def process_crash(app_binary, crash_testcase_path, crashes_dir): """Returns the crashing unit in coverage_binary_output.""" crash_filename = os.path.basename(crash_testcase_path) if (crash_filename.startswith('oom-') or crash_filename.startswith('timeout-')): # Don't spend time processing ooms and timeouts as these are # uninteresting crashes anyway. These are also excluded below, but don't # process them in the first place based on filename. return None # Run the crash with sanitizer options set in environment. env = os.environ.copy() sanitizer.set_sanitizer_options(env) command = [ app_binary, '-timeout=%d' % run_coverage.UNIT_TIMEOUT, '-rss_limit_mb=%d' % run_coverage.RSS_LIMIT_MB, crash_testcase_path ] app_binary_dir = os.path.dirname(app_binary) result = new_process.execute(command, env=env, cwd=app_binary_dir, expect_zero=False, kill_children=True, timeout=run_coverage.UNIT_TIMEOUT + 5) if not result.output: # Hang happened, no crash. Bail out. return None # Process the crash stacktrace from output. fuzz_target = os.path.basename(app_binary) stack_parser = stacktraces.StackParser(fuzz_target=fuzz_target, symbolized=True, detect_ooms_and_hangs=True, include_ubsan=True) crash_result = stack_parser.parse(result.output) if not crash_result.crash_state: # No crash occurred. Bail out. return None if crash_result.crash_type in ('Timeout', 'Out-of-memory'): # Uninteresting crash types for fuzzer efficacy. Bail out. return None return Crash(crash_testcase=os.path.relpath(crash_testcase_path, crashes_dir), crash_type=_filter_crash_type(crash_result.crash_type), crash_address=crash_result.crash_address, crash_state=_filter_crash_state(crash_result.crash_state), crash_stacktrace=crash_result.crash_stacktrace)
def process_crash(app_binary, crash_testcase_path, crashes_dir): """Returns the crashing unit in coverage_binary_output.""" # Run the crash with sanitizer options set in environment. env = os.environ.copy() sanitizer.set_sanitizer_options(env) command = [ app_binary, '-timeout=%d' % run_coverage.UNIT_TIMEOUT, '-rss_limit_mb=%d' % run_coverage.RSS_LIMIT_MB, crash_testcase_path ] app_binary_dir = os.path.dirname(app_binary) result = new_process.execute(command, env=env, cwd=app_binary_dir, expect_zero=False, kill_children=True, timeout=run_coverage.UNIT_TIMEOUT + 5) if not result.output: # Hang happened, no crash. Bail out. return None # Process the crash stacktrace from output. fuzz_target = os.path.basename(app_binary) stack_parser = stacktraces.StackParser(fuzz_target=fuzz_target, symbolized=True, detect_ooms_and_hangs=True, include_ubsan=True) crash_result = stack_parser.parse(result.output) if not crash_result.crash_state: # No crash occurred. Bail out. return None return Crash(crash_testcase=os.path.relpath(crash_testcase_path, crashes_dir), crash_type=_filter_crash_type(crash_result.crash_type), crash_address=crash_result.crash_address, crash_state=_filter_crash_state(crash_result.crash_state), crash_stacktrace=crash_result.crash_stacktrace)
def get_crash_data(crash_data, symbolize_flag=True, fuzz_target=None, already_symbolized=False, detect_ooms_and_hangs=None) -> stacktraces.CrashInfo: """Get crash parameters from crash data. Crash parameters include crash type, address, state and stacktrace. If the stacktrace is not already symbolized, we will try to symbolize it unless |symbolize| flag is set to False. Symbolized stacktrace will contain inline frames, but we do exclude them for purposes of crash state generation (helps in testcase deduplication).""" # Decide whether to symbolize or not symbolize the input stacktrace. # Note that Fuchsia logs are always symbolized. if symbolize_flag: # Defer imports since stack_symbolizer pulls in a lot of things. from clusterfuzz._internal.crash_analysis.stack_parsing import \ stack_symbolizer crash_stacktrace_with_inlines = stack_symbolizer.symbolize_stacktrace( crash_data, enable_inline_frames=True) crash_stacktrace_without_inlines = stack_symbolizer.symbolize_stacktrace( crash_data, enable_inline_frames=False) else: # We are explicitly indicated to not symbolize using |symbolize_flag|. There # is no distinction between inline and non-inline frames for an unsymbolized # stacktrace. crash_stacktrace_with_inlines = crash_data crash_stacktrace_without_inlines = crash_data # Additional stack frame ignore regexes. custom_stack_frame_ignore_regexes = (local_config.ProjectConfig().get( 'stacktrace.stack_frame_ignore_regexes', [])) if environment.get_value('TASK_NAME') == 'analyze': detect_v8_runtime_errors = True else: detect_v8_runtime_errors = environment.get_value( 'DETECT_V8_RUNTIME_ERRORS', False) fuzz_target = fuzz_target or environment.get_value('FUZZ_TARGET') redzone_size = environment.get_value('REDZONE') if detect_ooms_and_hangs is None: detect_ooms_and_hangs = ( environment.get_value('REPORT_OOMS_AND_HANGS') and (not redzone_size or redzone_size <= MAX_REDZONE_SIZE_FOR_OOMS_AND_HANGS)) include_ubsan = 'halt_on_error=0' not in environment.get_value( 'UBSAN_OPTIONS', '') stack_parser = stacktraces.StackParser( symbolized=symbolize_flag or already_symbolized, detect_ooms_and_hangs=detect_ooms_and_hangs, detect_v8_runtime_errors=detect_v8_runtime_errors, custom_stack_frame_ignore_regexes=custom_stack_frame_ignore_regexes, fuzz_target=fuzz_target, include_ubsan=include_ubsan) result = stack_parser.parse(crash_stacktrace_without_inlines) # Use stacktrace with inlines for the result. if result.crash_stacktrace: result.crash_stacktrace = crash_stacktrace_with_inlines # Linkify Android Kernel or lkl stacktrace. linkify_kernel_or_lkl_stacktrace_if_needed(result) return result