Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug-Candidate]: Internal Error: TODO: implement copySlice with a symbolically sized region #1247

Open
rappie opened this issue May 3, 2024 · 4 comments

Comments

@rappie
Copy link

rappie commented May 3, 2024

Describe the issue:

Got this error while testing symbolic execution on one of my fuzzing suites.

image

Code example to reproduce the issue:

https://github.com/perimetersec/drips-fuzzing

symExec: true

<snip>

# whether symbolic execution will be concolic (vs full symbolic execution)
# only relevant if symExec is true
symExecConcolic: true
# number of SMT solvers used in symbolic execution
# only relevant if symExec is true
symExecNSolvers: 1
# timeout for symbolic execution SMT solver
# only relevant if symExec is true
symExecTimeout: 30
# Number of times we may revisit a particular branching point
# only relevant if symExec is true and symExecConcolic is false
symExecMaxIters: 10
# Number of times we may revisit a particular branching point before we consult the smt solver to check reachability
# only relevant if symExec is true and symExecConcolic is false
symExecAskSMTIters: 1

Version:

Latest master with symbolic execution

@rappie
Copy link
Author

rappie commented May 3, 2024

@samalws-tob

@rappie
Copy link
Author

rappie commented May 3, 2024

Looks like it keeps running, but now my memory usage is stable. Maybe the symexec worker crashed?

image

@ggrieco-tob
Copy link
Member

The symbolic worker crashes and it won't recover (that's an know issue, but we need to open a new report for that). We should investigate the error.

@ggrieco-tob
Copy link
Member

This error is a missing implementation (e.g. TODO) from the HEVM code. I assume it's a known issue from hevm, but perhaps it is useful to let then know it is reachable (so please create a report in their issue tracker and link this one). A few debug capabilities are coming to the echidna's symexec feature that will allow users to report in which transactions are actually causing a crash. These are going to be very useful for reporting issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants