Don't cast null to a type in the verifier.

It may then fail if the value is used with an unrelated type.

Test: 851-null-instanceof
Bug: 157913277
Change-Id: I331caaff0c551fa20d14029e6d185960a3e9de5d

5 files changed, 37 insertions, 3 deletions

diff --git a/runtime/verifier/method_verifier.cc b/runtime/verifier/method_verifier.cc
index 89e2f042f3..18593a9338 100644
--- a/runtime/verifier/method_verifier.cc
+++ b/runtime/verifier/method_verifier.cc
@@ -2649,9 +2649,9 @@ bool MethodVerifier<kVerifierDebug>::CodeFlowVerifyInstruction(uint32_t* start_g
             !cast_type.IsUnresolvedTypes() && !orig_type.IsUnresolvedTypes() &&
             cast_type.HasClass() &&             // Could be conflict type, make sure it has a class.
             !cast_type.GetClass()->IsInterface() &&
-            (orig_type.IsZeroOrNull() ||
-                orig_type.IsStrictlyAssignableFrom(
-                    cast_type.Merge(orig_type, &reg_types_, this), this))) {
+            !orig_type.IsZeroOrNull() &&
+            orig_type.IsStrictlyAssignableFrom(
+                cast_type.Merge(orig_type, &reg_types_, this), this)) {
           RegisterLine* update_line = RegisterLine::Create(code_item_accessor_.RegistersSize(),
                                                            allocator_,
                                                            GetRegTypeCache());
diff --git a/test/851-null-instanceof/expected-stderr.txt b/test/851-null-instanceof/expected-stderr.txt
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/test/851-null-instanceof/expected-stderr.txt
diff --git a/test/851-null-instanceof/expected-stdout.txt b/test/851-null-instanceof/expected-stdout.txt
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/test/851-null-instanceof/expected-stdout.txt
diff --git a/test/851-null-instanceof/info.txt b/test/851-null-instanceof/info.txt
new file mode 100644
index 0000000000..00cec2293c
--- /dev/null
+++ b/test/851-null-instanceof/info.txt
@@ -0,0 +1,3 @@
+Regression test for the verifier which used to needlessly cast a dex register
+containing null to a type, and then fail when using that dex register with an
+unrelated type.
diff --git a/test/851-null-instanceof/src/Main.java b/test/851-null-instanceof/src/Main.java
new file mode 100644
index 0000000000..a30331042d
--- /dev/null
+++ b/test/851-null-instanceof/src/Main.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+public class Main {
+
+  static class A {}
+
+  static class B extends A {
+    void foo() {}
+  }
+
+  public static void main(String[] args) {
+    B b = System.currentTimeMillis() == 0 ? null : new B();
+    if (b instanceof A) {
+      b.foo();
+    }
+  }
+}