DexCFG generation crashes on handler computation

[reddr]

For some methods the DexIMethod.getHandlers() method fails to compute the range of the try-block. The respective WALA code location has the following comment

The try block can extend to the last instruction in the method. If this is the case then endAddress will be the address immediately following the last instruction. Check to make sure this is the case.

Apparently, this does not always hold. By quickly skipping over the smali code of the respective methods it seems that this breaks when the last instructions of the method are a packed-switch table.

The code to trigger the exception is

IAnalysisCacheView cache = new AnalysisCacheImpl(new DexIRFactory(), SSAOptions.defaultOptions());
IR ir = cache.getIR(dexMethod, Everywhere.EVERYWHERE);

Find below the stacktrace and a testapp/method:

: java.lang.RuntimeException: Invalid code offset 184 for the try block end address
	at com.ibm.wala.dalvik.classLoader.DexIMethod.getHandlers(DexIMethod.java:683)
	at com.ibm.wala.dalvik.classLoader.DexCFG.makeBasicBlocks(DexCFG.java:140)
	at com.ibm.wala.dalvik.classLoader.DexCFG.<init>(DexCFG.java:77)
	at com.ibm.wala.dalvik.classLoader.DexIRFactory.makeCFG(DexIRFactory.java:37)
	at com.ibm.wala.dalvik.classLoader.DexIRFactory.makeIR(DexIRFactory.java:58)
	at com.ibm.wala.ssa.SSACache.findOrCreateIR(SSACache.java:78)
	at com.ibm.wala.ipa.callgraph.AnalysisCache.getIR(AnalysisCache.java:74)

Testapp: Busuu 5.3.0.43 https://www.apk4fun.com/link/67379/a/

In method: com.google.common.util.concurrent.AbstractService.stopAsync()Lcom/google/common/util/concurrent/Service;

Btw, this is also a candidate for #396 .

[msridhar]

I don't know this code. @juliandolby can you take a look?