org.sonar.java.se.symbolicvalues.SymbolicValue$2 cannot be cast to org.sonar.java.se.symbolicvalues.SymbolicValue$ExceptionalSymbolicValue

[Giacomo Boccardo]

Hi,

  the exception 

org.sonar.java.se.symbolicvalues.SymbolicValue$2 cannot be cast to org.sonar.java.se.symbolicvalues.SymbolicValue$ExceptionalSymbolicValue

occurs when I analyze the following class. Obviously, it looks absurd only because I minimized it.

import java.io.
import javax.servlet.*;
import javax.servlet.http.*;

public class SymbolicValueCannotBeCastToSymbolicValueExceptionalSymbolicValue {

    private boolean something(HttpSession session, ServletRequest request, ServletResponse response, FilterChain chain)
            throws ServletException, IOException {

        CacheResponseWrapper wrappedResponse = new CacheResponseWrapper((HttpServletResponse)response, false);

        try {
            chain.doFilter(request, wrappedResponse);
        } catch (ServletException se) {
            throw se;
        } finally {
            if (true) {
                return true;
            }
        }

        return true;
    }
}

Regards,

   Giacomo Boccardo

[Nicolas Peru]

Hi Giacomo, 

Thanks a lot for reporting this and the reproducer. 

I stripped even more the case : 

public class ReturnInFinally {
  private class MyException extends Exception {}
  private boolean something() {
    try {
      foo();
    } catch (MyException e) {
      throw e;
    } finally {
      return true;
    }
    return true;
  }

  abstract void foo() throws MyException;
}

So what's going on ? 

The problem comes from X-procedural analysis and the fact that it does not handle well the return in finally when an exception is thrown : it expects to have an exceptional symbolic value thrown but in this case, the return completes abruptely and the symbolic value is not the one expected. 

Ticket created to handle the issue : https://jira.sonarsource.com/browse/SONARJAVA-2182

A Side note on this, returning from finally is actually a bad practice, and we have a rule for this :  https://jira.sonarsource.com/browse/RSPEC-1143

Nevertheless it should not fail the symbolic execution and even less the analysis. 

Thanks again for the feedback

Cheers, 

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/3e8b8410-86f4-420b-8c15-cbd505275244%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Nicolas PERU | SonarSource

Senior Developer
http://sonarsource.com

https://twitter.com/benzonico