Add multiple worker configurations in docker-compose; update sync interval to 300 seconds; enhance scripts to filter FUZZILLI_CRASH test cases and dynamically handle multiple postgres-local containers.

Author: oleglazari

Scripts/show-crash-javascript.sh

@@ -2,6 +2,7 @@
 
 # Script to show JavaScript code from crash programs
 # Usage: ./Scripts/show-crash-javascript.sh [worker_num]
+# If no worker_num is specified, shows crashes for all postgres-local-* containers
 
 set -e
 
@@ -14,20 +15,51 @@ cd "$PROJECT_DIR"
 CYAN='\033[0;36m'
 YELLOW='\033[1;33m'
 GREEN='\033[0;32m'
+RED='\033[0;31m'
 NC='\033[0m' # No Color
 
+# Get all postgres-local-* containers
+get_local_postgres_containers() {
+    docker ps --format '{{.Names}}' | grep '^postgres-local-' | sort
+}
+
+# Get worker number from container name
+get_worker_num() {
+    local container=$1
+    echo "$container" | sed 's/.*-\([0-9]*\)$/\1/'
+}
+
+# Check if a container is running
+check_container() {
+    local container=$1
+    if docker ps --format '{{.Names}}' | grep -q "^${container}$"; then
+        return 0
+    else
+        return 1
+    fi
+}
+
 show_crash_javascript() {
     local worker_num=$1
     local container="postgres-local-${worker_num}"
     local database="fuzzilli_local"
 
+    if ! check_container "$container"; then
+        echo -e "${RED}Worker ${worker_num}: Container ${container} not running${NC}"
+        echo ""
+        return
+    fi
+    
     echo -e "${CYAN}========================================${NC}"
     echo -e "${CYAN}  Worker ${worker_num} Crash Programs${NC}"
+    echo -e "${CYAN}  (Excluding FUZZILLI_CRASH test cases - signal 3)${NC}"
     echo -e "${CYAN}========================================${NC}"
     echo ""
 
     # Get all crash program hashes (one per line)
-    local crash_hashes=$(docker exec "$container" psql -U fuzzilli -d "$database" -t -c "SELECT DISTINCT e.program_hash FROM execution e JOIN execution_outcome eo ON e.execution_outcome_id = eo.id WHERE eo.outcome = 'Crashed' ORDER BY e.program_hash;" 2>/dev/null | grep -v '^$' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
+    # Exclude only signal_code = 3 (FUZZILLI_CRASH test cases)
+    # Show all other crashes including signal 11 and all other signals
+    local crash_hashes=$(docker exec "$container" psql -U fuzzilli -d "$database" -t -c "SELECT DISTINCT e.program_hash FROM execution e JOIN execution_outcome eo ON e.execution_outcome_id = eo.id WHERE eo.outcome = 'Crashed' AND (e.signal_code IS NULL OR e.signal_code != 3) ORDER BY e.program_hash;" 2>/dev/null | grep -v '^$' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
 
     if [ -z "$crash_hashes" ]; then
         echo -e "${YELLOW}No crashes found for Worker ${worker_num}${NC}"
@@ -41,10 +73,28 @@ show_crash_javascript() {
             continue
         fi
 
-        echo -e "${GREEN}--- Crash Program: ${hash} ---${NC}"
+        # Get execution details first to check signal code
+        # Exclude only signal 3 (FUZZILLI_CRASH test cases), show all others including signal 11
+        local exec_details=$(docker exec "$container" psql -U fuzzilli -d "$database" -t -c "SELECT e.execution_id, e.signal_code, e.exit_code, eo.description, e.created_at FROM execution e JOIN execution_outcome eo ON e.execution_outcome_id = eo.id WHERE e.program_hash = '${hash}' AND eo.outcome = 'Crashed' AND (e.signal_code IS NULL OR e.signal_code != 3) ORDER BY e.created_at DESC LIMIT 1;" 2>/dev/null)
 
-        # Get execution details
-        local exec_details=$(docker exec "$container" psql -U fuzzilli -d "$database" -t -c "SELECT e.execution_id, e.signal_code, e.exit_code, eo.description, e.created_at FROM execution e JOIN execution_outcome eo ON e.execution_outcome_id = eo.id WHERE e.program_hash = '${hash}' AND eo.outcome = 'Crashed' ORDER BY e.created_at DESC LIMIT 1;" 2>/dev/null)
+        # Skip if no execution details found (shouldn't happen, but safety check)
+        if [ -z "$exec_details" ]; then
+            continue
+        fi
+        
+        # Get and decode the JavaScript to check for FUZZILLI_CRASH
+        local base64_program=$(docker exec "$container" psql -U fuzzilli -d "$database" -t -c "SELECT program_base64 FROM program WHERE program_hash = '${hash}';" 2>/dev/null | tr -d ' \n\r')
+        
+        # Check if program contains FUZZILLI_CRASH pattern
+        if [ -n "$base64_program" ]; then
+            local decoded_program=$(echo "$base64_program" | base64 -d 2>/dev/null)
+            if echo "$decoded_program" | grep -q "FUZZILLI_CRASH"; then
+                # Skip this crash - it's a test case
+                continue
+            fi
+        fi
+        
+        echo -e "${GREEN}--- Crash Program: ${hash} ---${NC}"
 
         if [ -n "$exec_details" ]; then
             echo -e "${YELLOW}Execution Details:${NC}"
@@ -54,17 +104,17 @@ show_crash_javascript() {
 
         # Get and decode the JavaScript
         echo -e "${YELLOW}JavaScript Code:${NC}"
-        local base64_program=$(docker exec "$container" psql -U fuzzilli -d "$database" -t -c "SELECT program_base64 FROM program WHERE program_hash = '${hash}';" 2>/dev/null | tr -d ' \n\r')
 
         if [ -n "$base64_program" ]; then
             # Decode base64 and extract JavaScript strings
-            local javascript=$(echo "$base64_program" | base64 -d 2>/dev/null | strings | grep -E "(fuzzilli|function|var|let|const|if|for|while|return)" | head -10)
+            # Using awk to limit output without head/tail
+            local javascript=$(echo "$base64_program" | base64 -d 2>/dev/null | strings | grep -E "(fuzzilli|function|var|let|const|if|for|while|return)" | awk 'NR <= 10 { print; if (NR == 10) exit }')
 
             if [ -n "$javascript" ]; then
                 echo "$javascript" | sed 's/^/  /'
             else
-                # Try to get any readable strings
-                local all_strings=$(echo "$base64_program" | base64 -d 2>/dev/null | strings | grep -v "^$" | tail -5)
+                # Try to get any readable strings without tail
+                local all_strings=$(echo "$base64_program" | base64 -d 2>/dev/null | strings | grep -v "^$" | awk '{ lines[NR] = $0 } END { start = (NR > 5) ? NR - 4 : 1; for (i = start; i <= NR; i++) print lines[i] }')
                 if [ -n "$all_strings" ]; then
                     echo "$all_strings" | sed 's/^/  /'
                 else
@@ -83,8 +133,16 @@ show_crash_javascript() {
 if [ -n "$1" ]; then
     show_crash_javascript "$1"
 else
-    # Show both workers
-    show_crash_javascript 1
-    show_crash_javascript 2
+    # Dynamically discover and show crashes for all postgres-local-* containers
+    local_postgres_containers=($(get_local_postgres_containers))
+    if [ ${#local_postgres_containers[@]} -eq 0 ]; then
+        echo -e "${YELLOW}No postgres-local-* containers found${NC}"
+        echo ""
+    else
+        for postgres_container in "${local_postgres_containers[@]}"; do
+            worker_num=$(get_worker_num "$postgres_container")
+            show_crash_javascript "$worker_num"
+        done
+    fi
 fi
 

Scripts/show-stats.sh

@@ -58,36 +58,54 @@ get_db_stats() {
     local execution_count=$(docker exec "$container" psql -U fuzzilli -d "$database" -t -c "SELECT COUNT(*) FROM execution;" 2>/dev/null | tr -d ' ' || echo "0")
     local program_table_count=$(docker exec "$container" psql -U fuzzilli -d "$database" -t -c "SELECT COUNT(*) FROM program;" 2>/dev/null | tr -d ' ' || echo "0")
 
-    # Crash count
-    local crash_count=$(docker exec "$container" psql -U fuzzilli -d "$database" -t -c "SELECT COUNT(*) FROM execution e JOIN execution_outcome eo ON e.execution_outcome_id = eo.id WHERE eo.outcome = 'Crashed';" 2>/dev/null | tr -d ' ' || echo "0")
+    # Crash count (excluding only FUZZILLI_CRASH test cases with signal 3)
+    # Show all other crashes including signal 11 and all other signals
+    local crash_count=$(docker exec "$container" psql -U fuzzilli -d "$database" -t -c "SELECT COUNT(*) FROM execution e JOIN execution_outcome eo ON e.execution_outcome_id = eo.id WHERE eo.outcome = 'Crashed' AND (e.signal_code IS NULL OR e.signal_code != 3);" 2>/dev/null | tr -d ' ' || echo "0")
 
     echo -e "${YELLOW}Statistics:${NC}"
     echo "  Programs (corpus): $program_count"
     echo "  Programs (executed): $program_table_count"
     echo "  Executions: $execution_count"
-    echo "  Crashes: $crash_count"
+    echo "  Crashes (excluding test cases - signal 3): $crash_count"
 
     # Recent activity (last 5 programs)
     echo -e "${YELLOW}Recent Programs (last 5):${NC}"
     docker exec "$container" psql -U fuzzilli -d "$database" -c "SELECT program_hash, program_size, created_at FROM fuzzer ORDER BY created_at DESC LIMIT 5;" 2>/dev/null || echo "  No programs found"
 
-    # Crash details
+    # Crash details (excluding only FUZZILLI_CRASH test cases - signal 3)
+    # Show all other crashes including signal 11 and all other signals
     if [ "$crash_count" != "0" ] && [ "$crash_count" != "" ]; then
-        echo -e "${YELLOW}Crashes (last 3):${NC}"
-        docker exec "$container" psql -U fuzzilli -d "$database" -c "SELECT e.execution_id, e.program_hash, e.execution_time_ms, e.signal_code, e.exit_code, eo.description, e.created_at FROM execution e JOIN execution_outcome eo ON e.execution_outcome_id = eo.id WHERE eo.outcome = 'Crashed' ORDER BY e.created_at DESC LIMIT 3;" 2>/dev/null || echo "  No crash details available"
+        echo -e "${YELLOW}Crashes (last 3, excluding test cases - signal 3):${NC}"
+        docker exec "$container" psql -U fuzzilli -d "$database" -c "SELECT e.execution_id, e.program_hash, e.execution_time_ms, e.signal_code, e.exit_code, eo.description, e.created_at FROM execution e JOIN execution_outcome eo ON e.execution_outcome_id = eo.id WHERE eo.outcome = 'Crashed' AND (e.signal_code IS NULL OR e.signal_code != 3) ORDER BY e.created_at DESC LIMIT 3;" 2>/dev/null || echo "  No crash details available"
     fi
 
     echo ""
 }
 
+# Get all postgres-local-* containers
+get_local_postgres_containers() {
+    docker ps --format '{{.Names}}' | grep '^postgres-local-' | sort
+}
+
+# Get all fuzzer-worker-* containers
+get_worker_containers() {
+    docker ps --format '{{.Names}}' | grep '^fuzzer-worker-' | sort
+}
+
+# Get worker number from container name
+get_worker_num() {
+    local container=$1
+    echo "$container" | sed 's/.*-\([0-9]*\)$/\1/'
+}
+
 # Get worker container stats
 get_worker_stats() {
     local worker_num=$1
     local container="fuzzer-worker-${worker_num}"
     local postgres_container="postgres-local-${worker_num}"
 
     if ! check_container "$container"; then
-        echo -e "${RED}Worker ${worker_num}: Container not running${NC}"
+        echo -e "${RED}Worker ${worker_num}: Fuzzer container not running${NC}"
         echo ""
         return
     fi
@@ -121,9 +139,17 @@ else
     echo ""
 fi
 
-# Worker stats
-get_worker_stats 1
-get_worker_stats 2
+# Worker stats - dynamically discover all workers
+local_postgres_containers=($(get_local_postgres_containers))
+if [ ${#local_postgres_containers[@]} -eq 0 ]; then
+    echo -e "${YELLOW}No postgres-local-* containers found${NC}"
+    echo ""
+else
+    for postgres_container in "${local_postgres_containers[@]}"; do
+        worker_num=$(get_worker_num "$postgres_container")
+        get_worker_stats "$worker_num"
+    done
+fi
 
 # Summary
 echo -e "${CYAN}========================================${NC}"
@@ -136,16 +162,17 @@ if check_container "fuzzilli-postgres-master"; then
     echo -e "Master: ${GREEN}${master_programs}${NC} programs, ${GREEN}${master_executions}${NC} executions"
 fi
 
-if check_container "postgres-local-1"; then
-    w1_programs=$(docker exec postgres-local-1 psql -U fuzzilli -d fuzzilli_local -t -c "SELECT COUNT(*) FROM fuzzer;" 2>/dev/null | tr -d ' ' || echo "0")
-    w1_executions=$(docker exec postgres-local-1 psql -U fuzzilli -d fuzzilli_local -t -c "SELECT COUNT(*) FROM execution;" 2>/dev/null | tr -d ' ' || echo "0")
-    echo -e "Worker 1: ${GREEN}${w1_programs}${NC} programs, ${GREEN}${w1_executions}${NC} executions"
-fi
-
-if check_container "postgres-local-2"; then
-    w2_programs=$(docker exec postgres-local-2 psql -U fuzzilli -d fuzzilli_local -t -c "SELECT COUNT(*) FROM fuzzer;" 2>/dev/null | tr -d ' ' || echo "0")
-    w2_executions=$(docker exec postgres-local-2 psql -U fuzzilli -d fuzzilli_local -t -c "SELECT COUNT(*) FROM execution;" 2>/dev/null | tr -d ' ' || echo "0")
-    echo -e "Worker 2: ${GREEN}${w2_programs}${NC} programs, ${GREEN}${w2_executions}${NC} executions"
+# Dynamically get stats for all local postgres containers
+local_postgres_containers=($(get_local_postgres_containers))
+if [ ${#local_postgres_containers[@]} -gt 0 ]; then
+    for postgres_container in "${local_postgres_containers[@]}"; do
+        worker_num=$(get_worker_num "$postgres_container")
+        if check_container "$postgres_container"; then
+            worker_programs=$(docker exec "$postgres_container" psql -U fuzzilli -d fuzzilli_local -t -c "SELECT COUNT(*) FROM fuzzer;" 2>/dev/null | tr -d ' ' || echo "0")
+            worker_executions=$(docker exec "$postgres_container" psql -U fuzzilli -d fuzzilli_local -t -c "SELECT COUNT(*) FROM execution;" 2>/dev/null | tr -d ' ' || echo "0")
+            echo -e "Worker ${worker_num}: ${GREEN}${worker_programs}${NC} programs, ${GREEN}${worker_executions}${NC} executions"
+        fi
+    done
 fi
 
 echo ""

Sources/Fuzzilli/Corpus/PostgreSQLCorpus.swift

@@ -417,6 +417,14 @@ public class PostgreSQLCorpus: ComponentBase, Corpus {
             var executionBatchData: [ExecutionBatchData] = []
 
             for (program, aspects, executionType) in batch {
+                // Filter out test programs with FUZZILLI_CRASH (false positive crashes)
+                if DatabaseUtils.containsFuzzilliCrash(program: program) {
+                    if enableLogging {
+                        logger.info("Skipping execution with FUZZILLI_CRASH (test case) in batch processing")
+                    }
+                    continue
+                }
+                
                 let programHash = DatabaseUtils.calculateProgramHash(program: program)
 
                 // Only store unique programs
@@ -936,6 +944,14 @@ public class PostgreSQLCorpus: ComponentBase, Corpus {
 
     /// Store execution with cached data to avoid REPRL context issues
     private func storeExecutionWithCachedData(_ program: Program, _ executionData: ExecutionData, _ executionType: DatabaseExecutionPurpose, _ aspects: ProgramAspects) async {
+        // Filter out test programs with FUZZILLI_CRASH (false positive crashes)
+        if DatabaseUtils.containsFuzzilliCrash(program: program) {
+            if enableLogging {
+                logger.info("Skipping execution storage for program with FUZZILLI_CRASH (test case)")
+            }
+            return
+        }
+        
         do {
             // Use the registered fuzzer ID
             guard let fuzzerId = fuzzerId else {

Sources/Fuzzilli/Database/DatabaseUtils.swift

@@ -103,10 +103,14 @@ public class DatabaseUtils {
         let jsCode = jsLifter.lift(program, withOptions: [])
 
         // Check for patterns like fuzzilli('FUZZILLI_CRASH', ...) or fuzzilli("FUZZILLI_CRASH", ...)
+        // Specifically check for fuzzilli('FUZZILLI_CRASH', 3) which is a test case
         let patterns = [
             "fuzzilli('FUZZILLI_CRASH'",
             "fuzzilli(\"FUZZILLI_CRASH\"",
-            "fuzzilli(`FUZZILLI_CRASH`"
+            "fuzzilli(`FUZZILLI_CRASH`",
+            "fuzzilli('FUZZILLI_CRASH', 3)",
+            "fuzzilli(\"FUZZILLI_CRASH\", 3)",
+            "fuzzilli(`FUZZILLI_CRASH`, 3)"
         ]
 
         for pattern in patterns {
@@ -115,6 +119,18 @@ public class DatabaseUtils {
             }
         }
 
+        // Also check for the pattern with any whitespace variations
+        let regexPatterns = [
+            "fuzzilli\\s*\\(\\s*['\"`]FUZZILLI_CRASH['\"`]\\s*,\\s*3\\s*\\)",
+            "fuzzilli\\s*\\(\\s*['\"`]FUZZILLI_CRASH['\"`]"
+        ]
+        
+        for pattern in regexPatterns {
+            if jsCode.range(of: pattern, options: .regularExpression) != nil {
+                return true
+            }
+        }
+        
         return false
     }