Skip to content

Java bytecode front-end: do not crash upon invalid class names#8764

Open
tautschnig wants to merge 1 commit intodiffblue:developfrom
tautschnig:fix-728-jbmc-core-dump
Open

Java bytecode front-end: do not crash upon invalid class names#8764
tautschnig wants to merge 1 commit intodiffblue:developfrom
tautschnig:fix-728-jbmc-core-dump

Conversation

@tautschnig
Copy link
Collaborator

@tautschnig tautschnig commented Nov 30, 2025

Do not make unchecked use of the result of java_type_from_string.

Fixes: #728
Fixes: #849

  • Each commit message has a non-empty body, explaining why the change was made.
  • n/a Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
  • n/a The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
  • Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
  • n/a My commit message includes data points confirming performance improvements (if claimed).
  • My PR is restricted to a single feature or bugfix.
  • n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

@tautschnig tautschnig self-assigned this Feb 24, 2026
@tautschnig @kiro-agent
Java bytecode front-end: do not crash upon invalid class names
67824f0 
Do not make unchecked use of the result of `java_type_from_string`.
Where `java_type_from_string` returns an empty optional for malformed
type descriptors, either throw an `unsupported_java_class_signature_exceptiont`
(in the parser, where it is caught and reported as an error) or use
`CHECK_RETURN` to fail with a clear diagnostic instead of undefined behavior.

Fix build errors: use `what()` instead of `str()` on the exception (which
inherits from `std::logic_error`), and use the renamed variable
`method_type_opt` consistently.

Fixes: diffblue#728
Fixes: diffblue#849

Co-authored-by: Kiro <kiro-agent@users.noreply.github.com>
@tautschnig tautschnig force-pushed the fix-728-jbmc-core-dump branch from 5e633f1 to 67824f0 Compare March 18, 2026 22:36
@tautschnig tautschnig marked this pull request as ready for review March 18, 2026 22:36
Copilot AI review requested due to automatic review settings March 18, 2026 22:36
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR aims to prevent JBMC’s Java bytecode front-end from crashing on malformed/invalid class/type names by avoiding unchecked dereferences of java_type_from_string results and by adding an explicit error-handling path in the parser.

Changes:

  • Add exception throwing for some malformed signatures in java_type_from_string and add additional checks around recursive parsing results.
  • Add handling for unsupported_java_class_signature_exceptiont in java_bytecode_parsert::parse().
  • Replace several *java_type_from_string(...) dereferences with intermediate optionals + validation in parser/converter code.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 16 comments.

File Description
jbmc/src/java_bytecode/java_types.cpp Adds additional validation/exception behavior when parsing descriptors/signatures and refactors some call sites to avoid direct dereference.
jbmc/src/java_bytecode/java_entry_point.cpp Adds a return-value check when constructing the String[] type used to recognize main.
jbmc/src/java_bytecode/java_bytecode_parser.cpp Replaces direct dereferences of parsed types with optionals + checks, and adds a catch for unsupported signature exceptions.
jbmc/src/java_bytecode/java_bytecode_convert_class.cpp Avoids direct dereference when converting field descriptors by introducing an optional + check.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

jbmc/src/java_bytecode/java_types.cpp
Comment on lines +822 to +823
CHECK_RETURN(array_type.has_value());
return to_struct_tag_type(to_java_reference_type(*array_type).base_type());
jbmc/src/java_bytecode/java_bytecode_parser.cpp
Comment on lines +581 to 584
auto type_opt = java_type_from_string(method.descriptor);
CHECK_RETURN(type_opt);
get_class_refs_rec(*type_opt);
}
jbmc/src/java_bytecode/java_bytecode_parser.cpp
*java_type_from_string(id2string(pool_entry(c.ref2).s)));
{
auto type_opt = java_type_from_string(id2string(pool_entry(c.ref2).s));
CHECK_RETURN(type_opt.has_value());
jbmc/src/java_bytecode/java_bytecode_parser.cpp
Comment on lines +557 to 560
auto type_opt = java_type_from_string(field.descriptor);
CHECK_RETURN(type_opt);
get_class_refs_rec(*type_opt);
}
jbmc/src/java_bytecode/java_bytecode_parser.cpp
const irep_idt &value_id = symbol_expr->get_identifier();
get_class_refs_rec(*java_type_from_string(id2string(value_id)));
auto type_opt = java_type_from_string(id2string(value_id));
CHECK_RETURN(type_opt.has_value());
jbmc/src/java_bytecode/java_bytecode_convert_class.cpp
Comment on lines +681 to +683
auto type_opt = java_type_from_string(f.descriptor);
CHECK_RETURN(type_opt.has_value());
field_type = *type_opt;
jbmc/src/java_bytecode/java_types.cpp
Comment on lines 660 to 663
auto subtype = java_type_from_string(
src.substr(1, std::string::npos), class_name_prefix);
CHECK_RETURN(subtype.has_value());
if(subtype_letter=='L' || // [L denotes a reference array of some sort.
jbmc/src/java_bytecode/java_types.cpp
Comment on lines +1028 to 1029
CHECK_RETURN(type_from_string.has_value());
get_dependencies_from_generic_parameters_rec(*type_from_string, refs);
jbmc/src/java_bytecode/java_types.cpp
Comment on lines 1067 to 1070
const auto base_type = java_type_from_string(base_ref, class_name_prefix);
CHECK_RETURN(base_type.has_value());
PRECONDITION(is_java_generic_type(*base_type));
const java_generic_typet &gen_base_type = to_java_generic_type(*base_type);
jbmc/src/java_bytecode/java_bytecode_parser.cpp
Comment on lines +89 to +90
CHECK_RETURN(type_opt.has_value());
return std::move(*type_opt);
@codecov
Copy link

codecov bot commented Mar 18, 2026

Codecov Report

❌ Patch coverage is 85.10638% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 80.42%. Comparing base (1690ff0) to head (67824f0).

Files with missing lines Patch % Lines
jbmc/src/java_bytecode/java_types.cpp 78.94% 4 Missing ⚠️
jbmc/src/java_bytecode/java_bytecode_parser.cpp 87.50% 3 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff            @@
##           develop    #8764   +/-   ##
========================================
  Coverage    80.41%   80.42%           
========================================
  Files         1703     1703           
  Lines       188398   188426   +28     
  Branches        73       73           
========================================
+ Hits        151509   151539   +30     
+ Misses       36889    36887    -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@peterschrammel peterschrammel Awaiting requested review from peterschrammel peterschrammel is a code owner

@TGWDB TGWDB Awaiting requested review from TGWDB TGWDB is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@tautschnig tautschnig

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Invalid Java byte-code errors not handled Core dump with attached class file (from openjdk regression suite)

2 participants

@tautschnig