[Soot-list] [bug report] missing case in tableswitch

Dacong (Tony) Yan yan.379 at osu.edu
Thu Dec 5 16:28:11 EST 2013 

Hi,

The current version of Soot seems to miss the last non-default case in a
tableswitch code block. This problem and its triggering test case were
originally found by Shengqian Yang (cc'ed in this email).

To trigger the bug, here's a simple test case:

class A {
  int f(int i) {
    switch(i) {
      case 1: return 1;
      case 2: return 2;
      case 3: return 3;
      default: return -1;
    }
  }
}

Bytecode:

   int f(int);
       0: iload_1
       1: tableswitch   { // 1 to 3
                     1: 28
                     2: 30
                     3: 32
               default: 34
          }
      28: iconst_1
      29: ireturn
      30: iconst_2
      31: ireturn
      32: iconst_3
      33: ireturn
      34: iconst_m1
      35: ireturn

Jimple:

    int f(int)
    {
        A r0;
        int i0;

        r0 := @this: A;
        i0 := @parameter0: int;
        tableswitch(i0)
        {
            case 1: goto label0;
            case 2: goto label1;
            default: goto label3;
        };

     label0:
        return 1;

     label1:
        return 2;

     label2:
        return 3;

     label3:
        return -1;
    }

The "case 3" branch is missing in Jimple. Commit <
https://github.com/Sable/soot/commit/71ffb6130ad1ed9daffa1d7e20a75453e74c3ebc>
seems to be the root cause. Here's part of relevant diffs:

-        for(int i = lowIndex; i <= highIndex; i++)
+        for(int i = lowIndex; i < highIndex; i++)
         { ... }
+        // in the for loop above, we cannot use "<=" since 'i' would wrap
around
+        if (highIndex == Integer.MAX_VALUE) {
+          buffer.append("    case " + highIndex + ": goto " +
+                    getTarget(highIndex - lowIndex) + ";"
+                              + endOfLine);
+        }

The case when "i == highIndex" is considered only if "highIndex ==
Integer.MAX_VALUE". lowIndex and highIndex (inclusive) are indices into the
switch table. For the above example, lowIndex is 1 and highIndex is 3.

To fix the bug, the body of if-statement should be executed unconditionally.

Thanks,
Tony

-- 
Dacong (Tony) Yan
Ph.D. Student
Computer Science and Engineering
The Ohio State University, Columbus
http://www.cse.ohio-state.edu/~yan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20131205/7d91b640/attachment.html

More information about the Soot-list mailing list