Incompatibility with SpotBugs 4.0.0

[boris-petrov]

Environment

Gradle 5.6.2, Java 12, SpotBugs 4.0.0-beta4, FindSecBugs 1.10.0.

Running SpotBugs via Gradle causes a million errors like this one:

Exception while analyzing com.company.SomeClass.foo(Lorg/apache/shiro/subject/Subject;)Lio/reactivex/Single;
    java.lang.RuntimeException: Unable to call com/company/SomeOtherClass.staticMethod()Lcom/company/ThirdClass;
      At com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.visitInvoke(TaintFrameModelingVisitor.java:599)
      At com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.visitINVOKESTATIC(TaintFrameModelingVisitor.java:385)
      At org.apache.bcel.generic.INVOKESTATIC.accept(INVOKESTATIC.java:87)
      At edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor.analyzeInstruction(AbstractFrameModelingVisitor.java:84)
      At com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.analyzeInstruction(TaintFrameModelingVisitor.java:129)
      At com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis.transferInstruction(TaintAnalysis.java:90)
      At com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis.transferInstruction(TaintAnalysis.java:51)
      At edu.umd.cs.findbugs.ba.AbstractDataflowAnalysis.transfer(AbstractDataflowAnalysis.java:136)
      At edu.umd.cs.findbugs.ba.Dataflow.execute(Dataflow.java:378)
      At com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine.analyze(TaintDataflowEngine.java:183)
      At com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine.analyze(TaintDataflowEngine.java:56)
      At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.analyzeMethod(AnalysisCache.java:368)
      At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getMethodAnalysis(AnalysisCache.java:321)
      At com.h3xstream.findsecbugs.injection.AbstractTaintDetector.getTaintDataFlow(AbstractTaintDetector.java:142)
      At com.h3xstream.findsecbugs.injection.AbstractTaintDetector.analyzeMethod(AbstractTaintDetector.java:109)
      At com.h3xstream.findsecbugs.injection.AbstractTaintDetector.visitClassContext(AbstractTaintDetector.java:94)
      At edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
      At edu.umd.cs.findbugs.FindBugs2.lambda$null$1(FindBugs2.java:1108)
      At java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
      At edu.umd.cs.findbugs.CurrentThreadExecutorService.execute(CurrentThreadExecutorService.java:86)
      At java.base/java.util.concurrent.AbstractExecutorService.invokeAll(AbstractExecutorService.java:242)
      At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1118)
      At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:309)
      At com.github.spotbugs.internal.spotbugs.SpotBugsExecutor.runSpotbugs(SpotBugsExecutor.java:23)
      At java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      At java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      At java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      At java.base/java.lang.reflect.Method.invoke(Method.java:567)
      At org.gradle.process.internal.worker.request.WorkerAction.run(WorkerAction.java:118)
      At org.gradle.process.internal.worker.request.WorkerAction.runThenStop(WorkerAction.java:101)
      At java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      At java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      At java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      At java.base/java.lang.reflect.Method.invoke(Method.java:567)
      At org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:36)
      At org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
      At org.gradle.internal.remote.internal.hub.MessageHubBackedObjectConnection$DispatchWrapper.dispatch(MessageHubBackedObjectConnection.java:182)
      At org.gradle.internal.remote.internal.hub.MessageHubBackedObjectConnection$DispatchWrapper.dispatch(MessageHubBackedObjectConnection.java:164)
      At org.gradle.internal.remote.internal.hub.MessageHub$Handler.run(MessageHub.java:412)
      At org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64)
      At org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:48)
      At java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
      At java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
      At org.gradle.internal.concurrent.ThreadFactoryImpl$ManagedThreadRunnable.run(ThreadFactoryImpl.java:56)
      At java.base/java.lang.Thread.run(Thread.java:835)

[h3xstream]

Can you provide the full stacktrace? This runtime exception will encapsulate the cause of the error.

https://github.com/find-sec-bugs/find-sec-bugs/blob/master/findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/taintanalysis/TaintFrameModelingVisitor.java#L594-L600

[boris-petrov]

@h3xstream - I edited the first post and added the rest of the stacktrace. Sorry I didn't do that in the beginning.

But I don't see a Caused by in it... not sure it will be helpful.

[lgemeinhardt]

The issue is not related to SpotBugs 4.x and "works" with SpotBugs 3.1.12 as well (so the title of this issue is confusing and should be changed).
Here is some sample code that works with version 1.9.0 and fails with 1.10.0 and 1.10.1!

package sample;

public class Main {

	public static void main(final String[] args) {
		OtherClass.value().clear();
	}

}

package sample;

import java.util.Map;

public class OtherClass {

	private static Map<String, String> value;

	public static Map<String, String> value() {
		return value;
	}

	public static void setValue(final Map<String, String> value) {
		OtherClass.value = value;
	}

}

Shows this error (running with ant):

 [spotbugs] The following errors occurred during analysis:
 [spotbugs]   Exception while analyzing sample.Main.main([Ljava/lang/String;)V
 [spotbugs]     java.lang.RuntimeException: Unable to call sample/OtherClass.value()Ljava/util/Map;
 [spotbugs]       At com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.visitInvoke(TaintFrameModelingVisitor.java:599)
 [spotbugs]       At com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.visitINVOKESTATIC(TaintFrameModelingVisitor.java:385)
 [spotbugs]       At org.apache.bcel.generic.INVOKESTATIC.accept(INVOKESTATIC.java:87)
 [spotbugs]       At edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor.analyzeInstruction(AbstractFrameModelingVisitor.java:84)
 [spotbugs]       At com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.analyzeInstruction(TaintFrameModelingVisitor.java:129)
 [spotbugs]       At com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis.transferInstruction(TaintAnalysis.java:90)
 [spotbugs]       At com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis.transferInstruction(TaintAnalysis.java:51)
 [spotbugs]       At edu.umd.cs.findbugs.ba.AbstractDataflowAnalysis.transfer(AbstractDataflowAnalysis.java:135)
 [spotbugs]       At edu.umd.cs.findbugs.ba.Dataflow.execute(Dataflow.java:376)
 [spotbugs]       At com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine.analyze(TaintDataflowEngine.java:183)
 [spotbugs]       At com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine.analyze(TaintDataflowEngine.java:56)
 [spotbugs]       At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.analyzeMethod(AnalysisCache.java:369)
 [spotbugs]       At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getMethodAnalysis(AnalysisCache.java:322)
 [spotbugs]       At com.h3xstream.findsecbugs.injection.AbstractTaintDetector.getTaintDataFlow(AbstractTaintDetector.java:142)
 [spotbugs]       At com.h3xstream.findsecbugs.injection.AbstractTaintDetector.analyzeMethod(AbstractTaintDetector.java:109)
 [spotbugs]       At com.h3xstream.findsecbugs.injection.AbstractTaintDetector.visitClassContext(AbstractTaintDetector.java:79)
 [spotbugs]       At edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
 [spotbugs]       At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1080)
 [spotbugs]       At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:281)
 [spotbugs]       At edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:401)
 [spotbugs]       At edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1185)

The hidden cause is:

 [spotbugs] java.lang.RuntimeException: Bad transfer parameter specification
 [spotbugs] 	at com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.mergeTransferParameters(TaintFrameModelingVisitor.java:850)
 [spotbugs] 	at com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.mergeTaintWithStack(TaintFrameModelingVisitor.java:747)
 [spotbugs] 	at com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.getMethodTaint(TaintFrameModelingVisitor.java:730)
 [spotbugs] 	at com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.visitInvoke(TaintFrameModelingVisitor.java:561)
 [spotbugs] 	at com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.visitINVOKESTATIC(TaintFrameModelingVisitor.java:385)
 [spotbugs] 	at org.apache.bcel.generic.INVOKESTATIC.accept(INVOKESTATIC.java:87)
 [spotbugs] 	at edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor.analyzeInstruction(AbstractFrameModelingVisitor.java:84)
 [spotbugs] 	at com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.analyzeInstruction(TaintFrameModelingVisitor.java:129)
 [spotbugs] 	at com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis.transferInstruction(TaintAnalysis.java:90)
 [spotbugs] 	at com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis.transferInstruction(TaintAnalysis.java:51)
 [spotbugs] 	at edu.umd.cs.findbugs.ba.AbstractDataflowAnalysis.transfer(AbstractDataflowAnalysis.java:135)
 [spotbugs] 	at edu.umd.cs.findbugs.ba.Dataflow.execute(Dataflow.java:376)
 [spotbugs] 	at com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine.analyze(TaintDataflowEngine.java:183)
 [spotbugs] 	at com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine.analyze(TaintDataflowEngine.java:56)
 [spotbugs] 	at edu.umd.cs.findbugs.classfile.impl.AnalysisCache.analyzeMethod(AnalysisCache.java:369)
 [spotbugs] 	at edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getMethodAnalysis(AnalysisCache.java:322)
 [spotbugs] 	at com.h3xstream.findsecbugs.injection.AbstractTaintDetector.getTaintDataFlow(AbstractTaintDetector.java:142)
 [spotbugs] 	at com.h3xstream.findsecbugs.injection.AbstractTaintDetector.analyzeMethod(AbstractTaintDetector.java:109)
 [spotbugs] 	at com.h3xstream.findsecbugs.injection.AbstractTaintDetector.visitClassContext(AbstractTaintDetector.java:79)
 [spotbugs] 	at edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
 [spotbugs] 	at edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1080)
 [spotbugs] 	at edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:281)
 [spotbugs] 	at edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:401)
 [spotbugs] 	at edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1185)
 [spotbugs] Caused by: edu.umd.cs.findbugs.ba.DataflowAnalysisException: not enough values on stack: access=0, avail=0
 [spotbugs] 	at edu.umd.cs.findbugs.ba.Frame.getStackValue(Frame.java:247)
 [spotbugs] 	at com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.mergeTransferParameters(TaintFrameModelingVisitor.java:843)
 [spotbugs] 	... 23 more

It looks like we expect a stack value for a static field...

[boris-petrov]

I believe this has been fixed in the new release. Thanks and keep up the great work!