Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NPE of javassist.bytecode.stackmap.TypeData #464

Open
happybeo opened this issue Oct 12, 2023 · 1 comment
Open

NPE of javassist.bytecode.stackmap.TypeData #464

happybeo opened this issue Oct 12, 2023 · 1 comment

Comments

@happybeo
Copy link

javassist_version=3.28.0-GA

This is the Stacktrace:

getArrayType:888, TypeData$ClassName (javassist.bytecode.stackmap)
fixTypes1:424, TypeData$TypeVar (javassist.bytecode.stackmap)
fixTypes:416, TypeData$TypeVar (javassist.bytecode.stackmap)
dfs:362, TypeData$TypeVar (javassist.bytecode.stackmap)
dfs:345, TypeData$TypeVar (javassist.bytecode.stackmap)
dfs:345, TypeData$TypeVar (javassist.bytecode.stackmap)
dfs:345, TypeData$TypeVar (javassist.bytecode.stackmap)
dfs:345, TypeData$TypeVar (javassist.bytecode.stackmap)
dfs:345, TypeData$TypeVar (javassist.bytecode.stackmap)
dfs:345, TypeData$TypeVar (javassist.bytecode.stackmap)
fixTypes:398, MapMaker (javassist.bytecode.stackmap)
make:175, MapMaker (javassist.bytecode.stackmap)
make:116, MapMaker (javassist.bytecode.stackmap)
rebuildStackMap:458, MethodInfo (javassist.bytecode)
rebuildStackMapIf6:440, MethodInfo (javassist.bytecode)
doit:588, CodeConverter (javassist)
instrument:1543, CtClassType (javassist)
transform:69, InstrumentationTransform$setup$2 (com.tencent.shadow.core.transform.specific)
lambda 'forEach' in 'fireAll':42, AbstractTransformManager (com.tencent.shadow.core.transform_kit)
forEach:1819, AbstractTransformManager (com.tencent.shadow.core.transform_kit)
lambda 'forEach' in 'fireAll':41, AbstractTransformManager (com.tencent.shadow.core.transform_kit)
forEach:1819, AbstractTransformManager (com.tencent.shadow.core.transform_kit)
fireAll:40, AbstractTransformManager (com.tencent.shadow.core.transform_kit)
onTransform:61, AbstractTransform (com.tencent.shadow.core.transform_kit)
transform:185, ClassTransform (com.tencent.shadow.core.transform_kit)
call:284, TransformTask$2 (com.android.build.gradle.internal.pipeline)

### i have traced the code and find the cause of the NPE, but i don't know whether this is a bug or other problem?

private void fixTypes(List<TypeData> scc, ClassPool cp) throws NotFoundException {
        ... ...

        if (isBasicType) {
            is2WordType = kind.is2WordType();	// necessary?
            fixTypes1(scc, kind);
        }
        else {
            **************this call get a null typeName**********
            String typeName = fixTypes2(scc, lowersSet, cp);  

            ***********this func don't check the typeName,  it will get a NPE**********
            fixTypes1(scc, new ClassName(typeName)); 
        }
    }

private String fixTypes2(List<TypeData> scc, Set<String> lowersSet, ClassPool cp) throws NotFoundException {
        Iterator<String> it = lowersSet.iterator();
        if (lowersSet.size() == 0)
            ******************this reture a null className****************
            return null;      // only NullType
        else if (lowersSet.size() == 1)
            return it.next();
        else {
            ... ...
        }
    }

private void fixTypes1(List<TypeData> scc, TypeData kind) throws NotFoundException {
        int size = scc.size();
        for (int i = 0; i < size; i++) {
            TypeVar cv = (TypeVar)scc.get(i);

            **********************index at a null className will throw NPE************************
            TypeData kind2 = kind.getArrayType(-cv.dimension); 


            if (kind2.isBasicType() == null)
                cv.fixedType = kind2.getName();
            else {
                ... ...
            }
        }
    }
@shifujun
Copy link
Contributor

This is definitely a bug. Just by looking at it, you can guess that it should most likely be changed like this:

                if (typeName == null)
                    kind = new NullType();
                else
                    kind = new ClassName(typeName);
                fixTypes1(scc, kind);

However, we shouldn't fix a bug without reproducible use cases. How to reproduce this scene is too difficult. I tried for a long time and couldn't construct this example.

Among the existing test cases, only test83StackmapWithArrayType can reproduce the scenario where cv.dimension is not equal to 0. But it is difficult to construct a situation where lowersSet is empty.

If you can provide an example of reproducing the bug, I believe it will be easy for us to submit a PR that can be incorporated.

————
translate from:
这肯定是一个Bug。简单看一下就可以猜到大概率应该这样改:

但是,我们不应该在没有复现用例的情况下修复一个bug。如何复现这个场景太难了,我试了好久都不能构造出这个例子。

现有都测试用例中只有test83StackmapWithArrayType可以复现cv.dimension不等于0的场景。但是很难构造出lowersSet是空的情况。

如果你能提供复现bug的例子,我相信我们很容易提一个可以合入的PR。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shifujun @happybeo