Re: Soot bugs when first Unit is a target

[Archie Cobbs <archie@dellroad.org>]

Archie Cobbs wrote:
> > There is a rare (?) but plausible situation where the first Jimple
> > statement in a body is also a target of a branch. This causes
> > problems because there is some code that assumes that for targets,
> > target.getPredOf() always returns non-null, which of course is not
> > the case when the target is also the first Unit.
> 
> Apparently this only happens after method inlining. Not sure why.

Here's further information about this bug. I see what's happening
but still don't understand what the right fix is.

1. In ArrayBoundsCheckerAnalysis, the method buildEdgeSet() creates
   "edgeSet". In particular, it finds each node in the block graph
   with no predecessors and creates a FlowGraphEdge from that node
   to itself.

2. Later, in doAnalysis(), an entry is added in the map "edgeMap"
   corresponding to each edge in "edgeSet" (line 356). This section
   is commented "Set initial values and nodes to visit".

3. Just after that, in the section commented "perform customized
   initialization" (line 368), each "head" in the block graph is
   examined and the corresponding entry in "edgeSet" retrieved.
   When the first block in the method is retrieved, it has no
   corresponding entry in "edgeSet" and we get a NullPointerException.

The bug is that step #3 makes the assumption that a "head" in the
block graph has zero predecessors; this is not true when the first
block in the body is also a target, because while it has predecessors,
it is also a "head" (because it's the first block in the body).

Any insights into the right way to fix this are appreciated.

Thanks,
-Archie

__________________________________________________________________________
Archie Cobbs      *        CTO, Awarix        *      http://www.awarix.com