search

bazelbuild / bazel

a fast, scalable, multi-language and extensible build system
https://bazel.build
Apache License 2.0
22.78k stars 4k forks source link

Starlark is vulnerable to self-referential data structures #4295

Open benjaminp opened 6 years ago

benjaminp commented 6 years ago

Here's a nice way to get a Java stack trace:

# BUILD
evil = []
evil.append(evil)

filegroup(
    name = 'f',
    srcs = evil,
)
$ bazel --batch build :f
INFO: Elapsed time: 0.402s
FAILED: Build did NOT complete successfully (0 packages loaded)
    currently loading: 
java.lang.StackOverflowError
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.appendListElements(Printer.java:441)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:427)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:466)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:261)
    at com.google.devtools.build.lib.syntax.SkylarkList.repr(SkylarkList.java:102)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.repr(Printer.java:319)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.appendListElements(Printer.java:445)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:427)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:466)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:261)
    at com.google.devtools.build.lib.syntax.SkylarkList.repr(SkylarkList.java:102)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.repr(Printer.java:319)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.appendListElements(Printer.java:445)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:427)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:466)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:261)
    at com.google.devtools.build.lib.syntax.SkylarkList.repr(SkylarkList.java:102)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.repr(Printer.java:319)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.appendListElements(Printer.java:445)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:427)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:466)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:261)
    at com.google.devtools.build.lib.syntax.SkylarkList.repr(SkylarkList.java:102)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.repr(Printer.java:319)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.appendListElements(Printer.java:445)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:427)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:466)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:261)
    at com.google.devtools.build.lib.syntax.SkylarkList.repr(SkylarkList.java:102)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.repr(Printer.java:319)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.appendListElements(Printer.java:445)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:427)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:466)
    at com.google.devtools.build.lib.syntax.Printer$BasePrinter.printList(Printer.java:261)
    at com.google.devtools.build.lib.syntax.SkylarkList.repr(SkylarkList.java:102)
...
laszlocsomor commented 6 years ago

Oops. :) Nice catch, thanks for reporting!

laszlocsomor commented 6 years ago

/cc @vladmos @laurentlb

meisterT commented 4 years ago

This is still the case at HEAD.

brandjon commented 3 years ago

Yep, there's lots of ways to crash the interpreter with a cyclic data structure, without even using Bazel constructs. E.g.,

a = []
a.append(a)
print(a)

I filed bazelbuild/starlark#166 to track the question of what to do with the language spec. In general, we'd like to make this not crash Bazel, but it's not very high priority since you don't tend to tickle this bug accidentally.

Edit: It appears the example I gave was fixed by 45b624e, as Benjamin pointed out in #2581. Still, I doubt we've gotten all the infinite recursion bugs out of the interpreter alone, let alone Bazel, so I'll leave this bug open.

github-actions[bot] commented 1 year ago

Thank you for contributing to the Bazel repository! This issue has been marked as stale since it has not had any activity in the last 2+ years. It will be closed in the next 14 days unless any other activity occurs or one of the following labels is added: "not stale", "awaiting-bazeler". Please reach out to the triage team (@bazelbuild/triage) if you think this issue is still relevant or you are interested in getting the issue resolved.

benjaminp commented 1 year ago

@bazelbuild/triage not stale

github-actions[bot] commented 1 month ago

Thank you for contributing to the Bazel repository! This issue has been marked as stale since it has not had any activity in the last 1+ years. It will be closed in the next 90 days unless any other activity occurs. If you think this issue is still relevant and should stay open, please post any comment here and the issue will no longer be marked as stale.