Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Renáta Hodován
    @renatahodovan
    so, where do you want to see the formatting? on the Fuzzinator issue page or on the bugtracker?
    Paulo Matos
    @pmatos
    Ah - I think I know what you mean. I didn't mean format the report with bold, etc. I meant that the string jsc {options} {test} needs to have the options, test variables interpolated with values from the issue.
    Renáta Hodován
    @renatahodovan
    aaahh
    Paulo Matos
    @pmatos
    I meant formatting in terms of 'jsc {options} {test}'.format(options=..., test=...) ...
    that's wrong syntax but i guess you know what i mean.
    Renáta Hodován
    @renatahodovan
    okay, that should be done automatically by fuzzinator if those fields (options, test) are present in your issue dictionary to be displayed
    Paulo Matos
    @pmatos
    humm, that's not happening, though. OK, I will investigate further. thanks.
    Renáta Hodován
    @renatahodovan
    if you change the url of your issue from
    localost:8080/issues/60d20f8d2fc48a39830ae7e7 to localhost:8080/api/issues/60d20f8d2fc48a39830ae7e7/ then you can see the encoded dict (the keys are readable)
    you should check if the referred fields are present
    Paulo Matos
    @pmatos
    ah - that's absolutely awesome trick.
    I was already fumbling with understanding how to access the database... hhehee
    oh - not working...
    404: api not found
    logs show: fuzzer_1 | 404 GET /api/issues/60d43212fb383adcfabcd53f/ (192.168.10.14) 0.98ms
    Paulo Matos
    @pmatos
    Just checked the database directly - so many properties are being saved as BinData. Was this a choice?
    This is the actual issue found overnight straight from the db:
    > db.getCollection('fuzzinator_issues').find({"_id": ObjectId("60d36a61fb383adcfabb70b0")})
    { "_id" : ObjectId("60d36a61fb383adcfabb70b0"), "id" : "SHOULD NEVER BE REACHED  static void WTF::UnsafeVectorOverflow::overflowed()", "sut" : "jsc", "backtrace" : BinData(0,""), "build_command" : BinData(0,"L2pzY2Z1enovanNjMzItZnV6ei9jb25maWdzL2pzYy1idWlsZC5zaCBsaW51eDMyCg=="), "build_name" : BinData(0,"ZGVidWdPcHQgSlNDT25seQo="), "count" : 5, "error_type" : BinData(0,"U0hPVUxEIE5FVkVSIEJFIFJFQUNIRUQ="), "exec_command" : BinData(0,"Li9XZWJLaXRCdWlsZC9EZWJ1Zy9iaW4vanNjIHtvcHRpb25zfSB7dGVzdH0K"), "exit_code" : -6, "file" : BinData(0,"L2pzY2Z1enovd2Via2l0L1dlYktpdEJ1aWxkL0RlYnVnL1dURi9IZWFkZXJzL3d0Zi9WZWN0b3IuaA=="), "filename" : "fuzz-14.js", "first_seen" : ISODate("2021-06-23T17:07:45.456Z"), "function" : BinData(0,"c3RhdGljIHZvaWQgV1RGOjpVbnNhZmVWZWN0b3JPdmVyZmxvdzo6b3ZlcmZsb3dlZCgp"), "fuzzer" : "js-fuzzer", "last_seen" : ISODate("2021-06-24T00:15:36.367Z"), "line" : BinData(0,"NjAx"), "node" : "55a64ea0767a", "options" : "--jitPolicyScale=0 --useConcurrentJIT=0 --returnEarlyFromInfiniteLoopsForFuzzing=1 --earlyReturnFromInfiniteLoopsLimit=1000000 --forceEagerCompilation=1 --useConcurrentGC=0", "platform" : "Linux-5.10.0-0.bpo.7-arm64-aarch64-with-debian-10.9", "reduced" : null, "reported" : "https://gitlab.igalia.com/teams/webkit/jsc-fuzzing/-/issues/26", "stderr" : BinData(0,"U0hPVUxEIE5FVkVSIEJFIFJFQUNIRUQKV2ViS2l0Ly9XZWJLaXRCdWlsZC9EZWJ1Zy9XVEYvSGVhZGVycy93dGYvVmVjdG9yLmgoNjAxKSA6IHN0YXRpYyB2b2lkIFdURjo6VW5zYWZlVmVjdG9yT3ZlcmZsb3c6Om92ZXJmbG93ZWQoKQo="), "stdout" : BinData(0,""), "subconfig" : { "subconfig" : "b00ce2d27" }, "test" : BinData(0,"Ly8gT3JpZ2lu...
    Strangely there's also no backtrace.
    But I don't see a reason for properties to be BinData. Like, build_command, build_name, error_type, etc.
    Renáta Hodován
    @renatahodovan

    oh - not working...

    wow :o what was the original and the modified url you tried?

    btw if you click on Export button and Export as JSON/XML you can download database entry of the issue
    404: api not found
    always fails.
    Renáta Hodován
    @renatahodovan
    remove the / from the end
    it's a typo in my previous comment, sorry
    Paulo Matos
    @pmatos
    wot? it worked. :no_mouth:
    Thanks.
    Renáta Hodován
    @renatahodovan
    my bad
    Paulo Matos
    @pmatos
    No worries, should have tried.
    Oh my, I think because validation is not working, I am getting totally unreliable bugs. Where if I run jsc 3 times, I get 3 different results in stderr. Really hard to reproduce.
    main pmatos@bbox-10-armhf ~/dev/webkit $ WebKitBuild/Debug/bin/jsc ~/test.js
    Failed
    Segmentation fault
    main pmatos@bbox-10-armhf ~/dev/webkit $ WebKitBuild/Debug/bin/jsc ~/test.js
    Failed
    ASSERTION FAILED: index < numBits()
    WTF/Headers/wtf/FastBitVector.h(571) : WTF::FastBitReference WTF::FastBitVector::at(size_t)
    Aborted
    main pmatos@bbox-10-armhf ~/dev/webkit $ WebKitBuild/Debug/bin/jsc ~/test.js
    Failed
    ASSERTION FAILED: from.isCell() && from.asCell()->JSCell::inherits(from.asCell()->vm(), std::remove_pointer<To>::type::info())
    ../../Source/JavaScriptCore/runtime/JSCast.h(55) : To JSC::jsCast(JSC::JSValue) [with To = JSC::JSObject*]
    Aborted
    that's just so I can share my pain... :)
    hehehe
    Renáta Hodován
    @renatahodovan
    I know your pain :P
    Paulo Matos
    @pmatos
    I feel better already. :)
    Renáta Hodován
    @renatahodovan
    welcome in the world of fuzzing :P
    Paulo Matos
    @pmatos
    best thing is... if I compile JSC with gcc-10 (instead of gcc-8.3, which is what our embedded clients are using), I don't get a failure at all.
    :cry:
    Renáta Hodován
    @renatahodovan
    nice :|
    Renáta Hodován
    @renatahodovan

    But I don't see a reason for properties to be BinData. Like, build_command, build_name, error_type, etc.

    storing the test content and maybe the stdout and stderr as bytes was a decision, since we wanted to ensure to validate the original context without any encoding/decoding magic which could change the test in some corner cases (real-life experience)

    storing other things like the result of SubprocessPropertyDecorator as bytes is not necessarily the best option.

    Paulo Matos
    @pmatos
    Would you be ok if I get a PR upstream to change this?
    As in store properties from SubprocessPropertyDecorator as strings?
    Renáta Hodován
    @renatahodovan
    Yeah, sure! Thanks.
    Paulo Matos
    @pmatos
    Just found out something surprising, although it's embarrasing I only just found it out.
    Decorators with higher numbers are ran first, they encapsulate earlier decorators. For definitions like call.decorate(0) ... call.decorate(10), the 10th decorator runs first, calls decorator 9, calls decorator 8, and so on.
    This is quite embarrassing because the order of the definition for decorators is quite important and I am sure some of the weird behaviour I am seeing is due to this.
    Paulo Matos
    @pmatos
    @renatahodovan i am confused about some code in fuzzinator. Sometimes properties are assigned to issue, other times things are assigned to kwargs.
    How does this relate to each other and when should you do one or the other?
    For example, in file_writer_decorator.py, we assign test to kwargs, but filename to issue.