-
Notifications
You must be signed in to change notification settings - Fork 108
/
jvm_requirement.txt
58 lines (53 loc) · 2.66 KB
/
jvm_requirement.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<requirements>
<item>Try as many variations of these inputs as possible.</item>
<item>Try creating the harness as complex as possible.</item>
<item>Try adding some nested loop to invoke the target method for multiple times.</item>
<item>The generated fuzzing harness should be wrapped with the <java_code> tag.</item>
<item>NEVER use any methods from the <code>java.lang.Random</code> class in the generated code.</item>
<item>NEVER use any classes or methods in the <code>java.lang.reflect</code> package in the generated code.</item>
<item>NEVER use the @FuzzTest annotation for specifying the fuzzing method.</item>
<item>Please avoid using any multithreading or multi-processing approach.</item>
<item>Please add import statements for necessary classes, except for classes in the java.lang package.</item>
<item>You MUST create the object before calling the target method.</item>
<item>You MUST catch java.lang.RuntimeException.</item>
<item>Please use {HARNESS_NAME} as the Java class name.</item>
<item>{STATIC_OR_INSTANCE}</item>
{NEED_CLOSE}
<item>You MUST invoke the close method of any resource class objects that implements the java.lang.AutoCloseable interface in the finally block after the target method is invoked.</item>
<item>Do not create new variables with the same names as existing variables.
WRONG:
<code>
public static void testing(int test) {
String test = "Testing";
}
</code></item>
<item>Always create the fuzzing harness from the following templates:
<code>
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
// Other imports
public class {HARNESS_NAME} {
public static void fuzzerInitialize() {
// Initializing objects for fuzzing
}
public static void fuzzerTearDown() {
// Tear down objects after fuzzing
}
public static void fuzzerTestOneInput(FuzzedDataProvider data) {
// Use the FuzzedDataProvider object to generate random data for fuzzing
// Fuzz by invoking the target method with random parameters / objects generated above.
}
}
</code></item>
<item>
Here is a list of classes and their fully qualified name. You must import all classes by their fully qualified name.
For example, if the full qualified name of a class is <code>abc.def.ghi</code>, then you must add an import
statement <code>import abc.def.ghi;</code> in the result code.
Do not import the same class multiple times.
Each item in this list has two attributes, <class_name> tag contains the class name and <full_class_name>
contains the fully qualified name of the given class.
<list>
<item><class_name>FuzzedDataProvider</class_name><full_class_name>com.code_intelligence.jazzer.api.FuzzedDataProvider</full_class_name></item>
{IMPORT_MAPPINGS}
</item>
</list>
</requirements>