Skip to content

Commit 3c59dc9

Browse files
smowtonsmowton
committed
Check for null this-argument at virtual callsites
1 parent 04c957d commit 3c59dc9

File tree

7 files changed

+18
-1
lines changed

7 files changed

+18
-1
lines changed

regression/cbmc-java/NondetArray2/NondetArray2.class

28 Bytes
Binary file not shown.

regression/cbmc-java/NondetArray2/NondetArray2.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ void main()
88

99
int num = 0;
1010
for (Integer i : ints) {
11+
if(i == null)
12+
continue;
1113
num *= i.intValue();
1214
}
1315
assert num == 0;

regression/cbmc-java/NondetArray3/NondetArray3.class

28 Bytes
Binary file not shown.

regression/cbmc-java/NondetArray3/NondetArray3.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@ void main()
99

1010
int num = 0;
1111
for (Integer i : ints) {
12+
if(i == null)
13+
continue;
1214
num *= i.intValue();
1315
}
1416
assert num == 0;

regression/cbmc-java/lazyloading3/test.class

8 Bytes
Binary file not shown.

regression/cbmc-java/lazyloading3/test.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ public class test
55
{
66
public static void main(C c)
77
{
8-
if(c==null)
8+
if(c==null || c.a==null)
99
return;
1010
c.a.f();
1111
}

src/java_bytecode/java_bytecode_instrument.cpp

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -453,6 +453,19 @@ void java_bytecode_instrumentt::instrument_code(exprt &expr)
453453
add_expr_instrumentation(block, code_function_call.lhs());
454454
add_expr_instrumentation(block, code_function_call.function());
455455

456+
const code_typet &function_type=
457+
to_code_type(code_function_call.function().type());
458+
459+
// Check for a null this-argument of a virtual call:
460+
if(function_type.has_this())
461+
{
462+
block.copy_to_operands(
463+
check_null_dereference(
464+
code_function_call.arguments()[0],
465+
code_function_call.source_location(),
466+
true));
467+
}
468+
456469
for(const auto &arg : code_function_call.arguments())
457470
add_expr_instrumentation(block, arg);
458471

0 commit comments

Comments
 (0)