1 /* 2 * Copyright 2021 Code Intelligence GmbH 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <jni.h> 20 21 #include <string> 22 23 #include "jvm_tooling.h" 24 25 namespace jazzer { 26 27 // The members of this struct are only accessed by libFuzzer. 28 struct __attribute__((packed)) PCTableEntry { 29 [[maybe_unused]] uintptr_t PC, PCFlags; 30 }; 31 32 // CoverageTracker registers an array of 8-bit coverage counters with 33 // libFuzzer. The array is backed by a MappedByteBuffer on the Java 34 // side, where it is populated with the actual coverage information. 35 class CoverageTracker : public ExceptionPrinter { 36 private: 37 static uint8_t *counters_; 38 39 static uint32_t *fake_instructions_; 40 static PCTableEntry *pc_entries_; 41 42 static void JNICALL RegisterNewCoverageCounters(JNIEnv &env, jclass cls); 43 44 public: 45 static void Setup(JNIEnv &env); 46 // Clears the coverage counters array manually. It is cleared automatically 47 // by libFuzzer prior to running the fuzz target, so this function is only 48 // used in tests. 49 static void Clear(); 50 51 // Returns the address of the coverage counters array. 52 static uint8_t *GetCoverageCounters(); 53 54 static void RecordInitialCoverage(JNIEnv &env); 55 static void ReplayInitialCoverage(JNIEnv &env); 56 static std::string ComputeCoverage(JNIEnv &env); 57 }; 58 } // namespace jazzer 59