diff options
author | Fabian Meumertzheim <meumertzheim@code-intelligence.com> | 2021-03-22 14:48:58 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-22 14:48:58 +0100 |
commit | 71ac55c6fc9d808bcc8a8e8d895f7f20141bec86 (patch) | |
tree | dfa557a023d1413799c24dbd1373d8c42c2ee8bb /bazel/fuzz_target.bzl | |
parent | 20d72b43a58f5ffcb807245a854d7eb178c4b8b6 (diff) | |
download | jazzer-api-71ac55c6fc9d808bcc8a8e8d895f7f20141bec86.tar.gz |
Do not intercept JVM-internal C stdlib calls (#45)
* Replace uses of quick_exit and at_quick_exit
quick_exit is not supported on macOS, but can easily replaced by a call
to _Exit after running our cleanup manually.
* Run buildifier --lint=fix -r .
* Build libFuzzer from source
Building libFuzzer from source is easy and has multiple advantages:
* The clang distributed with XCode on macOS does not include libFuzzer.
* Applying a small patch to libFuzzer will allow us to replace the
--wrap linker feature, which is not supported on platforms other than
Linux.
* Replace -Wl,--wrap with a source code patch
* Pin non-native rules_python
* Print exit code on test failure
* Do not intercept JVM-internal C stdlib calls
The JVM frequently calls strcmp/memcmp/..., which fills up the table of
recent compares with entries that are either duplicates of values
already reported by the bytecode instrumentation or JDK-internal strings
that are not relevant for fuzzing.
This commit adds an ignorelist to the C stdlib interceptors that filters
out calls from known JVM libraries. If the fuzz target has not yet
loaded a native library, all such callbacks are ignored, which greatly
improves fuzzer performance for string-heavy targets. E.g.,
JsonSanitizerDenylistFuzzer takes < 1 million runs now when it used to
take over 3 million.
Diffstat (limited to 'bazel/fuzz_target.bzl')
-rw-r--r-- | bazel/fuzz_target.bzl | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/bazel/fuzz_target.bzl b/bazel/fuzz_target.bzl index 04cf32e3..9f2fe2d5 100644 --- a/bazel/fuzz_target.bzl +++ b/bazel/fuzz_target.bzl @@ -12,6 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +load("@rules_java//java:defs.bzl", "java_binary") + def java_fuzz_target_test( name, target_class, @@ -29,14 +31,12 @@ def java_fuzz_target_test( "Jazzer-Fuzz-Target-Class: %s" % target_class, ] if hook_classes: - deploy_manifest_lines += [ - "Jazzer-Hook-Classes: %s" % ":".join(hook_classes), - ] + deploy_manifest_lines.append("Jazzer-Hook-Classes: %s" % ":".join(hook_classes)) # Deps can only be specified on java_binary targets with sources, which # excludes e.g. Kotlin libraries wrapped into java_binary via runtime_deps. target_deps = deps + ["//agent/src/main/java/com/code_intelligence/jazzer/api"] if srcs else [] - native.java_binary( + java_binary( name = target_name, srcs = srcs, visibility = ["//visibility:private"], |