[Fuzz] Fix crash with missing choices in aggregate. #1104
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NikLeberg
force-pushed
the
fix_aggregate_choice
branch
from
0d2da44 to
d39aecb
Compare
NikLeberg
force-pushed
the
fix_aggregate_choice
branch
from
d39aecb to
ac8778f
Compare
The problem with that is some bounds errors can only be detected after you've folded locally static expressions. I agree the current order is not great either as it means invalid VHDL ends up in the code generator (this isn't the first case like this either). Adding a defensive check here is fine. Perhaps a better organisation would be to merge the simplify and bounds checks passes rather than doing them one after another. I'll take a look at this. |
nickg
approved these changes
Dec 17, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Based on crashing fuzzer input
da346642705230c6f2c89b7c0a522d1078c44b3d0dfd5fe52e2859212edd2784from issue #1091.The crash happens because
simplify_localcannot find the missing choice in the aggregate. Bounds checking reports an error for it, but the check is only done afterwards. This adds a check for missing aggregate choices ineval_possibleand forbids the early evaluation of such erroneous constructs.Alternatively one could also do the bounds check before the local simplify and only if there were no errors, but I think that would change the code flow in a lot of places and tests.
Cheers