SpiderMonkey start fatal error #388
Comments
|
(base) cdp@wulab-server:~/gecko-dev$ js --version |
|
Are you using the latest Fuzzilli version and JS engine patches? From the output you pasted it looks like your Fuzzilli version is at least a couple months old? |
|
You probably forget to apply the patches |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It seems incompatible with the newest version of the SpiderMonkey engine. I follow the profile guidance to build the js of SpiderMonkey. There is no problem running js alone, but the problem occurs when running with the following command. I've tried different build methods, but none seem to work. My system is Ubuntu 20.04.5 LTS (GNU/Linux 5.15.0-56-generic x86_64). I have run fuzzilli for jsc and d8 with no problem. But it turns into a fatal error on SpiderMonkey js. Can you instruct me on some solutions?
(base) cdp@wulab-server:~/fuzzilli$ swift run -c release FuzzilliCli --profile=spidermonkey --storagePath=/home/cdp/gecko-dev/output --exportStatistics --statisticsExportInterval=60 --jobs=64 --overwrite /home/cdp/gecko-dev/obj-fuzzbuild/dist/bin/js
Building for production...
Build complete! (0.12s)
[Cli] Deleting all files in /home/cdp/gecko-dev/output due to --overwrite
[Coverage] Initialized, 304155 edges
[JavaScriptEnvironment] Initialized static JS environment model
[JavaScriptEnvironment] Have 55 available builtins: ["isFinite", "Boolean", "Int16Array", "WeakSet", "Float64Array", "Symbol", "RegExp", "SyntaxError", "gc", "WeakMap", "Uint16Array", "RangeError", "Number", "Uint8ClampedArray", "Math", "TypeError", "ArrayBuffer", "Function", "SharedArrayBuffer", "Int8Array", "undefined", "ReferenceError", "AggregateError", "parseFloat", "enqueueJob", "Object", "BigInt", "BigUint64Array", "bailout", "String", "eval", "URIError", "FinalizationRegistry", "Promise", "Map", "Set", "Date", "Error", "Proxy", "drainJobQueue", "NaN", "Uint32Array", "JSON", "Uint8Array", "Float32Array", "isNaN", "BigInt64Array", "WeakRef", "Array", "EvalError", "Infinity", "Int32Array", "Reflect", "parseInt", "DataView"]
[JavaScriptEnvironment] Have 222 available method names: ["codePointAt", "atan", "splice", "n", "asIntN", "log", "deleteProperty", "trim", "min", "getFloat64", "indexOf", "getSeconds", "shift", "filter", "acosh", "clz32", "assign", "create", "trimLeft", "compile", "getPrototypeOf", "replaceAll", "sqrt", "some", "setFloat32", "deref", "toJSON", "repeat", "getDay", "UTC", "split", "tanh", "getUint16", "setFullYear", "charCodeAt", "getFullYear", "clear", "abs", "from", "getUTCDate", "getOwnPropertySymbols", "getUTCDay", "add", "join", "setMinutes", "pow", "setUTCDate", "test", "toDateString", "getUint8", "isInteger", "getInt32", "toUpperCase", "toLocaleString", "getUTCSeconds", "exec", "at", "apply", "setDate", "call", "setTime", "seal", "all", "expm1", "trimRight", "ownKeys", "isSafeInteger", "getMonth", "endsWith", "setFloat64", "every", "getFloat32", "exp", "atanh", "reverse", "substring", "for", "asUintN", "cos", "setBigInt64", "setUint32", "unregister", "setYear", "bind", "asin", "getTime", "padEnd", "includes", "round", "ceil", "preventExtensions", "flat", "catch", "transfer", "findIndex", "slice", "setMilliseconds", "isView", "search", "values", "fround", "reject", "of", "setInt32", "getOwnPropertyNames", "setInt8", "getUTCMinutes", "atan2", "any", "padStart", "getMinutes", "replace", "sign", "toGMTString", "getUTCFullYear", "getBigInt64", "construct", "then", "acos", "getOwnPropertyDescriptors", "defineProperties", "startsWith", "concat", "match", "getUint32", "log10", "isArray", "allSettled", "setUTCMonth", "isFrozen", "getInt16", "isSealed", "now", "fill", "keyFor", "register", "parse", "log2", "resolve", "toUTCString", "matchAll", "toLowerCase", "normalize", "setMonth", "getOwnPropertyDescriptor", "getTimezoneOffset", "unshift", "entries", "trimEnd", "fromCharCode", "localeCompare", "sort", "lastIndexOf", "push", "toISOString", "getYear", "isExtensible", "setUint8", "stringify", "pop", "setUTCFullYear", "getInt8", "freeze", "asinh", "tan", "raw", "toString", "finally", "reduceRight", "setUTCSeconds", "setUTCMinutes", "reduce", "subarray", "cbrt", "sinh", "log1p", "get", "isNaN", "race", "cosh", "sin", "setPrototypeOf", "setSeconds", "max", "setUint16", "getUTCHours", "m", "getUTCMilliseconds", "trimStart", "getUTCMonth", "toTimeString", "setHours", "set", "grow", "setUTCHours", "copyWithin", "flatMap", "is", "getDate", "isFinite", "fromEntries", "setUTCMilliseconds", "random", "hypot", "forEach", "resize", "fromCodePoint", "delete", "charAt", "keys", "setInt16", "has", "trunc", "o", "getHours", "find", "p", "getMilliseconds", "imul", "floor", "map", "defineProperty"]
[JavaScriptEnvironment] Have 56 property names that are available for read access: ["caller", "unicode", "stack", "arguments", "E", "toStringTag", "unscopables", "NEGATIVE_INFINITY", "message", "NaN", "sticky", "description", "c", "isConcatSpreadable", "EPSILON", "matchAll", "species", "multiline", "source", "name", "proto", "split", "byteOffset", "maxByteLength", "asyncIterator", "growable", "a", "hasInstance", "search", "b", "MIN_SAFE_INTEGER", "POSITIVE_INFINITY", "global", "buffer", "byteLength", "dotAll", "ignoreCase", "cause", "match", "prototype", "resizable", "length", "iterator", "replace", "flags", "MAX_VALUE", "valueOf", "e", "PI", "size", "constructor", "toPrimitive", "MIN_VALUE", "MAX_SAFE_INTEGER", "toString", "d"]
[JavaScriptEnvironment] Have 10 property names that are available for write access: ["valueOf", "constructor", "length", "e", "a", "toString", "proto", "b", "c", "d"]
[JavaScriptEnvironment] Have 5 custom property names: ["c", "b", "d", "e", "a"]
[JavaScriptEnvironment] Have 4 custom method names: ["o", "n", "p", "m"]
[Fuzzer] Initialized
[Fuzzer] Cannot execute programs (exit code must be zero when no exception was thrown). Are the command line flags valid?
[Fuzzer] Shutting down due to fatal error
++++++++++ Fuzzer Finished ++++++++++
Fuzzer Statistics
Fuzzer phase: Fuzzing (with MutationEngine)
Uptime: 0d 0h 0m 0s
Total Samples: 0
Interesting Samples Found: 0
Last Interesting Sample: 0d 0h 0m 0s
Valid Samples Found: 0
Corpus Size: 0
Correctness Rate: -nan% (-nan%)
Timeout Rate: -nan% (-nan%)
Crashes Found: 0
Timeouts Hit: 0
Coverage: 0.00%
Avg. program size: -nan
Avg. corpus program size: -nan
Connected workers: 0
Execs / Second: 0.00
Fuzzer Overhead: 100.00%
Total Execs: 1
The text was updated successfully, but these errors were encountered: