From d4a1ce3f2e227bc30bcd2d97b623c193197e293e Mon Sep 17 00:00:00 2001 From: Fabian Meumertzheim Date: Thu, 21 Oct 2021 12:06:58 +0200 Subject: Add Jazzer.consume to the Jazzer API This requires moving AutofuzzConstructionException to api package. --- .../jazzer/api/AutofuzzConstructionException.java | 32 ++++++++++++++++++ .../com/code_intelligence/jazzer/api/Jazzer.java | 38 ++++++++++++++++++++++ .../autofuzz/AutofuzzConstructionException.java | 31 ------------------ .../jazzer/autofuzz/FuzzTarget.java | 1 + .../code_intelligence/jazzer/autofuzz/Meta.java | 1 + 5 files changed, 72 insertions(+), 31 deletions(-) create mode 100644 agent/src/main/java/com/code_intelligence/jazzer/api/AutofuzzConstructionException.java delete mode 100644 agent/src/main/java/com/code_intelligence/jazzer/autofuzz/AutofuzzConstructionException.java (limited to 'agent/src/main/java') diff --git a/agent/src/main/java/com/code_intelligence/jazzer/api/AutofuzzConstructionException.java b/agent/src/main/java/com/code_intelligence/jazzer/api/AutofuzzConstructionException.java new file mode 100644 index 00000000..93340ee8 --- /dev/null +++ b/agent/src/main/java/com/code_intelligence/jazzer/api/AutofuzzConstructionException.java @@ -0,0 +1,32 @@ +// Copyright 2021 Code Intelligence GmbH +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.code_intelligence.jazzer.api; + +// An exception wrapping a Throwable thrown during the construction of parameters for, but not the +// actual invocation of an autofuzzed method. +/** + * Only used internally. + */ +public class AutofuzzConstructionException extends RuntimeException { + public AutofuzzConstructionException() { + super(); + } + public AutofuzzConstructionException(String message) { + super(message); + } + public AutofuzzConstructionException(Throwable cause) { + super(cause); + } +} diff --git a/agent/src/main/java/com/code_intelligence/jazzer/api/Jazzer.java b/agent/src/main/java/com/code_intelligence/jazzer/api/Jazzer.java index a4f6f740..930d8f0f 100644 --- a/agent/src/main/java/com/code_intelligence/jazzer/api/Jazzer.java +++ b/agent/src/main/java/com/code_intelligence/jazzer/api/Jazzer.java @@ -29,6 +29,8 @@ final public class Jazzer { private static MethodHandle traceStrstr = null; private static MethodHandle traceMemcmp = null; + private static MethodHandle consume = null; + static { try { jazzerInternal = Class.forName("com.code_intelligence.jazzer.runtime.JazzerInternal"); @@ -48,6 +50,11 @@ final public class Jazzer { MethodType.methodType(void.class, byte[].class, byte[].class, int.class, int.class); traceMemcmp = MethodHandles.publicLookup().findStatic( traceDataFlowNativeCallbacks, "traceMemcmp", traceMemcmpType); + + Class metaClass = Class.forName("com.code_intelligence.jazzer.autofuzz.Meta"); + MethodType consumeType = + MethodType.methodType(Object.class, FuzzedDataProvider.class, Class.class); + consume = MethodHandles.publicLookup().findStatic(metaClass, "consume", consumeType); } catch (ClassNotFoundException ignore) { // Not running in the context of the agent. This is fine as long as no methods are called on // this class. @@ -62,6 +69,31 @@ final public class Jazzer { private Jazzer() {} + /** + * Attempts to construct an instance of {@code type} from the fuzzer input using only public + * methods available on the classpath. + * + * Note: This function is inherently heuristic and may fail to return meaningful values for + * a variety of reasons. + * + * @param data the {@link FuzzedDataProvider} instance provided to {@code fuzzerTestOneInput}. + * @param type the {@link Class} to construct an instance of. + * @return an instance of {@code type} constructed from the fuzzer input, or {@code null} if + * autofuzz failed to create an instance. + */ + @SuppressWarnings("unchecked") + public static T consume(FuzzedDataProvider data, Class type) { + try { + return (T) consume.invokeExact(data, type); + } catch (AutofuzzConstructionException ignored) { + return null; + } catch (Throwable t) { + rethrowUnchecked(t); + // Not reached. + return null; + } + } + /** * Instructs the fuzzer to guide its mutations towards making {@code current} equal to {@code * target}. @@ -148,4 +180,10 @@ final public class Jazzer { } } } + + // Rethrows a (possibly checked) exception while avoiding a throws declaration. + @SuppressWarnings("unchecked") + private static void rethrowUnchecked(Throwable t) throws T { + throw(T) t; + } } diff --git a/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/AutofuzzConstructionException.java b/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/AutofuzzConstructionException.java deleted file mode 100644 index 7cb41d4b..00000000 --- a/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/AutofuzzConstructionException.java +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright 2021 Code Intelligence GmbH -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package com.code_intelligence.jazzer.autofuzz; - -/** - * An exception wrapping a {@link Throwable} thrown during the construction of parameters for, but - * not the actual invocation of an autofuzzed method. - */ -public class AutofuzzConstructionException extends RuntimeException { - public AutofuzzConstructionException() { - super(); - } - public AutofuzzConstructionException(String message) { - super(message); - } - public AutofuzzConstructionException(Throwable cause) { - super(cause); - } -} diff --git a/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/FuzzTarget.java b/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/FuzzTarget.java index ea1b9a96..ce7df069 100644 --- a/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/FuzzTarget.java +++ b/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/FuzzTarget.java @@ -14,6 +14,7 @@ package com.code_intelligence.jazzer.autofuzz; +import com.code_intelligence.jazzer.api.AutofuzzConstructionException; import com.code_intelligence.jazzer.api.FuzzedDataProvider; import com.code_intelligence.jazzer.utils.SimpleGlobMatcher; import com.code_intelligence.jazzer.utils.Utils; diff --git a/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/Meta.java b/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/Meta.java index ad439730..4a679b8f 100644 --- a/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/Meta.java +++ b/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/Meta.java @@ -14,6 +14,7 @@ package com.code_intelligence.jazzer.autofuzz; +import com.code_intelligence.jazzer.api.AutofuzzConstructionException; import com.code_intelligence.jazzer.api.FuzzedDataProvider; import com.code_intelligence.jazzer.utils.Utils; import io.github.classgraph.ClassGraph; -- cgit v1.2.3