Merge pull request #1229 from smowton/smowton/feature/use_null_check_annotation_everywhere

Use null check annotation everywhere

Author: smowton

regression/cbmc-java/stack_var4/test.desc

@@ -3,8 +3,6 @@ stack_test.class
 
 ^EXIT=0$
 ^SIGNAL=0$
-^.*assertion at file stack_test.java line 5 function.*: SUCCESS
-$
 ^VERIFICATION SUCCESSFUL$
 --
 ^warning: ignoring

regression/cbmc-java/stack_var5/test.desc

@@ -3,8 +3,6 @@ stack_test.class
 
 ^EXIT=0$
 ^SIGNAL=0$
-^.*assertion at file stack_test.java line 5 function.*: SUCCESS
-$
 ^VERIFICATION SUCCESSFUL$
 --
 ^warning: ignoring

regression/cbmc-java/stack_var6/test.desc

@@ -3,8 +3,6 @@ stack_test.class
 
 ^EXIT=0$
 ^SIGNAL=0$
-^.*assertion at file stack_test.java line 5 function.*: SUCCESS
-$
 ^VERIFICATION SUCCESSFUL$
 --
 ^warning: ignoring

regression/cbmc-java/stack_var7/test.desc

@@ -3,8 +3,6 @@ stack_test.class
 
 ^EXIT=0$
 ^SIGNAL=0$
-^.*assertion at file stack_test.java line 5 function.*: SUCCESS
-$
 ^VERIFICATION SUCCESSFUL$
 --
 ^warning: ignoring

regression/strings/StaticCharMethods05/test.desc

@@ -3,7 +3,7 @@ StaticCharMethods05.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[pointer_dereference\.2\] reference is null in \*this->data: FAILURE$
+null-pointer-exception\.14\] Throw null: FAILURE
 ^\[.*assertion\.1\] .* line 12 .* FAILURE$
 ^\[.*assertion\.2\] .* line 22 .* FAILURE$
 ^VERIFICATION FAILED$

src/analyses/goto_check.cpp

@@ -909,7 +909,7 @@ void goto_checkt::pointer_validity_check(
   const exprt &access_ub,
   const irep_idt &mode)
 {
-  if(mode!=ID_java && !enable_pointer_check)
+  if(!enable_pointer_check)
     return;
 
   const exprt &pointer=expr.op0();

src/java_bytecode/java_bytecode_convert_method.cpp

@@ -524,9 +524,7 @@ static member_exprt to_member(const exprt &pointer, const exprt &fieldref)
   exprt pointer2=
     typecast_exprt(pointer, java_reference_type(class_type));
 
-  dereference_exprt obj_deref(pointer2, class_type);
-  // tag it so it's easy to identify during instrumentation
-  obj_deref.set(ID_java_member_access, true);
+  dereference_exprt obj_deref=checked_dereference(pointer2, class_type);
 
   const member_exprt member_expr(
     obj_deref,

src/java_bytecode/java_bytecode_instrument.cpp

@@ -29,15 +29,11 @@ class java_bytecode_instrumentt:public messaget
   java_bytecode_instrumentt(
     symbol_tablet &_symbol_table,
     const bool _throw_runtime_exceptions,
-    message_handlert &_message_handler,
-    const size_t _max_array_length,
-    const size_t _max_tree_depth):
+    message_handlert &_message_handler):
     messaget(_message_handler),
     symbol_table(_symbol_table),
     throw_runtime_exceptions(_throw_runtime_exceptions),
-    message_handler(_message_handler),
-    max_array_length(_max_array_length),
-    max_tree_depth(_max_tree_depth)
+    message_handler(_message_handler)
     {
     }
 
@@ -47,8 +43,6 @@ class java_bytecode_instrumentt:public messaget
   symbol_tablet &symbol_table;
   const bool throw_runtime_exceptions;
   message_handlert &message_handler;
-  const size_t max_array_length;
-  const size_t max_tree_depth;
 
   codet throw_exception(
     const exprt &cond,
@@ -566,29 +560,52 @@ void java_bytecode_instrumentt::operator()(exprt &expr)
   instrument_code(expr);
 }
 
+/// Instruments the code attached to `symbol` with
+/// runtime exceptions or corresponding assertions.
+/// Exceptions are thrown when the `throw_runtime_exceptions` flag is set.
+/// Otherwise, assertions are emitted.
+/// \param symbol_table: global symbol table (may gain exception type stubs and
+///   similar)
+/// \param symbol: the symbol to instrument
+/// \param throw_runtime_exceptions: flag determining whether we instrument the
+///   code with runtime exceptions or with assertions. The former applies if
+///   this flag is set to true.
+/// \param message_handler: stream to report status and warnings
+void java_bytecode_instrument_symbol(
+  symbol_tablet &symbol_table,
+  symbolt &symbol,
+  const bool throw_runtime_exceptions,
+  message_handlert &message_handler)
+{
+  java_bytecode_instrumentt instrument(
+    symbol_table,
+    throw_runtime_exceptions,
+    message_handler);
+  INVARIANT(
+    symbol.value.id()==ID_code,
+    "java_bytecode_instrument expects a code-typed symbol");
+  instrument(symbol.value);
+}
+
 /// Instruments all the code in the symbol_table with
 /// runtime exceptions or corresponding assertions.
 /// Exceptions are thrown when the `throw_runtime_exceptions` flag is set.
 /// Otherwise, assertions are emitted.
-/// \par parameters: `symbol_table`: the symbol table to instrument
-/// `throw_runtime_exceptions`: flag determining whether we instrument the code
-/// with runtime exceptions or with assertions. The former applies if this flag
-/// is set to true.
-/// `max_array_length`: maximum array length; the only reason we need this is
-/// in order to be able to call the object factory to create exceptions.
+/// \param symbol_table: global symbol table, all of whose code members
+///   will be annotated (may gain exception type stubs and similar)
+/// \param throw_runtime_exceptions: flag determining whether we instrument the
+///   code with runtime exceptions or with assertions. The former applies if
+///   this flag is set to true.
+/// \param message_handler: stream to report status and warnings
 void java_bytecode_instrument(
   symbol_tablet &symbol_table,
   const bool throw_runtime_exceptions,
-  message_handlert &message_handler,
-  const size_t max_array_length,
-  const size_t max_tree_depth)
+  message_handlert &message_handler)
 {
   java_bytecode_instrumentt instrument(
     symbol_table,
     throw_runtime_exceptions,
-    message_handler,
-    max_array_length,
-    max_tree_depth);
+    message_handler);
 
   std::vector<irep_idt> symbols_to_instrument;
   forall_symbols(s_it, symbol_table.symbols)
@@ -600,9 +617,5 @@ void java_bytecode_instrument(
   // instrument(...) can add symbols to the table, so it's
   // not safe to hold a reference to a symbol across a call.
   for(const auto &symbol : symbols_to_instrument)
-  {
-    exprt value=symbol_table.lookup(symbol).value;
-    instrument(value);
-    symbol_table.lookup(symbol).value=value;
-  }
+    instrument(symbol_table.lookup(symbol).value);
 }

src/java_bytecode/java_bytecode_instrument.h

@@ -11,10 +11,15 @@ Date:   June 2017
 #ifndef CPROVER_JAVA_BYTECODE_JAVA_BYTECODE_INSTRUMENT_H
 #define CPROVER_JAVA_BYTECODE_JAVA_BYTECODE_INSTRUMENT_H
 
+void java_bytecode_instrument_symbol(
+  symbol_tablet &symbol_table,
+  symbolt &symbol,
+  const bool throw_runtime_exceptions,
+  message_handlert &_message_handler);
+
 void java_bytecode_instrument(
   symbol_tablet &symbol_table,
   const bool throw_runtime_exceptions,
-  message_handlert &_message_handler,
-  const size_t max_array_length,
-  const size_t max_depth);
+  message_handlert &_message_handler);
+
 #endif

src/java_bytecode/java_bytecode_language.cpp

@@ -459,9 +459,7 @@ bool java_bytecode_languaget::typecheck(
   java_bytecode_instrument(
     symbol_table,
     throw_runtime_exceptions,
-    get_message_handler(),
-    max_nondet_array_length,
-    max_nondet_tree_depth);
+    get_message_handler());
 
   // now typecheck all
   if(java_bytecode_typecheck(
@@ -746,6 +744,13 @@ void java_bytecode_languaget::replace_string_methods(
       // Replace body of the function by code generated by string preprocess
       symbolt &symbol=context.lookup(id);
       symbol.value=generated_code;
+      // Specifically instrument the new code, since this comes after the
+      // blanket instrumentation pass called before typechecking.
+      java_bytecode_instrument_symbol(
+        context,
+        symbol,
+        throw_runtime_exceptions,
+        get_message_handler());
     }
   }
 }