search

bazel-contrib / rules_fuzzing

Bazel Starlark extensions for defining fuzz tests in Bazel projects
Apache License 2.0
87 stars 20 forks source link

Default Java Fuzzer Example Fails #235

Closed asudhak closed 1 year ago

asudhak commented 1 year ago

Expected Behavior

A straightforward fuzzing run from the example from the docs must succeed

Actual Behavior

It fails with the following error when trying to run the simple Java Fuzzer.

ERROR: Projects/fuzz-sample/BUILD:3:15: in java_binary rule //:JavaFuzzTest_metadata_: need at least one of 'main_class' or Java source files
ERROR: Projects/fuzz-sample/BUILD:3:15: in java_binary rule //:JavaFuzzTest_metadata_: main_class was not provided and cannot be inferred: source path doesn't include a known root (java, javatests, src, testsrc)
ERROR: Projects/fuzz-sample/BUILD:3:15: Analysis of target '//:JavaFuzzTest_metadata_' failed
ERROR: Analysis of target '//:JavaFuzzTest_run' failed; build aborted:
INFO: Elapsed time: 13.079s
INFO: 0 processes.
FAILED: Build did NOT complete successfully (72 packages loaded, 1459 targets configured)
ERROR: Build failed. Not running target

BUILD

load("@rules_fuzzing//fuzzing:java_defs.bzl", "java_fuzz_test")

java_fuzz_test(
    name = "JavaFuzzTest",
    srcs = ["src/com/example/JavaFuzzTest.java"],
    # target_class is not needed if using the Maven directory layout.
    # target_class = "com.example.JavaFuzzTest",
)

Steps to Reproduce the Problem

  1. Follow instructions from https://github.com/bazelbuild/rules_fuzzing#java-fuzzing
  2. Run bazel run --config=jazzer //:JavaFuzzTest_run

Specifications

fmeum commented 1 year ago

@asudhak Could you check whether this is fixed by https://github.com/bazelbuild/rules_fuzzing/pull/236?

asudhak commented 1 year ago

@fmeum that seems to have worked. I'm able to run the bazel target as defined in the docs.

However, on a side note, the behavior is very different from running ./jazzer <java target> . let me know if you prefer to track it separately. Am I missing some configuration here ?

➜  fuzz-sample bazel run --config=jazzer //:JavaFuzzTest
INFO: Analyzed target //:JavaFuzzTest (0 packages loaded, 0 targets configured).
INFO: Found 1 target...
Target //:JavaFuzzTest up-to-date:
  bazel-bin/JavaFuzzTest
INFO: Elapsed time: 0.143s, Critical Path: 0.00s
INFO: 1 process: 1 internal.
INFO: Build completed successfully, 1 total action
INFO: Running command line: external/bazel_tools/tools/test/test-setup.sh ./JavaFuzzTest
exec ${PAGER:-/usr/bin/less} "$0" || exit 1
Executing tests from //:JavaFuzzTest
-----------------------------------------------------------------------------
OpenJDK 64-Bit Server VM warning: -XX:+CriticalJNINatives not supported in this VM
INFO: Loaded 165 hooks from com.code_intelligence.jazzer.runtime.TraceCmpHooks
INFO: Loaded 5 hooks from com.code_intelligence.jazzer.runtime.TraceDivHooks
INFO: Loaded 2 hooks from com.code_intelligence.jazzer.runtime.TraceIndirHooks
INFO: Loaded 4 hooks from com.code_intelligence.jazzer.runtime.NativeLibHooks
INFO: Loaded 2 hooks from com.code_intelligence.jazzer.sanitizers.ClojureLangHooks
INFO: Loaded 5 hooks from com.code_intelligence.jazzer.sanitizers.Deserialization
INFO: Loaded 5 hooks from com.code_intelligence.jazzer.sanitizers.ExpressionLanguageInjection
INFO: Loaded 70 hooks from com.code_intelligence.jazzer.sanitizers.LdapInjection
INFO: Loaded 46 hooks from com.code_intelligence.jazzer.sanitizers.NamingContextLookup
INFO: Loaded 1 hooks from com.code_intelligence.jazzer.sanitizers.OsCommandInjection
INFO: Loaded 52 hooks from com.code_intelligence.jazzer.sanitizers.ReflectiveCall
INFO: Loaded 8 hooks from com.code_intelligence.jazzer.sanitizers.RegexInjection
INFO: Loaded 16 hooks from com.code_intelligence.jazzer.sanitizers.RegexRoadblocks
INFO: Loaded 18 hooks from com.code_intelligence.jazzer.sanitizers.ScriptEngineInjection
INFO: Loaded 2 hooks from com.code_intelligence.jazzer.sanitizers.ServerSideRequestForgery
INFO: Loaded 19 hooks from com.code_intelligence.jazzer.sanitizers.SqlInjection
INFO: Loaded 6 hooks from com.code_intelligence.jazzer.sanitizers.XPathInjection
INFO: Instrumented com.example.JavaFuzzTest (took 222 ms, size +38%)
INFO: using inputs from: JavaFuzzTest_corpus
INFO: found LLVMFuzzerCustomMutator (0x12c3627f0). Disabling -len_control by default.
INFO: libFuzzer ignores flags that start with '--'
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 2743712849
INFO: Loaded 1 modules   (512 inline 8-bit counters): 512 [0x1580e8000, 0x1580e8200), 
INFO: Loaded 1 PC tables (512 PCs): 512 [0x13d319c00,0x13d31bc00), 
INFO:        0 files found in JavaFuzzTest_corpus
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
Starting the fuzz test
0
INFO: A corpus is not provided, starting from an empty corpus
Starting the fuzz test
1
#2      INITED cov: 3 ft: 3 corp: 1/1b exec/s: 0 rss: 870Mb
#2      DONE   cov: 3 ft: 3 corp: 1/1b lim: 4 exec/s: 0 rss: 870Mb
Done 2 runs in 0 second(s)

This is the fuzz target from the example which is pretty straightforward and yields the assertion properly when you run it with the jazzer binary, but not via bazel.


public class JavaFuzzTest {
    public static void fuzzerTestOneInput(byte[] data) {
        System.out.println("Starting the fuzz test");
        System.out.println(data.length);

        if (data.length >= 3 && data[0] == 'F' && data[1] == 'U' &&
            data[2] == 'Z' && data[data.length] == 'Z') {
            throw new IllegalStateException(
                "ArrayIndexOutOfBoundException thrown above");
        }
    }
}
asudhak commented 1 year ago

Ignore the above comment, I used the wrong target. works as expected with the change.

fmeum commented 1 year ago

Ignore the above comment, I used the wrong target. works as expected with the change.

Just for the sake of posterity: You need to bazel run //:JavaFuzzTest_run. Glad that you figured it out!