Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Paulo Matos
    @pmatos
    By the way, in the bug reports, the ones where we use jinja, where do the variables {{foo}} come from?
    Can I access anything for which I defined in a property decorator?
    Didn't get validation to work properly, getting the very unfortunate backtrace of:
    fuzzer_1  | Exception in <fuzzinator.job.validate_job.ValidateJob object at 0xf5183350>: decorator() missing 1 required positional argument: 'filename'
    fuzzer_1  | Traceback (most recent call last):
    fuzzer_1  |   File "/jscfuzz/venv/lib/python3.7/site-packages/fuzzinator/controller.py", line 413, in _run_job
    fuzzer_1  |     for issue in job.run():
    fuzzer_1  |   File "/jscfuzz/venv/lib/python3.7/site-packages/fuzzinator/job/validate_job.py", line 29, in run
    fuzzer_1  |     _, new_issues = self.validate()
    fuzzer_1  |   File "/jscfuzz/venv/lib/python3.7/site-packages/fuzzinator/job/validate_job.py", line 33, in validate
    fuzzer_1  |     sut_call, sut_call_kwargs = config_get_callable(self.config, 'sut.' + self.sut_name, ['validate_call', 'reduce_call', 'call'])
    fuzzer_1  |   File "/jscfuzz/venv/lib/python3.7/site-packages/fuzzinator/config.py", line 74, in config_get_callable
    fuzzer_1  |     entity = decorator(entity)
    fuzzer_1  |   File "/jscfuzz/venv/lib/python3.7/site-packages/fuzzinator/call/callable_decorator.py", line 32, in __call__
    fuzzer_1  |     return self.decorator(*self.decorator_args, **self.decorator_kwargs)(callable)
    fuzzer_1  | TypeError: decorator() missing 1 required positional argument: 'filename'
    This looks like I am missing filename for validation. But I have no idea why or where it's needed. Is there any way to find more information?
    Renáta Hodován
    @renatahodovan

    Can I access anything for which I defined in a property decorator?

    yes, you can access all of the fields of the issue dicts (including the result of property decorators, stdout, stderr, exit code, etc.)

    Paulo Matos
    @pmatos
    Wonder if you know the best way to deal with execution command line. The command is jsc {options} {test}
    Is there a way in jinja to format that string?
    Renáta Hodován
    @renatahodovan

    This looks like I am missing filename for validation. But I have no idea why or where it's needed. Is there any way to find more information?

    filename is probably missing from the file_writer_decorator:
    https://github.com/renatahodovan/fuzzinator/blob/master/fuzzinator/call/file_writer_decorator.py#L45

    Paulo Matos
    @pmatos
    Currently the report shows that string verbatim, so not very useful.
    Renáta Hodován
    @renatahodovan

    Wonder if you know the best way to deal with execution command line. The command is jsc {options} {test}

    yeah, you can use markdown formatting

    Paulo Matos
    @pmatos
    you mean, instead of jinja, are there any examples of that?
    Renáta Hodován
    @renatahodovan
    nope
    Paulo Matos
    @pmatos
    how would markdown help with formatting the string? Apparently I still need to use the {{ ... }} syntax.
    Renáta Hodován
    @renatahodovan
    I use it in case of jerry since its bugtracker is github which supports markdown, but not for webkit/jsc since bugzilla will ignore this formatting (AFAIK)
    so, where do you want to see the formatting? on the Fuzzinator issue page or on the bugtracker?
    Paulo Matos
    @pmatos
    Ah - I think I know what you mean. I didn't mean format the report with bold, etc. I meant that the string jsc {options} {test} needs to have the options, test variables interpolated with values from the issue.
    Renáta Hodován
    @renatahodovan
    aaahh
    Paulo Matos
    @pmatos
    I meant formatting in terms of 'jsc {options} {test}'.format(options=..., test=...) ...
    that's wrong syntax but i guess you know what i mean.
    Renáta Hodován
    @renatahodovan
    okay, that should be done automatically by fuzzinator if those fields (options, test) are present in your issue dictionary to be displayed
    Paulo Matos
    @pmatos
    humm, that's not happening, though. OK, I will investigate further. thanks.
    Renáta Hodován
    @renatahodovan
    if you change the url of your issue from
    localost:8080/issues/60d20f8d2fc48a39830ae7e7 to localhost:8080/api/issues/60d20f8d2fc48a39830ae7e7/ then you can see the encoded dict (the keys are readable)
    you should check if the referred fields are present
    Paulo Matos
    @pmatos
    ah - that's absolutely awesome trick.
    I was already fumbling with understanding how to access the database... hhehee
    oh - not working...
    404: api not found
    logs show: fuzzer_1 | 404 GET /api/issues/60d43212fb383adcfabcd53f/ (192.168.10.14) 0.98ms
    Paulo Matos
    @pmatos
    Just checked the database directly - so many properties are being saved as BinData. Was this a choice?
    This is the actual issue found overnight straight from the db:
    > db.getCollection('fuzzinator_issues').find({"_id": ObjectId("60d36a61fb383adcfabb70b0")})
    { "_id" : ObjectId("60d36a61fb383adcfabb70b0"), "id" : "SHOULD NEVER BE REACHED  static void WTF::UnsafeVectorOverflow::overflowed()", "sut" : "jsc", "backtrace" : BinData(0,""), "build_command" : BinData(0,"L2pzY2Z1enovanNjMzItZnV6ei9jb25maWdzL2pzYy1idWlsZC5zaCBsaW51eDMyCg=="), "build_name" : BinData(0,"ZGVidWdPcHQgSlNDT25seQo="), "count" : 5, "error_type" : BinData(0,"U0hPVUxEIE5FVkVSIEJFIFJFQUNIRUQ="), "exec_command" : BinData(0,"Li9XZWJLaXRCdWlsZC9EZWJ1Zy9iaW4vanNjIHtvcHRpb25zfSB7dGVzdH0K"), "exit_code" : -6, "file" : BinData(0,"L2pzY2Z1enovd2Via2l0L1dlYktpdEJ1aWxkL0RlYnVnL1dURi9IZWFkZXJzL3d0Zi9WZWN0b3IuaA=="), "filename" : "fuzz-14.js", "first_seen" : ISODate("2021-06-23T17:07:45.456Z"), "function" : BinData(0,"c3RhdGljIHZvaWQgV1RGOjpVbnNhZmVWZWN0b3JPdmVyZmxvdzo6b3ZlcmZsb3dlZCgp"), "fuzzer" : "js-fuzzer", "last_seen" : ISODate("2021-06-24T00:15:36.367Z"), "line" : BinData(0,"NjAx"), "node" : "55a64ea0767a", "options" : "--jitPolicyScale=0 --useConcurrentJIT=0 --returnEarlyFromInfiniteLoopsForFuzzing=1 --earlyReturnFromInfiniteLoopsLimit=1000000 --forceEagerCompilation=1 --useConcurrentGC=0", "platform" : "Linux-5.10.0-0.bpo.7-arm64-aarch64-with-debian-10.9", "reduced" : null, "reported" : "https://gitlab.igalia.com/teams/webkit/jsc-fuzzing/-/issues/26", "stderr" : BinData(0,"U0hPVUxEIE5FVkVSIEJFIFJFQUNIRUQKV2ViS2l0Ly9XZWJLaXRCdWlsZC9EZWJ1Zy9XVEYvSGVhZGVycy93dGYvVmVjdG9yLmgoNjAxKSA6IHN0YXRpYyB2b2lkIFdURjo6VW5zYWZlVmVjdG9yT3ZlcmZsb3c6Om92ZXJmbG93ZWQoKQo="), "stdout" : BinData(0,""), "subconfig" : { "subconfig" : "b00ce2d27" }, "test" : BinData(0,"Ly8gT3JpZ2lu...
    Strangely there's also no backtrace.
    But I don't see a reason for properties to be BinData. Like, build_command, build_name, error_type, etc.
    Renáta Hodován
    @renatahodovan

    oh - not working...

    wow :o what was the original and the modified url you tried?

    btw if you click on Export button and Export as JSON/XML you can download database entry of the issue
    404: api not found
    always fails.
    Renáta Hodován
    @renatahodovan
    remove the / from the end
    it's a typo in my previous comment, sorry
    Paulo Matos
    @pmatos
    wot? it worked. :no_mouth:
    Thanks.
    Renáta Hodován
    @renatahodovan
    my bad
    Paulo Matos
    @pmatos
    No worries, should have tried.
    Oh my, I think because validation is not working, I am getting totally unreliable bugs. Where if I run jsc 3 times, I get 3 different results in stderr. Really hard to reproduce.
    main pmatos@bbox-10-armhf ~/dev/webkit $ WebKitBuild/Debug/bin/jsc ~/test.js
    Failed
    Segmentation fault
    main pmatos@bbox-10-armhf ~/dev/webkit $ WebKitBuild/Debug/bin/jsc ~/test.js
    Failed
    ASSERTION FAILED: index < numBits()
    WTF/Headers/wtf/FastBitVector.h(571) : WTF::FastBitReference WTF::FastBitVector::at(size_t)
    Aborted
    main pmatos@bbox-10-armhf ~/dev/webkit $ WebKitBuild/Debug/bin/jsc ~/test.js
    Failed
    ASSERTION FAILED: from.isCell() && from.asCell()->JSCell::inherits(from.asCell()->vm(), std::remove_pointer<To>::type::info())
    ../../Source/JavaScriptCore/runtime/JSCast.h(55) : To JSC::jsCast(JSC::JSValue) [with To = JSC::JSObject*]
    Aborted
    that's just so I can share my pain... :)
    hehehe
    Renáta Hodován
    @renatahodovan
    I know your pain :P