Undefined behavior in TriggerMenuParser

[Dr15Jones]

The UBSAN IB is reporting the following problems in workflow 11834.24 (possibly also in others).

2300/src/L1Trigger/L1TGlobal/plugins/TriggerMenuParser.cc:212:47: runtime error: member call on address 0x2b9a766a38c0 which does not point to an object of type 'esTriggerMenu'
0x2b9a766a38c0: note: object is of type 'L1TUtmTriggerMenu'
 00 00 00 00  b8 e2 92 21 9a 2b 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  e0 80 6b 76
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'L1TUtmTriggerMenu'

/data/cmsbld/jenkins/workspace/build-any-ib/w/slc7_amd64_gcc820/external/utm/utm_0.7.5-ghbfee2/include/tmEventSetup/esScale.hh:37:7: runtime error: member access within address 0x2b9a76688b00 which does not point to an object of type 'esScale'
0x2b9a76688b00: note: object is of type 'L1TUtmScale'
 00 00 00 00  98 e2 92 21 9a 2b 00 00  c0 3a 61 76 9a 2b 00 00  17 00 00 00 00 00 00 00  17 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'L1TUtmScale'

/data/cmsbld/jenkins/workspace/build-any-ib/w/slc7_amd64_gcc820/external/utm/utm_0.7.5-ghbfee2/include/tmEventSetup/esBin.hh:32:7: runtime error: member access within address 0x2b9a766cd800 which does not point to an object of type 'esBin'
0x2b9a766cd800: note: object is of type 'L1TUtmBin'
 00 00 00 00  18 e2 92 21 9a 2b 00 00  8d 00 00 00 00 00 00 00  00 00 00 00 00 00 14 c0  bc 74 93 18
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'L1TUtmBin'

/data/cmsbld/jenkins/workspace/build-any-ib/w/slc7_amd64_gcc820/external/utm/utm_0.7.5-ghbfee2/include/tmEventSetup/esAlgorithm.hh:33:7: runtime error: member access within address 0x2b9a7662b040 which does not point to an object of type 'esAlgorithm'
0x2b9a7662b040: note: object is of type 'L1TUtmAlgorithm'
 65 00 72 65  f8 e1 92 21 9a 2b 00 00  58 b0 62 76 9a 2b 00 00  0d 00 00 00 00 00 00 00  4c 31 5f 41
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'L1TUtmAlgorithm'

All these problems stem from here:

cmssw/L1Trigger/L1TGlobal/plugins/TriggerMenuParser.cc

Line 157 in 4c0913f

const esTriggerMenu* menu = reinterpret_cast<const esTriggerMenu*>(utmMenu);

cmssw/L1Trigger/L1TGlobal/plugins/TriggerMenuParser.cc

Line 209 in 4c0913f

const esTriggerMenu* menu = reinterpret_cast<const esTriggerMenu*>(utmMenu);

Such a cast is very much undefined behavior, doubly so since we are dealing with classes with virtual functions.

I see two possible ways of dealing with this

1. copy the contents in the L1TUtmTriggerMenu to a esTriggerMenu. This could be done in the module or in an ESProducer
2. modify all functions that take tmeventsetup:: objects to be templated so they can work properly with L1TUtm* objects as well.

[cmsbuild]

A new Issue was created by @Dr15Jones Chris Jones.

@Dr15Jones, @silviodonato, @dpiparo, @smuzaffar, @makortel can you please review it and eventually sign/assign? Thanks.

cms-bot commands are listed here

[Dr15Jones]

assign l1

[cmsbuild]

New categories assigned: l1

@benkrikler,@rekovic you have been requested to review this Pull request/Issue and eventually sign? Thanks

[makortel]

Seems that this undefined behavior could be causing actual problems in cms-sw/cmsdist#8352