (line 81) | void GetArgV(const char *path_to_binary,
function ParseCommandOutput (line 102) | static bool ParseCommandOutput(const char *str, uptr addr, char **out_...
FILE: runtime/sanitizer_common/sanitizer_symbolizer_mac.h
function namespace (line 22) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_symbolizer_markup.cpp
type __sanitizer (line 27) | namespace __sanitizer {
function SymbolizedStack (line 68) | SymbolizedStack *Symbolizer::SymbolizePC(uptr addr) {
function RenderData (line 84) | void RenderData(InternalScopedString *buffer, const char *format,
function RenderNeedsSymbolization (line 89) | bool RenderNeedsSymbolization(const char *format) { return false; }
function RenderFrame (line 92) | void RenderFrame(InternalScopedString *buffer, const char *format, int...
function Symbolizer (line 99) | Symbolizer *Symbolizer::PlatformInit() {
function StartReportDeadlySignal (line 105) | void StartReportDeadlySignal() {}
function ReportDeadlySignal (line 106) | void ReportDeadlySignal(const SignalContext &sig, u32 tid,
type UnwindTraceArg (line 111) | struct UnwindTraceArg {
function _Unwind_Reason_Code (line 116) | _Unwind_Reason_Code Unwind_Trace(struct _Unwind_Context *ctx, void *pa...
FILE: runtime/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cpp
type __cxxabiv1 (line 39) | namespace __cxxabiv1 {
type __sanitizer (line 45) | namespace __sanitizer {
function InitializeSwiftDemangler (line 73) | static void InitializeSwiftDemangler() {
function CreateTwoHighNumberedPipes (line 94) | static bool CreateTwoHighNumberedPipes(int *infd_, int *outfd_) {
class Addr2LineProcess (line 204) | class Addr2LineProcess final : public SymbolizerProcess {
method Addr2LineProcess (line 206) | Addr2LineProcess(const char *path, const char *module_name)
method GetArgV (line 212) | void GetArgV(const char *path_to_binary,
method ReadFromSymbolizer (line 228) | bool ReadFromSymbolizer(char *buffer, uptr max_length) override {
class Addr2LinePool (line 269) | class Addr2LinePool final : public SymbolizerTool {
method Addr2LinePool (line 271) | explicit Addr2LinePool(const char *addr2line_path,
method SymbolizePC (line 277) | bool SymbolizePC(uptr addr, SymbolizedStack *stack) override {
method SymbolizeData (line 286) | bool SymbolizeData(uptr addr, DataInfo *info) override {
class InternalSymbolizer (line 338) | class InternalSymbolizer final : public SymbolizerTool {
method InternalSymbolizer (line 340) | static InternalSymbolizer *get(LowLevelAllocator *alloc) {
method SymbolizePC (line 351) | bool SymbolizePC(uptr addr, SymbolizedStack *stack) override {
method SymbolizeData (line 359) | bool SymbolizeData(uptr addr, DataInfo *info) override {
method Flush (line 369) | void Flush() override {
method InternalSymbolizer (line 393) | InternalSymbolizer() {}
method InternalSymbolizer (line 402) | static InternalSymbolizer *get(LowLevelAllocator *alloc) { return 0; }
class InternalSymbolizer (line 400) | class InternalSymbolizer final : public SymbolizerTool {
method InternalSymbolizer (line 340) | static InternalSymbolizer *get(LowLevelAllocator *alloc) {
method SymbolizePC (line 351) | bool SymbolizePC(uptr addr, SymbolizedStack *stack) override {
method SymbolizeData (line 359) | bool SymbolizeData(uptr addr, DataInfo *info) override {
method Flush (line 369) | void Flush() override {
method InternalSymbolizer (line 393) | InternalSymbolizer() {}
method InternalSymbolizer (line 402) | static InternalSymbolizer *get(LowLevelAllocator *alloc) { return 0; }
function SymbolizerTool (line 411) | static SymbolizerTool *ChooseExternalSymbolizer(LowLevelAllocator *all...
function ChooseSymbolizerTools (line 468) | static void ChooseSymbolizerTools(IntrusiveList<SymbolizerTool> *list,
function Symbolizer (line 497) | Symbolizer *Symbolizer::PlatformInit() {
FILE: runtime/sanitizer_common/sanitizer_symbolizer_report.cpp
type __sanitizer (line 28) | namespace __sanitizer {
function ReportErrorSummary (line 31) | void ReportErrorSummary(const char *error_type, const AddressInfo &info,
function ReportSupportsColors (line 51) | static inline bool ReportSupportsColors() {
function ReportSupportsColors (line 58) | static inline bool ReportSupportsColors() { return true; }
function ColorizeReports (line 62) | bool ColorizeReports() {
function ReportErrorSummary (line 73) | void ReportErrorSummary(const char *error_type, const StackTrace *stack,
function ReportMmapWriteExec (line 91) | void ReportMmapWriteExec(int prot, int flags) {
function StartReportDeadlySignal (line 130) | void StartReportDeadlySignal() {
function MaybeReportNonExecRegion (line 138) | static void MaybeReportNonExecRegion(uptr pc) {
function PrintMemoryByte (line 149) | static void PrintMemoryByte(InternalScopedString *str, const char *bef...
function MaybeDumpInstructionBytes (line 156) | static void MaybeDumpInstructionBytes(uptr pc) {
function MaybeDumpRegisters (line 172) | static void MaybeDumpRegisters(void *context) {
function ReportStackOverflowImpl (line 177) | static void ReportStackOverflowImpl(const SignalContext &sig, u32 tid,
function ReportDeadlySignalImpl (line 195) | static void ReportDeadlySignalImpl(const SignalContext &sig, u32 tid,
function ReportDeadlySignal (line 237) | void ReportDeadlySignal(const SignalContext &sig, u32 tid,
function HandleDeadlySignal (line 246) | void HandleDeadlySignal(void *siginfo, void *context, u32 tid,
FILE: runtime/sanitizer_common/sanitizer_symbolizer_rtems.h
function namespace (line 18) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_symbolizer_win.cpp
type __sanitizer (line 20) | namespace __sanitizer {
class WinSymbolizerTool (line 36) | class WinSymbolizerTool final : public SymbolizerTool {
method WinSymbolizerTool (line 39) | WinSymbolizerTool() {}
method SymbolizeData (line 42) | bool SymbolizeData(uptr addr, DataInfo *info) override {
function TrySymInitialize (line 50) | bool TrySymInitialize() {
function InitializeDbgHelpIfNeeded (line 61) | void InitializeDbgHelpIfNeeded() {
type ScopedHandle (line 183) | struct ScopedHandle {
method ScopedHandle (line 184) | ScopedHandle() : h_(nullptr) {}
method ScopedHandle (line 185) | explicit ScopedHandle(HANDLE h) : h_(h) {}
method HANDLE (line 190) | HANDLE get() { return h_; }
method HANDLE (line 191) | HANDLE *receive() { return &h_; }
method HANDLE (line 192) | HANDLE release() {
function ChooseSymbolizerTools (line 278) | static void ChooseSymbolizerTools(IntrusiveList<SymbolizerTool> *list,
function Symbolizer (line 312) | Symbolizer *Symbolizer::PlatformInit() {
FILE: runtime/sanitizer_common/sanitizer_termination.cpp
type __sanitizer (line 17) | namespace __sanitizer {
function AddDieCallback (line 22) | bool AddDieCallback(DieCallbackType callback) {
function RemoveDieCallback (line 32) | bool RemoveDieCallback(DieCallbackType callback) {
function SetUserDieCallback (line 46) | void SetUserDieCallback(DieCallbackType callback) {
function Die (line 50) | void NORETURN Die() {
function SetCheckUnwindCallback (line 63) | void SetCheckUnwindCallback(void (*callback)()) {
function CheckFailed (line 67) | void NORETURN CheckFailed(const char *file, int line, const char *cond,
function SANITIZER_INTERFACE_ATTRIBUTE (line 95) | SANITIZER_INTERFACE_ATTRIBUTE
FILE: runtime/sanitizer_common/sanitizer_thread_registry.cpp
type __sanitizer (line 18) | namespace __sanitizer {
function uptr (line 131) | uptr ThreadRegistry::GetMaxAliveThreads() {
function u32 (line 136) | u32 ThreadRegistry::CreateThread(uptr user_id, bool detached, u32 pare...
function u32 (line 189) | u32 ThreadRegistry::FindThread(FindThreadCallback cb, void *arg) {
function ThreadContextBase (line 199) | ThreadContextBase *
function FindThreadContextByOsIdCallback (line 210) | static bool FindThreadContextByOsIdCallback(ThreadContextBase *tctx,
function ThreadContextBase (line 216) | ThreadContextBase *ThreadRegistry::FindThreadContextByOsIDLocked(tid_t...
function ThreadStatus (line 283) | ThreadStatus ThreadRegistry::FinishThread(u32 tid) {
function ThreadContextBase (line 336) | ThreadContextBase *ThreadRegistry::QuarantinePop() {
function u32 (line 344) | u32 ThreadRegistry::ConsumeThreadUserId(uptr user_id) {
function u32 (line 368) | u32 ThreadRegistry::OnFork(u32 tid) {
FILE: runtime/sanitizer_common/sanitizer_thread_registry.h
function namespace (line 22) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_tls_get_addr.cpp
type __sanitizer (line 19) | namespace __sanitizer {
type TlsGetAddrParam (line 24) | struct TlsGetAddrParam {
type Glibc_2_19_tls_header (line 31) | struct Glibc_2_19_tls_header {
function DTLS_Deallocate (line 46) | static void DTLS_Deallocate(DTLS::DTVBlock *block) {
function DTLS_Destroy (line 84) | void DTLS_Destroy() {
function DTLS_on_libc_memalign (line 152) | void DTLS_on_libc_memalign(void *ptr, uptr size) {
function DTLS (line 159) | DTLS *DTLS_Get() { return &dtls; }
function DTLSInDestruction (line 161) | bool DTLSInDestruction(DTLS *dtls) {
function DTLS_on_libc_memalign (line 167) | void DTLS_on_libc_memalign(void *ptr, uptr size) {}
function DTLS (line 170) | DTLS *DTLS_Get() { return 0; }
function DTLS_Destroy (line 171) | void DTLS_Destroy() {}
function DTLSInDestruction (line 172) | bool DTLSInDestruction(DTLS *dtls) {
FILE: runtime/sanitizer_common/sanitizer_tls_get_addr.h
type DTLS (line 36) | struct DTLS {
FILE: runtime/sanitizer_common/sanitizer_type_traits.cpp
type __sanitizer (line 15) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_type_traits.h
function namespace (line 18) | namespace __sanitizer {
function typename (line 76) | inline typename remove_reference<T>::type&& move(T&& t) {
function T (line 81) | inline constexpr T&& forward(
function T (line 87) | inline constexpr T&& forward(
type T (line 95) | typedef T value_type;
type integral_constant (line 96) | typedef integral_constant type;
FILE: runtime/sanitizer_common/sanitizer_unwind_linux_libcdep.cpp
type __sanitizer (line 28) | namespace __sanitizer {
function uptr (line 60) | uptr Unwind_GetIP(struct _Unwind_Context *ctx) {
type UnwindTraceArg (line 73) | struct UnwindTraceArg {
function _Unwind_Reason_Code (line 78) | _Unwind_Reason_Code Unwind_Trace(struct _Unwind_Context *ctx, void *pa...
function SanitizerInitializeUnwinder (line 95) | void SanitizerInitializeUnwinder() {
FILE: runtime/sanitizer_common/sanitizer_vector.h
function namespace (line 21) | namespace __sanitizer {
FILE: runtime/sanitizer_common/sanitizer_win.cpp
type __sanitizer (line 65) | namespace __sanitizer {
function uptr (line 70) | uptr GetPageSize() {
function uptr (line 76) | uptr GetMmapGranularity() {
function uptr (line 82) | uptr GetMaxUserVirtualAddress() {
function uptr (line 88) | uptr GetMaxVirtualAddress() {
function FileExists (line 92) | bool FileExists(const char *filename) {
function uptr (line 96) | uptr internal_getpid() {
function internal_dlinfo (line 100) | int internal_dlinfo(void *handle, int request, void *p) {
function tid_t (line 106) | tid_t GetTid() {
function uptr (line 110) | uptr GetThreadSelf() {
function GetThreadStackTopAndBottom (line 115) | void GetThreadStackTopAndBottom(bool at_initialization, uptr *stack_top,
function UnmapOrDie (line 137) | void UnmapOrDie(void *addr, uptr size) {
function MmapFixedNoReserve (line 227) | bool MmapFixedNoReserve(uptr fixed_addr, uptr size, const char *name) {
function MmapFixedSuperNoReserve (line 249) | bool MmapFixedSuperNoReserve(uptr fixed_addr, uptr size, const char *n...
function uptr (line 270) | uptr ReservedAddressRange::Map(uptr fixed_addr, uptr size, const char ...
function uptr (line 274) | uptr ReservedAddressRange::MapOrDie(uptr fixed_addr, uptr size,
function uptr (line 305) | uptr ReservedAddressRange::Init(uptr size, const char *name, uptr fixe...
function MprotectNoAccess (line 334) | bool MprotectNoAccess(uptr addr, uptr size) {
function MprotectReadOnly (line 339) | bool MprotectReadOnly(uptr addr, uptr size) {
function ReleaseMemoryPagesToOS (line 344) | void ReleaseMemoryPagesToOS(uptr beg, uptr end) {
function SetShadowRegionHugePageMode (line 353) | void SetShadowRegionHugePageMode(uptr addr, uptr size) {
function DontDumpShadowMemory (line 357) | bool DontDumpShadowMemory(uptr addr, uptr length) {
function uptr (line 363) | uptr MapDynamicShadow(uptr shadow_size_bytes, uptr shadow_scale,
function uptr (line 379) | uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_pad...
function uptr (line 401) | uptr MapDynamicShadowAndAliases(uptr shadow_size, uptr alias_size,
function MemoryRangeIsAvailable (line 407) | bool MemoryRangeIsAvailable(uptr range_start, uptr range_end) {
type EnvVariable (line 427) | struct EnvVariable {
function u32 (line 461) | u32 GetUid() {
type ModuleInfo (line 466) | str
Condensed preview — 483 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (5,163K chars).
[
{
"path": ".github/workflows/test.yml",
"chars": 1930,
"preview": "name: CI\n\non:\n pull_request:\n branches: [ main ]\n push:\n branches:\n - main\n paths:\n - '!README.md'\n"
},
{
"path": ".gitignore",
"chars": 167,
"preview": ".vscode\n*.taint\n*.o\n*.so\n*.dwo\n*.bc\n*.ll\nGPATH\nGRTAGS\nGTAGS\nGSYMS\noutput*/\n*.tar.gz\n*.tar.xz\nauto/\n/bin/\n.DS_Store\n/buil"
},
{
"path": "CMakeLists.txt",
"chars": 2917,
"preview": "cmake_minimum_required(VERSION 3.13)\n\nproject(symsan VERSION 1.2.2 LANGUAGES C CXX ASM)\n\nfind_package(LLVM 14 REQUIRED C"
},
{
"path": "Dockerfile",
"chars": 901,
"preview": "FROM ubuntu:noble\n\nENV DEBIAN_FRONTEND=noninteractive\nENV TZ=Etc/UTC\n\nENV DEBIAN_FRONTEND=noninteractive\nENV TZ=Etc/UTC\n"
},
{
"path": "LICENSE",
"chars": 11357,
"preview": " Apache License\n Version 2.0, January 2004\n "
},
{
"path": "README.md",
"chars": 4828,
"preview": "[](https://opensource.org/licenses/Apache-2.0)\n\n# "
},
{
"path": "backend/CMakeLists.txt",
"chars": 352,
"preview": "set(CMAKE_POSITION_INDEPENDENT_CODE ON)\nset(CMAKE_CXX_STANDARD 17)\n\nset(CMAKE_CXX_FLAGS \"${CMAKE_CXX_FLAGS} -g\")\n\nadd_li"
},
{
"path": "backend/fastgen.cpp",
"chars": 11665,
"preview": "/*\n The code is for out-of-process constraints solving with fastgen.\n\n ----------------------------------------------"
},
{
"path": "compiler/CMakeLists.txt",
"chars": 331,
"preview": "add_executable(KOClang ko_clang.c)\nset_target_properties(KOClang PROPERTIES OUTPUT_NAME \"ko-clang\")\n\nadd_custom_command("
},
{
"path": "compiler/ko_clang.c",
"chars": 12176,
"preview": "/*\n The code is modified from AFL's LLVM mode and Angora.\n\n ------------------------------------------------\n\n Writ"
},
{
"path": "driver/CMakeLists.txt",
"chars": 836,
"preview": "set(CMAKE_POSITION_INDEPENDENT_CODE ON)\nset(CMAKE_CXX_STANDARD 14)\n\n## launcher lib\nadd_subdirectory(launcher)\n\n## simpl"
},
{
"path": "driver/aflpp/CMakeLists.txt",
"chars": 993,
"preview": "## custom_mutation for AFL++\n\nproject(SymSanMutator C CXX)\n\nset(CMAKE_POSITION_INDEPENDENT_CODE ON)\nset(CMAKE_CXX_STANDA"
},
{
"path": "driver/aflpp/README.md",
"chars": 4904,
"preview": "# A AFL++ plugin for using SYMSAN as a custom mutator\n\nlibafl should be a better option but due to my familarity with C+"
},
{
"path": "driver/aflpp/rgd.proto",
"chars": 509,
"preview": "syntax = \"proto3\";\n\npackage rgd;\n\n// AST node for symbolic expressions\nmessage AstNode {\n uint32 kind = 1;\n uint32 boo"
},
{
"path": "driver/aflpp/symsan.cpp",
"chars": 19754,
"preview": "/*\n a custom mutator for AFL++\n (c) 2023 - 2024 by Chengyu Song <csong@cs.ucr.edu>\n License: Apache 2.0\n*/\n\n#include "
},
{
"path": "driver/fgtest.cpp",
"chars": 10542,
"preview": "#include \"defs.h\"\n#include \"debug.h\"\n#include \"version.h\"\n\n#include \"dfsan/dfsan.h\"\n\nextern \"C\" {\n#include \"launch.h\"\n}\n"
},
{
"path": "driver/harness-proxy.c",
"chars": 1838,
"preview": "// Copyright 2021 Google LLC\n//\n// Licensed under the Apache License, Version 2.0 (the \"License\");\n// you may not use th"
},
{
"path": "driver/launcher/CMakeLists.txt",
"chars": 106,
"preview": "set(CMAKE_POSITION_INDEPENDENT_CODE ON)\nset(CMAKE_CXX_STANDARD 14)\n\nadd_library(launcher STATIC launch.c)\n"
},
{
"path": "driver/launcher/launch.c",
"chars": 10406,
"preview": "#include \"defs.h\"\n#include \"debug.h\"\n#include \"version.h\"\n#include \"launch.h\"\n\n#include <stdio.h>\n#include <stdlib.h>\n#i"
},
{
"path": "include/alloc_inl.h",
"chars": 12611,
"preview": "/*\n american fuzzy lop - error-checking, memory-zeroing alloc routines\n --------------------------------------------"
},
{
"path": "include/ast.h",
"chars": 8773,
"preview": "#pragma once\n\n#include <stdint.h>\n#include <stdexcept>\n#include <string>\n#include <vector>\n\nnamespace rgd {\n enum AstKi"
},
{
"path": "include/cov.h",
"chars": 2061,
"preview": "#pragma once\n\n#include <stdint.h>\n#include <vector>\n#include <unordered_map>\n#include <memory>\n#include <utility>\n\nnames"
},
{
"path": "include/debug.h",
"chars": 6553,
"preview": "/*\n american fuzzy lop - debug / error handling macros\n --------------------------------------------------\n\n Writt"
},
{
"path": "include/defs.h",
"chars": 1073,
"preview": "#ifndef _HAVE_DEFS_H\n#define _HAVE_DEFS_H\n\n#ifdef DEBUG_INFO\n// #define DEBUG_PRINTF printf\n#define DEBUG_PRINTF(...) "
},
{
"path": "include/launch.h",
"chars": 2292,
"preview": "#ifndef SYMSAN_LAUNCH_H\n#define SYMSAN_LAUNCH_H\n\n#include <stdint.h>\n\n#define SYMSAN_INVALID_ARGS 1;\n#define SYMSAN_NO_M"
},
{
"path": "include/parse-rgd.h",
"chars": 3488,
"preview": "#pragma once\n\n#include \"parse.h\"\n\n#include \"task.h\"\n#include \"union_find.h\"\n\n#include \"boost/dynamic_bitset.hpp\"\n\nnamesp"
},
{
"path": "include/parse-z3.h",
"chars": 6405,
"preview": "#pragma once\n\n#include \"parse.h\"\n\n#include <z3++.h>\n\nnamespace symsan {\n\nusing z3_task_t = std::vector<z3::expr>;\nclass "
},
{
"path": "include/parse.h",
"chars": 3591,
"preview": "#pragma once\n\n#include \"dfsan/dfsan.h\"\n\n#include <stdint.h>\n#include <string.h>\n\n#include <memory>\n#include <stdexcept>\n"
},
{
"path": "include/solver.h",
"chars": 2936,
"preview": "#pragma once\n\n#include \"task.h\"\n\n#include <stdint.h>\n#include <z3++.h>\n\n#include <vector>\n#include <unordered_map>\n#incl"
},
{
"path": "include/task.h",
"chars": 10153,
"preview": "#pragma once\n\n#include <stdint.h>\n\n#include <bitset>\n#include <cassert>\n#include <map>\n#include <memory>\n#include <stdex"
},
{
"path": "include/task_mgr.h",
"chars": 878,
"preview": "#pragma once\n\n#include \"task.h\"\n\n#include <deque>\n#include <memory>\n\nnamespace rgd {\n\nclass TaskManager {\npublic:\n virt"
},
{
"path": "include/union_find.h",
"chars": 1848,
"preview": "#pragma once\n\n#include <stdint.h>\n#include <vector>\n#include <unordered_set>\n\nnamespace rgd {\n\n// disjoint set data stru"
},
{
"path": "include/version.h",
"chars": 1515,
"preview": "\n#ifndef _ANGORA_LLVM_VERSION_H\n#define _ANGORA_LLVM_VERSION_H\n\n#define LLVM_VERSION(major, minor) ((major)*100 + (minor"
},
{
"path": "instrumentation/CMakeLists.txt",
"chars": 572,
"preview": "set (CMAKE_CXX_STANDARD 14)\nset (CMAKE_CXX_FLAGS \"${CMAKE_CXX_FLAGS} -g\")\n# fix pass bug: https://github.com/sampsyo/llv"
},
{
"path": "instrumentation/TaintPass.cpp",
"chars": 124353,
"preview": "//===- Taint.cpp - dynamic taint analysis --------------------------------===//\n//\n// Part of the LLVM Project, under th"
},
{
"path": "parsers/CMakeLists.txt",
"chars": 588,
"preview": "set(CMAKE_POSITION_INDEPENDENT_CODE ON)\nset(CMAKE_CXX_STANDARD 17)\n\nfind_package(boost_container CONFIG)\n\nif (NOT boost_"
},
{
"path": "parsers/rgd-parser.cpp",
"chars": 61474,
"preview": "#include \"dfsan/dfsan.h\"\n\n#include \"ast.h\"\n#include \"task.h\"\n#include \"union_find.h\"\n#include \"parse-rgd.h\"\n\n#include <u"
},
{
"path": "python/CMakeLists.txt",
"chars": 840,
"preview": "set(CMAKE_POSITION_INDEPENDENT_CODE ON)\nset(CMAKE_CXX_STANDARD 17)\n\nfind_package(Python3 COMPONENTS Interpreter Developm"
},
{
"path": "python/README.md",
"chars": 1275,
"preview": "Provide a python binding to launch symsan-instrumented binary, receive events, parse constraints, and solve constraints."
},
{
"path": "python/symsan-py.cpp",
"chars": 11306,
"preview": "#include \"defs.h\"\n#include \"debug.h\"\n#include \"version.h\"\n\n#include \"dfsan/dfsan.h\"\n\nextern \"C\" {\n#include \"launch.h\"\n}\n"
},
{
"path": "python/test.py",
"chars": 2004,
"preview": "import sys\nimport ctypes\nimport symsan\n\nclass pipe_msg(ctypes.Structure):\n _pack_ = 1\n _fields_ = [(\"type\", ctypes"
},
{
"path": "runtime/CMakeLists.txt",
"chars": 1756,
"preview": "# Add path for custom compiler-rt modules.\nlist(INSERT CMAKE_MODULE_PATH 0 \"${CMAKE_CURRENT_SOURCE_DIR}/cmake\")\n\nset(COM"
},
{
"path": "runtime/cmake/AddCompilerRT.cmake",
"chars": 25527,
"preview": "include(ExternalProject)\ninclude(CompilerRTUtils)\n\nfunction(set_target_output_directories target output_dir)\n # For RUN"
},
{
"path": "runtime/cmake/BuiltinTests.cmake",
"chars": 3593,
"preview": "include(CMakeCheckCompilerFlagCommonPatterns)\n\n# This function takes an OS and a list of architectures and identifies th"
},
{
"path": "runtime/cmake/CompilerRTCompile.cmake",
"chars": 18436,
"preview": "include(CMakePushCheckState)\ninclude(CheckSymbolExists)\n\n# Because compiler-rt spends a lot of time setting up custom co"
},
{
"path": "runtime/cmake/CompilerRTDarwinUtils.cmake",
"chars": 17099,
"preview": "include(CMakeParseArguments)\n\n# On OS X SDKs can be installed anywhere on the base system and xcode-select can\n# set the"
},
{
"path": "runtime/cmake/CompilerRTLink.cmake",
"chars": 629,
"preview": "# Link a shared library with COMPILER_RT_TEST_COMPILER.\n# clang_link_shared(<output.so>\n# OBJECTS <lis"
},
{
"path": "runtime/cmake/CompilerRTUtils.cmake",
"chars": 13350,
"preview": "include(CMakePushCheckState)\ninclude(CheckSymbolExists)\n\n# Because compiler-rt spends a lot of time setting up custom co"
},
{
"path": "runtime/cmake/CustomLibcxx/CMakeLists.txt",
"chars": 1149,
"preview": "cmake_minimum_required(VERSION 3.4.3)\nproject(custom-libcxx C CXX)\n\nmessage(STATUS \"COMPILER_RT_LIBCXX_PATH = ${COMPILER"
},
{
"path": "runtime/cmake/HandleCompilerRT.cmake",
"chars": 859,
"preview": "function(find_compiler_rt_library name dest)\n set(dest \"\" PARENT_SCOPE)\n set(CLANG_COMMAND ${CMAKE_CXX_COMPILER} ${SAN"
},
{
"path": "runtime/cmake/SanitizerUtils.cmake",
"chars": 4304,
"preview": "include(CompilerRTUtils)\n\nset(SANITIZER_GEN_DYNAMIC_LIST\n ${COMPILER_RT_SOURCE_DIR}/sanitizer_common/scripts/gen_dynami"
},
{
"path": "runtime/common_interface_defs.h",
"chars": 9914,
"preview": "//===-- sanitizer/common_interface_defs.h -----------------------*- C++ -*-===//\n//\n// The LLVM Comp"
},
{
"path": "runtime/dfsan/.clang-format",
"chars": 94,
"preview": "BasedOnStyle: Google\nAllowShortIfStatementsOnASingleLine: false\nIndentPPDirectives: AfterHash\n"
},
{
"path": "runtime/dfsan/CMakeLists.txt",
"chars": 4889,
"preview": "# include_directories(..)\n\n# Runtime library sources and build flags.\nset(DFSAN_RTL_SOURCES\n dfsan.cpp\n dfsan_custom.c"
},
{
"path": "runtime/dfsan/dfsan.cpp",
"chars": 63133,
"preview": "//===-- dfsan.cc ----------------------------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/dfsan/dfsan.h",
"chars": 8856,
"preview": "//===-- dfsan.h -------------------------------------------------*- C++ -*-===//\n//\n// The LLVM Comp"
},
{
"path": "runtime/dfsan/dfsan.syms.extra",
"chars": 37,
"preview": "dfsan_*\n__dfsan_*\n__dfsw_*\n__taint_*\n"
},
{
"path": "runtime/dfsan/dfsan_custom.cpp",
"chars": 129741,
"preview": "//===-- dfsan.cc ----------------------------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/dfsan/dfsan_flags.inc",
"chars": 2622,
"preview": "//===-- dfsan_flags.inc -----------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/dfsan/dfsan_interceptors.cpp",
"chars": 2372,
"preview": "//===-- dfsan_interceptors.cc ---------------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/dfsan/dfsan_platform.h",
"chars": 3889,
"preview": "//===-- dfsan_platform.h ----------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/dfsan/done_abilist.txt",
"chars": 16667,
"preview": "##########\n# added by user\n#########\nfun:log10=functional\nfun:__ctype_toupper_loc=discard\nfun:isatty=discard\nfun:longjmp"
},
{
"path": "runtime/dfsan/libc++_abilist.txt",
"chars": 117764,
"preview": "fun:_ZNKSt10bad_typeid4whatEv=uninstrumented\nfun:_ZNKSt11logic_error4whatEv=uninstrumented\nfun:_ZNKSt12bad_any_cast4what"
},
{
"path": "runtime/dfsan/libc_ubuntu1404_abilist.txt",
"chars": 109653,
"preview": "fun:_Exit=uninstrumented\nfun:_IO_adjust_column=uninstrumented\nfun:_IO_adjust_wcolumn=uninstrumented\nfun:_IO_default_doal"
},
{
"path": "runtime/dfsan/libc_ubuntu1804_abilist.txt",
"chars": 131346,
"preview": "fun:_Exit=uninstrumented\nfun:_IO_adjust_column=uninstrumented\nfun:_IO_adjust_wcolumn=uninstrumented\nfun:_IO_default_doal"
},
{
"path": "runtime/dfsan/libc_ubuntu2204_abilist.txt",
"chars": 146431,
"preview": "fun:_Exit=uninstrumented\nfun:_Fork=uninstrumented\nfun:_IO_adjust_column=uninstrumented\nfun:_IO_adjust_wcolumn=uninstrume"
},
{
"path": "runtime/dfsan/libc_ubuntu2404_abilist.txt",
"chars": 152286,
"preview": "fun:_Exit=uninstrumented\nfun:_Fork=uninstrumented\nfun:_IO_adjust_column=uninstrumented\nfun:_IO_adjust_wcolumn=uninstrume"
},
{
"path": "runtime/dfsan/scripts/build-libc-list.py",
"chars": 3886,
"preview": "#!/usr/bin/env python\n#===- lib/dfsan/scripts/build-libc-list.py ---------------------------------===#\n#\n# Part of the L"
},
{
"path": "runtime/dfsan/scripts/check_custom_wrappers.sh",
"chars": 1676,
"preview": "#!/bin/sh\n\nDFSAN_DIR=$(dirname \"$0\")/../\nDFSAN_CUSTOM_TESTS=${DFSAN_DIR}/../../test/dfsan/custom.cc\nDFSAN_CUSTOM_WRAPPER"
},
{
"path": "runtime/dfsan/taint.ld",
"chars": 8635,
"preview": "OUTPUT_FORMAT(\"elf64-x86-64\", \"elf64-x86-64\",\n\t \"elf64-x86-64\")\nOUTPUT_ARCH(i386:x86-64)\nENTRY(_start)\nSEARCH_DIR(\""
},
{
"path": "runtime/dfsan/taint_allocator.cpp",
"chars": 949,
"preview": "#include \"../sanitizer_common/sanitizer_atomic.h\"\n#include \"../sanitizer_common/sanitizer_common.h\"\n#include \"dfsan.h\"\n#"
},
{
"path": "runtime/dfsan/taint_allocator.h",
"chars": 312,
"preview": "#ifndef UNION_ALLOCATOR_H\n#define UNION_ALLOCATOR_H\n\n#include \"sanitizer_common/sanitizer_internal_defs.h\"\n\nusing __sani"
},
{
"path": "runtime/dfsan/union_hashtable.cpp",
"chars": 1479,
"preview": "#include \"sanitizer_common/sanitizer_libc.h\"\n#include \"union_hashtable.h\"\n#include \"union_util.h\"\n\nusing namespace __tai"
},
{
"path": "runtime/dfsan/union_hashtable.h",
"chars": 868,
"preview": "#ifndef UNION_HASHTABLE_H\n#define UNION_HASHTABLE_H\n\n#include <stdint.h>\n#include \"sanitizer_common/sanitizer_atomic.h\"\n"
},
{
"path": "runtime/dfsan/union_util.cpp",
"chars": 899,
"preview": "#include \"union_util.h\"\n\nnamespace __taint {\n\n/**\n * Initialize allocator memory,\n * begin: first usable byte\n * end: fi"
},
{
"path": "runtime/dfsan/union_util.h",
"chars": 544,
"preview": "#ifndef UNION_UTIL_H\n#define UNION_UTIL_H\n\n#include \"sanitizer_common/sanitizer_internal_defs.h\"\n#include \"dfsan.h\"\n\nusi"
},
{
"path": "runtime/interception/.clang-format",
"chars": 94,
"preview": "BasedOnStyle: Google\nAllowShortIfStatementsOnASingleLine: false\nIndentPPDirectives: AfterHash\n"
},
{
"path": "runtime/interception/CMakeLists.txt",
"chars": 936,
"preview": "# Build for the runtime interception helper library.\n\nset(INTERCEPTION_SOURCES\n interception_linux.cpp\n interception_m"
},
{
"path": "runtime/interception/interception.h",
"chars": 12527,
"preview": "//===-- interception.h ------------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/interception/interception_linux.cpp",
"chars": 2705,
"preview": "//===-- interception_linux.cpp ----------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/interception/interception_linux.h",
"chars": 2255,
"preview": "//===-- interception_linux.h ------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/interception/interception_mac.cpp",
"chars": 637,
"preview": "//===-- interception_mac.cpp ------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/interception/interception_mac.h",
"chars": 908,
"preview": "//===-- interception_mac.h --------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/interception/interception_type_test.cpp",
"chars": 1402,
"preview": "//===-- interception_type_test.cpp ------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/interception/interception_win.cpp",
"chars": 36495,
"preview": "//===-- interception_linux.cpp ----------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/interception/interception_win.h",
"chars": 3463,
"preview": "//===-- interception_linux.h ------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/interception/tests/CMakeLists.txt",
"chars": 4060,
"preview": "include(CompilerRTCompile)\n\nfilter_available_targets(INTERCEPTION_UNITTEST_SUPPORTED_ARCH x86_64 i386 mips64 mips64el)\n\n"
},
{
"path": "runtime/interception/tests/interception_linux_test.cpp",
"chars": 1950,
"preview": "//===-- interception_linux_test.cpp ---------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/interception/tests/interception_test_main.cpp",
"chars": 798,
"preview": "//===-- interception_test_main.cpp ----------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/interception/tests/interception_win_test.cpp",
"chars": 26596,
"preview": "//===-- interception_win_test.cpp -----------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/libclang_rt.dfsan-x86_64.a.syms",
"chars": 1282,
"preview": "{\n __dfsan_*;\n __dfsw_*;\n __interceptor_mmap;\n __interceptor_mmap64;\n __sanitizer_cov;\n __sanitizer_cov_dump;\n __"
},
{
"path": "runtime/sanitizer_common/.clang-format",
"chars": 94,
"preview": "BasedOnStyle: Google\nAllowShortIfStatementsOnASingleLine: false\nIndentPPDirectives: AfterHash\n"
},
{
"path": "runtime/sanitizer_common/CMakeLists.txt",
"chars": 11267,
"preview": "# Build system for the common Sanitizer runtime support library components.\n# These components are shared between Addres"
},
{
"path": "runtime/sanitizer_common/sancov_flags.cpp",
"chars": 1676,
"preview": "//===-- sancov_flags.cpp ----------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sancov_flags.h",
"chars": 1103,
"preview": "//===-- sancov_flags.h ------------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sancov_flags.inc",
"chars": 776,
"preview": "//===-- sancov_flags.inc ----------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_addrhashmap.h",
"chars": 10854,
"preview": "//===-- sanitizer_addrhashmap.h ---------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator.cpp",
"chars": 7168,
"preview": "//===-- sanitizer_allocator.cpp -------------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator.h",
"chars": 2648,
"preview": "//===-- sanitizer_allocator.h -----------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator_bytemap.h",
"chars": 3197,
"preview": "//===-- sanitizer_allocator_bytemap.h ---------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator_checks.cpp",
"chars": 686,
"preview": "//===-- sanitizer_allocator_checks.cpp --------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator_checks.h",
"chars": 2738,
"preview": "//===-- sanitizer_allocator_checks.h ----------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator_combined.h",
"chars": 6569,
"preview": "//===-- sanitizer_allocator_combined.h --------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator_dlsym.h",
"chars": 2494,
"preview": "//===-- sanitizer_allocator_dlsym.h -----------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator_interface.h",
"chars": 1877,
"preview": "//===-- sanitizer_allocator_interface.h ------------------------- C++ -----===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator_internal.h",
"chars": 2143,
"preview": "//===-- sanitizer_allocator_internal.h --------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator_local_cache.h",
"chars": 9523,
"preview": "//===-- sanitizer_allocator_local_cache.h -----------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator_primary32.h",
"chars": 13180,
"preview": "//===-- sanitizer_allocator_primary32.h -------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator_primary64.h",
"chars": 34832,
"preview": "//===-- sanitizer_allocator_primary64.h -------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator_report.cpp",
"chars": 5021,
"preview": "//===-- sanitizer_allocator_report.cpp --------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator_report.h",
"chars": 1824,
"preview": "//===-- sanitizer_allocator_report.h ----------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator_secondary.h",
"chars": 11101,
"preview": "//===-- sanitizer_allocator_secondary.h -------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator_size_class_map.h",
"chars": 10354,
"preview": "//===-- sanitizer_allocator_size_class_map.h --------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_allocator_stats.h",
"chars": 2822,
"preview": "//===-- sanitizer_allocator_stats.h -----------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_asm.h",
"chars": 2790,
"preview": "//===-- sanitizer_asm.h -----------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_atomic.h",
"chars": 2020,
"preview": "//===-- sanitizer_atomic.h --------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_atomic_clang.h",
"chars": 3723,
"preview": "//===-- sanitizer_atomic_clang.h --------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_atomic_clang_mips.h",
"chars": 3862,
"preview": "//===-- sanitizer_atomic_clang_mips.h ---------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_atomic_clang_other.h",
"chars": 2742,
"preview": "//===-- sanitizer_atomic_clang_other.h --------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_atomic_clang_x86.h",
"chars": 3864,
"preview": "//===-- sanitizer_atomic_clang_x86.h ----------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_atomic_msvc.h",
"chars": 8736,
"preview": "//===-- sanitizer_atomic_msvc.h ---------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_bitvector.h",
"chars": 9654,
"preview": "//===-- sanitizer_bitvector.h -----------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_bvgraph.h",
"chars": 4734,
"preview": "//===-- sanitizer_bvgraph.h -------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_chained_origin_depot.cpp",
"chars": 3873,
"preview": "//===-- sanitizer_chained_origin_depot.cpp --------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_chained_origin_depot.h",
"chars": 1403,
"preview": "//===-- sanitizer_chained_origin_depot.h ------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_common.cpp",
"chars": 11003,
"preview": "//===-- sanitizer_common.cpp ----------------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_common.h",
"chars": 34287,
"preview": "//===-- sanitizer_common.h --------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_common_interceptors.inc",
"chars": 369737,
"preview": "//===-- sanitizer_common_interceptors.inc -----------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_common_interceptors_format.inc",
"chars": 17531,
"preview": "//===-- sanitizer_common_interceptors_format.inc ----------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_common_interceptors_ioctl.inc",
"chars": 22366,
"preview": "//===-- sanitizer_common_interceptors_ioctl.inc -----------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_common_interceptors_netbsd_compat.inc",
"chars": 4174,
"preview": "//===-- sanitizer_common_interceptors_netbsd_compat.inc ---------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_common_interceptors_vfork_aarch64.inc.S",
"chars": 1371,
"preview": "#if defined(__aarch64__) && defined(__linux__)\n\n#include \"sanitizer_common/sanitizer_asm.h\"\n#include \"builtins/assembly."
},
{
"path": "runtime/sanitizer_common/sanitizer_common_interceptors_vfork_arm.inc.S",
"chars": 1268,
"preview": "#if defined(__arm__) && defined(__linux__)\n\n#include \"sanitizer_common/sanitizer_asm.h\"\n\nASM_HIDDEN(COMMON_INTERCEPTOR_S"
},
{
"path": "runtime/sanitizer_common/sanitizer_common_interceptors_vfork_i386.inc.S",
"chars": 1720,
"preview": "#if defined(__i386__) && defined(__linux__)\n\n#include \"sanitizer_common/sanitizer_asm.h\"\n\n.comm _ZN14__interception10rea"
},
{
"path": "runtime/sanitizer_common/sanitizer_common_interceptors_vfork_riscv64.inc.S",
"chars": 1631,
"preview": "#if (defined(__riscv) && (__riscv_xlen == 64)) && defined(__linux__)\n\n#include \"sanitizer_common/sanitizer_asm.h\"\n\nASM_H"
},
{
"path": "runtime/sanitizer_common/sanitizer_common_interceptors_vfork_x86_64.inc.S",
"chars": 1077,
"preview": "#if defined(__x86_64__) && defined(__linux__)\n\n#include \"sanitizer_common/sanitizer_asm.h\"\n\n.comm _ZN14__interception10r"
},
{
"path": "runtime/sanitizer_common/sanitizer_common_interface.inc",
"chars": 2148,
"preview": "//===-- sanitizer_common_interface.inc ------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_common_interface_posix.inc",
"chars": 857,
"preview": "//===-- sanitizer_common_interface_posix.inc ------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_common_libcdep.cpp",
"chars": 8092,
"preview": "//===-- sanitizer_common_libcdep.cpp --------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_common_nolibc.cpp",
"chars": 1222,
"preview": "//===-- sanitizer_common_nolibc.cpp ---------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_common_syscalls.inc",
"chars": 84837,
"preview": "//===-- sanitizer_common_syscalls.inc ---------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_coverage_fuchsia.cpp",
"chars": 10312,
"preview": "//===-- sanitizer_coverage_fuchsia.cpp ------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_coverage_interface.inc",
"chars": 1767,
"preview": "//===-- sanitizer_coverage_interface.inc ----------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_coverage_libcdep_new.cpp",
"chars": 9450,
"preview": "//===-- sanitizer_coverage_libcdep_new.cpp --------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_coverage_win_dll_thunk.cpp",
"chars": 1055,
"preview": "//===-- sanitizer_coverage_win_dll_thunk.cpp ------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_coverage_win_dynamic_runtime_thunk.cpp",
"chars": 1189,
"preview": "//===-- sanitizer_coverage_win_dynamic_runtime_thunk.cpp ------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_coverage_win_sections.cpp",
"chars": 3437,
"preview": "//===-- sanitizer_coverage_win_sections.cpp -------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_coverage_win_weak_interception.cpp",
"chars": 1198,
"preview": "//===-- sanitizer_coverage_win_weak_interception.cpp ----------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_dbghelp.h",
"chars": 1477,
"preview": "//===-- sanitizer_dbghelp.h ------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under the Apac"
},
{
"path": "runtime/sanitizer_common/sanitizer_deadlock_detector.h",
"chars": 13599,
"preview": "//===-- sanitizer_deadlock_detector.h ---------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_deadlock_detector1.cpp",
"chars": 5733,
"preview": "//===-- sanitizer_deadlock_detector1.cpp ----------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_deadlock_detector2.cpp",
"chars": 11182,
"preview": "//===-- sanitizer_deadlock_detector2.cpp ----------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_deadlock_detector_interface.h",
"chars": 2783,
"preview": "//===-- sanitizer_deadlock_detector_interface.h -----------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_dense_map.h",
"chars": 23793,
"preview": "//===- sanitizer_dense_map.h - Dense probed hash table ----------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_dense_map_info.h",
"chars": 8981,
"preview": "//===- sanitizer_dense_map_info.h - Type traits for DenseMap ----*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_errno.cpp",
"chars": 1120,
"preview": "//===-- sanitizer_errno.cpp -------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_errno.h",
"chars": 1283,
"preview": "//===-- sanitizer_errno.h ---------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_errno_codes.h",
"chars": 1154,
"preview": "//===-- sanitizer_errno_codes.h ---------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_file.cpp",
"chars": 7275,
"preview": "//===-- sanitizer_file.cpp -----------------------------------------------===//\n//\n// Part of the LLVM Project, under th"
},
{
"path": "runtime/sanitizer_common/sanitizer_file.h",
"chars": 3876,
"preview": "//===-- sanitizer_file.h ---------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under th"
},
{
"path": "runtime/sanitizer_common/sanitizer_flag_parser.cpp",
"chars": 5681,
"preview": "//===-- sanitizer_flag_parser.cpp -----------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_flag_parser.h",
"chars": 5855,
"preview": "//===-- sanitizer_flag_parser.h ---------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_flags.cpp",
"chars": 4296,
"preview": "//===-- sanitizer_flags.cpp -----------------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_flags.h",
"chars": 2279,
"preview": "//===-- sanitizer_flags.h ---------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_flags.inc",
"chars": 14025,
"preview": "//===-- sanitizer_flags.h ---------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_flat_map.h",
"chars": 5226,
"preview": "//===-- sanitizer_flat_map.h ------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_freebsd.h",
"chars": 3393,
"preview": "//===-- sanitizer_freebsd.h -------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_fuchsia.cpp",
"chars": 16555,
"preview": "//===-- sanitizer_fuchsia.cpp ---------------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_fuchsia.h",
"chars": 1077,
"preview": "//===-- sanitizer_fuchsia.h ------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under th"
},
{
"path": "runtime/sanitizer_common/sanitizer_getauxval.h",
"chars": 1845,
"preview": "//===-- sanitizer_getauxval.h -----------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_glibc_version.h",
"chars": 748,
"preview": "//===-- sanitizer_glibc_version.h -----------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_hash.h",
"chars": 1498,
"preview": "//===-- sanitizer_common.h --------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_interceptors_ioctl_netbsd.inc",
"chars": 70449,
"preview": "//===-- sanitizer_interceptors_ioctl_netbsd.inc -----------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_interface_internal.h",
"chars": 5721,
"preview": "//===-- sanitizer_interface_internal.h --------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_internal_defs.h",
"chars": 15273,
"preview": "//===-- sanitizer_internal_defs.h -------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_leb128.h",
"chars": 2070,
"preview": "//===-- sanitizer_leb128.h --------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_lfstack.h",
"chars": 2130,
"preview": "//===-- sanitizer_lfstack.h -=-----------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_libc.cpp",
"chars": 7590,
"preview": "//===-- sanitizer_libc.cpp ------------------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_libc.h",
"chars": 3440,
"preview": "//===-- sanitizer_libc.h ----------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_libignore.cpp",
"chars": 4308,
"preview": "//===-- sanitizer_libignore.cpp -------------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_libignore.h",
"chars": 3572,
"preview": "//===-- sanitizer_libignore.h -----------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_linux.cpp",
"chars": 74383,
"preview": "//===-- sanitizer_linux.cpp -----------------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_linux.h",
"chars": 5925,
"preview": "//===-- sanitizer_linux.h ---------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_linux_libcdep.cpp",
"chars": 34527,
"preview": "//===-- sanitizer_linux_libcdep.cpp ---------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_linux_s390.cpp",
"chars": 7158,
"preview": "//===-- sanitizer_linux_s390.cpp ------------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_list.h",
"chars": 3900,
"preview": "//===-- sanitizer_list.h ----------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_local_address_space_view.h",
"chars": 3754,
"preview": "//===-- sanitizer_local_address_space_view.h --------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_lzw.h",
"chars": 4911,
"preview": "//===-- sanitizer_lzw.h -----------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_mac.cpp",
"chars": 46244,
"preview": "//===-- sanitizer_mac.cpp -------------------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_mac.h",
"chars": 2024,
"preview": "//===-- sanitizer_mac.h -----------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_mac_libcdep.cpp",
"chars": 968,
"preview": "//===-- sanitizer_mac_libcdep.cpp -----------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_malloc_mac.inc",
"chars": 13023,
"preview": "//===-- sanitizer_malloc_mac.inc --------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_mutex.cpp",
"chars": 7062,
"preview": "//===-- sanitizer_mutex.cpp -----------------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_mutex.h",
"chars": 14227,
"preview": "//===-- sanitizer_mutex.h ---------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_netbsd.cpp",
"chars": 10529,
"preview": "//===-- sanitizer_netbsd.cpp ----------------------------------------------===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_openbsd.cpp",
"chars": 0,
"preview": ""
},
{
"path": "runtime/sanitizer_common/sanitizer_persistent_allocator.cpp",
"chars": 687,
"preview": "//===-- sanitizer_persistent_allocator.cpp ----------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_persistent_allocator.h",
"chars": 2364,
"preview": "//===-- sanitizer_persistent_allocator.h ------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_placement_new.h",
"chars": 885,
"preview": "//===-- sanitizer_placement_new.h -------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
},
{
"path": "runtime/sanitizer_common/sanitizer_platform.h",
"chars": 12203,
"preview": "//===-- sanitizer_platform.h ------------------------------------*- C++ -*-===//\n//\n// Part of the LLVM Project, under t"
}
]
// ... and 283 more files (download for full content)
About this extraction
This page contains the full source code of the R-Fuzz/symsan GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 483 files (4.7 MB), approximately 1.3M tokens, and a symbol index with 3610 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.