def process_crash(app_binary, crash_testcase_path, crashes_dir):
"""Returns the crashing unit in coverage_binary_output."""
crash_filename = os.path.basename(crash_testcase_path)
if (crash_filename.startswith('oom-')
or crash_filename.startswith('timeout-')):
# Don't spend time processing ooms and timeouts as these are
# uninteresting crashes anyway. These are also excluded below, but don't
# process them in the first place based on filename.
return None
# Run the crash with sanitizer options set in environment.
env = os.environ.copy()
sanitizer.set_sanitizer_options(env)
command = [
app_binary,
'-timeout=%d' % run_coverage.UNIT_TIMEOUT,
'-rss_limit_mb=%d' % run_coverage.RSS_LIMIT_MB, crash_testcase_path
]
app_binary_dir = os.path.dirname(app_binary)
result = new_process.execute(command,
env=env,
cwd=app_binary_dir,
expect_zero=False,
kill_children=True,
timeout=run_coverage.UNIT_TIMEOUT + 5)
if not result.output:
# Hang happened, no crash. Bail out.
return None
# Process the crash stacktrace from output.
fuzz_target = os.path.basename(app_binary)
stack_parser = stacktraces.StackParser(fuzz_target=fuzz_target,
symbolized=True,
detect_ooms_and_hangs=True,
include_ubsan=True)
crash_result = stack_parser.parse(result.output)
if not crash_result.crash_state:
# No crash occurred. Bail out.
return None
if crash_result.crash_type in ('Timeout', 'Out-of-memory'):
# Uninteresting crash types for fuzzer efficacy. Bail out.
return None
return Crash(crash_testcase=os.path.relpath(crash_testcase_path,
crashes_dir),
crash_type=_filter_crash_type(crash_result.crash_type),
crash_address=crash_result.crash_address,
crash_state=_filter_crash_state(crash_result.crash_state),
crash_stacktrace=crash_result.crash_stacktrace)
def process_crash(app_binary, crash_testcase_path, crashes_dir):
"""Returns the crashing unit in coverage_binary_output."""
# Run the crash with sanitizer options set in environment.
env = os.environ.copy()
sanitizer.set_sanitizer_options(env)
command = [
app_binary,
'-timeout=%d' % run_coverage.UNIT_TIMEOUT,
'-rss_limit_mb=%d' % run_coverage.RSS_LIMIT_MB, crash_testcase_path
]
app_binary_dir = os.path.dirname(app_binary)
result = new_process.execute(command,
env=env,
cwd=app_binary_dir,
expect_zero=False,
kill_children=True,
timeout=run_coverage.UNIT_TIMEOUT + 5)
if not result.output:
# Hang happened, no crash. Bail out.
return None
# Process the crash stacktrace from output.
fuzz_target = os.path.basename(app_binary)
stack_parser = stacktraces.StackParser(fuzz_target=fuzz_target,
symbolized=True,
detect_ooms_and_hangs=True,
include_ubsan=True)
crash_result = stack_parser.parse(result.output)
if not crash_result.crash_state:
# No crash occurred. Bail out.
return None
return Crash(crash_testcase=os.path.relpath(crash_testcase_path,
crashes_dir),
crash_type=_filter_crash_type(crash_result.crash_type),
crash_address=crash_result.crash_address,
crash_state=_filter_crash_state(crash_result.crash_state),
crash_stacktrace=crash_result.crash_stacktrace)
def get_crash_data(crash_data,
symbolize_flag=True,
fuzz_target=None,
already_symbolized=False,
detect_ooms_and_hangs=None) -> stacktraces.CrashInfo:
"""Get crash parameters from crash data.
Crash parameters include crash type, address, state and stacktrace.
If the stacktrace is not already symbolized, we will try to symbolize it
unless |symbolize| flag is set to False. Symbolized stacktrace will contain
inline frames, but we do exclude them for purposes of crash state generation
(helps in testcase deduplication)."""
# Decide whether to symbolize or not symbolize the input stacktrace.
# Note that Fuchsia logs are always symbolized.
if symbolize_flag:
# Defer imports since stack_symbolizer pulls in a lot of things.
from clusterfuzz._internal.crash_analysis.stack_parsing import \
stack_symbolizer
crash_stacktrace_with_inlines = stack_symbolizer.symbolize_stacktrace(
crash_data, enable_inline_frames=True)
crash_stacktrace_without_inlines = stack_symbolizer.symbolize_stacktrace(
crash_data, enable_inline_frames=False)
else:
# We are explicitly indicated to not symbolize using |symbolize_flag|. There
# is no distinction between inline and non-inline frames for an unsymbolized
# stacktrace.
crash_stacktrace_with_inlines = crash_data
crash_stacktrace_without_inlines = crash_data
# Additional stack frame ignore regexes.
custom_stack_frame_ignore_regexes = (local_config.ProjectConfig().get(
'stacktrace.stack_frame_ignore_regexes', []))
if environment.get_value('TASK_NAME') == 'analyze':
detect_v8_runtime_errors = True
else:
detect_v8_runtime_errors = environment.get_value(
'DETECT_V8_RUNTIME_ERRORS', False)
fuzz_target = fuzz_target or environment.get_value('FUZZ_TARGET')
redzone_size = environment.get_value('REDZONE')
if detect_ooms_and_hangs is None:
detect_ooms_and_hangs = (
environment.get_value('REPORT_OOMS_AND_HANGS')
and (not redzone_size
or redzone_size <= MAX_REDZONE_SIZE_FOR_OOMS_AND_HANGS))
include_ubsan = 'halt_on_error=0' not in environment.get_value(
'UBSAN_OPTIONS', '')
stack_parser = stacktraces.StackParser(
symbolized=symbolize_flag or already_symbolized,
detect_ooms_and_hangs=detect_ooms_and_hangs,
detect_v8_runtime_errors=detect_v8_runtime_errors,
custom_stack_frame_ignore_regexes=custom_stack_frame_ignore_regexes,
fuzz_target=fuzz_target,
include_ubsan=include_ubsan)
result = stack_parser.parse(crash_stacktrace_without_inlines)
# Use stacktrace with inlines for the result.
if result.crash_stacktrace:
result.crash_stacktrace = crash_stacktrace_with_inlines
# Linkify Android Kernel or lkl stacktrace.
linkify_kernel_or_lkl_stacktrace_if_needed(result)
return result