[CABB79DF:JavaScriptLifter] WasmLifting failed with error invalidInput, current failure count: 3 (failure rate: 0.00384%)
Fuzzilli/TypeSystem.swift:745: Fatal error: .wasmFunctionDef([.wasmf64, .wasmi32, .wasmRef(.Abstract(null WasmAny)), .wasmRef(.Abstract(null WasmAny)), .wasmi32, .wasmRef(.Abstract(null WasmAny))] => []) is not a Wasm signature type defintion
π£ Program crashed: Illegal instruction at 0x000075fb452e2628
Platform: x86_64 Linux (Ubuntu 24.04.4 LTS)
Thread 16 crashed:
0 0x000075fb452e2628 assertionFailure(:_:file:lineπ) + 264 in libswiftCore.so
1 ILType.wasmFunctionSignatureDefSignature.getter + 278 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/FuzzIL/TypeSystem.swift:745:13
743β let desc = (wasmType as? WasmTypeDefinition)?.description
744β guard let desc = desc as? WasmSignatureTypeDescription else {
745β fatalError("(self) is not a Wasm signature type defintion")
β β²
746β }
747β return desc.signature
2 JSTyper.analyze(_:) + 13839 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/FuzzIL/JSTyper.swift:837:66
835β let fct = instr.input(i)
836β let definingInstruction = defUseAnalyzer.definition(of: fct)
837β let signature = type(of: instr.input(i + 1)).wasmFunctionSignatureDefSignature
β β²
838β // TODO(cffsmith): Once we change the way we track signatures, we should also store the JS Signature here if we have one. The table might contain JS functions but we lose that signature in the entries. Which is why we convert back into JS Signatures here.
839β let jsSignature = ProgramBuilder.convertWasmSignatureToJsSignature(signature)
3 JavaScriptLifter.lift(_:withOptions:) + 3145 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Lifting/JavaScriptLifter.swift:198:20
196β
197β // Collect type information that we might pass to the WasmLifter.
198β typer?.analyze(instr)
β β²
199β
200β // Singular operation handling:
4 Fuzzer.execute(_:withTimeout:purpose:) + 115 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:754:29
752β assert(runner.isInitialized)
753β
754β let script = lifter.lift(program)
β β²
755β
756β dispatchEvent(events.PreExecute, data: (program, purpose))
5 Fuzzer.importProgram(_:origin:enableDropout:) + 253 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:498:25
496β }
497β
498β let execution = execute(program, purpose: .programImport)
β β²
499β
500β var wasImported = false
6 Fuzzer.importProgramWithFixup(_:origin:) + 66 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:628:22
626β ) {
627β var program = originalProgram
628β var result = importProgram(program, origin: origin)
β β²
629β
630β // Only attempt fixup if the program failed to execute successfully. In particular, ignore timeouts and
7 Fuzzer.fuzzOne() + 911 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:1007:43
1005β }
1006β
1007β let (result, fixupAttempts) = importProgramWithFixup(
β β²
1008β program, origin: .corpusImport(mode: currentCorpusImportJob.importMode))
1009β currentCorpusImportJob.notifyImportOutcome(result, fixupAttempts: fixupAttempts)
8 0x00005b905aa86d49 thunk for @escaping @callee_guaranteed () -> () + 24 in FuzzilliCli
...
Backtrace took 9.15s
[CABB79DF:JavaScriptLifter] WasmLifting failed with error invalidInput, current failure count: 3 (failure rate: 0.00384%)
Fuzzilli/TypeSystem.swift:745: Fatal error: .wasmFunctionDef([.wasmf64, .wasmi32, .wasmRef(.Abstract(null WasmAny)), .wasmRef(.Abstract(null WasmAny)), .wasmi32, .wasmRef(.Abstract(null WasmAny))] => []) is not a Wasm signature type defintion
π£ Program crashed: Illegal instruction at 0x000075fb452e2628
Platform: x86_64 Linux (Ubuntu 24.04.4 LTS)
Thread 16 crashed:
0 0x000075fb452e2628 assertionFailure(:_:file:lineπ) + 264 in libswiftCore.so
1 ILType.wasmFunctionSignatureDefSignature.getter + 278 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/FuzzIL/TypeSystem.swift:745:13
743β let desc = (wasmType as? WasmTypeDefinition)?.description
744β guard let desc = desc as? WasmSignatureTypeDescription else {
745β fatalError("(self) is not a Wasm signature type defintion")
β β²
746β }
747β return desc.signature
2 JSTyper.analyze(_:) + 13839 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/FuzzIL/JSTyper.swift:837:66
835β let fct = instr.input(i)
836β let definingInstruction = defUseAnalyzer.definition(of: fct)
837β let signature = type(of: instr.input(i + 1)).wasmFunctionSignatureDefSignature
β β²
838β // TODO(cffsmith): Once we change the way we track signatures, we should also store the JS Signature here if we have one. The table might contain JS functions but we lose that signature in the entries. Which is why we convert back into JS Signatures here.
839β let jsSignature = ProgramBuilder.convertWasmSignatureToJsSignature(signature)
3 JavaScriptLifter.lift(_:withOptions:) + 3145 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Lifting/JavaScriptLifter.swift:198:20
196β
197β // Collect type information that we might pass to the WasmLifter.
198β typer?.analyze(instr)
β β²
199β
200β // Singular operation handling:
4 Fuzzer.execute(_:withTimeout:purpose:) + 115 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:754:29
752β assert(runner.isInitialized)
753β
754β let script = lifter.lift(program)
β β²
755β
756β dispatchEvent(events.PreExecute, data: (program, purpose))
5 Fuzzer.importProgram(_:origin:enableDropout:) + 253 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:498:25
496β }
497β
498β let execution = execute(program, purpose: .programImport)
β β²
499β
500β var wasImported = false
6 Fuzzer.importProgramWithFixup(_:origin:) + 66 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:628:22
626β ) {
627β var program = originalProgram
628β var result = importProgram(program, origin: origin)
β β²
629β
630β // Only attempt fixup if the program failed to execute successfully. In particular, ignore timeouts and
7 Fuzzer.fuzzOne() + 911 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:1007:43
1005β }
1006β
1007β let (result, fixupAttempts) = importProgramWithFixup(
β β²
1008β program, origin: .corpusImport(mode: currentCorpusImportJob.importMode))
1009β currentCorpusImportJob.notifyImportOutcome(result, fixupAttempts: fixupAttempts)
8 0x00005b905aa86d49 thunk for @escaping @callee_guaranteed () -> () + 24 in FuzzilliCli
...
Backtrace took 9.15s