Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
driver: Fix startup crashes when fuzzing native libraries
Fixes a JVM crash with the following frame while fuzzing native
libraries:
```
[libstdc++.so.6+0x13bf8a] std::ostream::sentry::sentry(std::ostream&)+0x1a
```
|
|
This broke in 55eb18b20953bea99fa1a5f55668740686f448b3.
|
|
This allows for cleaner syntax (`@DictionaryEntries({"a", "b"})` and
avoids introducing yet another term (`token`).
|
|
|
|
The resource path is now interpreted relative to the class using the
annotation, which is more idiomatic. This does require changing
`com/example/Foo` to `/com/example/Foo` if an absolute path is desired.
|
|
|
|
|
|
Previously, IDE executions of JUnit fuzz tests registered a
`findingHandler` in `FuzzTargetRunner` whereas CLI executions did not.
This lead to inconsistent behavior that was hard to reason about and a
lack of feature parity between the two modes (e.g. `--keep_going` was
only supported on the CLI).
Instead, we now use a `findingHandler` to report the last, "fatal",
finding in structured form to `FuzzTestExecutor`, with all other
findings having their stack traces printed. `JUnitRunner` now handles
findings from lifecycle methods correctly, including for the exit code.
|
|
The check generates a warning for essentially all our tests and doesn't
seem to be easy to make more precise.
|
|
Each execution uses its own dedicated test class instance and also runs
preprocessors.
See the comment in `JUnitLifecycleMethodsInvoker#beforeFirstExecution`
for an explanation of how this still falls short of emulating default
JUnit behavior.
|
|
Previously, `dumpReproducer` was called for `@FuzzTest`s using Autofuzz,
which is implemented as a static fuzz target method.
|
|
|
|
We also track the instance on which a given method is invoked and verify
that the `ExtensionContext` contains consistent information. This
prepares for future changes to `Lifecycle.PER_EXECUTION`.
|
|
|
|
If a target doesn't expect a finding, it doesn't have to disable this
check manually.
|
|
Work towards #599
|
|
|
|
The disk cache was based on GitHub Action's immutable caches with a
static cache and thus likely contained outdated results. It also results
in spurious persistent failures on Windows such as:
```
ERROR: D:/a/jazzer/jazzer/deploy/BUILD.bazel:65:12: MergeJars deploy/jazzer-junit-project-src.jar failed: Exec failed due to IOException: 2 errors during bulk transfer:
java.io.IOException: D:/a/jazzer/jazzer/%HOME%/bazel-disk/cas/44/44e1a1356c8b7423f3b6c8cef5d75fdd6bf193f03d7bc416f81a3c3cd86166a2 (Permission denied)
java.io.IOException: D:/a/jazzer/jazzer/%HOME%/bazel-disk/cas/44/44e1a1356c8b7423f3b6c8cef5d75fdd6bf193f03d7bc416f81a3c3cd86166a2 (Permission denied)
```
Since we already use a remote cache, disabling the disk cache should not
harm build times. In fact, the CI Sense jobs didn't even use the cache,
but paid the cost for setting it up.
|
|
At least for JDK/JRE 8, these directories contain `.jar` files with
classes that may need to be instrumented.
|
|
|
|
Add support for dictionaries in fuzz tests
This adds dictionary support to JUnit fuzz tests via 2 annotations: WithDictionary and WithDictionaryFile that allow dictionaries to be specified either as static arrays of tokens or by referring to a dictionary file. Multiple instances of both annotations are allowed and all values will be merged in the dictionary given to libfuzzer.
---------
Co-authored-by: Fabian Meumertzheim <fabian@meumertzhe.im>
|
|
|
|
|
|
|
|
|
|
StressTest required a lot of memory since it collected all `init` and
`mutate` return values in a list. Instead, cross values off of a short
list for "contains" type checks and use `hashCode()` to stand in for the
actual value in statistical tests.
Verified locally that the test now passes with `--jvmopt=-Xmx512M`.
|
|
The benchmarks in `//tests/benchmarks` show that biasing the size of
subsets of collections of primitives chosen by the mutator to be small
results in much worse performance than a comparable unstructured fuzz
test.
Before this change, 11 out of 15 runs time out with no run limit, the
other ones result in:
```
{
"values": [
11143,
28128,
581194,
4229980
],
"minimum": 11143,
"maximum": 4229980,
"average": 1212611.25,
"median": 304661
}
```
After this change, all runs pass within a limit of 35,000 runs:
```
{
"values": [
887,
1557,
1889,
2557,
3023,
3346,
3517,
6075,
6613,
7991,
9578,
10850,
15583,
23638,
31046
],
"minimum": 887,
"maximum": 31046,
"average": 8543.333333333334,
"median": 6075
}
```
ExperimentalMutatorComplexProtoFuzzer now takes more runs on Linux, but
still less than on other platforms, which seems to indicate that the
Linux seed just happened to be a lucky choice.
|
|
This is a pure refactoring, the value will be used in the follow-up
commit. The function is renamed to reflect that it may no longer
return a biased value.
|
|
This function will be used in a follow-up change to allow collection
mutators to decide how "aggressive" they should be when mutating and
resizing the collection.
|
|
This pepares for follow-up changes which will roughly double the runtime
of this test.
|
|
|
|
This removes the need to have a "version bump" commit before every
release.
|
|
This was missed in #838.
|
|
|
|
If users add custom corpus directories, the first of those will be used
as the generated corpus instead of the default `.cifuzz-corpus`
directory. We now no longer create this directory if it is going to stay
empty because it isn't used as the generated corpus directory.
|
|
|
|
|
|
|
|
rules_jvm_external/maven:MavenPublisher
This is necessary because of https://github.com/bazelbuild/rules_jvm_external/commit/5e9a6d3deafd234b53f40231709487cc7534824b
which is included since https://github.com/CodeIntelligenceTesting/jazzer/commit/f99c2ffbaa263be18550e4bd898528c0c9d9189f
|
|
rules_jvm_external/maven:MavenPublisher as envvars
This is necessary because of https://github.com/bazelbuild/rules_jvm_external/commit/c960c88affa59b9d380a0d56e63a8a27a1a6113
which is included since https://github.com/CodeIntelligenceTesting/jazzer/commit/f99c2ffbaa263be18550e4bd898528c0c9d9189f
|
|
This splits up the release pipeline into a pre-release pipeline and a
release pipeline.
The prerelease pipeline, in addition to creating the release builds
also:
- Uploads the artifacts to maven
- Creates a draft release on Github
The release pipeline now:
- Runs as soon as the draft release on Github is released
- Pushes the docker images to Docker Hub
|
|
This is a temporary reversal of the breaking change in
1ca007d04325014d4fa0e48d239745f3ecc8fbcf until we support
`TestInstancePostProcessor`s.
|
|
|
|
This removes the classes from generated javadocs.
|
|
By using a new `javadoc` attribute, we can build the javadocs offline
and in a single step.
|
|
Our patches have been merged.
|
|
This can be used to create custom reusable variants of `@FuzzTest`.
|