[Soot-list] Null pointer exception in Soot-transformed BigInteger

Mon Dec 17 01:35:55 EST 2012

Hi,

I am using Soot to perform dynamic analysis on the JDK, and I am
experiencing a null-pointer exception after transforming the
java.math.BigInteger class. I have transformed this class with Soot with
none of my own transformations, only passing it through shimple. I then
execute it with the code

        BigInteger num = BigInteger.valueOf(17);
        boolean b = num.isProbablePrime(50);

which results in

---
Caused by: java.lang.NullPointerException
    at java.math.BigInteger.<init>(BigInteger.java:924)
    at java.math.BigInteger.shiftRight(BigInteger.java:2166)
    at java.math.BigInteger.passesMillerRabin(BigInteger.java:894)
    at java.math.BigInteger.primeToCertainty(BigInteger.java:739)
    at java.math.BigInteger.isProbablePrime(BigInteger.java:2474)
    at ProbablePrime.test(ProbablePrime.java:52)
    at ProbablePrime.main(ProbablePrime.java:47)

It appears that the array passed to the constructor is null, which does not
appear possible from the source code (the last line in this function is
BigInteger.java:2166):

    public BigInteger shiftRight(int n) {
        if (n==0)
            return this;
        if (n<0) {
            if (n == Integer.MIN_VALUE) {
                throw new ArithmeticException("Shift distance of
Integer.MIN_VALUE not supported.");
            } else {
                return shiftLeft(-n);
            }
        }

        int nInts = n >>> 5;
        int nBits = n & 0x1f;
        int magLen = mag.length;
        int newMag[] = null;

        // Special case: entire contents shifted off the end
        if (nInts >= magLen)
            return (signum >= 0 ? ZERO : negConst[1]);

        if (nBits == 0) {
            int newMagLen = magLen - nInts;
            newMag = new int[newMagLen];
            for (int i=0; i<newMagLen; i++)
                newMag[i] = mag[i];
        } else {
            int i = 0;
            int highBits = mag[0] >>> nBits;
            if (highBits != 0) {
                newMag = new int[magLen - nInts];
                newMag[i++] = highBits;
            } else {
                newMag = new int[magLen - nInts -1];
            }

            int nBits2 = 32 - nBits;
            int j=0;
            while (j < magLen - nInts - 1)
                newMag[i++] = (mag[j++] << nBits2) | (mag[j] >>> nBits);
        }

        if (signum < 0) {
            // Find out whether any one-bits were shifted off the end.
            boolean onesLost = false;
            for (int i=magLen-1, j=magLen-nInts; i>=j && !onesLost; i--)
                onesLost = (mag[i] != 0);
            if (!onesLost && nBits != 0)
                onesLost = (mag[magLen - nInts - 1] << (32 - nBits) != 0);

            if (onesLost)
                newMag = javaIncrement(newMag);
        }

        return new BigInteger(newMag, signum);
    }

Looking at the generated shimple (attached), it appears that there is a
phi-node missing from the final block in this function, which would be
needed to collect the different definitions of the array (r6).

I am using Soot 2.5.0 and openjdk-7u6-fcs-src-b24-28_aug_2012. The command
I used to process the class with Soot was:

HOST_CP=$LIB_DIR/sootclasses-2.5.0.jar:$LIB_DIR/jasminclasses-2.5.0.jar:$LIB_DIR/polyglotclasses-1.3.5.jar
java -Xmx6G -cp $HOST_CP:$1                 \
        soot.Main                           \
        -soot-class-path $TARGET_DIR        \
        -src-prec class                     \
        --via-shimple                       \
        -p sop enabled:true                 \
        -p stp enabled:true                 \
        -include-all                        \
        -exclude java.lang.invoke.          \
        -exclude java.security.             \
        -exclude java.lang.invoke.          \
        -exclude java.util.                 \
        -exclude java.io.                   \
        -exclude java.nio.                  \
        -exclude java.sql.                  \
        -exclude java.net.                  \
        -exclude java.applet.               \
        -exclude java.rmi.                  \
        -exclude java.text.                 \
        -exclude java.util.logging.         \
        -exclude com.                       \
        -exclude com.sun.corba.se.impl.encoding. \
        -exclude com.sun.org.apache.xml.internal.utils. \
        -exclude com.sun.org.apache.bcel.internal.classfile. \
        -exclude com.sun.org.apache.xerces.internal.impl.xpath.regex. \
        -exclude com.sun.security.ntlm.     \
        -exclude com.sun.xml.internal.ws.model. \
        -exclude
com.sun.xml.internal.messaging.saaj.packaging.mime.internet. \
        -exclude com.sun.corba.se.impl.encoding. \
        -exclude javax.                     \
        -exclude javax.security.auth.       \
        -exclude org.                       \
        -exclude org.jcp.xml.dsig.internal.dom. \
        -exclude sun.                       \
        -exclude sun.awt.image.             \
        -exclude sun.net.www.               \
        -exclude sun.tools.jar.             \
        -exclude sun.rmi.server.            \
        -exclude sun.rmi.rmic.iiop.         \
        -exclude sun.text.normalizer.       \
        -exclude sun.print.                 \
        -exclude sunw.                      \
        -no-bodies-for-excluded             \
        -keep-line-number                   \
        -output-format S                    \
        -output-dir $OUTPUT_DIR             \
        -process-dir $TARGET_DIR
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20121217/59a03dd4/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: shiftRight.shimple
Type: application/octet-stream
Size: 4773 bytes
Desc: not available
Url : http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20121217/59a03dd4/attachment.obj 