1 // Copyright 2021 Code Intelligence GmbH 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 import com.google.devtools.build.runfiles.Runfiles; 16 import java.io.File; 17 import java.io.IOException; 18 import java.util.Arrays; 19 import java.util.List; 20 import java.util.Map; 21 import java.util.stream.Collectors; 22 import java.util.stream.Stream; 23 24 public class FuzzTargetTestWrapper { main(String[] args)25 public static void main(String[] args) { 26 String driverActualPath; 27 String jarActualPath; 28 Runfiles runfiles; 29 try { 30 runfiles = Runfiles.create(); 31 driverActualPath = runfiles.rlocation(rlocationPath(args[0])); 32 jarActualPath = runfiles.rlocation(rlocationPath(args[1])); 33 } catch (IOException | ArrayIndexOutOfBoundsException e) { 34 e.printStackTrace(); 35 System.exit(1); 36 return; 37 } 38 39 ProcessBuilder processBuilder = new ProcessBuilder(); 40 Map<String, String> environment = processBuilder.environment(); 41 // Ensure that Jazzer can find its runfiles. 42 environment.putAll(runfiles.getEnvVars()); 43 44 // Crashes will be available as test outputs. These are cleared on the next run, 45 // so this is only useful for examples. 46 String outputDir = System.getenv("TEST_UNDECLARED_OUTPUTS_DIR"); 47 List<String> command = 48 Stream 49 .concat(Stream.of(driverActualPath, String.format("-artifact_prefix=%s/", outputDir), 50 String.format("--reproducer_path=%s", outputDir), "-seed=2735196724", 51 String.format("--cp=%s", jarActualPath)), 52 Arrays.stream(args).skip(2)) 53 .collect(Collectors.toList()); 54 processBuilder.inheritIO(); 55 processBuilder.command(command); 56 57 try { 58 int exitCode = processBuilder.start().waitFor(); 59 // Assert that we either found a crash in Java (exit code 77) or a sanitizer crash (exit code 60 // 76). 61 if (exitCode != 76 && exitCode != 77) { 62 System.exit(3); 63 } 64 String[] outputFiles = new File(outputDir).list(); 65 if (outputFiles == null) { 66 System.exit(4); 67 } 68 // Verify that libFuzzer dumped a crashing input. 69 if (Arrays.stream(outputFiles).noneMatch(name -> name.startsWith("crash-"))) { 70 System.exit(5); 71 } 72 } catch (IOException | InterruptedException e) { 73 e.printStackTrace(); 74 System.exit(2); 75 } 76 System.exit(0); 77 } 78 79 // Turns the result of Bazel's `$(rootpath ...)` into the correct format for rlocation. rlocationPath(String rootpath)80 private static String rlocationPath(String rootpath) { 81 if (rootpath.startsWith("external/")) { 82 return rootpath.substring("external/".length()); 83 } else { 84 return "jazzer/" + rootpath; 85 } 86 } 87 } 88