Uncaught Exception

[m-carrasco]

Hi 👋

Thanks for sharing this project!

I wanted to report the following exception. The exception is thrown here, despite it being surrounded by a try/catch. Unfortunately, I'm not yet able to tell why this was triggered.

[!] Uncaught exception TypeError: Cannot read properties of undefined (reading 'apply') Stack: TypeError: Cannot read properties of undefined (reading 'apply')
    at runMethod (/source/Analyser/bin/Models/Helpers.js:31:18)
    at /source/Analyser/bin/Models/RegexModels.js:31:26
    at Array.mdl (/source/Analyser/bin/Models/Models.js:27:21)
    at callFun (/source/Analyser/node_modules/jalangi2/src/js/runtime/analysis.js:196:51)
    at invokeFun (/source/Analyser/node_modules/jalangi2/src/js/runtime/analysis.js:217:22)
    at /source/Analyser/node_modules/jalangi2/src/js/runtime/analysis.js:242:41
    at Function.CheckNumber (/delete/js/.js:6193:345)
    at callFun (/source/Analyser/node_modules/jalangi2/src/js/runtime/analysis.js:196:51)
    at invokeFun (/source/Analyser/node_modules/jalangi2/src/js/runtime/analysis.js:217:22)
    at /source/Analyser/node_modules/jalangi2/src/js/runtime/analysis.js:242:41

In order for this to reach this point, I had to fix the following code:

diff --git a/Analyser/src/SymbolicExecution.js b/Analyser/src/SymbolicExecution.js
index 12208a2..2296a9d 100644
--- a/Analyser/src/SymbolicExecution.js
+++ b/Analyser/src/SymbolicExecution.js
@@ -362,8 +362,8 @@ class SymbolicExecution {
     };
   }
 
-  putField(iid, base, offset, val, _isComputed, _isOpAssign) {
-    Log.logHigh(`PutField ${base.toString()} at ${offset}`);
+  putField(iid, base, offset, val, _isComputed, _isOpAssign) {    
+    Log.logHigh(`PutField ${ObjectHelper.asString(base)} at ${offset}`);
 
     if (base instanceof SymbolicObject) {
       return {

How to reproduce:

1. Download https://gist.github.com/m-carrasco/440f1ad2741ec46f9128eb7b1dd06c9f as repro.js
2. npm install bignumber.js runtime-generator
3. EXPOSE_PRINT_PATHS=1 EXPOSE_LOG_LEVEL=3 expoSE ./repro.js

[jawline]

Hey, I had a quick stab at debugging. I made a bit of progress in https://github.com/ExpoSEJS/ExpoSE/tree/debugging but It looks like either some language feature or runtime override is conflicting both with our runtime overrides and Jalangi's, possibly something that the transpiler is doing. It looks like jalangi now crashes on a call to an undefined function sometime after entering the _possibleConstructorReturn function (I assume this is something that the transpiler has created).

I'll try to take another look when I have some more time.

[Function: _toConsumableArray]
Jalangi call              
[Function: mdl]  
Jalangi call              
[Function: Array]
Jalangi call              
[Function: mdl]
Jalangi call                
[Function: mdl]            
Jalangi call              
[Function: _classCallCheck]
Jalangi call                
[Function: Array]
Jalangi call              
[Function: mdl]
Jalangi call                
[Function: mdl]                       
Jalangi call                
[Function: _possibleConstructorReturn]
Jalangi call                                                                                   
undefined     
[!] ====== EXITING SCRIPT /home/blake/ExpoSE/tests/user_submitted/gist1.js depth 0 ======
[!] Uncaught exception TypeError: Function.prototype.apply was called on undefined, which is a undefined and not a function Stack: TypeError: Function.prototype.apply was called on undefined, which is a undefined and not a function
    at callFun (/home/blake/ExpoSE/Analyser/node_modules/jalangi2/src/js/runtime/analysis.js:198:51)  
    at invokeFun (/home/blake/ExpoSE/Analyser/node_modules/jalangi2/src/js/runtime/analysis.js:219:22)
    at /home/blake/ExpoSE/Analyser/node_modules/jalangi2/src/js/runtime/analysis.js:244:41
    at Function.CheckNumber (/home/blake/ExpoSE/tests/user_submitted/gist1.js:6195:342)                                                                                                        
    at callFun (/home/blake/ExpoSE/Analyser/node_modules/jalangi2/src/js/runtime/analysis.js:198:51)  
    at invokeFun (/home/blake/ExpoSE/Analyser/node_modules/jalangi2/src/js/runtime/analysis.js:219:22)
    at /home/blake/ExpoSE/Analyser/node_modules/jalangi2/src/js/runtime/analysis.js:244:41
    at Object.<anonymous> (/home/blake/ExpoSE/tests/user_submitted/gist1.js:6231:120)
    at Module._compile (node:internal/modules/cjs/loader:1241:14)                                                                                                                              
    at Module._extensions..js (/home/blake/ExpoSE/Analyser/node_modules/jalangi2/src/js/commands/jalangi.js:115:12)                                                
[!] Finished play with PC (not (= seed 0.0)),(= (* seed 0.0) 0.0),(< (/ 1.0 seed) 0.0),(= (- seed) 2.0),(not (>= (- seed) 10.0)),(not (not (not (= (- seed) 0.0))))
[!] Wrote final coverage to /tmp/tmp-173106-ANvlG7zG2AJD
[!] Wrote final output to /tmp/tmp-173106-tIvmgpuCvjqQ           
[|] [5 done /0 queued / 0 running / 5 errors / 11% coverage ] ***
[+] {"_bound":0,"seed":15} took 1.599s                                                                                                                                                         
[!] TypeError: Function.prototype.apply was called on undefined, which is a undefined and not a function
[!] expoSE replay '/home/blake/ExpoSE/tests/user_submitted/gist1.js' '{"_bound":0}'
[+] {"seed":-1,"_bound":3} took 1.519s                                                                                                                                                         
[!] TypeError: Function.prototype.apply was called on undefined, which is a undefined and not a function
[!] expoSE replay '/home/blake/ExpoSE/tests/user_submitted/gist1.js' '{"seed":-1,"_bound":3}'
[+] {"seed":0,"_bound":1} took 1.587s                                                                                                                                                          
[!] TypeError: Function.prototype.apply was called on undefined, which is a undefined and not a function
[!] expoSE replay '/home/blake/ExpoSE/tests/user_submitted/gist1.js' '{"seed":0,"_bound":1}'
[+] {"seed":1,"_bound":4} took 1.677s                                                                                                                                                          
[!] TypeError: Function.prototype.apply was called on undefined, which is a undefined and not a function
[!] expoSE replay '/home/blake/ExpoSE/tests/user_submitted/gist1.js' '{"seed":1,"_bound":4}'
[+] {"seed":-2,"_bound":4} took 1.543s                                                                                                                                                         
[!] TypeError: Function.prototype.apply was called on undefined, which is a undefined and not a function
[!] expoSE replay '/home/blake/ExpoSE/tests/user_submitted/gist1.js' '{"seed":-2,"_bound":4}'
[!] Stats                     

[m-carrasco]

Thank you so much for looking into this! I'll also try to debug this further

Ultimately, I want to extract the path conditions for each fully explored path. I noticed these crashes while testing the tool and reading the logs. I assume that these crashes are terminating those paths earlier.