search

soot-oss / SootUp

A new version of Soot with a completely overhauled architecture
https://soot-oss.github.io/SootUp/
GNU Lesser General Public License v2.1
546 stars 66 forks source link

[Bug]: Potential Issue in getType Method of JUshrExpr.java #960

Closed Momo-Not-Emo closed 3 hours ago

Momo-Not-Emo commented 2 weeks ago

What happened?

Dear SootUp Developers,

I have identified a potential issue in the getType method of JUshrExpr located at JUshrExpr.java: L56.

In the original Soot code, the getType method is implemented as follows:

@Override
public Type getType() {
  if (isIntLikeType(op2Box.getValue().getType())) {
    final Type t1 = op1Box.getValue().getType();
    if (isIntLikeType(t1)) {
      return IntType.v();
    }
    final LongType tyLong = LongType.v();
    if (tyLong.equals(t1)) {
      return LongType.v();
    }
  }
  return UnknownType.v();
}

However, in the refactored version in SootUp, the code is:

@Nonnull
@Override
public Type getType() {
  Value op1 = getOp1();
  Value op2 = getOp2();

  if (Type.isIntLikeType(op2.getType())) {
    return UnknownType.getInstance();
  }

  if (Type.isIntLikeType(op1.getType())) {
    return PrimitiveType.getInt();
  }
  if (op1.getType().equals(PrimitiveType.getLong())) {
    return PrimitiveType.getLong();
  }

  return UnknownType.getInstance();
}

I believe there is a logical error in the condition: 

if (Type.isIntLikeType(op2.getType())) {
  return UnknownType.getInstance();
}

It should be:

if (!Type.isIntLikeType(op2.getType())) {
  return UnknownType.getInstance();
}

This is consistent with other similar getType method implementations, such as the one found in JShrExpr.java: L57.

Version

Latest develop branch

Relevant log output

No response

swissiety commented 2 days ago

thx for finding this :+1: PR is on the way!