Skip to content

Commit 1d4f26c

Browse files
romainbrenguierromainbrenguier
committed
Assign 0 to string length for null Java String
Although we should not reach this code if rhs is null, the association `pointer -> length` is added to the solver anyway, so we have to make sure the length of the string_exprt is set to something reasonable.
1 parent ff25fe2 commit 1d4f26c

File tree

2 files changed

+11
-5
lines changed

2 files changed

+11
-5
lines changed

src/java_bytecode/java_string_library_preprocess.cpp

+8-3
Original file line numberDiff line numberDiff line change
@@ -877,7 +877,7 @@ codet java_string_library_preprocesst::code_assign_string_expr_to_java_string(
877877
/// \param symbol_table: symbol table
878878
/// \param [out] code: code block that gets appended the following code:
879879
/// ~~~~~~~~~~~~~~~~~~~~~~
880-
/// lhs.length=rhs->length
880+
/// lhs.length = rhs==null ? 0 : rhs->length
881881
/// lhs.data=rhs->data
882882
/// ~~~~~~~~~~~~~~~~~~~~~~
883883
void java_string_library_preprocesst::code_assign_java_string_to_string_expr(
@@ -898,8 +898,13 @@ void java_string_library_preprocesst::code_assign_java_string_to_string_expr(
898898

899899
const dereference_exprt deref = checked_dereference(rhs, deref_type);
900900

901-
// Fields of the string object
902-
const exprt rhs_length = get_length(deref, symbol_table);
901+
// Although we should not reach this code if rhs is null, the association
902+
// `pointer -> length` is added to the solver anyway, so we have to make sure
903+
// the length is set to something reasonable.
904+
const auto rhs_length = if_exprt(
905+
equal_exprt(rhs, null_pointer_exprt(to_pointer_type(rhs.type()))),
906+
from_integer(0, lhs.length().type()),
907+
get_length(deref, symbol_table));
903908

904909
// Assignments
905910
code.add(code_assignt(lhs.length(), rhs_length), loc);

unit/java_bytecode/java_string_library_preprocess/convert_exprt_to_string_exprt.cpp

+3-2
Original file line numberDiff line numberDiff line change
@@ -68,10 +68,11 @@ TEST_CASE("Convert exprt to string exprt")
6868
std::regex_replace(line, spaces, " "), numbers, ""));
6969
}
7070

71-
const std::vector<std::string> reference_code = { // NOLINT
71+
const std::vector<std::string> reference_code = {
72+
// NOLINT
7273
"char *cprover_string_content;",
7374
"int cprover_string_length;",
74-
"cprover_string_length = a->length;",
75+
"cprover_string_length = a == null ? 0 : a->length;",
7576
"cprover_string_content = a->data;"};
7677

7778
for(std::size_t i = 0;

0 commit comments

Comments
 (0)