Are you seeing error from the DEBUGGER_TARGET_START Code and Crashes with Process... [reason]
if (status != DEBUGGER_TARGET_START) {
switch (status) {
case DEBUGGER_CRASHED:
FATAL("Process crashed before reaching the target method\n");
break;
case DEBUGGER_HANGED:
FATAL("Process hanged before reaching the target method\n");
break;
case DEBUGGER_PROCESS_EXIT:
FATAL("Process exited before reaching the target method\n");
break;
default:
FATAL("An unknown problem occured before reaching the target method\n");
break;
}
}
Runtime Example
You've been running the Example Code from Google, or my Examples in this Repo, and you're seeing something like:
PROGRAM ABORT
Discussion & Analysis
Whether a specific target function is defined or not changes the behavior of the fuzzing process in Jackalope.
These changes includes how the fuzzing iterations are handled, when to clear coverage data, and how timeouts are managed.
The presence of a specific target function is a targeted fuzzing approach, as opposed to a broader, more general fuzzing strategy as shown in the Example Code.
The presence or absence of a defined target function influences the behavior of the fuzzing process. This is seen in the conditional checks like if (instrumentation->IsTargetFunctionDefined()).
lldb example
(lldb) thread step-out
[-] PROGRAM ABORT : No interesting input files
Location : SynchronizeAndGetJob(), /Users/xss/Jackalope-main/fuzzer.cpp:630
==85083==AddressSanitizer Init done
test_imageio(85083,0x7ff85cd9ab40) malloc: nano zone abandoned due to inability to reserve vm space.
==85078==SetCurrentThread: 0x000100cfa000 for thread 0x7ff85cd9ab40
==85078==T0: FakeStack created: 0x000102990000 -- 0x000103499000 stack_size_log: 20; mmapped 11300K, noreserve=0
==85078==T0: stack [0x7ff7beab8000,0x7ff7bf2b8000) size 0x800000; local=0x7ff7bf2b4948
AddressSanitizer: parsing ''
==85078==Checking file existence is not allowed under sandbox.
==85078==Checking file existence is not allowed under sandbox.
==85078==Checking file existence is not allowed under sandbox.
==85078==Checking file existence is not allowed under sandbox.
==85078==Using atos found at: /usr/bin/atos
==85078==Using dladdr symbolizer.
==85078==AddressSanitizer Init done
test_imageio(85078,0x7ff85cd9ab40) malloc: nano zone abandoned due to inability to reserve vm space.
Error creating bitmap context
Error creating bitmap context
Error creating bitmap context
Error creating bitmap context
Error creating bitmap context
Error creating bitmap context
[-] PROGRAM ABORT : Process exited before reaching the target method
Location : Run(), /Users/xss/Jackalope-main/tinyinstinstrumentation.cpp:83
Potential Workarounds
Reduce the Number of Threads
Increase the Timeout from -t1 to -t3... -t5 etc
Those Errors will be Hit unless you Target Functions
Target Function and gain further Guided Code Coverage
Runtime Errors
Are you seeing error from the DEBUGGER_TARGET_START Code and Crashes with Process... [reason]
Runtime Example
You've been running the Example Code from Google, or my Examples in this Repo, and you're seeing something like:
Discussion & Analysis
lldb example
Potential Workarounds