Back to success stories

Sample of Defect

Project Name CID Checker Category Developer Description
CalebFenton/simplify 33623 INVALIDATE_ITERATOR API usage errors This bug ONLY surfaces when debugging or running the program with her verbosity. The toString() method on an often inspected object can sometimes modify the object, and possibly go into an infinite loop. It took a while to pin this down and the scan really helped nail exactly where it was.
File: /smalivm/src/main/java/org/cf/smalivm/context/ClassState.java 
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

    public void pokeField(String fieldNameAndType, Object value) {
        int register = 0;
        String heapKey = getKey(fieldNameAndType);
        String type = fieldNameAndType.split(":")[1];
        pokeRegister(register, new HeapItem(value, type), heapKey);
    }

    public void pokeField(String fieldNameAndType, HeapItem item) {
        int register = 0;
        String heapKey = getKey(fieldNameAndType);
        pokeRegister(register, item, heapKey);
    }

    private String getKey(String fieldNameAndType) {
        fieldNameAndTypes.add(fieldNameAndType);
        StringBuilder sb = new StringBuilder(className);
        sb.append("->").append(fieldNameAndType);

        return sb.toString();
    }

    @Override
    public String toString() {
        StringBuilder sb = new StringBuilder("Fields:\n");
 
 << 1. Starting an iteration on "fieldNameAndTypes".
 < 2. Iterating over another element of "fieldNameAndTypes"
 <<< CID 33623: API usage errors INVALIDATE_ITERATOR
 <<< 5. Attempting to obtain another element from "fieldNameAndTypes" after it's been modified.
100

        for (String fieldNameAndType : fieldNameAndTypes) {
 
 << 3. Call to "peekField" modifies Iterable "this.fieldNameAndTypes" which invalidates the iterator for the loop on that Iterable.
101

            sb.append(fieldNameAndType).append(" = ").append(peekField(fieldNameAndType)).append('\n');
 
 < 4. Jumping back to the beginning of the loop
102
103
104
105
106
107
108
109
110
111
112
113
114
115

        }
        sb.setLength(sb.length() - 1);
        sb.append('\n');

        return sb.toString();
    }

    ClassState getChild(ExecutionContext childContext) {
        ClassState child = new ClassState(this, childContext, fieldNameAndTypes);

        return child;
    }

}
Events:
1. enhanced_for ClassState.java:100
3. modify_iterable ClassState.java:101
5. invalid_loop ClassState.java:100

About Synopsys

Communities and resources