Type inference failed due to forced `debug_out_dir`

[jaybosamiya]

Even if "Save to debug directory" is unchecked, BTIGhidra always passes --debug_out_dir (due to https://github.com/trailofbits/BTIGhidra/blob/28dee6a31d00d171ef37765f933d22a44ae95998/plugin/src/main/java/binary_type_inference/BinaryTypeInferenceRunner.java#L121-L122 being hard-coded) and this causes problems on some binaries.

Specifically, if we take (a stripped version of) base64 (attached below), then we get the following:

(These messages are also written to the application log file)

Running type inference failed 
java.lang.RuntimeException: Running type inference failed 
	at binary_type_inference.BinaryTypeInference.getCtypes(BinaryTypeInference.java:336)
	at binary_type_inference.BinaryTypeInference.run(BinaryTypeInference.java:476)
	at binary_type_inference.TypeAnalyzer.added(TypeAnalyzer.java:213)
	at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:186)
	at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:39)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:686)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:786)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:665)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:630)
	at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:58)
	at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:103)
	at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:334)
	at java.base/java.lang.Thread.run(Thread.java:840)

Running the actual binary_to_types executable with the --debug_out_dir causes a panic, but running without it, it succeeds:

$ RUST_BACKTRACE=1 binary_to_types ./base64 /tmp/ir.json /tmp/lattice.json /tmp/additional_constraints.pb /tmp/interesting_tids.pb --out foo --debug_out_dir ./bar
Num generated recursive variables: 132
thread 'main' panicked at src/solver/type_sketch.rs:1576:26:
should be able to debug log if enabled: No such file or directory (os error 2)
stack backtrace:
   0: rust_begin_unwind
   1: core::panicking::panic_fmt
   2: core::result::unwrap_failed
   3: hashbrown::raw::RawIterRange<T>::fold_impl
   4: binary_type_inference::solver::type_sketch::SCCSketchsBuilder<U,T>::build
   5: binary_type_inference::inference_job::InferenceJob::get_labeled_sketch_graph
   6: binary_type_inference::inference_job::InferenceJob::infer_ctypes
   7: binary_to_types::main
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.

$ # Test without `--debug_out_dir`
$ RUST_BACKTRACE=1 binary_to_types ./base64 /tmp/ir.json /tmp/lattice.json /tmp/additional_constraints.pb /tmp/interesting_tids.pb --out foo
Num generated recursive variables: 132

$ wc -c foo
31347 foo

I will note that ./bar as a directory does exist, the panic is due to something deeper.

I am opening this specific issue here (rather than on https://github.com/trailofbits/binary_type_inference), even though the panic is in binary_to_types, because the panic there would not happen in BTIGhidra if it was not hardcoded to always use --debug_out_dir. I'll open a separate issue there (EDIT: https://github.com/trailofbits/binary_type_inference/issues/69) to track the specific panic itself, with analysis on what is causing it, but I think for this issue, the easy fix is to stop hard-coding --debug_out_dir and instead actually use the "Save to debug directory" setting (or add a new setting) to decide when to use --debug_out_dir.

All relevant files attached for debugging: base64-debug-files.zip