Skip to content

Fix for FindReturnRef crash when the value of an expression is assigned to a field #3269

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jan 26, 2025
Merged

Fix for FindReturnRef crash when the value of an expression is assigned to a field #3269

merged 5 commits into from
Jan 26, 2025

Conversation

gtoison
Copy link
Contributor

@gtoison gtoison commented Jan 19, 2025

As reported in #3266 FindReturnRef crashes on:

        @Override
        public Builder setCharset(final Charset charset) {
            nullCharset = charset == null;
            return super.setCharset(charset);
        }

This seems to be triggered by the CFG optimization in:

spotbugs/spotbugs/src/main/java/edu/umd/cs/findbugs/ba/BetterCFGBuilder2.java

Lines 661 to 703 in 4f66ba3

if (i instanceof IFNULL || i instanceof IFNONNULL) {
IfInstruction ii = (IfInstruction) i;
InstructionHandle target = ii.getTarget();
InstructionHandle next1 = head.getNext(); // ICONST
if (next1 == null) {
break;
}
if (next1.getInstruction() instanceof ICONST) {
InstructionHandle next2 = next1.getNext(); // GOTO
if (next2 == null) {
break;
}
InstructionHandle next3 = next2.getNext(); // ICONST
if (next3 == null) {
break;
}
InstructionHandle next4 = next3.getNext();
if (next4 == null) {
break;
}
if (target.equals(next3) && next2.getInstruction() instanceof GOTO
&& next3.getInstruction() instanceof ICONST && next1.getTargeters().length == 0
&& next2.getTargeters().length == 0 && next3.getTargeters().length == 1
&& next4.getTargeters().length == 1) {
int c1 = ((ICONST) next1.getInstruction()).getValue().intValue();
GOTO g = (GOTO) next2.getInstruction();
int c2 = ((ICONST) next3.getInstruction()).getValue().intValue();
if (g.getTarget().equals(next4) && (c1 == 1 && c2 == 0 || c1 == 0 && c2 == 1)) {
boolean nullIsTrue = i instanceof IFNULL && c2 == 1 || i instanceof IFNONNULL && c2 == 0;
if (nullIsTrue) {
// System.out.println("Found NULL2Z instruction");
head.swapInstruction(new NULL2Z());
} else {
// System.out.println("Found NONNULL2Z instruction");
head.swapInstruction(new NONNULL2Z());
}
next3.removeAllTargeters();
next4.removeAllTargeters();
next1.swapInstruction(new NOP());
next2.swapInstruction(new NOP());
next3.swapInstruction(new NOP());

For instance the following bytecode:

     0  aload_0 [this]
     1  aload_1 [x]
     2  ifnonnull 9
     5  iconst_1
     6  goto 10
     9  iconst_0
    10  putfield ghIssues.Issue3266.initialized : boolean [2]
    13  return

Is transformed to add the synthetic (made up) NONNULL2Z instruction and the instruction targeters are removed.

See #3080

This should fix #3266

@gtoison gtoison added the bug label Jan 19, 2025
@gtoison
fix: check if the instruction has targeters before checking branches
690175a 
In case the CFG was optimized the instruction targeters are removed
@PhilippWendler PhilippWendler mentioned this pull request Jan 20, 2025
Closed
@gtoison gtoison marked this pull request as ready for review January 24, 2025 19:24
@gtoison
Copy link
Contributor Author

gtoison commented Jan 24, 2025

Although the symptoms are similar, #3265 is a different issue, I'll see if I can come up with a separate fix for it

@hazendaz hazendaz merged commit 9b8228e into spotbugs:master Jan 26, 2025
11 of 15 checks passed
@hazendaz hazendaz added this to the SpotBugs 4.9.1 milestone Feb 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hazendaz hazendaz hazendaz approved these changes

Assignees

@hazendaz hazendaz

@gtoison gtoison

Labels
bug
Projects
None yet
Milestone
SpotBugs 4.9.1
Development

Successfully merging this pull request may close these issues.

Exception analyzing org.apache.commons.io.input.BOMInputStream using detector edu.umd.cs.findbugs.detect.FindReturnRef
2 participants
@gtoison @hazendaz