2 * Copyright (c) 2012 The Native Client Authors. All rights reserved.
3 * Use of this source code is governed by a BSD-style license that can be
4 * found in the LICENSE file.
7 #ifndef NATIVE_CLIENT_SRC_TRUSTED_VALIDATOR_X86_NCVAL_SEG_SFI_NCVALIDATE_H__
8 #define NATIVE_CLIENT_SRC_TRUSTED_VALIDATOR_X86_NCVAL_SEG_SFI_NCVALIDATE_H__
11 #include "native_client/src/trusted/cpu_features/arch/x86/cpu_x86.h"
12 #include "native_client/src/trusted/validator/types_memory_model.h"
15 * ncvalidate.h: Validator for the segment-based sandbox.
17 * This is the primary library interface to the validator for the
18 * segment-based sandbox. This version should be used when performance
19 * is important. See ncvalidate_detailed.h for a secondary API which
20 * provides more details when reporting errors.
23 * if (!NaClArchSuppported()) fail
24 * vstate = NCValidateInit(base, size, features);
27 * NCValidateSegment(maddr, base, size, vstate);
28 * rc = NCValidateFinish();
30 * NCValidateFreeState(&vstate);
32 * See the README file in this directory for more info on the general
33 * structure of the validator.
37 struct NCValidatorState;
38 struct NaClErrorReporter;
41 * Set the maximum number of diagnostic errors to be reported to the
42 * given value (-1 implies all error messages).
44 void NCValidateSetNumDiagnostics(struct NCValidatorState *vstate,
48 * NCValidateInit: Initialize NaCl validator internal state.
50 * vbase: base virtual address for code segment
51 * codesize: size in bytes of code segment
52 * features: the features supported by the CPU that will run the code
54 * an initialized struct NCValidatorState * if everything is okay,
57 struct NCValidatorState *NCValidateInit(const NaClPcAddress vbase,
58 const NaClMemorySize codesize,
59 const int readonly_text,
60 const NaClCPUFeaturesX86 *features);
63 * Allows "stub out mode" to be enabled, in which some unsafe
64 * instructions will be rendered safe by replacing them with HLT
67 void NCValidateSetStubOutMode(struct NCValidatorState *vstate,
71 * Set the maximum number of diagnostic errors to be reported to the
72 * given value (-1 implies all error messages).
74 void NCValidateSetNumDiagnostics(struct NCValidatorState* vstate,
77 /* Changes the error reporter to the given error reporter
78 * for the given validator state.
80 void NCValidateSetErrorReporter(struct NCValidatorState* vstate,
81 struct NaClErrorReporter* error_reporter);
83 /* Validate a segment */
84 /* This routine will raise an segmentation exception if you ask
85 * it to check memory that can't be accessed. This should of be
86 * interpreted as an indication that the module in question is
89 void NCValidateSegment(uint8_t *mbase, NaClPcAddress vbase,
91 struct NCValidatorState *vstate);
93 /* Validate a segment for dynamic code replacement */
94 /* This routine checks that the code found at mbase_old
95 * can be dynamically replaced with the code at mbase_new
96 * safely. Returns non-zero if successful.
98 int NCValidateSegmentPair(uint8_t *mbase_old, uint8_t *mbase_new,
99 NaClPcAddress vbase, size_t sz,
100 const NaClCPUFeaturesX86 *features);
102 /* Check targets and alignment. Returns non-zero if there are */
103 /* safety issues, else returns 1 */
104 /* BEWARE: vstate is invalid after this call */
105 int NCValidateFinish(struct NCValidatorState *vstate);
107 /* BEWARE: this call deallocates vstate. */
108 void NCValidateFreeState(struct NCValidatorState **vstate);
110 /* Print some interesting statistics... (optional). If used,
111 * should be called between NCValidateFinish and
112 * NCValidateFreeState.
114 * Note: Uses error reporter of validator to print messages.
115 * The default error reporter of the validator will not
116 * print any messages. To actually get the messages, you
117 * must associate an error reporter with the validator using
118 * NCValidateSetErrorReporter.
120 void NCStatsPrint(struct NCValidatorState *vstate);
122 /* Returns the default value used for controlling printing
123 * of validator messages.
124 * If zero, no messages are printed.
125 * If >0, only that many diagnostic errors are printed.
126 * If negative, all validator diagnostics are printed.
128 int NCValidatorGetMaxDiagnostics(void);
130 /* Changes default flag for printing validator error messages.
131 * If zero, no messages are printed.
132 * If >0, only that many diagnostic errors are printed.
133 * If negative, all validator diagnostics are printed.
135 void NCValidatorSetMaxDiagnostics(int new_value);
137 /* Returns 1 if any code has been overwritten with halts. */
138 int NCValidatorDidStubOut(struct NCValidatorState *vstate);
140 #endif /* NATIVE_CLIENT_SRC_TRUSTED_VALIDATOR_X86_NCVAL_SEG_SFI_NCVALIDATE_H__ */