[Soot-list] Null pointer exception in Soot-transformed BigInteger
Daniel Wainwright
wainwright.daniel at gmail.com
Mon Dec 17 01:35:55 EST 2012
Hi,
I am using Soot to perform dynamic analysis on the JDK, and I am
experiencing a null-pointer exception after transforming the
java.math.BigInteger class. I have transformed this class with Soot with
none of my own transformations, only passing it through shimple. I then
execute it with the code
BigInteger num = BigInteger.valueOf(17);
boolean b = num.isProbablePrime(50);
which results in
---
Caused by: java.lang.NullPointerException
at java.math.BigInteger.<init>(BigInteger.java:924)
at java.math.BigInteger.shiftRight(BigInteger.java:2166)
at java.math.BigInteger.passesMillerRabin(BigInteger.java:894)
at java.math.BigInteger.primeToCertainty(BigInteger.java:739)
at java.math.BigInteger.isProbablePrime(BigInteger.java:2474)
at ProbablePrime.test(ProbablePrime.java:52)
at ProbablePrime.main(ProbablePrime.java:47)
It appears that the array passed to the constructor is null, which does not
appear possible from the source code (the last line in this function is
BigInteger.java:2166):
public BigInteger shiftRight(int n) {
if (n==0)
return this;
if (n<0) {
if (n == Integer.MIN_VALUE) {
throw new ArithmeticException("Shift distance of
Integer.MIN_VALUE not supported.");
} else {
return shiftLeft(-n);
}
}
int nInts = n >>> 5;
int nBits = n & 0x1f;
int magLen = mag.length;
int newMag[] = null;
// Special case: entire contents shifted off the end
if (nInts >= magLen)
return (signum >= 0 ? ZERO : negConst[1]);
if (nBits == 0) {
int newMagLen = magLen - nInts;
newMag = new int[newMagLen];
for (int i=0; i<newMagLen; i++)
newMag[i] = mag[i];
} else {
int i = 0;
int highBits = mag[0] >>> nBits;
if (highBits != 0) {
newMag = new int[magLen - nInts];
newMag[i++] = highBits;
} else {
newMag = new int[magLen - nInts -1];
}
int nBits2 = 32 - nBits;
int j=0;
while (j < magLen - nInts - 1)
newMag[i++] = (mag[j++] << nBits2) | (mag[j] >>> nBits);
}
if (signum < 0) {
// Find out whether any one-bits were shifted off the end.
boolean onesLost = false;
for (int i=magLen-1, j=magLen-nInts; i>=j && !onesLost; i--)
onesLost = (mag[i] != 0);
if (!onesLost && nBits != 0)
onesLost = (mag[magLen - nInts - 1] << (32 - nBits) != 0);
if (onesLost)
newMag = javaIncrement(newMag);
}
return new BigInteger(newMag, signum);
}
Looking at the generated shimple (attached), it appears that there is a
phi-node missing from the final block in this function, which would be
needed to collect the different definitions of the array (r6).
I am using Soot 2.5.0 and openjdk-7u6-fcs-src-b24-28_aug_2012. The command
I used to process the class with Soot was:
HOST_CP=$LIB_DIR/sootclasses-2.5.0.jar:$LIB_DIR/jasminclasses-2.5.0.jar:$LIB_DIR/polyglotclasses-1.3.5.jar
java -Xmx6G -cp $HOST_CP:$1 \
soot.Main \
-soot-class-path $TARGET_DIR \
-src-prec class \
--via-shimple \
-p sop enabled:true \
-p stp enabled:true \
-include-all \
-exclude java.lang.invoke. \
-exclude java.security. \
-exclude java.lang.invoke. \
-exclude java.util. \
-exclude java.io. \
-exclude java.nio. \
-exclude java.sql. \
-exclude java.net. \
-exclude java.applet. \
-exclude java.rmi. \
-exclude java.text. \
-exclude java.util.logging. \
-exclude com. \
-exclude com.sun.corba.se.impl.encoding. \
-exclude com.sun.org.apache.xml.internal.utils. \
-exclude com.sun.org.apache.bcel.internal.classfile. \
-exclude com.sun.org.apache.xerces.internal.impl.xpath.regex. \
-exclude com.sun.security.ntlm. \
-exclude com.sun.xml.internal.ws.model. \
-exclude
com.sun.xml.internal.messaging.saaj.packaging.mime.internet. \
-exclude com.sun.corba.se.impl.encoding. \
-exclude javax. \
-exclude javax.security.auth. \
-exclude org. \
-exclude org.jcp.xml.dsig.internal.dom. \
-exclude sun. \
-exclude sun.awt.image. \
-exclude sun.net.www. \
-exclude sun.tools.jar. \
-exclude sun.rmi.server. \
-exclude sun.rmi.rmic.iiop. \
-exclude sun.text.normalizer. \
-exclude sun.print. \
-exclude sunw. \
-no-bodies-for-excluded \
-keep-line-number \
-output-format S \
-output-dir $OUTPUT_DIR \
-process-dir $TARGET_DIR
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20121217/59a03dd4/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: shiftRight.shimple
Type: application/octet-stream
Size: 4773 bytes
Desc: not available
Url : http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20121217/59a03dd4/attachment.obj
More information about the Soot-list
mailing list