Problem Faced While Running Offline-Instrumented Jar Files: java.lang.NoClassDefFoundError: com/code_intelligence/jazzer/runtime/CoverageMap

Hi! I built an experimental class that triggers OS Command Injection sanitizer, similar to OsCommandInjectionRuntimeExec in the exemplar folder of jazzer. 

I am trying to offline-instrument the sanitizers of jazzer to my class and then run the instrumented jar file to see if the OS Command Injection sanitizer can be successfully triggered. 

Here is how I implemented my class: 
```
import java.util.concurrent.TimeUnit;
import static java.lang.Runtime.getRuntime;
import java.nio.file.*;
import java.io.IOException;
import java.nio.charset.StandardCharsets;

public class OsCommandInjectionRuntimeExec {
    public static void main(String[] args) {
        Path path = Paths.get("the path to an input file generated previously by jazzer");
        try {
            byte[] fileBytes = Files.readAllBytes(path);
            System.out.println("File read successfully.");
            String fileContent = new String(fileBytes, StandardCharsets.US_ASCII);
            System.out.println("File content as ASCII string:");
            System.out.println(fileContent);
            Process process = getRuntime().exec(fileContent, new String[] {});
            if (!process.waitFor(10, TimeUnit.MILLISECONDS)) {
                process.destroyForcibly();
            }
        } catch (IOException e) {
            e.printStackTrace();
        } catch (Exception ignored) {
            // Ignore execution and setup exceptions
        }
    }
}
```

Here is the script of how I tried to build the instrumented jar and run it: 
```
mvn clean package
jazzer/jazzer --instrument_only=target/jazzer-jqf-test-1.0-SNAPSHOT.jar --dump_classes_dir=/tmp
java -cp jazzer-jqf-test-1.0-SNAPSHOT.instrumented.jar:$(find jazzer -name '*.jar' | tr '\n' ':') OsCommandInjectionRuntimeExec
```

These are the jar files in `$(find jazzer -name '*.jar' | tr '\n' ':')`: 
```
jazzer-0.22.1.jar  jazzer-api-0.22.1.jar  jazzer-junit-0.22.1.jar  jazzer_standalone.jar
```

After I run my script, here is the error message: 
```
Exception in thread "main" java.lang.NoClassDefFoundError: com/code_intelligence/jazzer/runtime/CoverageMap
        at OsCommandInjectionRuntimeExec.main(OsCommandInjectionRuntimeExec.java:25)
Caused by: java.lang.ClassNotFoundException: com.code_intelligence.jazzer.runtime.CoverageMap
        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
        at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:525)
        ... 1 more
```

I am wondering why this class (`com/code_intelligence/jazzer/runtime/CoverageMap`) is not included in `jazzer-0.22.1.jar`. What will be the correct way to run offline-instrumented jar files? 

Thanks!


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!