diff options
author | Fabian Meumertzheim <meumertzheim@code-intelligence.com> | 2021-02-24 09:03:49 +0100 |
---|---|---|
committer | Fabian Meumertzheim <fabian@meumertzhe.im> | 2021-02-24 17:48:03 +0100 |
commit | 4b37786dfbf9851ba7c46707061ba7d561b7d10d (patch) | |
tree | eee0bc6681e18e933146b30697990a6de868771b /examples | |
parent | 4ad5978b37c1e62f0b506091449c73336e6c6fa6 (diff) | |
download | jazzer-api-4b37786dfbf9851ba7c46707061ba7d561b7d10d.tar.gz |
Synchronize coverage IDs between separate processes
When run with e.g. the -fork flag, libFuzzer delegates the fuzzing to
multiple child processes running concurrently. As each of these
processes runs its own JVM with its own instance of the Jazzer agent,
different ranges of coverage IDs may be assigned to the same class
depending on when it is discovered by that fuzzer process. Since
libFuzzer collates the coverage counter buffers, this leads to
misreported coverage and unnecessarily large corpora.
This commit adds a coverage ID generation strategy that uses a lockable
temporary file as a means to synchronize the IDs between multiple
processes. This requires injecting new command-line arguments into
libFuzzer, building on the previous commit.
One of the example fuzz targets is set to be fuzzed in fork mode, which
provides test coverage for the new feature.
Diffstat (limited to 'examples')
-rw-r--r-- | examples/BUILD.bazel | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/examples/BUILD.bazel b/examples/BUILD.bazel index 54fbbc46..6304bc7f 100644 --- a/examples/BUILD.bazel +++ b/examples/BUILD.bazel @@ -39,6 +39,7 @@ java_fuzz_target_test( srcs = [ "src/main/java/com/example/JpegImageParserFuzzer.java", ], + fuzzer_args = ["-fork=5"], target_class = "com.example.JpegImageParserFuzzer", deps = [ "@maven//:org_apache_commons_commons_imaging", |