Do not intercept JVM-internal C stdlib calls (#45)

* Replace uses of quick_exit and at_quick_exit

quick_exit is not supported on macOS, but can easily replaced by a call
to _Exit after running our cleanup manually.

* Run buildifier --lint=fix -r .

* Build libFuzzer from source

Building libFuzzer from source is easy and has multiple advantages:
* The clang distributed with XCode on macOS does not include libFuzzer.
* Applying a small patch to libFuzzer will allow us to replace the
  --wrap linker feature, which is not supported on platforms other than
  Linux.

* Replace -Wl,--wrap with a source code patch

* Pin non-native rules_python

* Print exit code on test failure

* Do not intercept JVM-internal C stdlib calls

The JVM frequently calls strcmp/memcmp/..., which fills up the table of
recent compares with entries that are either duplicates of values
already reported by the bytecode instrumentation or JDK-internal strings
that are not relevant for fuzzing.

This commit adds an ignorelist to the C stdlib interceptors that filters
out calls from known JVM libraries. If the fuzz target has not yet
loaded a native library, all such callbacks are ignored, which greatly
improves fuzzer performance for string-heavy targets. E.g.,
JsonSanitizerDenylistFuzzer takes < 1 million runs now when it used to
take over 3 million.

1 files changed, 20 insertions, 7 deletions

diff --git a/WORKSPACE.bazel b/WORKSPACE.bazel
index c6a0f0cb..d54cdba4 100644
--- a/WORKSPACE.bazel
+++ b/WORKSPACE.bazel
@@ -14,8 +14,14 @@ http_archive(
     ],
 )
 
-# bazelbuild/bazel-skylib
+# bazelbuild/rules_python
+http_archive(
+    name = "rules_python",
+    sha256 = "b6d46438523a3ec0f3cead544190ee13223a52f6a6765a29eae7b7cc24cc83a0",
+    url = "https://github.com/bazelbuild/rules_python/releases/download/0.1.0/rules_python-0.1.0.tar.gz",
+)
 
+# bazelbuild/bazel-skylib
 http_archive(
     name = "bazel_skylib",
     sha256 = "ebdf850bfef28d923a2cc67ddca86355a449b5e4f38b0a70e584dc24e5984aa6",
@@ -78,7 +84,6 @@ http_archive(
     urls = ["https://github.com/bazelbuild/rules_kotlin/releases/download/%s/rules_kotlin_release.tgz" % rules_kotlin_version],
 )
 
-load("@io_bazel_rules_kotlin//kotlin:kotlin.bzl", "kotlin_repositories", "kt_register_toolchains")
 load("@io_bazel_rules_kotlin//kotlin:kotlin.bzl", "kotlin_repositories")
 
 kotlin_repositories()
@@ -144,8 +149,6 @@ rules_pkg_version = "0.3.0"
 
 rules_pkg_sha = "6b5969a7acd7b60c02f816773b06fcf32fbe8ba0c7919ccdc2df4f8fb923804a"
 
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
 http_archive(
     name = "rules_pkg",
     sha256 = rules_pkg_sha,
@@ -160,7 +163,6 @@ load("@rules_pkg//:deps.bzl", "rules_pkg_dependencies")
 rules_pkg_dependencies()
 
 # bazelbuild/rules_foreign_cc
-
 rules_foreign_cc_commit = "da99da47a0befc3dfbf65739190cd374f836f21d"
 
 http_archive(
@@ -175,7 +177,6 @@ load("@rules_foreign_cc//:workspace_definitions.bzl", "rules_foreign_cc_dependen
 rules_foreign_cc_dependencies()
 
 # libjpeg_turbo
-
 http_archive(
     name = "libjpeg_turbo",
     build_file = "//third_party:libjpeg_turbo.BUILD",
@@ -185,7 +186,6 @@ http_archive(
 )
 
 # JaCoCo
-
 jacoco_commit = "178d49870056b8a1f8ea6915e804d28b0dda5609"
 
 jacoco_sha = "da48fb5ae4ec3ffc659d4de18232aedea99476935f4ce4b0605f2d6aa1dc2553"
@@ -200,3 +200,16 @@ http_archive(
     strip_prefix = "jacoco-%s" % jacoco_commit,
     url = "https://github.com/jacoco/jacoco/archive/178d49870056b8a1f8ea6915e804d28b0dda5609.tar.gz",
 )
+
+# libFuzzer
+http_archive(
+    name = "libFuzzer",
+    build_file = "//third_party:libFuzzer.BUILD",
+    patches = [
+        "//third_party:libFuzzer-make-interceptors-configurable.patch",
+        "//third_party:libFuzzer-pass-death-callback-to-jazzer.patch",
+    ],
+    sha256 = "a78949f86fc9852f51b11ceb3e6c2c61bb6e4ebb073198cebddc82451f708adf",
+    strip_prefix = "llvm-project-llvmorg-12.0.0-rc3",
+    url = "https://github.com/llvm/llvm-project/archive/llvmorg-12.0.0-rc3.tar.gz",
+)