diff options
author | Fabian Meumertzheim <meumertzheim@code-intelligence.com> | 2022-08-08 15:55:57 +0200 |
---|---|---|
committer | Fabian Meumertzheim <fabian@meumertzhe.im> | 2022-08-10 13:55:32 +0200 |
commit | e14430e2f0b2a4a73844d4c36bf1f98bbf4a3e22 (patch) | |
tree | f730451e2aa00c9b964eec7154cb395874ca8106 /driver/jvm_tooling.cpp | |
parent | d47477729fad2016d6eb81101532085120da7153 (diff) | |
download | jazzer-api-e14430e2f0b2a4a73844d4c36bf1f98bbf4a3e22.tar.gz |
driver: Remove gflags dependency of fuzz_target_runner
Achieved by inlining the flags into jvm_tooling, which is the only
remaining consumer of these flags.
Diffstat (limited to 'driver/jvm_tooling.cpp')
-rw-r--r-- | driver/jvm_tooling.cpp | 70 |
1 files changed, 65 insertions, 5 deletions
diff --git a/driver/jvm_tooling.cpp b/driver/jvm_tooling.cpp index 63d2d5a5..ad5e0ad9 100644 --- a/driver/jvm_tooling.cpp +++ b/driver/jvm_tooling.cpp @@ -25,7 +25,6 @@ #include "absl/strings/str_join.h" #include "absl/strings/str_replace.h" #include "absl/strings/str_split.h" -#include "fuzz_target_runner.h" #include "gflags/gflags.h" #include "glog/logging.h" #include "tools/cpp/runfiles/runfiles.h" @@ -92,6 +91,49 @@ DEFINE_bool(hooks, true, "coverage information will be processed. This can be useful for " "running a regression test on non-instrumented bytecode."); +DEFINE_string( + target_class, "", + "The Java class that contains the static fuzzerTestOneInput function"); +DEFINE_string(target_args, "", + "Arguments passed to fuzzerInitialize as a String array. " + "Separated by space."); + +DEFINE_uint32(keep_going, 0, + "Continue fuzzing until N distinct exception stack traces have" + "been encountered. Defaults to exit after the first finding " + "unless --autofuzz is specified."); +DEFINE_bool(dedup, true, + "Emit a dedup token for every finding. Defaults to true and is " + "required for --keep_going and --ignore."); +DEFINE_string( + ignore, "", + "Comma-separated list of crash dedup tokens to ignore. This is useful to " + "continue fuzzing before a crash is fixed."); + +DEFINE_string(reproducer_path, ".", + "Path at which fuzzing reproducers are stored. Defaults to the " + "current directory."); +DEFINE_string(coverage_report, "", + "Path at which a coverage report is stored when the fuzzer " + "exits. If left empty, no report is generated (default)"); +DEFINE_string(coverage_dump, "", + "Path at which a coverage dump is stored when the fuzzer " + "exits. If left empty, no dump is generated (default)"); + +DEFINE_string(autofuzz, "", + "Fully qualified reference to a method on the classpath that " + "should be fuzzed automatically (example: System.out::println). " + "Fuzzing will continue even after a finding; specify " + "--keep_going=N to stop after N findings."); +DEFINE_string(autofuzz_ignore, "", + "Fully qualified class names of exceptions to ignore during " + "autofuzz. Separated by comma."); +DEFINE_bool( + fake_pcs, false, + "Supply synthetic Java program counters to libFuzzer trace hooks to " + "make value profiling more effective. Enabled by default if " + "-use_value_profile=1 is specified."); + #if defined(_WIN32) || defined(_WIN64) #define ARG_SEPARATOR ";" constexpr auto kPathSeparator = '\\'; @@ -108,9 +150,6 @@ JNI_OnLoad_jazzer_initialize(JavaVM *vm, void *) { namespace { constexpr auto kAgentBazelRunfilesPath = "jazzer/agent/jazzer_agent_deploy.jar"; constexpr auto kAgentFileName = "jazzer_agent_deploy.jar"; -} // namespace - -namespace jazzer { std::string_view dirFromFullPath(std::string_view path) { const auto pos = path.rfind(kPathSeparator); @@ -178,6 +217,24 @@ std::string agentArgsFromFlags() { return absl::StrJoin(args, ","); } +std::vector<std::string> fuzzTargetRunnerFlagsAsDefines() { + return { + absl::StrFormat("-Djazzer.target_class=%s", FLAGS_target_class), + absl::StrFormat("-Djazzer.target_args=%s", FLAGS_target_args), + absl::StrFormat("-Djazzer.keep_going=%d", FLAGS_keep_going), + absl::StrFormat("-Djazzer.dedup=%s", FLAGS_dedup ? "true" : "false"), + absl::StrFormat("-Djazzer.ignore=%s", FLAGS_ignore), + absl::StrFormat("-Djazzer.reproducer_path=%s", FLAGS_reproducer_path), + absl::StrFormat("-Djazzer.coverage_report=%s", FLAGS_coverage_report), + absl::StrFormat("-Djazzer.coverage_dump=%s", FLAGS_coverage_dump), + absl::StrFormat("-Djazzer.autofuzz=%s", FLAGS_autofuzz), + absl::StrFormat("-Djazzer.autofuzz_ignore=%s", FLAGS_autofuzz_ignore), + absl::StrFormat("-Djazzer.hooks=%s", FLAGS_hooks ? "true" : "false"), + absl::StrFormat("-Djazzer.fake_pcs=%s", + FLAGS_fake_pcs ? "true" : "false"), + }; +} + // Splits a string at the ARG_SEPARATOR unless it is escaped with a backslash. // Backslash itself can be escaped with another backslash. std::vector<std::string> splitEscaped(const std::string &str) { @@ -205,6 +262,9 @@ std::vector<std::string> splitEscaped(const std::string &str) { return parts; } +} // namespace + +namespace jazzer { JVM::JVM(std::string_view executable_path, std::string_view seed) { // combine class path from command line flags and JAVA_FUZZER_CLASSPATH env @@ -245,7 +305,7 @@ JVM::JVM(std::string_view executable_path, std::string_view seed) { JavaVMOption{.optionString = const_cast<char *>(seed_property.c_str())}); std::vector<std::string> fuzz_target_runner_defines = - ::jazzer::fuzzTargetRunnerFlagsAsDefines(); + fuzzTargetRunnerFlagsAsDefines(); for (const auto &define : fuzz_target_runner_defines) { options.push_back( JavaVMOption{.optionString = const_cast<char *>(define.c_str())}); |