Crash after medusa run some time

[yuliyu123]

After executing medusa a period of time, the binary process always crash, see logs below:

⇾ fuzz: elapsed: 20m51s, calls: 48852587 (39261/sec), seq/s: 392, resets/s: 7, coverage: 6 [1] 63153 killed medusa fuzz --target contracts/ERC20Test.sol --deployment-order MyToken

[Xenomega]

Hmm.. A crash should have an attached error log no matter how it occurs in medusa. Is there no other output that followed?

If so, I would suspect this may be indicative something on your OS had killed the process (maybe due to resource starvation)?

Can you post the version of medusa you're using, a full output log, the specs of the machine/VM running it, and your medusa.json config (if any)?

[yuliyu123]

full console log:
❯ medusa fuzz --target contracts/ERC20Test.sol --deployment-order MyToken ⇾ Reading the configuration file at: /Users/looperX/Devlop/security/automation/secureum-medusa/medusa.json ⇾ Compiling targets with crytic-compile ⇾ fuzz: elapsed: 0s, calls: 0 (0/sec), seq/s: 0, resets/s: 0, coverage: 6 ⇾ Creating 10 workers... ⇾ fuzz: elapsed: 3s, calls: 125002 (41665/sec), seq/s: 417, resets/s: 9, coverage: 6 ⇾ fuzz: elapsed: 6s, calls: 248552 (41168/sec), seq/s: 411, resets/s: 6, coverage: 6 ⇾ fuzz: elapsed: 9s, calls: 375386 (42277/sec), seq/s: 422, resets/s: 9, coverage: 6 ⇾ fuzz: elapsed: 12s, calls: 503356 (42656/sec), seq/s: 426, resets/s: 6, coverage: ... ⇾ fuzz: elapsed: 21m0s, calls: 52696073 (42992/sec), seq/s: 429, resets/s: 8, coverage: 6 [1] 1528 killed medusa fuzz --target contracts/ERC20Test.sol --deployment-order MyToken

OS: Apple M1 Pro, 13.0.1 (22A400)

Last about 21 minutes and this process be killed.

medusa.json
{ "fuzzing": { "workers": 10, "workerResetLimit": 50, "timeout": 0, "testLimit": 0, "callSequenceLength": 100, "corpusDirectory": "corpus", "coverageEnabled": true, "deploymentOrder": [], "constructorArgs": {}, "deployerAddress": "0x30000", "senderAddresses": [ "0x10000", "0x20000", "0x30000" ], "blockNumberDelayMax": 60480, "blockTimestampDelayMax": 604800, "blockGasLimit": 125000000, "transactionGasLimit": 12500000, "testing": { "stopOnFailedTest": true, "stopOnFailedContractMatching": true, "stopOnNoTests": true, "testAllContracts": false, "traceAll": false, "assertionTesting": { "enabled": true, "testViewMethods": false, "assertionModes": { "failOnCompilerInsertedPanic": false, "failOnAssertion": true, "failOnArithmeticUnderflow": false, "failOnDivideByZero": false, "failOnEnumTypeConversionOutOfBounds": false, "failOnIncorrectStorageAccess": false, "failOnPopEmptyArray": false, "failOnOutOfBoundsArrayAccess": false, "failOnAllocateTooMuchMemory": false, "failOnCallUninitializedVariable": false } }, "propertyTesting": { "enabled": true, "testPrefixes": [ "fuzz_" ] }, "optimizationTesting": { "enabled": false, "testPrefixes": [ "optimize_" ] } }, "chainConfig": { "codeSizeCheckDisabled": true, "cheatCodes": { "cheatCodesEnabled": true, "enableFFI": false } } }, "compilation": { "platform": "crytic-compile", "platformConfig": { "target": ".", "solcVersion": "", "exportDirectory": "", "args": [] } }, "logging": { "level": "info", "logDirectory": "" } }%

Just run the official rep code, ERC20Test.sol example.

How long this example will last normally?

[elopez]

@yuliyu123 hi! can you please check in the "Console" macOS application () to see if there are any logs related to the crash? If so, can you provide them here?

[yuliyu123]

hi elopez, no useful log in the "Console" application, maybe killed by the system, and it always crash after run about 20 minutes. Maybe it's not compatible with M1 mac?

[elopez]

@yuliyu123 M1 should be supported fine from what I understand. Did you install medusa by building from source, or did you get a binary from the releases page? If you are using a binary, did you download the native one for M1 (medusa-mac-arm64.zip download) or Intel Mac (medusa-mac-x64.zip download)? You can also run file $(which medusa) in a terminal to see what kind of binary you have.

Could you also check in "Activity Monitor" while medusa is running and see if you notice a pattern in resource usage (e.g. medusa using increasing amounts of memory until it fails, or something like that?) This would help to tell if what we're seeing is a memory leak somewhere.

[yuliyu123]

yeah, the CPU and memory resource occupation ratio is very high when running the fuzz test cases. I installed it by building from source. Binary format: /usr/local/bin/medusa: Mach-O 64-bit executable arm64.

CPU status:

PID    COMMAND      %CPU  TIME     #TH    #WQ  #PORT MEM    PURG   CMPRS  PGRP
23182  medusa       564.7 12:34.21 14/8   0    35    8108M+ 0B     7361M+ 23182 

[anishnaik]

@yuliyu123 coming back to this since it seems like medusa might have a memory management issue. Do you have the code that caused this to occur? Was it your submission for the secureum workshop?

[yuliyu123]

@yuliyu123 coming back to this since it seems like medusa might have a memory management issue. Do you have the code that caused this to occur? Was it your submission for the secureum workshop?

I just used this tool to learn fuzz test, and run this repo ERC20Test.sol example. It seems this tool has a memory management issue before.

[yuliyu123]

@yuliyu123 coming back to this since it seems like medusa might have a memory management issue. Do you have the code that caused this to occur? Was it your submission for the secureum workshop?

I just used this tool to learn fuzz test, and run this repo ERC20Test.sol example. It seems this tool has a memory management issue before.

Maybe we can use flame graph to analyze the memory usage.

[anishnaik]

Closed by #290