IndexOutOfRangeException happen when run fuzz

Question

IndexOutOfRangeException happen when run fuzz

xcainiao opened this issue 6 years ago · 9 comments

when run fuzz a error happen. below is the error info.

Unhandled Exception: System.IndexOutOfRangeException: Index was outside the bounds of the array.
   at Fuzzer.Selector.pickBrick[a,b,c,d,e,f](Random rnd, Tuple`2[] pool_0, Tuple`2[] pool_1, ValueTuple`5 ctx) in /home/test/Desktop/CodeAlchemist/src/Fuzzer/Selector.fs:line 72
   at Fuzzer.Fuzzer.genStmt@10[a](Tuple`2 sPool, Random rnd, StringBuilder sb, ValueTuple`5 ctx) in /home/test/Desktop/CodeAlchemist/src/Fuzzer/Fuzzer.fs:line 11
   at Fuzzer.Fuzzer.generate@16[a](Int32 iBlk, Tuple`2 sPool, Tuple`2[] gPool, Random rnd, Int32 pBlk, StringBuilder sb, Int32 i, Int32 d, ValueTuple`5 ctx) in /home/test/Desktop/CodeAlchemist/src/Fuzzer/Fuzzer.fs:line 22
   at Fuzzer.Fuzzer.generate@16-1.Invoke(StringBuilder sb, Int32 i, Int32 d, ValueTuple`5 ctx) in /home/test/Desktop/CodeAlchemist/src/Fuzzer/Fuzzer.fs:line 16
   at Microsoft.FSharp.Core.FSharpFunc`2.InvokeFast[V,W,X](FSharpFunc`2 func, T arg1, TResult arg2, V arg3, W arg4)
   at Fuzzer.Fuzzer.fuzzMain@50-2.Invoke(Unit unitVar) in /home/test/Desktop/CodeAlchemist/src/Fuzzer/Fuzzer.fs:line 53
   at Microsoft.FSharp.Control.AsyncPrimitives.CallThenInvoke[T,TResult](AsyncActivation`1 ctxt, TResult result1, FSharpFunc`2 part2)
   at Microsoft.FSharp.Control.Trampoline.Execute(FSharpFunc`2 firstAction)
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.FSharp.Control.AsyncResult`1.Commit()
   at Microsoft.FSharp.Control.AsyncPrimitives.RunSynchronouslyInCurrentThread[a](CancellationToken cancellationToken, FSharpAsync`1 computation)
   at Microsoft.FSharp.Control.AsyncPrimitives.RunSynchronously[T](CancellationToken cancellationToken, FSharpAsync`1 computation, FSharpOption`1 timeout)
   at Microsoft.FSharp.Control.FSharpAsync.RunSynchronously[T](FSharpAsync`1 computation, FSharpOption`1 timeout, FSharpOption`1 cancellationToken)
   at Fuzzer.Fuzzer.fuzz(Conf conf, FSharpList`1 bricks) in /home/test/Desktop/CodeAlchemist/src/Fuzzer/Fuzzer.fs:line 63
   at Main.Run.main(String[] argv) in /home/test/Desktop/CodeAlchemist/src/Main/Main.fs:line 74
Aborted (core dumped)
test@test:~/Desktop/CodeAlchemist$ dotnet bin/Main.dll fuzz   /home/test/Desktop/CodeAlchemist/conf/MOZ.conf

Unhandled Exception: System.IndexOutOfRangeException: Index was outside the bounds of the array.
   at Fuzzer.Selector.pickBrick[a,b,c,d,e,f](Random rnd, Tuple`2[] pool_0, Tuple`2[] pool_1, ValueTuple`5 ctx) in /home/test/Desktop/CodeAlchemist/src/Fuzzer/Selector.fs:line 72
   at Fuzzer.Fuzzer.genStmt@10[a](Tuple`2 sPool, Random rnd, StringBuilder sb, ValueTuple`5 ctx) in /home/test/Desktop/CodeAlchemist/src/Fuzzer/Fuzzer.fs:line 11
   at Fuzzer.Fuzzer.generate@16[a](Int32 iBlk, Tuple`2 sPool, Tuple`2[] gPool, Random rnd, Int32 pBlk, StringBuilder sb, Int32 i, Int32 d, ValueTuple`5 ctx) in /home/test/Desktop/CodeAlchemist/src/Fuzzer/Fuzzer.fs:line 22
   at Fuzzer.Fuzzer.generate@16-1.Invoke(StringBuilder sb, Int32 i, Int32 d, ValueTuple`5 ctx) in /home/test/Desktop/CodeAlchemist/src/Fuzzer/Fuzzer.fs:line 16
   at Microsoft.FSharp.Core.FSharpFunc`2.InvokeFast[V,W,X](FSharpFunc`2 func, T arg1, TResult arg2, V arg3, W arg4)
   at Fuzzer.Fuzzer.fuzzMain@50-2.Invoke(Unit unitVar) in /home/test/Desktop/CodeAlchemist/src/Fuzzer/Fuzzer.fs:line 53
   at Microsoft.FSharp.Control.AsyncPrimitives.CallThenInvoke[T,TResult](AsyncActivation`1 ctxt, TResult result1, FSharpFunc`2 part2)
   at Microsoft.FSharp.Control.Trampoline.Execute(FSharpFunc`2 firstAction)
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.FSharp.Control.AsyncResult`1.Commit()
   at Microsoft.FSharp.Control.AsyncPrimitives.RunSynchronouslyInCurrentThread[a](CancellationToken cancellationToken, FSharpAsync`1 computation)
   at Microsoft.FSharp.Control.AsyncPrimitives.RunSynchronously[T](CancellationToken cancellationToken, FSharpAsync`1 computation, FSharpOption`1 timeout)
   at Microsoft.FSharp.Control.FSharpAsync.RunSynchronously[T](FSharpAsync`1 computation, FSharpOption`1 timeout, FSharpOption`1 cancellationToken)
   at Fuzzer.Fuzzer.fuzz(Conf conf, FSharpList`1 bricks) in /home/test/Desktop/CodeAlchemist/src/Fuzzer/Fuzzer.fs:line 63
   at Main.Run.main(String[] argv) in /home/test/Desktop/CodeAlchemist/src/Main/Main.fs:line 74
Aborted (core dumped)

my conf file:

  "engine_path": "/home/test/Desktop/gecko-dev/js",
  "argv": [],
  "env": { },
  "seed_path": "/home/test/Desktop/path/seed",
  "preproc_dir": "/home/test/Desktop/path/preproc",
  "tmp_dir": "/home/test/Desktop/path/tmp",
  "bug_dir": "/home/test/Desktop/path/bug",

Answer 1 · 2019-04-01T09:16:31.000Z

Thanks for the report.

The root cause of this exception may be that there is no code brick which does not require any pre-condition.
Can you check how many pre-conditions does not require any pre-condition with the following command?

grep -R '"pre": {}' /home/test/Desktop/path/preproc/type

If there is no such code brick, you should add more seeds.

Answer 2 · 2019-04-02T02:07:37.000Z

I try to add more seeds, and execute dotnet bin/Main.dll rewrite dotnet bin/Main.dll instrument but there nothing generate.

test@test:~/Desktop$ ls /home/test/Desktop/path/seed/
async.js  isArray.js  isString.js  rhino.js   test.js       toString.js  x11.js  x3.js  x5.js  x7.js  x9.js  z.js
b.js      isEqual.js  node.js      sanity.js  toBoolean.js  x10.js       x2.js   x4.js  x6.js  x8.js  x.js
test@test:~/Desktop$ ls /home/test/Desktop/path/preproc/type/
test@test:~/Desktop$ ls /home/test/Desktop/path/preproc/rewrite/
test@test:~/Desktop$ ls /home/test/Desktop/path/preproc/json/

Answer 3 · 2019-04-02T02:16:26.000Z

Please clean up preproc directory with the following commands before run preprocessing.

rm -rf /home/test/Desktop/path/preproc
mkdir /home/test/Desktop/path/preproc

And if you want to generate various JS code, you should add a lot of JS seed.
In my case, I used over 60,000 JS code snippets as seed.

Answer 4 · 2019-04-02T02:24:47.000Z

ok thank you very much. I rm directory preproc, it can run success.

Answer 5 · 2019-08-05T03:23:28.000Z

Hi, I successfully run CodeAlchemist on v8 and Chakracore, but it reports 'need more diverse seeds' when fuzzing spidermonkey.
I use the command 'grep -R '"pre": {}' /home/test/Desktop/path/preproc/type' and there is no code brick.
I use 120k seeds and have removed the old directory 'preproc', but it didn't work.
The version of spidermonkey is 'JavaScript-C69.0'. Is it because I am using the newest version?

Answer 6 · 2019-08-05T03:58:52.000Z

Can you execute a rewritten JS file and shared the result or error message?

Answer 7 · 2019-08-05T05:13:31.000Z

Thanks for your reply, the error message is as follows.

root@s3:/data1/CodeAlchemist_MOZ#  /data1/firefox-69.0-normal/js/src/mybu/js/src/js /data1/Alchemist_data_MOZ_large/pre/rewrite/lv-1111.js
/data1/CodeAlchemist_MOZ/bin/jsLib/MOZ.js:46:3 ReferenceError: PerfMeasurement is not defined
Stack:
  @/data1/CodeAlchemist_MOZ/bin/jsLib/MOZ.js:46:3
  @/data1/Alchemist_data_MOZ_large/pre/rewrite/lv-1111.js:1:1

Answer 8 · 2019-08-05T05:26:51.000Z

I think you should delete line 46 in /data1/CodeAlchemist_MOZ/bin/jsLib/MOZ.js.
And I have a plan to fix this issue by detecting available types of the target JS engines, not just using hard-coded types.
Thanks for your report.

Answer 9 · 2019-08-05T05:44:25.000Z

Thank you very much. It can run success.