package com.code_intelligence.jazzer.driver;

import com.code_intelligence.jazzer.api.FuzzedDataProvider;
import com.code_intelligence.jazzer.autofuzz.FuzzTarget;
import com.code_intelligence.jazzer.driver.FuzzTargetHolder;
import com.code_intelligence.jazzer.instrumentor.CoverageRecorder;
import com.code_intelligence.jazzer.mutation.ArgumentsMutator;
import com.code_intelligence.jazzer.runtime.FuzzTargetRunnerNatives;
import com.code_intelligence.jazzer.runtime.JazzerInternal;
import com.code_intelligence.jazzer.utils.Log;
import com.code_intelligence.jazzer.utils.UnsafeProvider;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import sun.misc.Unsafe;

/* loaded from: input_file:com/code_intelligence/jazzer/driver/FuzzTargetRunner.class */
public final class FuzzTargetRunner {
    private static final String OPENTEST4J_TEST_ABORTED_EXCEPTION = "org.opentest4j.TestAbortedException";
    private static final Unsafe UNSAFE;
    private static final long BYTE_ARRAY_OFFSET;
    private static final int LIBFUZZER_CONTINUE = 0;
    private static final int LIBFUZZER_RETURN_FROM_DRIVER = -2;
    private static final Set<Long> ignoredTokens;
    private static final boolean useMutatorFramework;
    private static final boolean optimizeMergeInner;
    private static final boolean useHooks;
    private static final boolean emitDedupToken;
    private static final long keepGoing;
    private static final long crossOverFrequency;
    private static final FuzzedDataProviderImpl fuzzedDataProvider;
    private static final MethodHandle fuzzTargetMethod;
    private static final LifecycleMethodsInvoker lifecycleMethodsInvoker;
    private static final boolean useFuzzedDataProvider;
    private static final ArgumentsMutator mutator;
    private static final ReproducerTemplate reproducerTemplate;
    private static Consumer<Throwable> fatalFindingHandlerForJUnit;
    private static long crossOverCount;
    static final /* synthetic */ boolean $assertionsDisabled;

    static int runOne(byte[] bArr) {
        long allocateMemory = UNSAFE.allocateMemory(bArr.length);
        UNSAFE.copyMemory(bArr, BYTE_ARRAY_OFFSET, (Object) null, allocateMemory, bArr.length);
        try {
            int runOne = runOne(allocateMemory, bArr.length);
            UNSAFE.freeMemory(allocateMemory);
            return runOne;
        } catch (Throwable th) {
            UNSAFE.freeMemory(allocateMemory);
            throw th;
        }
    }

    private static int runOne(long j, int i) {
        byte[] copyToArray;
        Object obj;
        Throwable th = null;
        if (useMutatorFramework) {
            mutator.read(new ByteArrayInputStream(copyToArray(j, i)));
            copyToArray = null;
            obj = null;
        } else if (useFuzzedDataProvider) {
            fuzzedDataProvider.setNativeData(j, i);
            copyToArray = null;
            obj = fuzzedDataProvider;
        } else {
            copyToArray = copyToArray(j, i);
            obj = copyToArray;
        }
        try {
            lifecycleMethodsInvoker.beforeEachExecution();
        } catch (Throwable th2) {
            th = th2;
        }
        try {
            if (th == null) {
                try {
                    Object testClassInstance = lifecycleMethodsInvoker.getTestClassInstance();
                    if (useMutatorFramework) {
                        mutator.invoke(testClassInstance, false);
                    } else if (testClassInstance == null) {
                        (void) fuzzTargetMethod.invoke(obj);
                    } else {
                        (void) fuzzTargetMethod.invoke(testClassInstance, obj);
                    }
                    if (useMutatorFramework) {
                        mutator.finishFuzzingIteration();
                    }
                    try {
                        lifecycleMethodsInvoker.afterEachExecution();
                    } catch (Throwable th3) {
                        if (th != null) {
                            Log.warn("Failed to run lifecycle method", th3);
                        } else {
                            th = th3;
                        }
                    }
                } catch (Throwable th4) {
                    th = th4;
                    if (useMutatorFramework) {
                        mutator.finishFuzzingIteration();
                    }
                    try {
                        lifecycleMethodsInvoker.afterEachExecution();
                    } catch (Throwable th5) {
                        if (th != null) {
                            Log.warn("Failed to run lifecycle method", th5);
                        } else {
                            th = th5;
                        }
                    }
                }
            }
            if (optimizeMergeInner) {
                return 0;
            }
            if (JazzerInternal.lastFinding != null) {
                th = JazzerInternal.lastFinding;
                JazzerInternal.lastFinding = null;
            }
            if (th == null || th.getClass().getName().equals(OPENTEST4J_TEST_ABORTED_EXCEPTION)) {
                return 0;
            }
            temporarilyDisableLibfuzzerExitHook();
            if (useHooks) {
                th = ExceptionUtils.preprocessThrowable(th);
            }
            long computeDedupToken = emitDedupToken ? ExceptionUtils.computeDedupToken(th) : 0L;
            if (emitDedupToken && !ignoredTokens.add(Long.valueOf(computeDedupToken))) {
                return 0;
            }
            boolean z = emitDedupToken && (keepGoing == 0 || Long.compareUnsigned((long) ignoredTokens.size(), keepGoing) < 0);
            boolean z2 = fatalFindingHandlerForJUnit == null || Opt.isJUnitAndCommandLine.get().booleanValue();
            if (z2 || z) {
                Log.finding(th);
            }
            if (fatalFindingHandlerForJUnit != null && !z) {
                fatalFindingHandlerForJUnit.accept(th);
            }
            if (emitDedupToken) {
                Log.structuredOutput(String.format(Locale.ROOT, "DEDUP_TOKEN: %016x", Long.valueOf(computeDedupToken)));
            }
            if (z2) {
                Log.println("== libFuzzer crashing input ==");
            }
            printAndDumpCrashingInput();
            if (fatalFindingHandlerForJUnit == null && !useMutatorFramework) {
                dumpReproducer(copyToArray);
            }
            if (z) {
                return 0;
            }
            if (!Opt.autofuzz.get().isEmpty() && emitDedupToken) {
                Log.println("");
                Log.info(String.format("To continue fuzzing past this particular finding, rerun with the following additional argument:%n%n    --ignore=%s%n%nTo ignore all findings of this kind, rerun with the following additional argument:%n%n    --autofuzz_ignore=%s", ignoredTokens.stream().map(l -> {
                    return Long.toUnsignedString(l.longValue(), 16);
                }).collect(Collectors.joining(",")), Stream.concat(Opt.autofuzzIgnore.get().stream(), Stream.of(th.getClass().getName())).collect(Collectors.joining(","))));
            }
            if (fatalFindingHandlerForJUnit != null) {
                return LIBFUZZER_RETURN_FROM_DRIVER;
            }
            System.exit(77);
            return 0;
        } catch (Throwable th6) {
            if (useMutatorFramework) {
                mutator.finishFuzzingIteration();
            }
            try {
                lifecycleMethodsInvoker.afterEachExecution();
            } catch (Throwable th7) {
                if (th != null) {
                    Log.warn("Failed to run lifecycle method", th7);
                }
            }
            throw th6;
        }
    }

    private static int mutateOne(long j, int i, int i2, int i3) {
        mutate(j, i, i3);
        return writeToMemory(mutator, j, i2);
    }

    private static void mutate(long j, int i, int i2) {
        if (i == 1 && UNSAFE.getByte(j) == 10) {
            mutator.init(i2);
        } else {
            mutator.read(new ByteArrayInputStream(copyToArray(j, i)));
            mutator.mutate(i2);
        }
    }

    private static int crossOver(long j, int i, long j2, int i2, long j3, int i3, int i4) {
        if (crossOverFrequency != 0) {
            long j4 = crossOverCount;
            crossOverCount = j4 + 1;
            if (j4 % crossOverFrequency == 0) {
                mutator.crossOver(new ByteArrayInputStream(copyToArray(j, i)), new ByteArrayInputStream(copyToArray(j2, i2)), i4);
                return writeToMemory(mutator, j3, i3);
            }
        }
        mutate(j, i, i4);
        return writeToMemory(mutator, j3, i3);
    }

    private static int writeToMemory(ArgumentsMutator argumentsMutator, long j, int i) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        argumentsMutator.write(byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        int min = Math.min(byteArray.length, i);
        UNSAFE.copyMemory(byteArray, BYTE_ARRAY_OFFSET, (Object) null, j, min);
        return min;
    }

    public static int startLibFuzzer(List<String> list) {
        if (!useMutatorFramework) {
            list = new ArrayList(list);
            list.add("-len_control=100");
        }
        for (String str : list.subList(1, list.size())) {
            if (!str.startsWith("-")) {
                Log.info("using inputs from: " + str);
            }
        }
        if (!com.code_intelligence.jazzer.runtime.Constants.IS_ANDROID) {
            SignalHandler.initialize();
        }
        return startLibFuzzer((byte[][]) list.stream().map(str2 -> {
            return str2.getBytes(StandardCharsets.UTF_8);
        }).toArray(i -> {
            return new byte[i];
        }));
    }

    public static void registerFatalFindingHandlerForJUnit(Consumer<Throwable> consumer) {
        fatalFindingHandlerForJUnit = (Consumer) Objects.requireNonNull(consumer);
    }

    private static void shutdown() {
        if (!Opt.coverageDump.get().isEmpty() || !Opt.coverageReport.get().isEmpty()) {
            if (!Opt.coverageDump.get().isEmpty()) {
                CoverageRecorder.dumpJacocoCoverage(Opt.coverageDump.get());
            }
            if (!Opt.coverageReport.get().isEmpty()) {
                CoverageRecorder.dumpCoverageReport(Opt.coverageReport.get());
            }
        }
        try {
            lifecycleMethodsInvoker.afterLastExecution();
        } catch (Throwable th) {
            Log.finding(th);
            System.exit(77);
        }
    }

    private static void dumpReproducer(byte[] bArr) {
        String encodeToString;
        if (bArr == null) {
            if (!$assertionsDisabled && !useFuzzedDataProvider) {
                throw new AssertionError();
            }
            fuzzedDataProvider.reset();
            bArr = fuzzedDataProvider.consumeRemainingAsBytes();
        }
        try {
            String hexString = toHexString(MessageDigest.getInstance("SHA-1").digest(bArr));
            if (!Opt.autofuzz.get().isEmpty()) {
                fuzzedDataProvider.reset();
                FuzzTarget.dumpReproducer(fuzzedDataProvider, Opt.reproducerPath.get(), hexString);
                return;
            }
            if (useFuzzedDataProvider) {
                fuzzedDataProvider.reset();
                FuzzedDataProvider makeFuzzedDataProviderProxy = RecordingFuzzedDataProvider.makeFuzzedDataProviderProxy(fuzzedDataProvider);
                try {
                    (void) fuzzTargetMethod.invokeExact(makeFuzzedDataProviderProxy);
                    if (JazzerInternal.lastFinding == null) {
                        Log.warn("Failed to reproduce crash when rerunning with recorder");
                    }
                } catch (Throwable th) {
                }
                try {
                    encodeToString = RecordingFuzzedDataProvider.serializeFuzzedDataProviderProxy(makeFuzzedDataProviderProxy);
                } catch (IOException e) {
                    Log.error("Failed to create reproducer", e);
                    System.exit(1);
                    throw new IllegalStateException("Not reached");
                }
            } else {
                encodeToString = Base64.getEncoder().encodeToString(bArr);
            }
            reproducerTemplate.dumpReproducer(encodeToString, hexString);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("SHA-1 not available", e2);
        }
    }

    private static String toHexString(byte[] bArr) {
        String bigInteger = new BigInteger(1, bArr).toString(16);
        return String.join("", Collections.nCopies((2 * bArr.length) - bigInteger.length(), "0")) + bigInteger;
    }

    private static void dumpAllStackTraces() {
        ExceptionUtils.dumpAllStackTraces();
    }

    private static byte[] copyToArray(long j, int i) {
        byte[] bArr = new byte[i];
        UNSAFE.copyMemory((Object) null, j, bArr, BYTE_ARRAY_OFFSET, i);
        return bArr;
    }

    private static int startLibFuzzer(byte[][] bArr) {
        return FuzzTargetRunnerNatives.startLibFuzzer(bArr, FuzzTargetRunner.class, useMutatorFramework);
    }

    public static void printAndDumpCrashingInput() {
        FuzzTargetRunnerNatives.printAndDumpCrashingInput();
    }

    public static String mutatorDebugString() {
        if (mutator != null) {
            return mutator.toString();
        }
        return null;
    }

    private static void temporarilyDisableLibfuzzerExitHook() {
        FuzzTargetRunnerNatives.temporarilyDisableLibfuzzerExitHook();
    }

    static {
        $assertionsDisabled = !FuzzTargetRunner.class.desiredAssertionStatus();
        if (!Opt.autofuzz.get().isEmpty()) {
            if (!Opt.targetClass.get().isEmpty()) {
                Log.error("--target_class and --autofuzz cannot be specified together");
                System.exit(1);
            }
            if (!Opt.targetArgs.setIfDefault(Collections.unmodifiableList((List) Stream.concat(Stream.of(Opt.autofuzz.get()), Opt.autofuzzIgnore.get().stream()).collect(Collectors.toList())))) {
                Log.error("--target_args and --autofuzz cannot be specified together");
                System.exit(1);
            }
        } else if (!Opt.autofuzzIgnore.get().isEmpty()) {
            Log.error("--autofuzz_ignore requires --autofuzz");
            System.exit(1);
        }
        Opt.dedup.setIfDefault(Opt.hooks.get());
        if ((!Opt.ignore.get().isEmpty() || Opt.keepGoing.get().longValue() > 1) && !Opt.dedup.get().booleanValue()) {
            Log.error("--nodedup is not supported with --ignore or --keep_going");
            System.exit(1);
        }
        UNSAFE = UnsafeProvider.getUnsafe();
        BYTE_ARRAY_OFFSET = UNSAFE.arrayBaseOffset(byte[].class);
        ignoredTokens = (Set) Opt.ignore.get().stream().map(str -> {
            return Long.valueOf(Long.parseUnsignedLong(str, 16));
        }).collect(Collectors.toCollection(HashSet::new));
        optimizeMergeInner = Opt.mergeInner.get().booleanValue();
        useHooks = Opt.hooks.get().booleanValue();
        emitDedupToken = Opt.dedup.get().booleanValue();
        keepGoing = Opt.keepGoing.get().longValue();
        crossOverFrequency = Opt.mutatorCrossOverFrequency.get().longValue();
        fuzzedDataProvider = FuzzedDataProviderImpl.withNativeData();
        FuzzTargetHolder.FuzzTarget fuzzTarget = FuzzTargetHolder.fuzzTarget;
        lifecycleMethodsInvoker = fuzzTarget.lifecycleMethodsInvoker;
        fuzzTarget.method.setAccessible(true);
        try {
            fuzzTargetMethod = MethodHandles.lookup().unreflect(fuzzTarget.method);
            useMutatorFramework = Opt.mutatorFramework.get().booleanValue() && Opt.autofuzz.get().isEmpty() && !fuzzTarget.usesPrimitiveByteArray() && !fuzzTarget.usesFuzzedDataProvider();
            useFuzzedDataProvider = fuzzTarget.usesFuzzedDataProvider();
            if (!useFuzzedDataProvider && com.code_intelligence.jazzer.runtime.Constants.IS_ANDROID) {
                Log.error("Android fuzz targets must use " + FuzzedDataProvider.class.getName());
                System.exit(1);
            }
            Class<?> declaringClass = fuzzTarget.method.getDeclaringClass();
            reproducerTemplate = new ReproducerTemplate(declaringClass.getName(), useFuzzedDataProvider);
            JazzerInternal.onFuzzTargetReady(declaringClass.getName());
            try {
                lifecycleMethodsInvoker.beforeFirstExecution();
            } catch (Throwable th) {
                Log.finding(ExceptionUtils.preprocessThrowable(th));
                System.exit(1);
            }
            if (useMutatorFramework) {
                mutator = ArgumentsMutator.forMethodOrThrow(fuzzTarget.method);
                Log.info("Using mutator: " + mutator);
            } else {
                mutator = null;
            }
            if (useHooks) {
                CoverageRecorder.updateCoveredIdsWithCoverageMap();
            }
            Runtime.getRuntime().addShutdownHook(new Thread(FuzzTargetRunner::shutdown));
            crossOverCount = 0L;
        } catch (IllegalAccessException e) {
            throw new IllegalStateException(e);
        }
    }
}
