[Soot-list] [bug report] missing case in tableswitch

Marc-André Laverdière marc-andre.laverdiere-papineau at polymtl.ca
Fri Dec 6 10:45:33 EST 2013 

Hi,

It looks like you have investigated the bug in depth!

Please put that on the github bug tracker and send a pull request with
your patch. That way you will have the credit for your fix forever in
the project history.

Marc-André Laverdière-Papineau
Doctorant - PhD Candidate

On 12/05/2013 04:28 PM, Dacong (Tony) Yan wrote:
> Hi,
> 
> The current version of Soot seems to miss the last non-default case in a
> tableswitch code block. This problem and its triggering test case were
> originally found by Shengqian Yang (cc'ed in this email).
> 
> To trigger the bug, here's a simple test case:
> 
> class A {
>   int f(int i) {
>     switch(i) {
>       case 1: return 1;
>       case 2: return 2;
>       case 3: return 3;
>       default: return -1;
>     }
>   }
> }
> 
> Bytecode:
> 
>    int f(int);
>        0: iload_1       
>        1: tableswitch   { // 1 to 3
>                      1: 28
>                      2: 30
>                      3: 32
>                default: 34
>           }
>       28: iconst_1      
>       29: ireturn       
>       30: iconst_2      
>       31: ireturn       
>       32: iconst_3      
>       33: ireturn       
>       34: iconst_m1     
>       35: ireturn
> 
> Jimple:
> 
>     int f(int)
>     {   
>         A r0; 
>         int i0; 
> 
>         r0 := @this: A;
>         i0 := @parameter0: int;
>         tableswitch(i0)
>         {
>             case 1: goto label0;
>             case 2: goto label1;
>             default: goto label3;
>         };
> 
>      label0:
>         return 1;
> 
>      label1:
>         return 2;
> 
>      label2:
>         return 3;
> 
>      label3:
>         return -1;
>     }
> 
> The "case 3" branch is missing in Jimple. Commit
> <https://github.com/Sable/soot/commit/71ffb6130ad1ed9daffa1d7e20a75453e74c3ebc>
> seems to be the root cause. Here's part of relevant diffs:
> 
> -        for(int i = lowIndex; i <= highIndex; i++)
> +        for(int i = lowIndex; i < highIndex; i++)
>          { ... }
> +        // in the for loop above, we cannot use "<=" since 'i' would
> wrap around
> +        if (highIndex == Integer.MAX_VALUE) {
> +          buffer.append("    case " + highIndex + ": goto " +
> +                    getTarget(highIndex - lowIndex) + ";"
> +                              + endOfLine);
> +        }
> 
> The case when "i == highIndex" is considered only if "highIndex ==
> Integer.MAX_VALUE". lowIndex and highIndex (inclusive) are indices into
> the switch table. For the above example, lowIndex is 1 and highIndex is 3.
> 
> To fix the bug, the body of if-statement should be executed unconditionally.
> 
> Thanks,
> Tony
> 
> -- 
> Dacong (Tony) Yan
> Ph.D. Student
> Computer Science and Engineering
> The Ohio State University, Columbus
> http://www.cse.ohio-state.edu/~yan
> 
> 
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>

More information about the Soot-list mailing list