[Soot-list] Null pointer exception in Soot-transformed BigInteger
Phil Pratt-Szeliga
pcpratts at chirrup.org
Tue Dec 18 12:28:21 EST 2012
Hi Dan,
Can you post a full example that can show me the bug if I run a
command named "run"? I will make a patch.
Phil Pratt-Szeliga
Syracuse University
http://chirrup.org/
On Mon, Dec 17, 2012 at 6:57 AM, Eric Bodden <eric.bodden at ec-spride.de> wrote:
> Thanks for the detailed report.
>
> I wonder if the people who implemented Shimple are still around... I
> have personally never touched Shimple and don't feel quite qualified
> to fix this.
>
> Eric
>
> On 17 December 2012 07:35, Daniel Wainwright
> <wainwright.daniel at gmail.com> wrote:
>> Hi,
>>
>> I am using Soot to perform dynamic analysis on the JDK, and I am
>> experiencing a null-pointer exception after transforming the
>> java.math.BigInteger class. I have transformed this class with Soot with
>> none of my own transformations, only passing it through shimple. I then
>> execute it with the code
>>
>> BigInteger num = BigInteger.valueOf(17);
>> boolean b = num.isProbablePrime(50);
>>
>> which results in
>>
>> ---
>> Caused by: java.lang.NullPointerException
>> at java.math.BigInteger.<init>(BigInteger.java:924)
>> at java.math.BigInteger.shiftRight(BigInteger.java:2166)
>> at java.math.BigInteger.passesMillerRabin(BigInteger.java:894)
>> at java.math.BigInteger.primeToCertainty(BigInteger.java:739)
>> at java.math.BigInteger.isProbablePrime(BigInteger.java:2474)
>> at ProbablePrime.test(ProbablePrime.java:52)
>> at ProbablePrime.main(ProbablePrime.java:47)
>>
>>
>> It appears that the array passed to the constructor is null, which does not
>> appear possible from the source code (the last line in this function is
>> BigInteger.java:2166):
>>
>>
>> public BigInteger shiftRight(int n) {
>> if (n==0)
>> return this;
>> if (n<0) {
>> if (n == Integer.MIN_VALUE) {
>> throw new ArithmeticException("Shift distance of
>> Integer.MIN_VALUE not supported.");
>> } else {
>> return shiftLeft(-n);
>> }
>> }
>>
>> int nInts = n >>> 5;
>> int nBits = n & 0x1f;
>> int magLen = mag.length;
>> int newMag[] = null;
>>
>> // Special case: entire contents shifted off the end
>> if (nInts >= magLen)
>> return (signum >= 0 ? ZERO : negConst[1]);
>>
>> if (nBits == 0) {
>> int newMagLen = magLen - nInts;
>> newMag = new int[newMagLen];
>> for (int i=0; i<newMagLen; i++)
>> newMag[i] = mag[i];
>> } else {
>> int i = 0;
>> int highBits = mag[0] >>> nBits;
>> if (highBits != 0) {
>> newMag = new int[magLen - nInts];
>> newMag[i++] = highBits;
>> } else {
>> newMag = new int[magLen - nInts -1];
>> }
>>
>> int nBits2 = 32 - nBits;
>> int j=0;
>> while (j < magLen - nInts - 1)
>> newMag[i++] = (mag[j++] << nBits2) | (mag[j] >>> nBits);
>> }
>>
>> if (signum < 0) {
>> // Find out whether any one-bits were shifted off the end.
>> boolean onesLost = false;
>> for (int i=magLen-1, j=magLen-nInts; i>=j && !onesLost; i--)
>> onesLost = (mag[i] != 0);
>> if (!onesLost && nBits != 0)
>> onesLost = (mag[magLen - nInts - 1] << (32 - nBits) != 0);
>>
>> if (onesLost)
>> newMag = javaIncrement(newMag);
>> }
>>
>> return new BigInteger(newMag, signum);
>> }
>>
>>
>> Looking at the generated shimple (attached), it appears that there is a
>> phi-node missing from the final block in this function, which would be
>> needed to collect the different definitions of the array (r6).
>>
>> I am using Soot 2.5.0 and openjdk-7u6-fcs-src-b24-28_aug_2012. The command I
>> used to process the class with Soot was:
>>
>>
>> HOST_CP=$LIB_DIR/sootclasses-2.5.0.jar:$LIB_DIR/jasminclasses-2.5.0.jar:$LIB_DIR/polyglotclasses-1.3.5.jar
>> java -Xmx6G -cp $HOST_CP:$1 \
>> soot.Main \
>> -soot-class-path $TARGET_DIR \
>> -src-prec class \
>> --via-shimple \
>> -p sop enabled:true \
>> -p stp enabled:true \
>> -include-all \
>> -exclude java.lang.invoke. \
>> -exclude java.security. \
>> -exclude java.lang.invoke. \
>> -exclude java.util. \
>> -exclude java.io. \
>> -exclude java.nio. \
>> -exclude java.sql. \
>> -exclude java.net. \
>> -exclude java.applet. \
>> -exclude java.rmi. \
>> -exclude java.text. \
>> -exclude java.util.logging. \
>> -exclude com. \
>> -exclude com.sun.corba.se.impl.encoding. \
>> -exclude com.sun.org.apache.xml.internal.utils. \
>> -exclude com.sun.org.apache.bcel.internal.classfile. \
>> -exclude com.sun.org.apache.xerces.internal.impl.xpath.regex. \
>> -exclude com.sun.security.ntlm. \
>> -exclude com.sun.xml.internal.ws.model. \
>> -exclude
>> com.sun.xml.internal.messaging.saaj.packaging.mime.internet. \
>> -exclude com.sun.corba.se.impl.encoding. \
>> -exclude javax. \
>> -exclude javax.security.auth. \
>> -exclude org. \
>> -exclude org.jcp.xml.dsig.internal.dom. \
>> -exclude sun. \
>> -exclude sun.awt.image. \
>> -exclude sun.net.www. \
>> -exclude sun.tools.jar. \
>> -exclude sun.rmi.server. \
>> -exclude sun.rmi.rmic.iiop. \
>> -exclude sun.text.normalizer. \
>> -exclude sun.print. \
>> -exclude sunw. \
>> -no-bodies-for-excluded \
>> -keep-line-number \
>> -output-format S \
>> -output-dir $OUTPUT_DIR \
>> -process-dir $TARGET_DIR
>>
>>
>> _______________________________________________
>> Soot-list mailing list
>> Soot-list at sable.mcgill.ca
>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>>
>
>
>
> --
> Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
> Head of Secure Software Engineering Group at EC SPRIDE
> Tel: +49 6151 16-75422 Fax: +49 6151 16-72051
> Room 3.2.14, Mornewegstr. 30, 64293 Darmstadt
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>
>
More information about the Soot-list
mailing list