Open DerZc opened 1 year ago
Hi, may I ask where these programs originate from? Are they obfuscated versions of actual useful programs, or are they generated by a fuzzer ?
The throw happens in interpreter::constructNodeType
when node type I_Erase_Btree_2
is searched for relation @poscopy_1.wcvj
. There can only be Erase
nodes for BtreeDelete
relations, not for Btree
relations.
@poscopy
prefix indicates that magic
is involved and Erase
indicates subsumption is involved.
I guess the semantics checkers have to be enhanced in some way ?
Hi, may I ask where these programs originate from? Are they obfuscated versions of actual useful programs, or are they generated by a fuzzer ?
Hi, these programs generated randomly by a fuzzer as we discussed before.
Sure, I get a reduced version of this program and this is the simplest version I can get:
.decl adaw(A:unsigned, B:number)
.decl wcvj(A:unsigned, B:unsigned)
.decl ttwr(A:unsigned) magic
.decl zdxk(A:number, B:unsigned)
adaw(1, 5).
wcvj(B, B) :- adaw(B, A).
wcvj(B1, B) <= wcvj(B2, B) :- B1<=B2.
ttwr(E) :- wcvj(E, E).
zdxk(E, B) :- wcvj(B, B), E = count : {ttwr(EEE)}.
.output zdxk
In the rule of zdxk
, there is a dependence chain of zdxk
: zdxk->wcvj
, and wcvj
involve subsumption
. There is a dependence chain of ttwr
: ttwr->wcvj
, ttwr
involves magic
and wcvj
involves subsumption
. Take away any of them, the program can execute correctly. Hope this is useful.
Hi, may I ask where these programs originate from? Are they obfuscated versions of actual useful programs, or are they generated by a fuzzer ?
The method we used to generate the programs and find this bug has been published at OOPSLA2024, this is the preprint version of our paper https://arxiv.org/abs/2402.12863
Hi,
I have a program as below:
I run it with
souffle -w example.dl
and it crashed and only return_Map_base::at
.If I remove the last rule of
zdxk
, it can run correctly.I use the last release version of Souffle.