search

CodeIntelligenceTesting / jazzer

Coverage-guided, in-process fuzzing for the JVM
https://code-intelligence.com
Other
1.03k stars 137 forks source link

Where is the libfuzzer c/c++ source code used by jazzer tag 0.16.1 ? #745

Closed yongxin3344520 closed 1 year ago

yongxin3344520 commented 1 year ago

I downloaded the jazzer(tag 0.16.1) source code in https://github.com/CodeIntelligenceTesting/jazzer/tree/v0.16.1 . I tried using cmake to reorganize the code and compile it into a DLL. I downloaded libffuzeer from https://github.com/llvm/llvm-project/blob/27cc31b64c0491725aa88a6822f0f2a2c18914d7/compiler-rt/lib/fuzzer, but the compiled DLL's running results are different from yours. I think all the big shots must have modified libfuzzer. So where is the libfuzzy c/c++ code you are using? thank you. If it is not publicly available, could you please send a copy to my email (yongxin3344520@gmail.com or 280530171@qq.com) ? Thank you very much.

oetr commented 1 year ago

It should be this: https://github.com/CodeIntelligenceTesting/llvm-project-jazzer/archive/refs/tags/2022-12-07.tar.gz In repositories.bzl, all the way down.

yongxin3344520 commented 1 year ago

@oetr Ok, thank you. But a new problem has arisen: ERROR: Function "LLVMFuzzerInitialize" not defined 。

fmeum commented 1 year ago

@yongxin3344520 It's generally hard for us to debug such errors without clear steps to reproduce them. Since we don't use CMake to build Jazzer, we also may not be able to help with these issues.

yongxin3344520 commented 1 year ago

Ok, ok, thank you ! There are some necessary and unimplemented methods used in jazzer.dll, such as: void __msan_scoped_enable_interceptor_checks() void __msan_unpoison(const volatile void*, size_t size) void __msan_unpoison_param(size_t n) void __sanitizer_purge_allocator() size_t LLVMFuzzerCustomCrossOver (const uint8_t* Data1, size_t Size1, const uint8_t* Data2, size_t Size2, uint8_t* Out, size_t MaxOutSize, unsigned int Seed) __sanitizer_set_death_callback(void (*)(void)) __sanitizer_install_malloc_and_free_hooks(void (*malloc_hook)(const volatile void*, size_t), void (*free_hook)(const volatile void*)) etc.

Where can I find the implementation of these methods ?

fmeum commented 1 year ago

The Jazzer build doesn't mess with any of these methods, so I don't really know why they would be missing. Some of them are related to MemorySanitizer, which isn't linked in by default though - are you sure these methods are really required and not just undefined symbols that libFuzzer checks for at runtime?