Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assertion failed: Unexpected type encountered .function() #209

Closed
Zon8Research opened this issue Jun 17, 2021 · 1 comment
Closed

Assertion failed: Unexpected type encountered .function() #209

Zon8Research opened this issue Jun 17, 2021 · 1 comment

Comments

@Zon8Research
Copy link

It was observed that compared to default mode, hybrid and multi mode crash Fuzzilli quite regularly. After running fuzzilli in debug mode to figure out why, the following crash occurred:

Fuzzilli/ProgramBuilder.swift:468: Assertion failed: Unexpected type encountered .function()
Current stack trace:
0    libswiftCore.so                    0x00007f3c8ef00210 swift_reportError + 50
1    libswiftCore.so                    0x00007f3c8ef74fc0 _swift_stdlib_reportFatalErrorInFile + 112
2    libswiftCore.so                    0x00007f3c8ec5dc40 _assertionFailure(_:_:file:line:flags:) + 1329
3    FuzzilliCli                        0x000055fca15d63c8 <unavailable> + 1000392
4    FuzzilliCli                        0x000055fca15d37d7 <unavailable> + 989143
5    FuzzilliCli                        0x000055fca15d4980 <unavailable> + 993664
6    FuzzilliCli                        0x000055fca1555f36 <unavailable> + 474934
7    FuzzilliCli                        0x000055fca153e00c <unavailable> + 376844
8    FuzzilliCli                        0x000055fca153e041 <unavailable> + 376897
9    FuzzilliCli                        0x000055fca153e3c2 <unavailable> + 377794
10   FuzzilliCli                        0x000055fca15df156 <unavailable> + 1036630
11   FuzzilliCli                        0x000055fca15df9ff <unavailable> + 1038847
12   FuzzilliCli                        0x000055fca154c23c <unavailable> + 434748
13   FuzzilliCli                        0x000055fca15ec321 <unavailable> + 1090337
14   FuzzilliCli                        0x000055fca18640f7 <unavailable> + 3678455
15   FuzzilliCli                        0x000055fca15df68e <unavailable> + 1037966
16   FuzzilliCli                        0x000055fca15dfb0b <unavailable> + 1039115

It seems possible to stop the crash using the following addition to generateVariable(), though it would be good to get feedback on it to see if it makes sense:

if type.Is(.function()) {
    return definePlainFunction(withSignature: FunctionSignature(withParameterCount: Int.random(in: 2...5), hasRestParam: probability(0.1))) { _ in
    	generateRecursive()
    	doReturn(value: randVar())
    }
}
@Zon8Research Zon8Research mentioned this issue Jun 17, 2021
Closed
@saelo saelo mentioned this issue Jun 18, 2021
Open
@saelo
Copy link
Collaborator

saelo commented Jun 18, 2021

Cool, thanks for looking into this! Yeah I think this approach should be fine. Eventually, we'll probably want CodeGenerators to be able to create variables of the requested type, but no idea if and when this will happen. So in the meantime, this is the right approach. The only thing I would suggest is checking whether type.signature is not nil, and using it instead of the generic signature if it is:

let signature = type.signature ?? FunctionSignature(withParameterCount: Int.random(in: 2...5)
...

amarekano added a commit to amarekano/fuzzilli that referenced this issue Jun 23, 2021
@amarekano
add patches discussed in googleprojectzero#209 and googleprojectzero#210
a503af9
@amarekano amarekano mentioned this issue Jun 23, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@saelo @Zon8Research