aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFabian Meumertzheim <fabian@meumertzhe.im>2022-08-11 10:44:16 +0200
committerFabian Meumertzheim <fabian@meumertzhe.im>2022-08-15 22:27:22 +0200
commit07ce6176cbd19b3bdd3af413c62b577bd619b9c8 (patch)
treef9c4953f211c2cd87ae89bcffdbdd54649b23e0b
parent11707bcec3ca41f7957dc3296253a4a431fd2041 (diff)
downloadjazzer-api-07ce6176cbd19b3bdd3af413c62b577bd619b9c8.tar.gz
driver: Attach the agent at runtime
This functionality is needed to launch Jazzer in an already running JVM.
Diffstat
-rw-r--r--agent/agent_shade_rules3
-rwxr-xr-xagent/verify_shading.sh2
-rw-r--r--driver/jvm_tooling.cpp19
-rw-r--r--driver/src/main/java/com/code_intelligence/jazzer/driver/BUILD.bazel3
-rw-r--r--driver/src/main/java/com/code_intelligence/jazzer/driver/Driver.java17
-rw-r--r--driver/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java5
-rw-r--r--driver/src/main/java/com/code_intelligence/jazzer/driver/Opt.java3
-rw-r--r--repositories.bzl7
8 files changed, 38 insertions, 21 deletions
diff --git a/agent/agent_shade_rules b/agent/agent_shade_rules
index 3f0aff07..91073722 100644
--- a/agent/agent_shade_rules
+++ b/agent/agent_shade_rules
@@ -1,7 +1,6 @@
rule com.github.** com.code_intelligence.jazzer.third_party.@0
rule io.** com.code_intelligence.jazzer.third_party.@0
rule kotlin.** com.code_intelligence.jazzer.third_party.@0
-rule net.jodah.** com.code_intelligence.jazzer.third_party.@0
-rule net.sf.** com.code_intelligence.jazzer.third_party.@0
+rule net.** com.code_intelligence.jazzer.third_party.@0
rule nonapi.** com.code_intelligence.jazzer.third_party.@0
rule org.objectweb.** com.code_intelligence.jazzer.third_party.@0
diff --git a/agent/verify_shading.sh b/agent/verify_shading.sh
index 1f116b87..5742476c 100755
--- a/agent/verify_shading.sh
+++ b/agent/verify_shading.sh
@@ -23,4 +23,6 @@
-e '^com/code_intelligence/$' \
-e '^com/code_intelligence/jazzer/' \
-e '^jaz/' \
+ -e '^win32-x86/' \
+ -e '^win32-x86-64/' \
-e '^META-INF/'
diff --git a/driver/jvm_tooling.cpp b/driver/jvm_tooling.cpp
index 1f109949..54eb7d7c 100644
--- a/driver/jvm_tooling.cpp
+++ b/driver/jvm_tooling.cpp
@@ -227,6 +227,7 @@ std::vector<std::string> fuzzTargetRunnerFlagsAsDefines() {
absl::StrFormat("-Djazzer.autofuzz=%s", FLAGS_autofuzz),
absl::StrFormat("-Djazzer.autofuzz_ignore=%s", FLAGS_autofuzz_ignore),
absl::StrFormat("-Djazzer.hooks=%s", FLAGS_hooks ? "true" : "false"),
+ absl::StrFormat("-Djazzer.agent_args=%s", agentArgsFromFlags()),
};
}
@@ -269,13 +270,8 @@ JVM::JVM(std::string_view executable_path, std::string_view seed) {
if (class_path_from_env) {
class_path += absl::StrCat(ARG_SEPARATOR, class_path_from_env);
}
- if (!FLAGS_hooks) {
- // A Java agent is implicitly added to the system class loader's classpath,
- // so there is no need to add the Jazzer agent here if we are running with
- // the agent enabled.
- class_path +=
- absl::StrCat(ARG_SEPARATOR, getInstrumentorAgentPath(executable_path));
- }
+ class_path +=
+ absl::StrCat(ARG_SEPARATOR, getInstrumentorAgentPath(executable_path));
LOG(INFO) << "got class path " << class_path;
std::vector<JavaVMOption> options;
@@ -337,15 +333,6 @@ JVM::JVM(std::string_view executable_path, std::string_view seed) {
JavaVMOption{.optionString = const_cast<char *>(arg.c_str())});
}
- std::string agent_jvm_arg;
- if (FLAGS_hooks) {
- agent_jvm_arg = absl::StrFormat("-javaagent:%s=%s",
- getInstrumentorAgentPath(executable_path),
- agentArgsFromFlags());
- options.push_back(JavaVMOption{
- .optionString = const_cast<char *>(agent_jvm_arg.c_str())});
- }
-
JavaVMInitArgs jvm_init_args = {.version = JNI_VERSION_1_8,
.nOptions = (int)options.size(),
.options = options.data(),
diff --git a/driver/src/main/java/com/code_intelligence/jazzer/driver/BUILD.bazel b/driver/src/main/java/com/code_intelligence/jazzer/driver/BUILD.bazel
index 0b27a1e7..c6588c4b 100644
--- a/driver/src/main/java/com/code_intelligence/jazzer/driver/BUILD.bazel
+++ b/driver/src/main/java/com/code_intelligence/jazzer/driver/BUILD.bazel
@@ -8,7 +8,10 @@ java_library(
],
deps = [
":fuzz_target_runner",
+ ":opt",
":utils",
+ "//agent/src/main/java/com/code_intelligence/jazzer/agent:agent_lib",
+ "@net_bytebuddy_byte_buddy_agent//jar",
],
)
diff --git a/driver/src/main/java/com/code_intelligence/jazzer/driver/Driver.java b/driver/src/main/java/com/code_intelligence/jazzer/driver/Driver.java
index 058c3e53..a4521434 100644
--- a/driver/src/main/java/com/code_intelligence/jazzer/driver/Driver.java
+++ b/driver/src/main/java/com/code_intelligence/jazzer/driver/Driver.java
@@ -16,10 +16,25 @@
package com.code_intelligence.jazzer.driver;
+import static java.lang.System.err;
+
+import com.code_intelligence.jazzer.agent.Agent;
+import java.util.List;
+import net.bytebuddy.agent.ByteBuddyAgent;
+
public class Driver {
// Accessed from jazzer_main.cpp.
@SuppressWarnings("unused")
private static int start(byte[][] nativeArgs) {
- return FuzzTargetRunner.startLibFuzzer(Utils.fromNativeArgs(nativeArgs));
+ List<String> args = Utils.fromNativeArgs(nativeArgs);
+
+ // Do *not* modify system properties beyond this point - initializing Opt parses them as a side
+ // effect.
+
+ if (Opt.hooks) {
+ Agent.premain(Opt.agentArgs, ByteBuddyAgent.install());
+ }
+
+ return FuzzTargetRunner.startLibFuzzer(args);
}
}
diff --git a/driver/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java b/driver/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java
index 02932ec1..e1244ade 100644
--- a/driver/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java
+++ b/driver/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java
@@ -207,8 +207,11 @@ public final class FuzzTargetRunner {
/*
* Starts libFuzzer via LLVMFuzzerRunDriver.
+ *
+ * Note: Must be public rather than package-private as it is loaded in a different class loader
+ * than Driver.
*/
- static int startLibFuzzer(List<String> args) {
+ public static int startLibFuzzer(List<String> args) {
return startLibFuzzer(Utils.toNativeArgs(args));
}
diff --git a/driver/src/main/java/com/code_intelligence/jazzer/driver/Opt.java b/driver/src/main/java/com/code_intelligence/jazzer/driver/Opt.java
index 201b8695..e5b98f61 100644
--- a/driver/src/main/java/com/code_intelligence/jazzer/driver/Opt.java
+++ b/driver/src/main/java/com/code_intelligence/jazzer/driver/Opt.java
@@ -33,7 +33,8 @@ import java.util.stream.Stream;
*
* <p>Every public field should be deeply immutable.
*/
-final class Opt {
+public final class Opt {
+ public static final String agentArgs = stringSetting("agent_args", "");
public static final String autofuzz = stringSetting("autofuzz", "");
public static final List<String> autofuzzIgnore = stringListSetting("autofuzz_ignore", ',');
public static final String coverageDump = stringSetting("coverage_dump", "");
diff --git a/repositories.bzl b/repositories.bzl
index e6347ab1..8e757f15 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -98,6 +98,13 @@ def jazzer_dependencies():
maybe(
http_jar,
+ name = "net_bytebuddy_byte_buddy_agent",
+ sha256 = "25eed4301bbde3724a4bac0e7fe4a0b371c64b5fb40160b29480de3afd04efd5",
+ url = "https://repo1.maven.org/maven2/net/bytebuddy/byte-buddy-agent/1.12.13/byte-buddy-agent-1.12.13.jar",
+ )
+
+ maybe(
+ http_jar,
name = "org_ow2_asm_asm",
sha256 = "1263369b59e29c943918de11d6d6152e2ec6085ce63e5710516f8c67d368e4bc",
url = "https://repo1.maven.org/maven2/org/ow2/asm/asm/9.3/asm-9.3.jar",
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-23 20:25:53 +0000