aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--agent/src/main/java/com/code_intelligence/jazzer/instrumentor/CoverageRecorder.kt5
-rw-r--r--driver/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java13
-rw-r--r--tests/BUILD.bazel14
-rw-r--r--tests/src/test/java/com/example/NoCoverageFuzzer.java19
4 files changed, 36 insertions, 15 deletions
diff --git a/agent/src/main/java/com/code_intelligence/jazzer/instrumentor/CoverageRecorder.kt b/agent/src/main/java/com/code_intelligence/jazzer/instrumentor/CoverageRecorder.kt
index 275057f0..098cf389 100644
--- a/agent/src/main/java/com/code_intelligence/jazzer/instrumentor/CoverageRecorder.kt
+++ b/agent/src/main/java/com/code_intelligence/jazzer/instrumentor/CoverageRecorder.kt
@@ -59,11 +59,6 @@ object CoverageRecorder {
additionalCoverage.addAll(CoverageMap.getCoveredIds())
}
- @JvmStatic
- fun replayCoveredIds() {
- CoverageMap.replayCoveredIds(additionalCoverage)
- }
-
/**
* [dumpCoverageReport] dumps a human-readable coverage report of files using any [coveredIds] to [dumpFileName].
*/
diff --git a/driver/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java b/driver/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java
index 0cda6d25..aedf8eb6 100644
--- a/driver/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java
+++ b/driver/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java
@@ -67,7 +67,6 @@ public final class FuzzTargetRunner {
private static final MethodHandle fuzzTarget;
public static final boolean useFuzzedDataProvider;
private static final ReproducerTemplate reproducerTemplate;
- private static long runCount = 0;
static {
String targetClassName = determineFuzzTargetClassName();
@@ -133,6 +132,9 @@ public final class FuzzTargetRunner {
}
if (Opt.hooks) {
+ // libFuzzer will clear the coverage map after this method returns and keeps no record of the
+ // coverage accumulated so far (e.g. by static initializers). We record it here to keep it
+ // around for JaCoCo coverage reports.
CoverageRecorder.updateCoveredIdsWithCoverageMap();
}
@@ -159,15 +161,6 @@ public final class FuzzTargetRunner {
* this is always 0. The function may exit the process instead of returning.
*/
public static int runOne(byte[] data) {
- if (Opt.hooks && runCount < 2) {
- runCount++;
- // For the first two runs only, replay the coverage recorded from static initializers.
- // libFuzzer cleared the coverage map after they ran and could fail to see any coverage,
- // triggering an early exit, if we don't replay it here.
- // https://github.com/llvm/llvm-project/blob/957a5e987444d3193575d6ad8afe6c75da00d794/compiler-rt/lib/fuzzer/FuzzerLoop.cpp#L804-L809
- CoverageRecorder.replayCoveredIds();
- }
-
Throwable finding = null;
try {
if (useFuzzedDataProvider) {
diff --git a/tests/BUILD.bazel b/tests/BUILD.bazel
index b43aa67f..ee927aef 100644
--- a/tests/BUILD.bazel
+++ b/tests/BUILD.bazel
@@ -197,3 +197,17 @@ java_fuzz_target_test(
],
target_class = "com.example.BytesMemoryLeakFuzzer",
)
+
+# Verifies that Jazzer continues fuzzing when the first two executions did not result in any
+# coverage feedback.
+java_fuzz_target_test(
+ name = "NoCoverageFuzzer",
+ timeout = "short",
+ srcs = ["src/test/java/com/example/NoCoverageFuzzer.java"],
+ expect_crash = False,
+ fuzzer_args = [
+ "-runs=10",
+ "--instrumentation_excludes=**",
+ ],
+ target_class = "com.example.NoCoverageFuzzer",
+)
diff --git a/tests/src/test/java/com/example/NoCoverageFuzzer.java b/tests/src/test/java/com/example/NoCoverageFuzzer.java
new file mode 100644
index 00000000..a1f8b4ea
--- /dev/null
+++ b/tests/src/test/java/com/example/NoCoverageFuzzer.java
@@ -0,0 +1,19 @@
+// Copyright 2022 Code Intelligence GmbH
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.example;
+
+public class NoCoverageFuzzer {
+ public static void fuzzerTestOneInput(byte[] data) {}
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 06:41:29 +0000