[Bug fix]return incorrect nullness in the method Scene#getTypeUnsafe

src/main/java/soot/Scene.java

@@ -1030,6 +1030,8 @@ public Type getType(String arg) {
    * representation of the type is an array, the returned type will be an ArrayType with the base type resolved as described
    * above.
    *
+   * Notice: Recommend to use {@link #getTypeUnsafeUnescape}
+   *
    * @param arg
    *          A string description of the type
    * @return The Type if it can be resolved and null otherwise
@@ -1038,6 +1040,27 @@ public Type getTypeUnsafe(String arg) {
     return getTypeUnsafe(arg, true);
   }
 
+  /**
+   * The method do the same thing as the method {@link #getTypeUnsafe(String)} except for unescaping the argument.
+   *
+   * An argument passed into the method {@link #getTypeUnsafe} may be <b>quoted</b>, like them: <br/>
+   * <li>1. "sun.reflect.'annotation'.AnnotationType"<li/> <br/>
+   * <li>2. "java.lang.'annotation'.Annotation"<li/> <br/>
+   *
+   * If calling {@link #getTypeUnsafe(String)} with <b>quoted</b> argument, the method maybe return null. <br/>
+   *
+   * For example, after we call {@link #loadNecessaryClasses}, getTypeUnsafe("java.lang.'annotation'.Annotation") <br/>
+   * will return null but getTypeUnsafe("java.lang.annotation.Annotation") will not return null.
+   *
+   * @param arg
+   *          A string description of the type
+   * @return The Type if it can be resolved and null otherwise
+   */
+  public Type getTypeUnsafeUnescape(String arg) {
+    String unescapeName = unescapeName(arg);
+    return getTypeUnsafe(unescapeName);
+  }
+
   /**
    * Returns a Type object representing the given type string. It will first attempt to resolve the type as a reference type
    * that currently exists in the Scene. If this fails it will attempt to resolve the type as a java primitive type. Lastly,

src/main/java/soot/jimple/toolkits/callgraph/OnFlyCallGraphBuilder.java

@@ -601,10 +601,10 @@ public void addType(Local receiver, Context srcContext, Type type, Context typeC
                 String parameters = m.group("parameters");
                 if (parameters != null && !parameters.isEmpty()) {
                   for (String p : parameters.split(",")) {
-                    params.add(sc.getTypeUnsafe(p.trim()));
+                    params.add(sc.getTypeUnsafeUnescape(p.trim()));
                   }
                 }
-                ref = sc.makeMethodRef(receiverClass, methodName, params, sc.getTypeUnsafe(returnType),
+                ref = sc.makeMethodRef(receiverClass, methodName, params, sc.getTypeUnsafeUnescape(returnType),
                     Kind.isStatic(site.kind()));
               }
             }

src/test/java/soot/SootResolverTest.java

@@ -4,8 +4,7 @@
  * #%L
  * Soot - a J*va Optimization Framework
  * %%
- * Copyright (C) 1997 - 1999 Raja Vallee-Rai
- * Copyright (C) 2004 Ondrej Lhotak
+ * Copyright (C) 2021 canliture
  * %%
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as
@@ -23,12 +22,14 @@
  * #L%
  */
 
+import org.junit.Assert;
 import org.junit.Test;
 import soot.options.Options;
 
 /**
  * Created by canliture on 2021/6/28 <br/>
  *
+ * 1. Bug fixing description about 'test1' and 'test2':
  * A minimal Test for evaluating the bug in the Method {@link soot.Scene#defaultJavaClassPath}. <br/>
  *
  * When {@link soot.SootResolver} and {@link soot.SourceLocator#getClassSource} resolve classes,
@@ -44,6 +45,15 @@
  * - we set <pre>Options.v().set_whole_program(true);</pre>: `path/to/rt.jar;path/to/jce.jar` <br/>
  * - we set <pre>Options.v().set_whole_shimple(true);</pre>: `path/to/rt.jar;path/to/jce.jar` <br/>
  *
+ * 2. Bug fixing description about 'test3':
+ * In method {@link soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder#addType), it calls {@link Scene#getTypeUnsafe(String)},
+ * but the argument passed into the method {@link Scene#getTypeUnsafe(String)} may be <b>quoted</b>, just like: <br/>
+ * <li>1. "sun.reflect.'annotation'.AnnotationType"</li> <br/>
+ * <li>2. "java.lang.'annotation'.Annotation" </li> <br/>
+ * But {@link Scene#getTypeUnsafe(String)} will return null if the argument passed into is <b>quoted</b>, it will lead to <br/>
+ * Soot crashing with NullPointerException or IllegalArgumentException somewhere, just like 'test3' failing to pass the test <br/>
+ * with IllegalArgumentException
+ *
  * @author canliture
  */
 public class SootResolverTest {
@@ -69,4 +79,22 @@ public void test2() {
         // throw java.lang.AssertionError !!!
         Scene.v().loadNecessaryClasses();
     }
+
+    @Test
+    public void test3() {
+        G.reset();
+
+        Options.v().set_whole_program(true);
+
+        Scene.v().loadNecessaryClasses();
+
+        Assert.assertNotNull(Scene.v().getTypeUnsafe("java.lang.annotation.Annotation"));
+        Assert.assertNotNull(Scene.v().getTypeUnsafeUnescape("java.lang.annotation.Annotation"));
+
+        Assert.assertNull(Scene.v().getTypeUnsafe("java.lang.'annotation'.Annotation"));
+        Assert.assertNotNull(Scene.v().getTypeUnsafeUnescape("java.lang.'annotation'.Annotation"));
+
+        /* returnType maybe be null in SootMethodRefImpl's constructor, resulting in throwing IllegalArgumentException */
+        PackManager.v().runPacks();
+    }
 }