Archie Cobbs wrote:
There is a rare (?) but plausible situation where the first Jimple statement in a body is also a target of a branch. This causes problems because there is some code that assumes that for targets, target.getPredOf() always returns non-null, which of course is not the case when the target is also the first Unit.
Apparently this only happens after method inlining. Not sure why.
Here's further information about this bug. I see what's happening but still don't understand what the right fix is.
1. In ArrayBoundsCheckerAnalysis, the method buildEdgeSet() creates "edgeSet". In particular, it finds each node in the block graph with no predecessors and creates a FlowGraphEdge from that node to itself.
2. Later, in doAnalysis(), an entry is added in the map "edgeMap" corresponding to each edge in "edgeSet" (line 356). This section is commented "Set initial values and nodes to visit".
3. Just after that, in the section commented "perform customized initialization" (line 368), each "head" in the block graph is examined and the corresponding entry in "edgeSet" retrieved. When the first block in the method is retrieved, it has no corresponding entry in "edgeSet" and we get a NullPointerException.
The bug is that step #3 makes the assumption that a "head" in the block graph has zero predecessors; this is not true when the first block in the body is also a target, because while it has predecessors, it is also a "head" (because it's the first block in the body).
Any insights into the right way to fix this are appreciated.