[Soot-list] Soot typing issue: local gets the null_type

Todd Wallentine tcw at ksu.edu
Wed Apr 5 17:28:52 EDT 2006 

I am the lead developer of the Bandera project 
(http://bandera.projects.cis.ksu.edu, which uses Soot).  I had a user 
find an issue that I would like some help with.

The Bandera user was finding that the typing information that was 
created by Soot for a local was incorrect/unexpected (which was causing 
Bandera to cough-n-sputter).  I was wondering if this is a bug or simply 
my lack of understand of what the type system should generate?

Here is some sample code that shows this behavior:
public class Test {
         public static void main(String[] args) {
                 Foo f = new Foo();
                 f = null;
                 f.inc();
         }
}

class Foo {
         private int i ;

         public Foo() {
                 i = 0;
         }

         public void inc() {
                 i++;
         }
}


Which produces the following Jimple:
public class Test extends java.lang.Object
{

     public void <init>()
     {
         Test r0;

         r0 := @this: Test;
         specialinvoke r0.<java.lang.Object: void <init>()>();
         return;
     }

     public static void main(java.lang.String[])
     {
         java.lang.String[] r0;
         Foo $r1, r2;
         null_type n0;

         r0 := @parameter0: java.lang.String[];
         $r1 = new Foo;
         specialinvoke $r1.<Foo: void <init>()>();
         r2 = $r1;
         n0 = null;
         virtualinvoke n0.<Foo: void inc()>();
         return;
     }
}

My concern is with the n0 temporary variable that is created of type 
null_type instead of using the $r1 and $r2 variables (which have the Foo 
type).

After seeing this I also experimented with making that local a field 
instead which produces my expected results:
public class Test {
         private static Foo f;
         public static void main(String[] args) {
                 f = new Foo();
                 f = null;
                 f.inc();
         }
}

class Foo {
         private int i ;

         public Foo() {
                 i = 0;
         }

         public void inc() {
                 i++;
         }
}

public class Test extends java.lang.Object
{
     private static Foo f;

     public void <init>()
     {
         Test r0;

         r0 := @this: Test;
         specialinvoke r0.<java.lang.Object: void <init>()>();
         return;
     }

     public static void main(java.lang.String[])
     {
         java.lang.String[] r0;
         Foo $r1, $r2;

         r0 := @parameter0: java.lang.String[];
         $r1 = new Foo;
         specialinvoke $r1.<Foo: void <init>()>();
         <Test: Foo f> = $r1;
         <Test: Foo f> = null;
         $r2 = <Test: Foo f>;
         virtualinvoke $r2.<Foo: void inc()>();
         return;
     }
}

To reiterate the question, is this a bug or my lack of understanding of 
what the type system can/should provide?

thanks,
Todd Wallentine

More information about the Soot-list mailing list