diff options
author | Fabian Meumertzheim <fabian@meumertzhe.im> | 2022-08-11 10:44:16 +0200 |
---|---|---|
committer | Fabian Meumertzheim <fabian@meumertzhe.im> | 2022-08-15 22:27:22 +0200 |
commit | 07ce6176cbd19b3bdd3af413c62b577bd619b9c8 (patch) | |
tree | f9c4953f211c2cd87ae89bcffdbdd54649b23e0b | |
parent | 11707bcec3ca41f7957dc3296253a4a431fd2041 (diff) | |
download | jazzer-api-07ce6176cbd19b3bdd3af413c62b577bd619b9c8.tar.gz |
driver: Attach the agent at runtime
This functionality is needed to launch Jazzer in an already running JVM.
-rw-r--r-- | agent/agent_shade_rules | 3 | ||||
-rwxr-xr-x | agent/verify_shading.sh | 2 | ||||
-rw-r--r-- | driver/jvm_tooling.cpp | 19 | ||||
-rw-r--r-- | driver/src/main/java/com/code_intelligence/jazzer/driver/BUILD.bazel | 3 | ||||
-rw-r--r-- | driver/src/main/java/com/code_intelligence/jazzer/driver/Driver.java | 17 | ||||
-rw-r--r-- | driver/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java | 5 | ||||
-rw-r--r-- | driver/src/main/java/com/code_intelligence/jazzer/driver/Opt.java | 3 | ||||
-rw-r--r-- | repositories.bzl | 7 |
8 files changed, 38 insertions, 21 deletions
diff --git a/agent/agent_shade_rules b/agent/agent_shade_rules index 3f0aff07..91073722 100644 --- a/agent/agent_shade_rules +++ b/agent/agent_shade_rules @@ -1,7 +1,6 @@ rule com.github.** com.code_intelligence.jazzer.third_party.@0 rule io.** com.code_intelligence.jazzer.third_party.@0 rule kotlin.** com.code_intelligence.jazzer.third_party.@0 -rule net.jodah.** com.code_intelligence.jazzer.third_party.@0 -rule net.sf.** com.code_intelligence.jazzer.third_party.@0 +rule net.** com.code_intelligence.jazzer.third_party.@0 rule nonapi.** com.code_intelligence.jazzer.third_party.@0 rule org.objectweb.** com.code_intelligence.jazzer.third_party.@0 diff --git a/agent/verify_shading.sh b/agent/verify_shading.sh index 1f116b87..5742476c 100755 --- a/agent/verify_shading.sh +++ b/agent/verify_shading.sh @@ -23,4 +23,6 @@ -e '^com/code_intelligence/$' \ -e '^com/code_intelligence/jazzer/' \ -e '^jaz/' \ + -e '^win32-x86/' \ + -e '^win32-x86-64/' \ -e '^META-INF/' diff --git a/driver/jvm_tooling.cpp b/driver/jvm_tooling.cpp index 1f109949..54eb7d7c 100644 --- a/driver/jvm_tooling.cpp +++ b/driver/jvm_tooling.cpp @@ -227,6 +227,7 @@ std::vector<std::string> fuzzTargetRunnerFlagsAsDefines() { absl::StrFormat("-Djazzer.autofuzz=%s", FLAGS_autofuzz), absl::StrFormat("-Djazzer.autofuzz_ignore=%s", FLAGS_autofuzz_ignore), absl::StrFormat("-Djazzer.hooks=%s", FLAGS_hooks ? "true" : "false"), + absl::StrFormat("-Djazzer.agent_args=%s", agentArgsFromFlags()), }; } @@ -269,13 +270,8 @@ JVM::JVM(std::string_view executable_path, std::string_view seed) { if (class_path_from_env) { class_path += absl::StrCat(ARG_SEPARATOR, class_path_from_env); } - if (!FLAGS_hooks) { - // A Java agent is implicitly added to the system class loader's classpath, - // so there is no need to add the Jazzer agent here if we are running with - // the agent enabled. - class_path += - absl::StrCat(ARG_SEPARATOR, getInstrumentorAgentPath(executable_path)); - } + class_path += + absl::StrCat(ARG_SEPARATOR, getInstrumentorAgentPath(executable_path)); LOG(INFO) << "got class path " << class_path; std::vector<JavaVMOption> options; @@ -337,15 +333,6 @@ JVM::JVM(std::string_view executable_path, std::string_view seed) { JavaVMOption{.optionString = const_cast<char *>(arg.c_str())}); } - std::string agent_jvm_arg; - if (FLAGS_hooks) { - agent_jvm_arg = absl::StrFormat("-javaagent:%s=%s", - getInstrumentorAgentPath(executable_path), - agentArgsFromFlags()); - options.push_back(JavaVMOption{ - .optionString = const_cast<char *>(agent_jvm_arg.c_str())}); - } - JavaVMInitArgs jvm_init_args = {.version = JNI_VERSION_1_8, .nOptions = (int)options.size(), .options = options.data(), diff --git a/driver/src/main/java/com/code_intelligence/jazzer/driver/BUILD.bazel b/driver/src/main/java/com/code_intelligence/jazzer/driver/BUILD.bazel index 0b27a1e7..c6588c4b 100644 --- a/driver/src/main/java/com/code_intelligence/jazzer/driver/BUILD.bazel +++ b/driver/src/main/java/com/code_intelligence/jazzer/driver/BUILD.bazel @@ -8,7 +8,10 @@ java_library( ], deps = [ ":fuzz_target_runner", + ":opt", ":utils", + "//agent/src/main/java/com/code_intelligence/jazzer/agent:agent_lib", + "@net_bytebuddy_byte_buddy_agent//jar", ], ) diff --git a/driver/src/main/java/com/code_intelligence/jazzer/driver/Driver.java b/driver/src/main/java/com/code_intelligence/jazzer/driver/Driver.java index 058c3e53..a4521434 100644 --- a/driver/src/main/java/com/code_intelligence/jazzer/driver/Driver.java +++ b/driver/src/main/java/com/code_intelligence/jazzer/driver/Driver.java @@ -16,10 +16,25 @@ package com.code_intelligence.jazzer.driver; +import static java.lang.System.err; + +import com.code_intelligence.jazzer.agent.Agent; +import java.util.List; +import net.bytebuddy.agent.ByteBuddyAgent; + public class Driver { // Accessed from jazzer_main.cpp. @SuppressWarnings("unused") private static int start(byte[][] nativeArgs) { - return FuzzTargetRunner.startLibFuzzer(Utils.fromNativeArgs(nativeArgs)); + List<String> args = Utils.fromNativeArgs(nativeArgs); + + // Do *not* modify system properties beyond this point - initializing Opt parses them as a side + // effect. + + if (Opt.hooks) { + Agent.premain(Opt.agentArgs, ByteBuddyAgent.install()); + } + + return FuzzTargetRunner.startLibFuzzer(args); } } diff --git a/driver/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java b/driver/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java index 02932ec1..e1244ade 100644 --- a/driver/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java +++ b/driver/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java @@ -207,8 +207,11 @@ public final class FuzzTargetRunner { /* * Starts libFuzzer via LLVMFuzzerRunDriver. + * + * Note: Must be public rather than package-private as it is loaded in a different class loader + * than Driver. */ - static int startLibFuzzer(List<String> args) { + public static int startLibFuzzer(List<String> args) { return startLibFuzzer(Utils.toNativeArgs(args)); } diff --git a/driver/src/main/java/com/code_intelligence/jazzer/driver/Opt.java b/driver/src/main/java/com/code_intelligence/jazzer/driver/Opt.java index 201b8695..e5b98f61 100644 --- a/driver/src/main/java/com/code_intelligence/jazzer/driver/Opt.java +++ b/driver/src/main/java/com/code_intelligence/jazzer/driver/Opt.java @@ -33,7 +33,8 @@ import java.util.stream.Stream; * * <p>Every public field should be deeply immutable. */ -final class Opt { +public final class Opt { + public static final String agentArgs = stringSetting("agent_args", ""); public static final String autofuzz = stringSetting("autofuzz", ""); public static final List<String> autofuzzIgnore = stringListSetting("autofuzz_ignore", ','); public static final String coverageDump = stringSetting("coverage_dump", ""); diff --git a/repositories.bzl b/repositories.bzl index e6347ab1..8e757f15 100644 --- a/repositories.bzl +++ b/repositories.bzl @@ -98,6 +98,13 @@ def jazzer_dependencies(): maybe( http_jar, + name = "net_bytebuddy_byte_buddy_agent", + sha256 = "25eed4301bbde3724a4bac0e7fe4a0b371c64b5fb40160b29480de3afd04efd5", + url = "https://repo1.maven.org/maven2/net/bytebuddy/byte-buddy-agent/1.12.13/byte-buddy-agent-1.12.13.jar", + ) + + maybe( + http_jar, name = "org_ow2_asm_asm", sha256 = "1263369b59e29c943918de11d6d6152e2ec6085ce63e5710516f8c67d368e4bc", url = "https://repo1.maven.org/maven2/org/ow2/asm/asm/9.3/asm-9.3.jar", |