[Soot-list] Null pointer exception in Soot-transformed BigInteger
Eric Bodden
eric.bodden at ec-spride.de
Mon Dec 17 06:57:12 EST 2012
Thanks for the detailed report.
I wonder if the people who implemented Shimple are still around... I
have personally never touched Shimple and don't feel quite qualified
to fix this.
Eric
On 17 December 2012 07:35, Daniel Wainwright
<wainwright.daniel at gmail.com> wrote:
> Hi,
>
> I am using Soot to perform dynamic analysis on the JDK, and I am
> experiencing a null-pointer exception after transforming the
> java.math.BigInteger class. I have transformed this class with Soot with
> none of my own transformations, only passing it through shimple. I then
> execute it with the code
>
> BigInteger num = BigInteger.valueOf(17);
> boolean b = num.isProbablePrime(50);
>
> which results in
>
> ---
> Caused by: java.lang.NullPointerException
> at java.math.BigInteger.<init>(BigInteger.java:924)
> at java.math.BigInteger.shiftRight(BigInteger.java:2166)
> at java.math.BigInteger.passesMillerRabin(BigInteger.java:894)
> at java.math.BigInteger.primeToCertainty(BigInteger.java:739)
> at java.math.BigInteger.isProbablePrime(BigInteger.java:2474)
> at ProbablePrime.test(ProbablePrime.java:52)
> at ProbablePrime.main(ProbablePrime.java:47)
>
>
> It appears that the array passed to the constructor is null, which does not
> appear possible from the source code (the last line in this function is
> BigInteger.java:2166):
>
>
> public BigInteger shiftRight(int n) {
> if (n==0)
> return this;
> if (n<0) {
> if (n == Integer.MIN_VALUE) {
> throw new ArithmeticException("Shift distance of
> Integer.MIN_VALUE not supported.");
> } else {
> return shiftLeft(-n);
> }
> }
>
> int nInts = n >>> 5;
> int nBits = n & 0x1f;
> int magLen = mag.length;
> int newMag[] = null;
>
> // Special case: entire contents shifted off the end
> if (nInts >= magLen)
> return (signum >= 0 ? ZERO : negConst[1]);
>
> if (nBits == 0) {
> int newMagLen = magLen - nInts;
> newMag = new int[newMagLen];
> for (int i=0; i<newMagLen; i++)
> newMag[i] = mag[i];
> } else {
> int i = 0;
> int highBits = mag[0] >>> nBits;
> if (highBits != 0) {
> newMag = new int[magLen - nInts];
> newMag[i++] = highBits;
> } else {
> newMag = new int[magLen - nInts -1];
> }
>
> int nBits2 = 32 - nBits;
> int j=0;
> while (j < magLen - nInts - 1)
> newMag[i++] = (mag[j++] << nBits2) | (mag[j] >>> nBits);
> }
>
> if (signum < 0) {
> // Find out whether any one-bits were shifted off the end.
> boolean onesLost = false;
> for (int i=magLen-1, j=magLen-nInts; i>=j && !onesLost; i--)
> onesLost = (mag[i] != 0);
> if (!onesLost && nBits != 0)
> onesLost = (mag[magLen - nInts - 1] << (32 - nBits) != 0);
>
> if (onesLost)
> newMag = javaIncrement(newMag);
> }
>
> return new BigInteger(newMag, signum);
> }
>
>
> Looking at the generated shimple (attached), it appears that there is a
> phi-node missing from the final block in this function, which would be
> needed to collect the different definitions of the array (r6).
>
> I am using Soot 2.5.0 and openjdk-7u6-fcs-src-b24-28_aug_2012. The command I
> used to process the class with Soot was:
>
>
> HOST_CP=$LIB_DIR/sootclasses-2.5.0.jar:$LIB_DIR/jasminclasses-2.5.0.jar:$LIB_DIR/polyglotclasses-1.3.5.jar
> java -Xmx6G -cp $HOST_CP:$1 \
> soot.Main \
> -soot-class-path $TARGET_DIR \
> -src-prec class \
> --via-shimple \
> -p sop enabled:true \
> -p stp enabled:true \
> -include-all \
> -exclude java.lang.invoke. \
> -exclude java.security. \
> -exclude java.lang.invoke. \
> -exclude java.util. \
> -exclude java.io. \
> -exclude java.nio. \
> -exclude java.sql. \
> -exclude java.net. \
> -exclude java.applet. \
> -exclude java.rmi. \
> -exclude java.text. \
> -exclude java.util.logging. \
> -exclude com. \
> -exclude com.sun.corba.se.impl.encoding. \
> -exclude com.sun.org.apache.xml.internal.utils. \
> -exclude com.sun.org.apache.bcel.internal.classfile. \
> -exclude com.sun.org.apache.xerces.internal.impl.xpath.regex. \
> -exclude com.sun.security.ntlm. \
> -exclude com.sun.xml.internal.ws.model. \
> -exclude
> com.sun.xml.internal.messaging.saaj.packaging.mime.internet. \
> -exclude com.sun.corba.se.impl.encoding. \
> -exclude javax. \
> -exclude javax.security.auth. \
> -exclude org. \
> -exclude org.jcp.xml.dsig.internal.dom. \
> -exclude sun. \
> -exclude sun.awt.image. \
> -exclude sun.net.www. \
> -exclude sun.tools.jar. \
> -exclude sun.rmi.server. \
> -exclude sun.rmi.rmic.iiop. \
> -exclude sun.text.normalizer. \
> -exclude sun.print. \
> -exclude sunw. \
> -no-bodies-for-excluded \
> -keep-line-number \
> -output-format S \
> -output-dir $OUTPUT_DIR \
> -process-dir $TARGET_DIR
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>
--
Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
Head of Secure Software Engineering Group at EC SPRIDE
Tel: +49 6151 16-75422 Fax: +49 6151 16-72051
Room 3.2.14, Mornewegstr. 30, 64293 Darmstadt
More information about the Soot-list
mailing list