Move honeypot class to API

The honeypot class jaz.Zer is needed to successfully execute reproducers
of deserialization issues. It's moved to the API artifact to be
available on the classpath.

Furthermore, reproducers not necessarily reproduce the found issue,
e.g. due to global state that leads to different behavior. To take that
into account the reproducer check is relaxed.

12 files changed, 28 insertions, 20 deletions

diff --git a/agent/src/main/java/com/code_intelligence/jazzer/api/BUILD.bazel b/agent/src/main/java/com/code_intelligence/jazzer/api/BUILD.bazel
index e573e757..b26bb846 100644
--- a/agent/src/main/java/com/code_intelligence/jazzer/api/BUILD.bazel
+++ b/agent/src/main/java/com/code_intelligence/jazzer/api/BUILD.bazel
@@ -23,6 +23,7 @@ java_library(
         "Jazzer.java",
         "MethodHook.java",
         "MethodHooks.java",
+        "//agent/src/main/java/jaz",
     ],
     visibility = ["//visibility:public"],
 )
diff --git a/agent/src/main/java/com/code_intelligence/jazzer/api/Jazzer.java b/agent/src/main/java/com/code_intelligence/jazzer/api/Jazzer.java
index 8f9024fc..2d2e82b0 100644
--- a/agent/src/main/java/com/code_intelligence/jazzer/api/Jazzer.java
+++ b/agent/src/main/java/com/code_intelligence/jazzer/api/Jazzer.java
@@ -593,10 +593,9 @@ final public class Jazzer {
     try {
       JAZZER_INTERNAL.getMethod("reportFindingFromHook", Throwable.class).invoke(null, finding);
     } catch (NullPointerException | IllegalAccessException | NoSuchMethodException e) {
-      // We can only reach this point if the runtime is not in the classpath, but it must be if
-      // hooks work and this function should only be called from them.
-      System.err.println("ERROR: Jazzer.reportFindingFromHook must be called from a method hook");
-      System.exit(1);
+      // We can only reach this point if the runtime is not on the classpath, e.g. in case of a
+      // reproducer. Just throw the finding.
+      rethrowUnchecked(finding);
     } catch (InvocationTargetException e) {
       // reportFindingFromHook throws a HardToCatchThrowable, which will bubble up wrapped in an
       // InvocationTargetException that should not be stopped here.
diff --git a/agent/src/main/java/jaz/BUILD.bazel b/agent/src/main/java/jaz/BUILD.bazel
new file mode 100644
index 00000000..c6cdcf13
--- /dev/null
+++ b/agent/src/main/java/jaz/BUILD.bazel
@@ -0,0 +1,8 @@
+filegroup(
+    name = "jaz",
+    srcs = [
+        "Ter.java",
+        "Zer.java",
+    ],
+    visibility = ["//agent/src/main/java/com/code_intelligence/jazzer/api:__pkg__"],
+)
diff --git a/sanitizers/src/main/java/jaz/Ter.java b/agent/src/main/java/jaz/Ter.java
index 7814396f..7814396f 100644
--- a/sanitizers/src/main/java/jaz/Ter.java
+++ b/agent/src/main/java/jaz/Ter.java
diff --git a/sanitizers/src/main/java/jaz/Zer.java b/agent/src/main/java/jaz/Zer.java
index 08ca3d2e..08ca3d2e 100644
--- a/sanitizers/src/main/java/jaz/Zer.java
+++ b/agent/src/main/java/jaz/Zer.java
diff --git a/bazel/tools/java/com/code_intelligence/jazzer/tools/FuzzTargetTestWrapper.java b/bazel/tools/java/com/code_intelligence/jazzer/tools/FuzzTargetTestWrapper.java
index 0cafc036..edf3887e 100644
--- a/bazel/tools/java/com/code_intelligence/jazzer/tools/FuzzTargetTestWrapper.java
+++ b/bazel/tools/java/com/code_intelligence/jazzer/tools/FuzzTargetTestWrapper.java
@@ -209,6 +209,7 @@ public class FuzzTargetTestWrapper {
         throw new IllegalStateException("Expected crash with any of "
             + String.join(", ", expectedFindings) + " not reproduced by " + classFile);
       }
+      System.out.println("Reproducer finished successfully without finding");
     } catch (InvocationTargetException e) {
       // expect the invocation to fail with the prescribed finding
       Throwable finding = e.getCause();
diff --git a/driver/fuzz_target_runner.cpp b/driver/fuzz_target_runner.cpp
index 663971e8..455d6e72 100644
--- a/driver/fuzz_target_runner.cpp
+++ b/driver/fuzz_target_runner.cpp
@@ -410,7 +410,6 @@ void FuzzTargetRunner::DumpReproducer(const uint8_t *data, std::size_t size) {
     const auto finding = GetFinding();
     if (finding == nullptr) {
       LOG(ERROR) << "Failed to reproduce crash when rerunning with recorder";
-      return;
     }
     base64_data = SerializeRecordingFuzzedDataProvider(jvm_, recorder);
   } else {
diff --git a/sanitizers/BUILD.bazel b/sanitizers/BUILD.bazel
index fa84208e..fdc616a3 100644
--- a/sanitizers/BUILD.bazel
+++ b/sanitizers/BUILD.bazel
@@ -3,6 +3,5 @@ java_library(
     visibility = ["//visibility:public"],
     runtime_deps = [
         "//sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers",
-        "//sanitizers/src/main/java/jaz",
     ],
 )
diff --git a/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/BUILD.bazel b/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/BUILD.bazel
index b585ecb8..f066b35f 100644
--- a/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/BUILD.bazel
+++ b/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/BUILD.bazel
@@ -28,6 +28,5 @@ kt_jvm_library(
     ],
     deps = [
         "//agent:jazzer_api_compile_only",
-        "//sanitizers/src/main/java/jaz",
     ],
 )
diff --git a/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/Utils.kt b/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/Utils.kt
index 52519cac..219490d8 100644
--- a/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/Utils.kt
+++ b/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/Utils.kt
@@ -44,9 +44,20 @@ internal fun ByteArray.indexOf(needle: ByteArray): Int {
 }
 
 internal fun guideMarkableInputStreamTowardsEquality(stream: InputStream, target: ByteArray, id: Int) {
+    fun readBytes(stream: InputStream, size: Int): ByteArray {
+        val current = ByteArray(size)
+        var n = 0
+        while (n < size) {
+            val count = stream.read(current, n, size - n)
+            if (count < 0) break
+            n += count
+        }
+        return current
+    }
+
     check(stream.markSupported())
     stream.mark(target.size)
-    val current = stream.readNBytes(target.size)
+    val current = readBytes(stream, target.size)
     stream.reset()
     Jazzer.guideTowardsEquality(current, target, id)
 }
diff --git a/sanitizers/src/main/java/jaz/BUILD.bazel b/sanitizers/src/main/java/jaz/BUILD.bazel
deleted file mode 100644
index 81275a31..00000000
--- a/sanitizers/src/main/java/jaz/BUILD.bazel
+++ /dev/null
@@ -1,12 +0,0 @@
-java_library(
-    name = "jaz",
-    srcs = [
-        "Ter.java",
-        "Zer.java",
-    ],
-    visibility = [
-        "//sanitizers:__pkg__",
-        "//sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers:__pkg__",
-    ],
-    deps = ["//agent:jazzer_api_compile_only"],
-)
diff --git a/sanitizers/src/test/java/com/example/BUILD.bazel b/sanitizers/src/test/java/com/example/BUILD.bazel
index 5152e1e6..8498ab32 100644
--- a/sanitizers/src/test/java/com/example/BUILD.bazel
+++ b/sanitizers/src/test/java/com/example/BUILD.bazel
@@ -6,6 +6,7 @@ java_fuzz_target_test(
     srcs = [
         "ObjectInputStreamDeserialization.java",
     ],
+    expected_findings = ["java.lang.ExceptionInInitializerError"],
     target_class = "com.example.ObjectInputStreamDeserialization",
 )
 
@@ -14,6 +15,7 @@ java_fuzz_target_test(
     srcs = [
         "ReflectiveCall.java",
     ],
+    expected_findings = ["java.lang.ExceptionInInitializerError"],
     target_class = "com.example.ReflectiveCall",
 )
 
@@ -107,6 +109,7 @@ java_fuzz_target_test(
     srcs = [
         "ClassLoaderLoadClass.java",
     ],
+    expected_findings = ["java.lang.ExceptionInInitializerError"],
     target_class = "com.example.ClassLoaderLoadClass",
 )