--- libmalloc/libmalloc-283.40.1/private/malloc_private.h
+++ libmalloc/libmalloc-474.0.13/private/malloc_private.h
@@ -27,10 +27,22 @@
 /* Here be dragons (SPIs) */
 
 #include <mach/boolean.h>
+#include <mach/kern_return.h>
+#include <mach/mach_types.h>
 #include <sys/cdefs.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
 #include <Availability.h>
 #include <os/availability.h>
 #include <malloc/malloc.h>
+
+__BEGIN_DECLS
+
+/* Memorypressure notification mask to use by default */
+extern const unsigned long malloc_memorypressure_mask_default_4libdispatch;
+/* Memorypressure notification mask to use if MSL has been enabled */
+extern const unsigned long malloc_memorypressure_mask_msl_4libdispatch;
 
 /*********	Callbacks	************/
 
@@ -76,4 +88,104 @@
 API_AVAILABLE(macos(10.14), ios(12.0), tvos(12.0), watchos(5.0))
 int malloc_engaged_nano(void) __result_use_check;
 
+/*
+ * Disables zero-on-free in a process.  This has security implications and is
+ * intended to be used only as part of binary compatibility workarounds for
+ * external code.  It should be called as early as possible in the process
+ * lifetime, ideally before the process has gone multithreaded.  It is not
+ * guaranteed to have any effect.
+ */
+SPI_AVAILABLE(macos(13.0), ios(16.1), tvos(16.1), watchos(9.1))
+void malloc_zero_on_free_disable(void);
+
+/****** Thread-specific libmalloc options ******/
+
+/**
+ * Options struct: zero means "default options".
+ */
+typedef struct {
+	uintptr_t DisableExpensiveDebuggingOptions : 1;
+	uintptr_t DisableProbabilisticGuardMalloc : 1;
+	uintptr_t DisableMallocStackLogging : 1;
+} malloc_thread_options_t;
+
+API_AVAILABLE(macos(13.0), ios(16.0), tvos(16.0), watchos(9.0))
+malloc_thread_options_t malloc_get_thread_options(void) __result_use_check;
+
+API_AVAILABLE(macos(13.0), ios(16.0), tvos(16.0), watchos(9.0))
+void malloc_set_thread_options(malloc_thread_options_t opts);
+
+/****** Crash Reporter integration ******/
+
+typedef struct {
+	uint64_t thread_id;
+	uint64_t time;
+	uint32_t num_frames;
+	vm_address_t frames[64];
+} stack_trace_t;
+
+/**
+ * Like memory_reader_t, but caller must free returned memory if not NULL.
+ */
+typedef void *(*crash_reporter_memory_reader_t)(task_t task, vm_address_t address, size_t size);
+
+/****** Probabilistic Guard Malloc ******/
+
+typedef struct {
+	// diagnose_page_fault
+	const char *error_type;
+	const char *confidence;
+	vm_address_t fault_address;
+	// fill_in_report
+	vm_address_t nearest_allocation;
+	size_t allocation_size;
+	const char *allocation_state;
+	uint32_t num_traces;
+	// fill_in_trace
+	stack_trace_t alloc_trace;
+	stack_trace_t dealloc_trace;
+} pgm_report_t;
+
+
+kern_return_t pgm_extract_report_from_corpse(vm_address_t fault_address, pgm_report_t *report, task_t task,
+		vm_address_t *zone_addresses, uint32_t zone_count, crash_reporter_memory_reader_t crm_reader) __result_use_check;
+
+kern_return_t pgm_diagnose_fault_from_crash_reporter(vm_address_t fault_address, pgm_report_t *report,
+		task_t task, vm_address_t zone_address, crash_reporter_memory_reader_t crm_reader) __result_use_check;
+
+/****** Sanitizer Zone ******/
+
+struct malloc_sanitizer_poison {
+	// ASAN_HEAP_LEFTRZ: [ptr, ptr + leftrz_sz)
+	// ASAN_VALID: [ptr + leftrz_sz, ptr + alloc_sz)
+	// ASAN_HEAP_RIGHTRZ: [ptr + leftrz_sz + alloc_sz, ptr + leftrz_sz + alloc_sz + rightrz_sz)
+	void (*heap_allocate_poison)(uintptr_t ptr, size_t leftrz_sz, size_t alloc_sz, size_t rightrz_sz);
+	// ASAN_HEAP_FREED: [ptr, ptr + sz)
+	void (*heap_deallocate_poison)(uintptr_t ptr, size_t sz);
+	// ASAN_HEAP_INTERNAL: [ptr, ptr + sz)
+	void (*heap_internal_poison)(uintptr_t ptr, size_t sz);
+};
+
+/* Returns whether sanitizers are enabled */
+bool malloc_sanitizer_is_enabled(void);
+
+/* Returns function pointers for interacting with sanitizer */
+extern const struct malloc_sanitizer_poison *malloc_sanitizer_get_functions(void);
+
+/* Sets function pointers for interacting with sanitizer */
+void malloc_sanitizer_set_functions(struct malloc_sanitizer_poison *);
+
+typedef struct {
+	vm_address_t fault_address;
+	vm_address_t nearest_allocation;
+	size_t allocation_size;
+	stack_trace_t alloc_trace;
+	stack_trace_t dealloc_trace;
+} sanitizer_report_t;
+
+kern_return_t sanitizer_diagnose_fault_from_crash_reporter(vm_address_t fault_address, sanitizer_report_t *report,
+		task_t task, vm_address_t zone_address, crash_reporter_memory_reader_t crm_reader) __result_use_check;
+
+__END_DECLS
+
 #endif /* _MALLOC_PRIVATE_H_ */