diff options
| author | Fabian Meumertzheim <fabian@meumertzhe.im> | 2022-03-10 13:52:32 +0100 |
|---|---|---|
| committer | Fabian Meumertzheim <fabian@meumertzhe.im> | 2022-03-16 10:12:12 +0100 |
| commit | 2fe2409518d9ef53212ce0e2c652118159f62a6b (patch) | |
| tree | 32dcf05c6412b35f7adaa5f1c8954dbbe60fac5c | |
| parent | 8d5ca15e4c00a27403670f393020bda3380c830f (diff) | |
| download | jazzer-api-2fe2409518d9ef53212ce0e2c652118159f62a6b.tar.gz | |
Extract native fuzzer callbacks into a shared library
When looking up a JavaCritical_ function, the OpenJDK will first look up
the library that contained the corresponding Java_ function and then try
to dlopen that library. If the Java_ function is defined by the driver,
this dlopen call will fail as it can't dynamically load executables.
This seems to a bug as the usual Java_ lookup goes through more
complicated logic that properly deals with statically linked native
libraries.
We work around this issue by loading the fuzzer callbacks from an honest
shared library packaged into the agent JAR.
Since dynamic linking is difficult on Windows and we don't even know
whether CriticalJNINatives work there, we continue to statically link
the callbacks there.
7 files changed, 258 insertions, 168 deletions
diff --git a/agent/agent_shade_rules b/agent/agent_shade_rules index 2897ec37..84fb2a74 100644 --- a/agent/agent_shade_rules +++ b/agent/agent_shade_rules @@ -1,5 +1,6 @@ -rule kotlin.** com.code_intelligence.jazzer.third_party.kotlin.@1 +rule com.github.** com.code_intelligence.jazzer.third_party.com.github.@1 rule io.** com.code_intelligence.jazzer.third_party.io.@1 -rule nonapi.** com.code_intelligence.jazzer.third_party.nonapi.@1 +rule kotlin.** com.code_intelligence.jazzer.third_party.kotlin.@1 rule net.jodah.** com.code_intelligence.jazzer.third_party.net.jodah.@1 +rule nonapi.** com.code_intelligence.jazzer.third_party.nonapi.@1 rule org.** com.code_intelligence.jazzer.third_party.org.@1 diff --git a/agent/src/main/java/com/code_intelligence/jazzer/runtime/BUILD.bazel b/agent/src/main/java/com/code_intelligence/jazzer/runtime/BUILD.bazel index e75692df..bd2dcf66 100644 --- a/agent/src/main/java/com/code_intelligence/jazzer/runtime/BUILD.bazel +++ b/agent/src/main/java/com/code_intelligence/jazzer/runtime/BUILD.bazel @@ -1,4 +1,4 @@ -load("@fmeum_rules_jni//jni:defs.bzl", "jni_headers") +load("@fmeum_rules_jni//jni:defs.bzl", "java_jni_library", "jni_headers") load("@io_bazel_rules_kotlin//kotlin:jvm.bzl", "kt_jvm_library") java_library( @@ -44,16 +44,26 @@ jni_headers( visibility = ["//driver:__pkg__"], ) -java_library( +java_jni_library( name = "trace_data_flow_native_callbacks", srcs = ["TraceDataFlowNativeCallbacks.java"], - deps = ["//agent/src/main/java/com/code_intelligence/jazzer/utils"], -) - -jni_headers( - name = "trace_data_flow_native_callbacks.hdrs", - lib = ":trace_data_flow_native_callbacks", - visibility = ["//driver:__pkg__"], + native_libs = select({ + # On Windows, the fuzzer callbacks are statically linked into the driver instead (see + # //driver:jazzer_driver). + "@platforms//os:windows": [], + "//conditions:default": [ + "//agent/src/main/native/com/code_intelligence/jazzer/runtime:jazzer_fuzzer_callbacks", + ], + }), + visibility = [ + # For libFuzzer callbacks. + "//agent/src/main/native/com/code_intelligence/jazzer/runtime:__pkg__", + # For handleLibraryLoad. + "//driver:__pkg__", + ], + deps = [ + "//agent/src/main/java/com/code_intelligence/jazzer/utils", + ], ) java_library( diff --git a/agent/src/main/java/com/code_intelligence/jazzer/runtime/TraceDataFlowNativeCallbacks.java b/agent/src/main/java/com/code_intelligence/jazzer/runtime/TraceDataFlowNativeCallbacks.java index efbc3411..d759e282 100644 --- a/agent/src/main/java/com/code_intelligence/jazzer/runtime/TraceDataFlowNativeCallbacks.java +++ b/agent/src/main/java/com/code_intelligence/jazzer/runtime/TraceDataFlowNativeCallbacks.java @@ -15,11 +15,28 @@ package com.code_intelligence.jazzer.runtime; import com.code_intelligence.jazzer.utils.Utils; +import com.github.fmeum.rules_jni.RulesJni; import java.lang.reflect.Executable; import java.nio.charset.Charset; @SuppressWarnings("unused") final public class TraceDataFlowNativeCallbacks { + static { + try { + RulesJni.loadLibrary("jazzer_fuzzer_callbacks", TraceDataFlowNativeCallbacks.class); + } catch (UnsatisfiedLinkError e) { + // On Windows, we link the fuzzer callbacks statically instead and thus expect this library + // load to fail. + if (!System.getProperty("os.name").startsWith("Windows")) { + // In some scenarios (e.g. Java unit tests that do not go through the driver), this native + // library load will expectedly fail due to missing symbols. We make this case non-fatal as + // every actual usage of native methods in this class would result in another + // UnsatisfiedLinkError. + e.printStackTrace(); + } + } + } + // Making this static final ensures that the JIT will eliminate the dead branch of a construct // such as: // if (USE_FAKE_PCS) ... else ... diff --git a/agent/src/main/native/com/code_intelligence/jazzer/runtime/BUILD.bazel b/agent/src/main/native/com/code_intelligence/jazzer/runtime/BUILD.bazel new file mode 100644 index 00000000..f18afe15 --- /dev/null +++ b/agent/src/main/native/com/code_intelligence/jazzer/runtime/BUILD.bazel @@ -0,0 +1,24 @@ +load("@fmeum_rules_jni//jni:defs.bzl", "cc_jni_library") + +cc_jni_library( + name = "jazzer_fuzzer_callbacks", + # Not needed (and broken) on Windows. + tags = ["manual"], + visibility = ["//agent/src/main/java/com/code_intelligence/jazzer/runtime:__pkg__"], + deps = [ + ":jazzer_fuzzer_callbacks_for_static_linking", + "//agent/src/main/java/com/code_intelligence/jazzer/runtime:trace_data_flow_native_callbacks.hdrs", + "//driver:sanitizer_hooks_with_pc", + ], +) + +cc_library( + name = "jazzer_fuzzer_callbacks_for_static_linking", + srcs = ["jazzer_fuzzer_callbacks.cpp"], + visibility = ["//driver:__pkg__"], + deps = [ + "//agent/src/main/java/com/code_intelligence/jazzer/runtime:trace_data_flow_native_callbacks.hdrs", + "//driver:sanitizer_hooks_with_pc", + ], + alwayslink = True, +) diff --git a/agent/src/main/native/com/code_intelligence/jazzer/runtime/jazzer_fuzzer_callbacks.cpp b/agent/src/main/native/com/code_intelligence/jazzer/runtime/jazzer_fuzzer_callbacks.cpp new file mode 100644 index 00000000..0a3dc9b7 --- /dev/null +++ b/agent/src/main/native/com/code_intelligence/jazzer/runtime/jazzer_fuzzer_callbacks.cpp @@ -0,0 +1,175 @@ +// Copyright 2022 Code Intelligence GmbH +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include <jni.h> + +#include <cstddef> +#include <cstdint> + +#include "com_code_intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks.h" +#include "driver/sanitizer_hooks_with_pc.h" + +namespace { + +extern "C" { +void __sanitizer_weak_hook_compare_bytes(void *caller_pc, const void *s1, + const void *s2, std::size_t n1, + std::size_t n2, int result); +void __sanitizer_weak_hook_memmem(void *called_pc, const void *s1, size_t len1, + const void *s2, size_t len2, void *result); +void __sanitizer_cov_trace_cmp4(uint32_t arg1, uint32_t arg2); +void __sanitizer_cov_trace_cmp8(uint64_t arg1, uint64_t arg2); + +void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases); + +void __sanitizer_cov_trace_div4(uint32_t val); +void __sanitizer_cov_trace_div8(uint64_t val); + +void __sanitizer_cov_trace_gep(uintptr_t idx); +} + +inline __attribute__((always_inline)) void *idToPc(jint id) { + return reinterpret_cast<void *>(static_cast<uintptr_t>(id)); +} +} // namespace + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceStrstr0( + JNIEnv *env, jclass cls, jbyteArray needle, jint id) { + auto *needle_native = + static_cast<jbyte *>(env->GetPrimitiveArrayCritical(needle, nullptr)); + jint needle_length = env->GetArrayLength(needle); + __sanitizer_weak_hook_memmem(idToPc(id), nullptr, 0, needle_native, + needle_length, nullptr); + env->ReleasePrimitiveArrayCritical(needle, needle_native, JNI_ABORT); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceMemcmp( + JNIEnv *env, jclass cls, jbyteArray b1, jbyteArray b2, jint result, + jint id) { + auto *b1_native = + static_cast<jbyte *>(env->GetPrimitiveArrayCritical(b1, nullptr)); + auto *b2_native = + static_cast<jbyte *>(env->GetPrimitiveArrayCritical(b2, nullptr)); + jint b1_length = env->GetArrayLength(b1); + jint b2_length = env->GetArrayLength(b2); + __sanitizer_weak_hook_compare_bytes(idToPc(id), b1_native, b2_native, + b1_length, b2_length, result); + env->ReleasePrimitiveArrayCritical(b1, b1_native, JNI_ABORT); + env->ReleasePrimitiveArrayCritical(b2, b2_native, JNI_ABORT); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpLong( + JNIEnv *env, jclass cls, jlong value1, jlong value2) { + __sanitizer_cov_trace_cmp8(value1, value2); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpLongWithPc( + JNIEnv *env, jclass cls, jlong value1, jlong value2, jint id) { + __sanitizer_cov_trace_cmp8_with_pc(idToPc(id), value1, value2); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpInt( + JNIEnv *env, jclass cls, jint value1, jint value2) { + __sanitizer_cov_trace_cmp4(value1, value2); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpIntWithPc( + JNIEnv *env, jclass cls, jint value1, jint value2, jint id) { + __sanitizer_cov_trace_cmp4_with_pc(idToPc(id), value1, value2); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceConstCmpInt( + JNIEnv *env, jclass cls, jint value1, jint value2) { + __sanitizer_cov_trace_cmp4(value1, value2); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceConstCmpIntWithPc( + JNIEnv *env, jclass cls, jint value1, jint value2, jint id) { + __sanitizer_cov_trace_cmp4_with_pc(idToPc(id), value1, value2); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceSwitch( + JNIEnv *env, jclass cls, jlong switch_value, + jlongArray libfuzzer_case_values) { + auto *case_values = static_cast<jlong *>( + env->GetPrimitiveArrayCritical(libfuzzer_case_values, nullptr)); + __sanitizer_cov_trace_switch(switch_value, + reinterpret_cast<uint64_t *>(case_values)); + env->ReleasePrimitiveArrayCritical(libfuzzer_case_values, case_values, + JNI_ABORT); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceSwitchWithPc( + JNIEnv *env, jclass cls, jlong switch_value, + jlongArray libfuzzer_case_values, jint id) { + auto *case_values = static_cast<jlong *>( + env->GetPrimitiveArrayCritical(libfuzzer_case_values, nullptr)); + __sanitizer_cov_trace_switch_with_pc( + idToPc(id), switch_value, reinterpret_cast<uint64_t *>(case_values)); + env->ReleasePrimitiveArrayCritical(libfuzzer_case_values, case_values, + JNI_ABORT); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivLong( + JNIEnv *env, jclass cls, jlong value) { + __sanitizer_cov_trace_div8(value); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivLongWithPc( + JNIEnv *env, jclass cls, jlong value, jint id) { + __sanitizer_cov_trace_div8_with_pc(idToPc(id), value); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivInt( + JNIEnv *env, jclass cls, jint value) { + __sanitizer_cov_trace_div4(value); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivIntWithPc( + JNIEnv *env, jclass cls, jint value, jint id) { + __sanitizer_cov_trace_div4_with_pc(idToPc(id), value); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceGep( + JNIEnv *env, jclass cls, jlong idx) { + __sanitizer_cov_trace_gep(static_cast<uintptr_t>(idx)); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceGepWithPc( + JNIEnv *env, jclass cls, jlong idx, jint id) { + __sanitizer_cov_trace_gep_with_pc(idToPc(id), static_cast<uintptr_t>(idx)); +} + +[[maybe_unused]] void +Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_tracePcIndir0( + JNIEnv *env, jclass cls, jint caller_id, jint callee_id) { + __sanitizer_cov_trace_pc_indir_with_pc(idToPc(caller_id), + static_cast<uintptr_t>(callee_id)); +} diff --git a/driver/BUILD.bazel b/driver/BUILD.bazel index b0af7897..f7f2fc64 100644 --- a/driver/BUILD.bazel +++ b/driver/BUILD.bazel @@ -7,6 +7,7 @@ cc_library( linkstatic = True, visibility = [ "//agent/src/jmh/native/com/code_intelligence/jazzer/runtime:__pkg__", + "//agent/src/main/native/com/code_intelligence/jazzer/runtime:__pkg__", ], ) @@ -68,13 +69,30 @@ cc_library( srcs = ["libfuzzer_callbacks.cpp"], linkstatic = True, deps = [ - ":sanitizer_hooks_with_pc", "//agent/src/main/java/com/code_intelligence/jazzer/runtime:trace_data_flow_native_callbacks.hdrs", "@com_google_absl//absl/strings", "@com_google_glog//:glog", "@fmeum_rules_jni//jni", "@jazzer_com_github_gflags_gflags//:gflags", - ], + ] + select({ + # We statically link the fuzzer callbacks on Windows since linking a shared library against + # symbols exported by a binary is difficult: We would need a .def file to export the symbols + # and create an interface library from the binary that is then linked into the shared + # library. This creates a conceptual (and real) cyclic dependency between the binary and the + # shared library since the binary data-depends on the agent and thus on the shared library. + # Since we only have to link the fuzzer callbacks dynamically to work around a JDK bug in an + # obsoleted feature (critical JNI natives) that is only meant to improve performance, we + # don't worry about this too much. + "@platforms//os:windows": [ + "//agent/src/main/native/com/code_intelligence/jazzer/runtime:jazzer_fuzzer_callbacks_for_static_linking", + ], + # On other platforms, dynamic linking is easy, so we load the fuzzer callbacks from a shared + # library at runtime. This is needed to let the JVM's JavaCritical_* lookup succeed, which + # does not correctly load statically linked symbols. + # See //agent/src/main/native/com/code_intelligence/jazzer/runtime:jazzer_fuzzer_callbacks + # for the place this is linked into the agent instead. + "//conditions:default": [], + }), # Symbols are only referenced dynamically via JNI. alwayslink = True, ) diff --git a/driver/libfuzzer_callbacks.cpp b/driver/libfuzzer_callbacks.cpp index 78a4d94e..97243a43 100644 --- a/driver/libfuzzer_callbacks.cpp +++ b/driver/libfuzzer_callbacks.cpp @@ -25,7 +25,6 @@ #include "com_code_intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks.h" #include "gflags/gflags.h" #include "glog/logging.h" -#include "sanitizer_hooks_with_pc.h" DEFINE_bool( fake_pcs, false, @@ -34,160 +33,6 @@ DEFINE_bool( "-use_value_profile=1 is specified."); namespace { - -extern "C" { -void __sanitizer_weak_hook_compare_bytes(void *caller_pc, const void *s1, - const void *s2, std::size_t n1, - std::size_t n2, int result); -void __sanitizer_weak_hook_memmem(void *called_pc, const void *s1, size_t len1, - const void *s2, size_t len2, void *result); -void __sanitizer_cov_trace_cmp4(uint32_t arg1, uint32_t arg2); -void __sanitizer_cov_trace_cmp8(uint64_t arg1, uint64_t arg2); - -void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases); - -void __sanitizer_cov_trace_div4(uint32_t val); -void __sanitizer_cov_trace_div8(uint64_t val); - -void __sanitizer_cov_trace_gep(uintptr_t idx); -} - -inline __attribute__((always_inline)) void *idToPc(jint id) { - return reinterpret_cast<void *>(static_cast<uintptr_t>(id)); -} -} // namespace - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceStrstr0( - JNIEnv *env, jclass cls, jbyteArray needle, jint id) { - auto *needle_native = - static_cast<jbyte *>(env->GetPrimitiveArrayCritical(needle, nullptr)); - jint needle_length = env->GetArrayLength(needle); - __sanitizer_weak_hook_memmem(idToPc(id), nullptr, 0, needle_native, - needle_length, nullptr); - env->ReleasePrimitiveArrayCritical(needle, needle_native, JNI_ABORT); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceMemcmp( - JNIEnv *env, jclass cls, jbyteArray b1, jbyteArray b2, jint result, - jint id) { - auto *b1_native = - static_cast<jbyte *>(env->GetPrimitiveArrayCritical(b1, nullptr)); - auto *b2_native = - static_cast<jbyte *>(env->GetPrimitiveArrayCritical(b2, nullptr)); - jint b1_length = env->GetArrayLength(b1); - jint b2_length = env->GetArrayLength(b2); - __sanitizer_weak_hook_compare_bytes(idToPc(id), b1_native, b2_native, - b1_length, b2_length, result); - env->ReleasePrimitiveArrayCritical(b1, b1_native, JNI_ABORT); - env->ReleasePrimitiveArrayCritical(b2, b2_native, JNI_ABORT); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpLong( - JNIEnv *env, jclass cls, jlong value1, jlong value2) { - __sanitizer_cov_trace_cmp8(value1, value2); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpLongWithPc( - JNIEnv *env, jclass cls, jlong value1, jlong value2, jint id) { - __sanitizer_cov_trace_cmp8_with_pc(idToPc(id), value1, value2); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpInt( - JNIEnv *env, jclass cls, jint value1, jint value2) { - __sanitizer_cov_trace_cmp4(value1, value2); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpIntWithPc( - JNIEnv *env, jclass cls, jint value1, jint value2, jint id) { - __sanitizer_cov_trace_cmp4_with_pc(idToPc(id), value1, value2); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceConstCmpInt( - JNIEnv *env, jclass cls, jint value1, jint value2) { - __sanitizer_cov_trace_cmp4(value1, value2); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceConstCmpIntWithPc( - JNIEnv *env, jclass cls, jint value1, jint value2, jint id) { - __sanitizer_cov_trace_cmp4_with_pc(idToPc(id), value1, value2); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceSwitch( - JNIEnv *env, jclass cls, jlong switch_value, - jlongArray libfuzzer_case_values) { - auto *case_values = static_cast<jlong *>( - env->GetPrimitiveArrayCritical(libfuzzer_case_values, nullptr)); - __sanitizer_cov_trace_switch(switch_value, - reinterpret_cast<uint64_t *>(case_values)); - env->ReleasePrimitiveArrayCritical(libfuzzer_case_values, case_values, - JNI_ABORT); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceSwitchWithPc( - JNIEnv *env, jclass cls, jlong switch_value, - jlongArray libfuzzer_case_values, jint id) { - auto *case_values = static_cast<jlong *>( - env->GetPrimitiveArrayCritical(libfuzzer_case_values, nullptr)); - __sanitizer_cov_trace_switch_with_pc( - idToPc(id), switch_value, reinterpret_cast<uint64_t *>(case_values)); - env->ReleasePrimitiveArrayCritical(libfuzzer_case_values, case_values, - JNI_ABORT); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivLong( - JNIEnv *env, jclass cls, jlong value) { - __sanitizer_cov_trace_div8(value); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivLongWithPc( - JNIEnv *env, jclass cls, jlong value, jint id) { - __sanitizer_cov_trace_div8_with_pc(idToPc(id), value); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivInt( - JNIEnv *env, jclass cls, jint value) { - __sanitizer_cov_trace_div4(value); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivIntWithPc( - JNIEnv *env, jclass cls, jint value, jint id) { - __sanitizer_cov_trace_div4_with_pc(idToPc(id), value); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceGep( - JNIEnv *env, jclass cls, jlong idx) { - __sanitizer_cov_trace_gep(static_cast<uintptr_t>(idx)); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceGepWithPc( - JNIEnv *env, jclass cls, jlong idx, jint id) { - __sanitizer_cov_trace_gep_with_pc(idToPc(id), static_cast<uintptr_t>(idx)); -} - -[[maybe_unused]] void -Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_tracePcIndir0( - JNIEnv *env, jclass cls, jint caller_id, jint callee_id) { - __sanitizer_cov_trace_pc_indir_with_pc(idToPc(caller_id), - static_cast<uintptr_t>(callee_id)); -} - -namespace { bool is_using_native_libraries = false; std::once_flag ignore_list_flag; std::vector<std::pair<uintptr_t, uintptr_t>> ignore_for_interception_ranges; |