diff options
author | Fabian Meumertzheim <fabian@meumertzhe.im> | 2022-03-01 13:08:17 +0100 |
---|---|---|
committer | Fabian Meumertzheim <fabian@meumertzhe.im> | 2022-03-07 12:02:55 +0100 |
commit | 003422bb991a29ed44e962496d40e3a56c3918d4 (patch) | |
tree | 6d1c1909d40d8c0426fe898cf854d0b129b182a6 /agent/src | |
parent | efa7ac3298d57c662f2f1fa1b932bc0ee301be21 (diff) | |
download | jazzer-api-003422bb991a29ed44e962496d40e3a56c3918d4.tar.gz |
Optimize libFuzzer callbacks without critical natives
Implements the benchmark winners without their corresponding
critical natives implementations, which will be added in a follow-up
PR.
Diffstat (limited to 'agent/src')
-rw-r--r-- | agent/src/main/java/com/code_intelligence/jazzer/runtime/TraceDataFlowNativeCallbacks.java | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/agent/src/main/java/com/code_intelligence/jazzer/runtime/TraceDataFlowNativeCallbacks.java b/agent/src/main/java/com/code_intelligence/jazzer/runtime/TraceDataFlowNativeCallbacks.java index e862d76a..efbc3411 100644 --- a/agent/src/main/java/com/code_intelligence/jazzer/runtime/TraceDataFlowNativeCallbacks.java +++ b/agent/src/main/java/com/code_intelligence/jazzer/runtime/TraceDataFlowNativeCallbacks.java @@ -16,6 +16,7 @@ package com.code_intelligence.jazzer.runtime; import com.code_intelligence.jazzer.utils.Utils; import java.lang.reflect.Executable; +import java.nio.charset.Charset; @SuppressWarnings("unused") final public class TraceDataFlowNativeCallbacks { @@ -23,6 +24,12 @@ final public class TraceDataFlowNativeCallbacks { // such as: // if (USE_FAKE_PCS) ... else ... private static final boolean USE_FAKE_PCS = useFakePcs(); + // Note that we are not encoding as modified UTF-8 here: The FuzzedDataProvider transparently + // converts CESU8 into modified UTF-8 by coding null bytes on two bytes. Since the fuzzer is more + // likely to insert literal null bytes, having both the fuzzer input and the reported string + // comparisons be CESU8 should perform even better than the current implementation using modified + // UTF-8. + private static final Charset FUZZED_DATA_CHARSET = Charset.forName("CESU8"); /* trace-cmp */ public static void traceCmpInt(int arg1, int arg2, int pc) { @@ -58,8 +65,14 @@ final public class TraceDataFlowNativeCallbacks { } public static native void traceMemcmp(byte[] b1, byte[] b2, int result, int pc); - public static native void traceStrcmp(String s1, String s2, int result, int pc); - public static native void traceStrstr(String s1, String s2, int pc); + + public static void traceStrcmp(String s1, String s2, int result, int pc) { + traceMemcmp(encodeForLibFuzzer(s1), encodeForLibFuzzer(s2), result, pc); + } + + public static void traceStrstr(String s1, String s2, int pc) { + traceStrstr0(encodeForLibFuzzer(s2), pc); + } /* trace-div */ public static void traceDivInt(int val, int pc) { @@ -139,6 +152,12 @@ final public class TraceDataFlowNativeCallbacks { public static native void handleLibraryLoad(); + private static byte[] encodeForLibFuzzer(String str) { + // libFuzzer string hooks only ever consume the first 64 bytes, so we can definitely cut the + // string off after 64 characters. + return str.substring(0, Math.min(str.length(), 64)).getBytes(FUZZED_DATA_CHARSET); + } + private static boolean useFakePcs() { String rawFakePcs = System.getProperty("jazzer.fake_pcs"); if (rawFakePcs == null) { @@ -147,6 +166,8 @@ final public class TraceDataFlowNativeCallbacks { return Boolean.parseBoolean(rawFakePcs); } + private static native void traceStrstr0(byte[] needle, int pc); + private static native void traceCmpInt(int arg1, int arg2); private static native void traceCmpIntWithPc(int arg1, int arg2, int pc); private static native void traceConstCmpInt(int arg1, int arg2); |