Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add fuzzing hooks for clojure stdlib functions #805

Merged
merged 5 commits into from
Aug 3, 2023
Merged

Add fuzzing hooks for clojure stdlib functions #805

merged 5 commits into from
Aug 3, 2023

Conversation

zgtm
Copy link
Member

@zgtm zgtm commented Jul 24, 2023
edited
Loading

This PR adds the capability to hook functions written in clojure.

Since calling clojure functions just calles the general clojure.lang.IFn.invoke(), we don't know what function we're dealing with when hooking this function call.

In order to know the function name, we also hook the call to clojure.lang.Var.getRawRoot() call, which does return information about the function name (at least for non-anonymous functions). We mark the functions objects we're interested in, by adding them to a WeakHashMap markedObjects and looking them up on clojure.lang.IFn.invoke().

@zgtm zgtm force-pushed the FUZZ-716-clojure-stdlib-hooks branch from 2938571 to 34d6210 Compare July 24, 2023 14:51
@fmeum
Copy link
Contributor

fmeum commented Jul 24, 2023
edited
Loading

From the perspective of maintenance, it would be great if you could, now that we see the hooks work, port them over to use only the public API for hooks and move them to the sanitizers directory.

If any public API is missing (e.g. for integer compares), let's add it in a separate commit.

@zgtm zgtm force-pushed the FUZZ-716-clojure-stdlib-hooks branch 3 times, most recently from d4809ab to e3b816d Compare July 24, 2023 16:38
@zgtm
Copy link
Member Author

zgtm commented Jul 24, 2023

From the perspective of maintenance, it would be great if you could, now that we see the hooks work, port them over to use only the public API for hooks and move them to the sanitizers directory.

If any public API is missing (e.g. for integer compares), let's add it in a separate commit.

Yes, I'll try to do that!

For the integer comparisons I did not write any new hooks, but just used existing ones. Should those still be copied to sanitizers/ or can they stay where they are right now?

@zgtm zgtm requested a review from a team July 24, 2023 16:51
fmeum
fmeum reviewed Jul 25, 2023
View reviewed changes
src/main/java/com/code_intelligence/jazzer/runtime/TraceCmpHooks.java Outdated Show resolved Hide resolved
src/main/java/com/code_intelligence/jazzer/runtime/TraceCmpHooks.java Outdated Show resolved Hide resolved
src/main/java/com/code_intelligence/jazzer/runtime/TraceDivHooks.java Outdated Show resolved Hide resolved
src/main/java/com/code_intelligence/jazzer/runtime/ClojureLangHooks.java Outdated Show resolved Hide resolved
src/main/java/com/code_intelligence/jazzer/runtime/ClojureLangHooks.java Outdated Show resolved Hide resolved
src/main/java/com/code_intelligence/jazzer/runtime/ClojureLangHooks.java Outdated Show resolved Hide resolved
src/main/java/com/code_intelligence/jazzer/runtime/ClojureLangHooks.java Outdated Show resolved Hide resolved
@zgtm
Copy link
Member Author

zgtm commented Aug 1, 2023

@fmeum I've still kept most of the clojure hooks in TraceCmpHooks, even though they are now their own functions, because they are so similar to the existing hooks. Are you on board with that?

@zgtm zgtm requested review from fmeum and a team August 1, 2023 16:10
@zgtm zgtm force-pushed the FUZZ-716-clojure-stdlib-hooks branch 2 times, most recently from 4d999ce to c20da69 Compare August 3, 2023 08:55
@zgtm zgtm force-pushed the FUZZ-716-clojure-stdlib-hooks branch 2 times, most recently from 8b05d24 to 6284587 Compare August 3, 2023 10:59
@zgtm
Clojure fuzzing: Hook stdlib functions by marking the functions
17447fd 
This marks the functions objects instead of wrapping them in a
proxy object. Furthermore moves ClojureLangHooks.java from
internal-api-using 'jazzer/runtime' to external-api-using 'sanitizers'
@zgtm
Clojure fuzzing: Add test for numerical comparison functions
a76ca4a
@zgtm
Clojure fuzzing: Add hook for clojure.lang.Util.compare
9671e40
@zgtm zgtm force-pushed the FUZZ-716-clojure-stdlib-hooks branch from 6284587 to 9671e40 Compare August 3, 2023 11:00
@zgtm zgtm enabled auto-merge (rebase) August 3, 2023 11:01
@zgtm zgtm merged commit 020fe88 into main Aug 3, 2023
10 of 12 checks passed
@zgtm zgtm deleted the FUZZ-716-clojure-stdlib-hooks branch August 3, 2023 11:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fmeum fmeum fmeum approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zgtm @fmeum