Sometimes return null for non-primitive types

5 files changed, 37 insertions, 12 deletions

diff --git a/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/Meta.java b/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/Meta.java
index fda9748b..e31d7201 100644
--- a/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/Meta.java
+++ b/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/Meta.java
@@ -102,7 +102,15 @@ public class Meta {
       return data.consumeBoolean();
     } else if (type == char.class || type == Character.class) {
       return data.consumeChar();
-    } else if (type.isAssignableFrom(String.class)) {
+    }
+    // Return null for non-primitive and non-boxed types in ~5% of the cases.
+    // TODO: We might want to return null for boxed types sometimes, but this is complicated by the
+    //       fact that TypeUtils can't distinguish between a primitive type and its wrapper and may
+    //       thus easily cause false-positive NullPointerExceptions.
+    if (!type.isPrimitive() && data.consumeByte((byte) 0, (byte) 19) == 0) {
+      return null;
+    }
+    if (type.isAssignableFrom(String.class)) {
       return data.consumeString(data.remainingBytes() / 2);
     } else if (type.isArray()) {
       if (type == byte[].class) {
diff --git a/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/BuilderPatternTest.java b/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/BuilderPatternTest.java
index 2389f83e..4f59832f 100644
--- a/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/BuilderPatternTest.java
+++ b/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/BuilderPatternTest.java
@@ -80,17 +80,21 @@ class Employee {
 
 public class BuilderPatternTest {
   FuzzedDataProvider data =
-      CannedFuzzedDataProvider.create(Arrays.asList(0, // Select the first Builder
+      CannedFuzzedDataProvider.create(Arrays.asList((byte) 1, // do not return null
+          0, // Select the first Builder
           2, // Select two Builder methods returning a builder object (fluent design)
           0, // Select the first build method
           0, // pick the first remaining builder method (withAge)
           0, // pick the first remaining builder method (withJobTitle)
           0, // pick the first build method
+          (byte) 1, // do not return null
           6, // remaining bytes
           "foo", // firstName
+          (byte) 1, // do not return null
           6, // remaining bytes
           "bar", // lastName
           20, // age
+          (byte) 1, // do not return null
           6, // remaining bytes
           "baz" // jobTitle
           ));
diff --git a/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/InterfaceCreationTest.java b/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/InterfaceCreationTest.java
index d15cfd89..2858d68d 100644
--- a/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/InterfaceCreationTest.java
+++ b/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/InterfaceCreationTest.java
@@ -89,14 +89,20 @@ class ClassB2 implements InterfaceA {
 }
 
 public class InterfaceCreationTest {
-  FuzzedDataProvider data = CannedFuzzedDataProvider.create(Arrays.asList(0, // pick ClassB1
-      0, // pick first constructor
-      5, // arg for ClassB1 constructor
-      1, // pick ClassB2
-      0, // pick first constructor
-      8, // remaining bytes
-      "test" // arg for ClassB2 constructor
-      ));
+  FuzzedDataProvider data =
+      CannedFuzzedDataProvider.create(Arrays.asList((byte) 1, // do not return null
+          0, // pick ClassB1
+          (byte) 1, // do not return null
+          0, // pick first constructor
+          5, // arg for ClassB1 constructor
+          (byte) 1, // do not return null
+          1, // pick ClassB2
+          (byte) 1, // do not return null
+          0, // pick first constructor
+          (byte) 1, // do not return null
+          8, // remaining bytes
+          "test" // arg for ClassB2 constructor
+          ));
 
   @Test
   public void testConsumeInterface() {
diff --git a/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/MetaTest.java b/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/MetaTest.java
index 52ec1eb0..a3c851be 100644
--- a/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/MetaTest.java
+++ b/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/MetaTest.java
@@ -38,14 +38,19 @@ public class MetaTest {
   @Test
   public void testAutofuzz() {
     FuzzedDataProvider data = CannedFuzzedDataProvider.create(Arrays.asList(5,
+        (byte) 1, // do not return null
         6, // remainingBytes
         "foo",
+        (byte) 1, // do not return null
         6, // remainingBytes
         "bar",
+        (byte) 1, // do not return null
         8, // remainingBytes
         "buzz",
+        (byte) 1, // do not return null
         6, // remainingBytes
         "jazzer",
+        (byte) 1, // do not return null
         6, // remainingBytes
         "jazzer"));
     assertTrue(Meta.autofuzz(data, MetaTest::isFive));
diff --git a/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/SettersTest.java b/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/SettersTest.java
index 59a46636..5403b19e 100644
--- a/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/SettersTest.java
+++ b/agent/src/test/java/com/code_intelligence/jazzer/autofuzz/SettersTest.java
@@ -23,11 +23,13 @@ import java.util.Arrays;
 import org.junit.Test;
 
 public class SettersTest {
-  FuzzedDataProvider data =
-      CannedFuzzedDataProvider.create(Arrays.asList(0, // pick first constructor
+  FuzzedDataProvider data = CannedFuzzedDataProvider.create(
+      Arrays.asList((byte) 1, // do not return null for EmployeeWithSetters
+          0, // pick first constructor
           2, // pick two setters
           1, // pick second setter
           0, // pick first setter
+          (byte) 1, // do not return null for String
           6, // remaining bytes
           "foo", // setFirstName
           26 // setAge