diff options
author | Muhammad Haseeb Ahmad <mhahmad@google.com> | 2021-12-30 18:23:53 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2021-12-30 18:23:53 +0000 |
commit | 268d7f757f82e6e706cd4f5dfcb854fc2342b053 (patch) | |
tree | c5880647e8b29782d15be0c99a60e56fed6f8a02 /driver/fuzz_target_runner.h | |
parent | b997679abe998d84ad4b9c3e6589342794d3bfcb (diff) | |
parent | 0f73d9c5add52fa24500a9ddb691528db216e096 (diff) | |
download | jazzer-api-268d7f757f82e6e706cd4f5dfcb854fc2342b053.tar.gz |
Merge remote-tracking branch 'aosp/upstream-main' into master am: 5c6f411699 am: 844d7aba71 am: 0f73d9c5ad
Original change: https://android-review.googlesource.com/c/platform/external/jazzer-api/+/1935188
Change-Id: I0c6c57f25d7b033e469b5f869e4de16f0ec62839
Diffstat (limited to 'driver/fuzz_target_runner.h')
-rw-r--r-- | driver/fuzz_target_runner.h | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/driver/fuzz_target_runner.h b/driver/fuzz_target_runner.h new file mode 100644 index 00000000..98ac794c --- /dev/null +++ b/driver/fuzz_target_runner.h @@ -0,0 +1,76 @@ +/* + * Copyright 2021 Code Intelligence GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include <jni.h> + +#include <string> +#include <vector> + +#include "jvm_tooling.h" + +namespace jazzer { + +enum class RunResult { + kOk, + kException, + kDumpAndContinue, +}; + +// Invokes the following static methods in the java fuzz target class: +// 1. On construction: +// - `public static void fuzzerInitialize()` +// OR +// - `public static void fuzzerInitialize(String[] args)` +// 2. On every call of Run(): +// - `public static void fuzzerTestOneInput(FuzzedDataProvider data)` +// OR +// - `public static void fuzzerTestOneInput(byte[] input)` +// 3. On destruction: +// - `public static void fuzzerTearDown()` +class FuzzTargetRunner : public ExceptionPrinter { + private: + const JVM &jvm_; + jclass jclass_; + jmethodID fuzzer_initialize_; + jmethodID fuzzer_initialize_with_args_; + jmethodID fuzzer_test_one_input_bytes_; + jmethodID fuzzer_test_one_input_data_; + jmethodID fuzzer_tear_down_; + jclass jazzer_; + jfieldID last_finding_; + std::vector<jlong> ignore_tokens_; + + [[nodiscard]] std::string DetectFuzzTargetClass() const; + [[nodiscard]] jthrowable GetFinding() const; + + public: + // Initializes the java fuzz target by calling `void fuzzerInitialize(...)`. + explicit FuzzTargetRunner( + JVM &jvm, const std::vector<std::string> &additional_target_args = {}); + + // Calls the fuzz target tear down function. This can be useful to join any + // Threads so that the JVM shuts down correctly. + virtual ~FuzzTargetRunner(); + + // Propagate the fuzzer input to the java fuzz target. + RunResult Run(const uint8_t *data, std::size_t size); + + void DumpReproducer(const uint8_t *data, std::size_t size); +}; + +} // namespace jazzer |