dingo-hunter icon indicating copy to clipboard operation
dingo-hunter copied to clipboard

Published 20 hours ago verified publisher icon nickng

Nil pointer dereference on ssa.RelString()

Open xlab opened this issue 7 years ago • 4 comments

Hi! I'm playing around with your tool, it looks very promising.

I'm willing to participate in testing as there are packages that I'd like to have checked inside out, for instance github.com/zenhotels/astranet that is a custom multiplexer and it has a lot of high-grade concurrency logic inside.

So, running your tool results in a crash:

Net <- *multiplexer (t0) = (*github.com/zenhotels/astranet.multiplexer).copy.t0@2
-- return from (*github.com/zenhotels/astranet.multiplexer).Server (1 retvals)
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x58 pc=0x189097]

goroutine 691 [running]:
panic(0x5b6460, 0xc4200160b0)
    /usr/local/go/src/runtime/panic.go:500 +0x1a1
golang.org/x/tools/go/ssa.(*Function).RelString(0x0, 0x0, 0x626680, 0xc4252dfa80)
    /Users/xlab/Documents/dev/go/src/golang.org/x/tools/go/ssa/func.go:475 +0x37
golang.org/x/tools/go/ssa.(*Function).String(0x0, 0x0, 0xc42b778150)
    /Users/xlab/Documents/dev/go/src/golang.org/x/tools/go/ssa/ssa.go:1436 +0x34
github.com/nickng/dingo-hunter/cfsmextract.(*frame).callGo(0xc429badd80, 0xc42299cb90)
    /Users/xlab/Documents/dev/go/src/github.com/nickng/dingo-hunter/cfsmextract/func.go:302 +0x75b
github.com/nickng/dingo-hunter/cfsmextract.visitInst(0x8e3be0, 0xc42299cb90, 0xc429badd80)
    /Users/xlab/Documents/dev/go/src/github.com/nickng/dingo-hunter/cfsmextract/visit.go:70 +0x6d4
github.com/nickng/dingo-hunter/cfsmextract.visitBlock(0xc425420dc0, 0xc429badd80)
    /Users/xlab/Documents/dev/go/src/github.com/nickng/dingo-hunter/cfsmextract/visit.go:29 +0x94
github.com/nickng/dingo-hunter/cfsmextract.visitFunc(0xc4284e6140, 0xc429badd80, 0x658ed9)
    /Users/xlab/Documents/dev/go/src/github.com/nickng/dingo-hunter/cfsmextract/visit.go:41 +0x50
github.com/nickng/dingo-hunter/cfsmextract.(*CFSMExtract).Run(0xc4269a1bc0)
    /Users/xlab/Documents/dev/go/src/github.com/nickng/dingo-hunter/cfsmextract/cfsmextract.go:91 +0x625
created by github.com/nickng/dingo-hunter/cmd.extractCFSMs
    /Users/xlab/Documents/dev/go/src/github.com/nickng/dingo-hunter/cmd/cfsms.go:80 +0x587

I've got the latest golang.org/x/tools/go/ssa and Go 1.7.

xlab avatar Sep 11 '16 20:09 xlab

Thanks! The way how it works right now is to try to dummy out the datastructure (lazily) and only analyse the communication bits, so this can be caused by accessing something that hasn't been materialised yet.

But looks like this is panicking on ssa.RelString which is not very usual.. I think I'll investigate further and report back.

nickng avatar Sep 11 '16 20:09 nickng

@xlab which main package did you try running the tool on?

nickng avatar Sep 26 '16 13:09 nickng

@nickng github.com/zenhotels/astranet/example/echo

xlab avatar Sep 26 '16 15:09 xlab

Spawning goroutine in main on an invoke mode function call gives a nil ssa.Function

nickng avatar Sep 26 '16 17:09 nickng