Archie Cobbs wrote:
There is a rare (?) but plausible situation where the first Jimple
statement in a body is also a target of a branch. This causes
problems because there is some code that assumes that for targets,
target.getPredOf() always returns non-null, which of course is not
the case when the target is also the first Unit.
Apparently this only happens after method inlining. Not sure why.
Here's further information about this bug. I see what's happening
but still don't understand what the right fix is.
1. In ArrayBoundsCheckerAnalysis, the method buildEdgeSet() creates
"edgeSet". In particular, it finds each node in the block graph
with no predecessors and creates a FlowGraphEdge from that node
to itself.
2. Later, in doAnalysis(), an entry is added in the map "edgeMap"
corresponding to each edge in "edgeSet" (line 356). This section
is commented "Set initial values and nodes to visit".
3. Just after that, in the section commented "perform customized
initialization" (line 368), each "head" in the block graph is
examined and the corresponding entry in "edgeSet" retrieved.
When the first block in the method is retrieved, it has no
corresponding entry in "edgeSet" and we get a NullPointerException.
The bug is that step #3 makes the assumption that a "head" in the
block graph has zero predecessors; this is not true when the first
block in the body is also a target, because while it has predecessors,
it is also a "head" (because it's the first block in the body).
Any insights into the right way to fix this are appreciated.