diff options
| author | Fabian Meumertzheim <meumertzheim@code-intelligence.com> | 2022-08-08 15:55:57 +0200 |
|---|---|---|
| committer | Fabian Meumertzheim <fabian@meumertzhe.im> | 2022-08-10 13:55:32 +0200 |
| commit | e14430e2f0b2a4a73844d4c36bf1f98bbf4a3e22 (patch) | |
| tree | f730451e2aa00c9b964eec7154cb395874ca8106 | |
| parent | d47477729fad2016d6eb81101532085120da7153 (diff) | |
| download | jazzer-api-e14430e2f0b2a4a73844d4c36bf1f98bbf4a3e22.tar.gz | |
driver: Remove gflags dependency of fuzz_target_runner
Achieved by inlining the flags into jvm_tooling, which is the only
remaining consumer of these flags.
| -rw-r--r-- | driver/BUILD.bazel | 4 | ||||
| -rw-r--r-- | driver/fuzz_target_runner.cpp | 67 | ||||
| -rw-r--r-- | driver/fuzz_target_runner.h | 2 | ||||
| -rw-r--r-- | driver/jvm_tooling.cpp | 70 |
4 files changed, 66 insertions, 77 deletions
diff --git a/driver/BUILD.bazel b/driver/BUILD.bazel index 2d25ccc6..1c9edc10 100644 --- a/driver/BUILD.bazel +++ b/driver/BUILD.bazel @@ -142,10 +142,7 @@ cc_library( deps = [ ":fuzzed_data_provider", "//driver/src/main/java/com/code_intelligence/jazzer/driver:fuzz_target_runner.hdrs", - "@com_google_absl//absl/strings", - "@com_google_absl//absl/strings:str_format", "@fmeum_rules_jni//jni", - "@jazzer_com_github_gflags_gflags//:gflags", ], ) @@ -161,7 +158,6 @@ cc_library( "manual", ], deps = [ - ":fuzz_target_runner", "@bazel_tools//tools/cpp/runfiles", "@com_google_absl//absl/strings", "@com_google_absl//absl/strings:str_format", diff --git a/driver/fuzz_target_runner.cpp b/driver/fuzz_target_runner.cpp index 14268f80..c68511a8 100644 --- a/driver/fuzz_target_runner.cpp +++ b/driver/fuzz_target_runner.cpp @@ -21,58 +21,11 @@ #include <jni.h> +#include <limits> #include <string> -#include <vector> -#include "absl/strings/str_format.h" #include "com_code_intelligence_jazzer_driver_FuzzTargetRunner.h" #include "driver/fuzzed_data_provider.h" -#include "gflags/gflags.h" - -DEFINE_string( - target_class, "", - "The Java class that contains the static fuzzerTestOneInput function"); -DEFINE_string(target_args, "", - "Arguments passed to fuzzerInitialize as a String array. " - "Separated by space."); - -DEFINE_uint32(keep_going, 0, - "Continue fuzzing until N distinct exception stack traces have" - "been encountered. Defaults to exit after the first finding " - "unless --autofuzz is specified."); -DEFINE_bool(dedup, true, - "Emit a dedup token for every finding. Defaults to true and is " - "required for --keep_going and --ignore."); -DEFINE_string( - ignore, "", - "Comma-separated list of crash dedup tokens to ignore. This is useful to " - "continue fuzzing before a crash is fixed."); - -DEFINE_string(reproducer_path, ".", - "Path at which fuzzing reproducers are stored. Defaults to the " - "current directory."); -DEFINE_string(coverage_report, "", - "Path at which a coverage report is stored when the fuzzer " - "exits. If left empty, no report is generated (default)"); -DEFINE_string(coverage_dump, "", - "Path at which a coverage dump is stored when the fuzzer " - "exits. If left empty, no dump is generated (default)"); - -DEFINE_string(autofuzz, "", - "Fully qualified reference to a method on the classpath that " - "should be fuzzed automatically (example: System.out::println). " - "Fuzzing will continue even after a finding; specify " - "--keep_going=N to stop after N findings."); -DEFINE_string(autofuzz_ignore, "", - "Fully qualified class names of exceptions to ignore during " - "autofuzz. Separated by comma."); -DEFINE_bool( - fake_pcs, false, - "Supply synthetic Java program counters to libFuzzer trace hooks to " - "make value profiling more effective. Enabled by default if " - "-use_value_profile=1 is specified."); - -DECLARE_bool(hooks); extern "C" int LLVMFuzzerRunDriver(int *argc, char ***argv, int (*UserCb)(const uint8_t *Data, @@ -113,24 +66,6 @@ int testOneInput(const uint8_t *data, const std::size_t size) { } // namespace namespace jazzer { -std::vector<std::string> fuzzTargetRunnerFlagsAsDefines() { - return { - absl::StrFormat("-Djazzer.target_class=%s", FLAGS_target_class), - absl::StrFormat("-Djazzer.target_args=%s", FLAGS_target_args), - absl::StrFormat("-Djazzer.keep_going=%d", FLAGS_keep_going), - absl::StrFormat("-Djazzer.dedup=%s", FLAGS_dedup ? "true" : "false"), - absl::StrFormat("-Djazzer.ignore=%s", FLAGS_ignore), - absl::StrFormat("-Djazzer.reproducer_path=%s", FLAGS_reproducer_path), - absl::StrFormat("-Djazzer.coverage_report=%s", FLAGS_coverage_report), - absl::StrFormat("-Djazzer.coverage_dump=%s", FLAGS_coverage_dump), - absl::StrFormat("-Djazzer.autofuzz=%s", FLAGS_autofuzz), - absl::StrFormat("-Djazzer.autofuzz_ignore=%s", FLAGS_autofuzz_ignore), - absl::StrFormat("-Djazzer.hooks=%s", FLAGS_hooks ? "true" : "false"), - absl::StrFormat("-Djazzer.fake_pcs=%s", - FLAGS_fake_pcs ? "true" : "false"), - }; -} - int StartFuzzer(JNIEnv *env, int argc, char **argv) { gEnv = env; jclass runner = env->FindClass(kFuzzTargetRunnerClassName); diff --git a/driver/fuzz_target_runner.h b/driver/fuzz_target_runner.h index 95d8ab1c..fbc3f1e6 100644 --- a/driver/fuzz_target_runner.h +++ b/driver/fuzz_target_runner.h @@ -22,8 +22,6 @@ #include <vector> namespace jazzer { -std::vector<std::string> fuzzTargetRunnerFlagsAsDefines(); - /* * Starts libFuzzer with the provided command-line arguments and runs the * FuzzTargetRunner Java class in the provided JVM. diff --git a/driver/jvm_tooling.cpp b/driver/jvm_tooling.cpp index 63d2d5a5..ad5e0ad9 100644 --- a/driver/jvm_tooling.cpp +++ b/driver/jvm_tooling.cpp @@ -25,7 +25,6 @@ #include "absl/strings/str_join.h" #include "absl/strings/str_replace.h" #include "absl/strings/str_split.h" -#include "fuzz_target_runner.h" #include "gflags/gflags.h" #include "glog/logging.h" #include "tools/cpp/runfiles/runfiles.h" @@ -92,6 +91,49 @@ DEFINE_bool(hooks, true, "coverage information will be processed. This can be useful for " "running a regression test on non-instrumented bytecode."); +DEFINE_string( + target_class, "", + "The Java class that contains the static fuzzerTestOneInput function"); +DEFINE_string(target_args, "", + "Arguments passed to fuzzerInitialize as a String array. " + "Separated by space."); + +DEFINE_uint32(keep_going, 0, + "Continue fuzzing until N distinct exception stack traces have" + "been encountered. Defaults to exit after the first finding " + "unless --autofuzz is specified."); +DEFINE_bool(dedup, true, + "Emit a dedup token for every finding. Defaults to true and is " + "required for --keep_going and --ignore."); +DEFINE_string( + ignore, "", + "Comma-separated list of crash dedup tokens to ignore. This is useful to " + "continue fuzzing before a crash is fixed."); + +DEFINE_string(reproducer_path, ".", + "Path at which fuzzing reproducers are stored. Defaults to the " + "current directory."); +DEFINE_string(coverage_report, "", + "Path at which a coverage report is stored when the fuzzer " + "exits. If left empty, no report is generated (default)"); +DEFINE_string(coverage_dump, "", + "Path at which a coverage dump is stored when the fuzzer " + "exits. If left empty, no dump is generated (default)"); + +DEFINE_string(autofuzz, "", + "Fully qualified reference to a method on the classpath that " + "should be fuzzed automatically (example: System.out::println). " + "Fuzzing will continue even after a finding; specify " + "--keep_going=N to stop after N findings."); +DEFINE_string(autofuzz_ignore, "", + "Fully qualified class names of exceptions to ignore during " + "autofuzz. Separated by comma."); +DEFINE_bool( + fake_pcs, false, + "Supply synthetic Java program counters to libFuzzer trace hooks to " + "make value profiling more effective. Enabled by default if " + "-use_value_profile=1 is specified."); + #if defined(_WIN32) || defined(_WIN64) #define ARG_SEPARATOR ";" constexpr auto kPathSeparator = '\\'; @@ -108,9 +150,6 @@ JNI_OnLoad_jazzer_initialize(JavaVM *vm, void *) { namespace { constexpr auto kAgentBazelRunfilesPath = "jazzer/agent/jazzer_agent_deploy.jar"; constexpr auto kAgentFileName = "jazzer_agent_deploy.jar"; -} // namespace - -namespace jazzer { std::string_view dirFromFullPath(std::string_view path) { const auto pos = path.rfind(kPathSeparator); @@ -178,6 +217,24 @@ std::string agentArgsFromFlags() { return absl::StrJoin(args, ","); } +std::vector<std::string> fuzzTargetRunnerFlagsAsDefines() { + return { + absl::StrFormat("-Djazzer.target_class=%s", FLAGS_target_class), + absl::StrFormat("-Djazzer.target_args=%s", FLAGS_target_args), + absl::StrFormat("-Djazzer.keep_going=%d", FLAGS_keep_going), + absl::StrFormat("-Djazzer.dedup=%s", FLAGS_dedup ? "true" : "false"), + absl::StrFormat("-Djazzer.ignore=%s", FLAGS_ignore), + absl::StrFormat("-Djazzer.reproducer_path=%s", FLAGS_reproducer_path), + absl::StrFormat("-Djazzer.coverage_report=%s", FLAGS_coverage_report), + absl::StrFormat("-Djazzer.coverage_dump=%s", FLAGS_coverage_dump), + absl::StrFormat("-Djazzer.autofuzz=%s", FLAGS_autofuzz), + absl::StrFormat("-Djazzer.autofuzz_ignore=%s", FLAGS_autofuzz_ignore), + absl::StrFormat("-Djazzer.hooks=%s", FLAGS_hooks ? "true" : "false"), + absl::StrFormat("-Djazzer.fake_pcs=%s", + FLAGS_fake_pcs ? "true" : "false"), + }; +} + // Splits a string at the ARG_SEPARATOR unless it is escaped with a backslash. // Backslash itself can be escaped with another backslash. std::vector<std::string> splitEscaped(const std::string &str) { @@ -205,6 +262,9 @@ std::vector<std::string> splitEscaped(const std::string &str) { return parts; } +} // namespace + +namespace jazzer { JVM::JVM(std::string_view executable_path, std::string_view seed) { // combine class path from command line flags and JAVA_FUZZER_CLASSPATH env @@ -245,7 +305,7 @@ JVM::JVM(std::string_view executable_path, std::string_view seed) { JavaVMOption{.optionString = const_cast<char *>(seed_property.c_str())}); std::vector<std::string> fuzz_target_runner_defines = - ::jazzer::fuzzTargetRunnerFlagsAsDefines(); + fuzzTargetRunnerFlagsAsDefines(); for (const auto &define : fuzz_target_runner_defines) { options.push_back( JavaVMOption{.optionString = const_cast<char *>(define.c_str())}); |