Add a debug version of the class verifier fuzzer am: e37d995993 am: f0985e0db5

Original change: https://android-review.googlesource.com/c/platform/art/+/3439063 Change-Id: Id99661d93936092f36fbf5341c573ca4b046c3bb Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Santiago Aboy Solanes <solanes@google.com> 2025-01-10 04:41:38 -0800
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2025-01-10 04:41:38 -0800
commit: 7cbe9e8bbdd5e5df075e9b8179cd6bbc314d7760 (patch)
tree: 23330ef7da3db77e36c547f1801cf73a0738dc09
parent: 08634531367b68af0ce4da270f45d8c9c85e3a07 (diff)
parent: f0985e0db515318d32fd0a77abbbfe5486765426 (diff)
2 files changed, 33 insertions, 3 deletions
diff --git a/tools/fuzzer/Android.bp b/tools/fuzzer/Android.bp
index 45c4c4aad0..d74c0f31ad 100644
--- a/tools/fuzzer/Android.bp
+++ b/tools/fuzzer/Android.bp
@@ -66,7 +66,6 @@ cc_defaults {
     srcs: ["libart_verify_classes_fuzzer.cc"],
 
     defaults: [
-        "art_defaults",
         "libart_fuzzer-defaults",
     ],
 
@@ -116,11 +115,25 @@ cc_fuzz {
 }
 
 cc_fuzz {
-    // TODO Add a debug version
     name: "libart_verify_classes_fuzzer",
     defaults: [
-        "libart_verify_classes_fuzzer-defaults",
+        "art_defaults",
         "libart_static_defaults",
+        "libart_verify_classes_fuzzer-defaults",
+    ],
+    // Can not be in defaults due to soong limitations.
+    device_common_corpus: [
+        ":art_runtest_corpus",
+        "class-verifier-corpus/*",
+    ],
+}
+
+cc_fuzz {
+    name: "libart_verify_classes_fuzzerd",
+    defaults: [
+        "art_debug_defaults",
+        "libartd_static_defaults",
+        "libart_verify_classes_fuzzer-defaults",
     ],
     // Can not be in defaults due to soong limitations.
     device_common_corpus: [
diff --git a/tools/fuzzer/libart_verify_classes_fuzzer.cc b/tools/fuzzer/libart_verify_classes_fuzzer.cc
index 13abd7c613..831f29e640 100644
--- a/tools/fuzzer/libart_verify_classes_fuzzer.cc
+++ b/tools/fuzzer/libart_verify_classes_fuzzer.cc
@@ -28,6 +28,7 @@
 #include "jni/java_vm_ext.h"
 #include "noop_compiler_callbacks.h"
 #include "runtime.h"
+#include "runtime_intrinsics.h"
 #include "scoped_thread_state_change-inl.h"
 #include "verifier/class_verifier.h"
 #include "well_known_classes.h"
@@ -138,6 +139,16 @@ extern "C" int LLVMFuzzerInitialize([[maybe_unused]] int* argc, [[maybe_unused]]
 
   art::Thread::Current()->TransitionFromRunnableToSuspended(art::ThreadState::kNative);
 
+  {
+    art::ScopedObjectAccess soa(art::Thread::Current());
+    art::Runtime::Current()->GetClassLinker()->RunEarlyRootClinits(soa.Self());
+    art::InitializeIntrinsics();
+    art::Runtime::Current()->RunRootClinits(soa.Self());
+  }
+
+  // Check for heap corruption before running the fuzzer.
+  art::Runtime::Current()->GetHeap()->VerifyHeap();
+
   // Query the current stack and add it to the global variable. Otherwise LSAN complains about a
   // non-existing leak.
   stack_t ss;
@@ -194,6 +205,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
         soa.Self()->ClearException();
         continue;
       }
+      // TODO(solanes): Figure out why `h_klass->GetDexCache()->GetClassLoader()` is null for
+      // sun.misc.Unsafe.
+      if (h_klass->GetDexCache()->GetClassLoader() == nullptr) {
+        continue;
+      }
+
       h_dex_cache.Assign(h_klass->GetDexCache());
       art::verifier::ClassVerifier::VerifyClass(soa.Self(),
                                                 /* verifier_deps= */ nullptr,
author	Santiago Aboy Solanes <solanes@google.com>	2025-01-10 04:41:38 -0800
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2025-01-10 04:41:38 -0800
commit	7cbe9e8bbdd5e5df075e9b8179cd6bbc314d7760 (patch)
tree	23330ef7da3db77e36c547f1801cf73a0738dc09
parent	08634531367b68af0ce4da270f45d8c9c85e3a07 (diff)
parent	f0985e0db515318d32fd0a77abbbfe5486765426 (diff)