hilti/toolchain/src/ast/scope-lookup.cc:14:33: runtime error: member call on null pointer of type 'hilti::Scope'

[awelzel]

Building Zeek with --sanitziers=undefined, triggers the following undefined behavior splash while compiling any of the Spicy analyzers.

Found when removing --disable-spicy from the ubsan CI task configuration.

 89%] Compiling Finger analyzer
../../../../../auxil/spicy/hilti/toolchain/src/ast/scope-lookup.cc:14:33: runtime error: member call on null pointer of type 'hilti::Scope'
    #0 0x7fc2ee045122 in hilti::scope::detail::lookupID(hilti::ID const&, hilti::Node const*) /zeek/build/auxil/spicy/hilti/toolchain/../../../../../auxil/spicy/hilti/toolchain/src/ast/scope-lookup.cc:14:33
    #1 0x7fc2f1343420 in hilti::rt::Result<std::pair<hilti::declaration::Type*, hilti::ID>> hilti::scope::lookupID<hilti::declaration::Type>(hilti::ID, hilti::Node*, std::basic_string_view<char, std::char_traits<char>> const&) /zeek/build/auxil/spicy/spicy/toolchain/../../../../../auxil/spicy/hilti/toolchain/include/hilti/ast/scope-lookup.h:40:33
    #2 0x7fc2ee49f49f in (anonymous namespace)::VisitorPass1::operator()(hilti::type::Name*) /zeek/build/auxil/spicy/hilti/toolchain/../../../../../auxil/spicy/hilti/toolchain/src/compiler/resolver.cc:57:34
    #3 0x7fc2ee063746 in hilti::type::Name::dispatch(hilti::visitor::Dispatcher&) /zeek/build/auxil/spicy/hilti/toolchain/../../../../../auxil/spicy/hilti/toolchain/include/hilti/ast/types/name.h:66:5
    #4 0x7fc2ee4f3b7f in hilti::visitor::Visitor<(hilti::visitor::Order)1, hilti::visitor::Dispatcher>::dispatch(hilti::Node*) /zeek/build/auxil/spicy/hilti/toolchain/../../../../../auxil/spicy/hilti/toolchain/include/hilti/ast/visitor.h:183:16
    #5 0x7fc2ee49e9ff in auto hilti::visitor::visit<(anonymous namespace)::VisitorPass1&, hilti::Node>((anonymous namespace)::VisitorPass1&, hilti::Node*, std::basic_string_view<char, std::char_traits<char>>) /zeek/build/auxil/spicy/hilti/toolchain/../../../../../auxil/spicy/hilti/toolchain/include/hilti/ast/visitor.h:334:17
    #6 0x7fc2ee49e406 in hilti::detail::resolver::resolve(hilti::Builder*, hilti::Node*) /zeek/build/auxil/spicy/hilti/toolchain/../../../../../auxil/spicy/hilti/toolchain/src/compiler/resolver.cc:1628:5
    #7 0x7fc2ee458450 in hilti::detail::createHiltiPlugin()::$_6::operator()(hilti::Builder*, hilti::Node*) const /zeek/build/auxil/spicy/hilti/toolchain/../../../../../auxil/spicy/hilti/toolchain/src/compiler/plugin.cc:87:66
    #8 0x7fc2ee458420 in hilti::detail::createHiltiPlugin()::$_6::__invoke(hilti::Builder*, hilti::Node*) /zeek/build/auxil/spicy/hilti/toolchain/../../../../../auxil/spicy/hilti/toolchain/src/compiler/plugin.cc:87:24
    #9 0x7fc2f13110fa in spicy::detail::resolver::resolve(hilti::ExtendedBuilderTemplate<spicy::BuilderBase>*, hilti::Node*) /zeek/build/auxil/spicy/spicy/toolchain/../../../../../auxil/spicy/spicy/toolchain/src/compiler/resolver.cc:647:27
    #10 0x7fc2f130a3d4 in spicy::detail::createSpicyPlugin()::$_6::operator()(hilti::Builder*, hilti::Node*) const /zeek/build/auxil/spicy/spicy/toolchain/../../../../../auxil/spicy/spicy/toolchain/src/compiler/plugin.cc:70:24
    #11 0x7fc2f130a2e0 in spicy::detail::createSpicyPlugin()::$_6::__invoke(hilti::Builder*, hilti::Node*) /zeek/build/auxil/spicy/spicy/toolchain/../../../../../auxil/spicy/spicy/toolchain/src/compiler/plugin.cc:68:13
    #12 0x7fc2ed8bc74c in hilti::rt::Result<hilti::rt::Nothing> _runHook<bool (* hilti::Plugin::*)(hilti::Builder*, hilti::Node*), hilti::Builder*, hilti::node::RetainedPtr<hilti::ASTRoot>>(bool*, hilti::Plugin const&, bool (* hilti::Plugin::*)(hilti::Builder*, hilti::Node*), std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, hilti::Builder* const&, hilti::node::RetainedPtr<hilti::ASTRoot> const&) /zeek/build/auxil/spicy/hilti/toolchain/../../../../../auxil/spicy/hilti/toolchain/src/ast/ast-context.cc:386:10
    #13 0x7fc2ed8aaa6d in hilti::ASTContext::_resolveRoot(bool*, hilti::Builder*, hilti::Plugin const&) /zeek/build/auxil/spicy/hilti/toolchain/../../../../../auxil/spicy/hilti/toolchain/src/ast/ast-context.cc:516:12
    #14 0x7fc2ed8a6e28 in hilti::ASTContext::_resolve(hilti::Builder*, hilti::Plugin const&) /zeek/build/auxil/spicy/hilti/toolchain/../../../../../auxil/spicy/hilti/toolchain/src/ast/ast-context.cc:541:24
    #15 0x7fc2ed8a51e2 in hilti::ASTContext::processAST(hilti::Builder*, hilti::Driver*) /zeek/build/auxil/spicy/hilti/toolchain/../../../../../auxil/spicy/hilti/toolchain/src/ast/ast-context.cc:413:28
    #16 0x7fc2ee387fdc in hilti::Driver::compileUnits() /zeek/build/auxil/spicy/hilti/toolchain/../../../../../auxil/spicy/hilti/toolchain/src/compiler/driver.cc:670:45
    #17 0x7fc2ee38b546 in hilti::Driver::compile() /zeek/build/auxil/spicy/hilti/toolchain/../../../../../auxil/spicy/hilti/toolchain/src/compiler/driver.cc:745:20
    #18 0x58fa322e3b88 in zeek::spicy::Driver::compile() /zeek/build/src/spicy/spicyz/../../../../src/spicy/spicyz/driver.cc:215:36
    #19 0x58fa3237d070 in main /zeek/build/src/spicy/spicyz/../../../../src/spicy/spicyz/main.cc:274:27
    #20 0x7fc2eb64f1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 08134323d00289185684a4cd177d202f39c2a5f3)
    #21 0x7fc2eb64f28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 08134323d00289185684a4cd177d202f39c2a5f3)
    #22 0x58fa322b5374 in _start (/zeek/build/src/spicy/spicyz/spicyz+0x84374) (BuildId: 9139f5756cf675699902d5483a368a11f8c20fa1)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../../../../auxil/spicy/hilti/toolchain/src/ast/scope-lookup.cc:14:33 
make[2]: *** [src/analyzer/protocol/finger/CMakeFiles/spicy_Finger.dir/build.make:76: src/analyzer/protocol/finger/finger___linker__.cc] Error 1
make[1]: *** [CMakeFiles/Makefile2:7048: src/analyzer/protocol/finger/CMakeFiles/spicy_Finger.dir/all] Error 2
make[1]: *** Waiting for unfinished jobs....

https://cirrus-ci.com/task/4699588039278592?logs=build#L3291

[bbannier]

Not exactly sure why we never set up a scope, but the following patch seems to fix this particular compilation time issue:

diff --git a/hilti/toolchain/src/ast/scope-lookup.cc b/hilti/toolchain/src/ast/scope-lookup.cc
index 9de3eaf9e..d2e5cd42e 100644
--- a/hilti/toolchain/src/ast/scope-lookup.cc
+++ b/hilti/toolchain/src/ast/scope-lookup.cc
@@ -11,6 +11,9 @@
 using namespace hilti;

 std::pair<bool, Result<std::pair<Declaration*, ID>>> hilti::scope::detail::lookupID(const ID& id, const Node* n) {
+    if ( ! n || ! n->scope() )
+        return {false, result::Error("cannot perform lookup if node or scope is missing")};
+
     auto resolved = n->scope()->lookupAll(id);

     if ( resolved.empty() ) {

As for actually running Spicy parsers under UBSAN, it seems to run into a lot of issues around fiber stack offsets (likely a FP?).

<...>/fiber.cc:275:40: runtime error: applying non-zero offset 18446744073709551615 to null pointer

I wasn't successful in writing a suppression for this, and it might require coming up with a separate impl for UBSAN (we already have some of that for ASAN in hilti/runtime/src/fiber.cc).

[bbannier]

Related to zeek/zeek#3670.