SONARJAVA-1391 Rely on symbolic value on stack rather than symbol

benzonico · benzonico · commit e074e6d04955 · 2015-12-18T16:22:21.000+01:00
Relying on symbols lead to trouble when symbol is unknown. It is better to rely
on the symbolic value wee already created and is available on the stack
diff --git a/java-squid/src/main/java/org/sonar/java/se/ExplodedGraphWalker.java b/java-squid/src/main/java/org/sonar/java/se/ExplodedGraphWalker.java
@@ -455,10 +455,11 @@ private void executeLogicalAssignement(AssignmentExpressionTree tree) {
     ExpressionTree variable = tree.variable();
     if (variable.is(Tree.Kind.IDENTIFIER)) {
       ProgramState.Pop unstack = programState.unstackValue(2);
+      SymbolicValue assignedTo = unstack.values.get(0);
       SymbolicValue value = unstack.values.get(1);
       programState = unstack.state;
       SymbolicValue symbolicValue = constraintManager.createSymbolicValue(tree);
-      symbolicValue.computedFrom(ImmutableList.of(programState.getValue(((IdentifierTree) variable).symbol()), value));
+      symbolicValue.computedFrom(ImmutableList.of(assignedTo, value));
       programState = programState.put(((IdentifierTree) variable).symbol(), symbolicValue);
       programState = programState.stackValue(symbolicValue);
     }
diff --git a/java-squid/src/test/files/se/Reproducer.java b/java-squid/src/test/files/se/Reproducer.java
@@ -112,4 +112,8 @@ void foo() {
     object2.toString(); // not accessible with null value
   }
 
+  void assignUnknownSymbol() {
+    unknown |= false;
+  }
+
 }

Original file line number	Diff line number	Diff line change
`@@ -112,4 +112,8 @@ void foo() {`
`112`	`112`	`object2.toString(); // not accessible with null value`
`113`	`113`	`}`
`114`	`114`
	`115`	`+ void assignUnknownSymbol() {`
	`116`	`+ unknown \|= false;`
	`117`	`+ }`
	`118`	`+`
`115`	`119`	`}`