Example 1 with DexlibAbstractInstruction
use of soot.dexpler.instructions.DexlibAbstractInstruction in project soot by Sable.
the class DexBody method instructionAtAddress.
/**
* Return the instruction that is present at the byte code address.
*
* @param address
* the byte code address.
* @throws RuntimeException
* if address is not part of this body.
*/
public DexlibAbstractInstruction instructionAtAddress(int address) {
DexlibAbstractInstruction i = null;
while (i == null && address >= 0) {
// catch addresses can be in the middlde of last instruction. Ex. in
// com.letang.ldzja.en.apk:
//
// 042c46: 7020 2a15 0100 |008f: invoke-direct {v1, v0},
// Ljavax/mi...
// 042c4c: 2701 |0092: throw v1
// catches : 4
// <any> -> 0x0065
// 0x0069 - 0x0093
//
// SA, 14.05.2014: We originally scanned only two code units back.
// This is not sufficient
// if we e.g., have a wide constant and the line number in the debug
// sections points to
// some address the middle.
i = instructionAtAddress.get(address);
address--;
}
return i;
}
Also used :
DexlibAbstractInstruction(soot.dexpler.instructions.DexlibAbstractInstruction)
Example 2 with DexlibAbstractInstruction
use of soot.dexpler.instructions.DexlibAbstractInstruction in project soot by Sable.
the class DexBody method jimplify.
/**
* Return the jimple equivalent of this body.
*
* @param m
* the SootMethod that contains this body
*/
public Body jimplify(Body b, SootMethod m) {
final Jimple jimple = Jimple.v();
final UnknownType unknownType = UnknownType.v();
final NullConstant nullConstant = NullConstant.v();
final Options options = Options.v();
/*
* Timer t_whole_jimplification = new Timer(); Timer t_num = new
* Timer(); Timer t_null = new Timer();
*
* t_whole_jimplification.start();
*/
jBody = (JimpleBody) b;
deferredInstructions = new ArrayList<DeferableInstruction>();
instructionsToRetype = new HashSet<RetypeableInstruction>();
if (IDalvikTyper.ENABLE_DVKTYPER) {
DalvikTyper.v().clear();
}
// process method parameters and generate Jimple locals from Dalvik
// registers
List<Local> paramLocals = new LinkedList<Local>();
if (!isStatic) {
int thisRegister = numRegisters - numParameterRegisters - 1;
// generateLocal(UnknownType.v());
Local thisLocal = jimple.newLocal("$u" + thisRegister, unknownType);
jBody.getLocals().add(thisLocal);
registerLocals[thisRegister] = thisLocal;
JIdentityStmt idStmt = (JIdentityStmt) jimple.newIdentityStmt(thisLocal, jimple.newThisRef(declaringClassType));
add(idStmt);
paramLocals.add(thisLocal);
if (IDalvikTyper.ENABLE_DVKTYPER) {
DalvikTyper.v().setType(idStmt.leftBox, jBody.getMethod().getDeclaringClass().getType(), false);
}
}
{
// index of parameter type
int i = 0;
// index
int parameterRegister = numRegisters - numParameterRegisters;
// register
for (Type t : parameterTypes) {
// may
Local gen = jimple.newLocal("$u" + parameterRegister, unknownType);
// only
// use
// UnknownType
// here
// because
// the
// local
// may
// be
// reused
// with
// a
// different
// type
// later
// (before
// splitting)
jBody.getLocals().add(gen);
registerLocals[parameterRegister] = gen;
JIdentityStmt idStmt = (JIdentityStmt) jimple.newIdentityStmt(gen, jimple.newParameterRef(t, i++));
add(idStmt);
paramLocals.add(gen);
if (IDalvikTyper.ENABLE_DVKTYPER) {
DalvikTyper.v().setType(idStmt.leftBox, t, false);
}
// used later in the Dalvik bytecode
if (t instanceof LongType || t instanceof DoubleType) {
parameterRegister++;
// may
Local g = jimple.newLocal("$u" + parameterRegister, unknownType);
// only
// use
// UnknownType
// here
// because
// the
// local
// may
// be
// reused
// with
// a
// different
// type
// later
// (before
// splitting)
jBody.getLocals().add(g);
registerLocals[parameterRegister] = g;
}
parameterRegister++;
}
}
for (int i = 0; i < (numRegisters - numParameterRegisters - (isStatic ? 0 : 1)); i++) {
registerLocals[i] = jimple.newLocal("$u" + i, unknownType);
jBody.getLocals().add(registerLocals[i]);
}
// add local to store intermediate results
storeResultLocal = jimple.newLocal("$u-1", unknownType);
jBody.getLocals().add(storeResultLocal);
// process bytecode instructions
final boolean isOdex = dexFile instanceof DexBackedDexFile ? ((DexBackedDexFile) dexFile).isOdexFile() : false;
ClassPath cp = null;
if (isOdex) {
String[] sootClasspath = options.soot_classpath().split(File.pathSeparator);
List<String> classpathList = new ArrayList<String>();
for (String str : sootClasspath) classpathList.add(str);
try {
ClassPathResolver resolver = new ClassPathResolver(classpathList, classpathList, classpathList, dexFile);
cp = new ClassPath(resolver.getResolvedClassProviders().toArray(new ClassProvider[0]));
} catch (IOException e) {
throw new RuntimeException(e);
}
}
int prevLineNumber = -1;
for (DexlibAbstractInstruction instruction : instructions) {
if (isOdex && instruction instanceof OdexInstruction)
((OdexInstruction) instruction).deOdex(dexFile, method, cp);
if (dangling != null) {
dangling.finalize(this, instruction);
dangling = null;
}
instruction.jimplify(this);
if (instruction.getLineNumber() > 0)
prevLineNumber = instruction.getLineNumber();
else {
instruction.setLineNumber(prevLineNumber);
}
}
for (DeferableInstruction instruction : deferredInstructions) {
instruction.deferredJimplify(this);
}
if (tries != null)
addTraps();
int prevLn = -1;
final boolean keepLineNumber = options.keep_line_number();
for (DexlibAbstractInstruction instruction : instructions) {
Unit unit = instruction.getUnit();
int lineNumber = unit.getJavaSourceStartLineNumber();
if (keepLineNumber && lineNumber < 0) {
if (prevLn >= 0) {
unit.addTag(new LineNumberTag(prevLn));
unit.addTag(new SourceLineNumberTag(prevLn));
}
} else {
prevLn = lineNumber;
}
}
// At this point Jimple code is generated
// Cleaning...
instructions = null;
// registerLocals = null;
// storeResultLocal = null;
instructionAtAddress.clear();
// localGenerator = null;
deferredInstructions = null;
// instructionsToRetype = null;
dangling = null;
tries = null;
/*
* We eliminate dead code. Dead code has been shown to occur under the
* following circumstances.
*
* 0006ec: 0d00 |00a2: move-exception v0 ... 0006f2: 0d00 |00a5:
* move-exception v0 ... 0x0041 - 0x008a Ljava/lang/Throwable; -> 0x00a5
* <any> -> 0x00a2
*
* Here there are two traps both over the same region. But the same
* always fires, hence rendering the code at a2 unreachable. Dead code
* yields problems during local splitting because locals within dead
* code will not be split. Hence we remove all dead code here.
*/
// Fix traps that do not catch exceptions
DexTrapStackFixer.v().transform(jBody);
// Sort out jump chains
DexJumpChainShortener.v().transform(jBody);
// Make sure that we don't have any overlapping uses due to returns
DexReturnInliner.v().transform(jBody);
// Shortcut: Reduce array initializations
DexArrayInitReducer.v().transform(jBody);
// split first to find undefined uses
getLocalSplitter().transform(jBody);
// Remove dead code and the corresponding locals before assigning types
getUnreachableCodeEliminator().transform(jBody);
DeadAssignmentEliminator.v().transform(jBody);
UnusedLocalEliminator.v().transform(jBody);
for (RetypeableInstruction i : instructionsToRetype) i.retype(jBody);
if (IDalvikTyper.ENABLE_DVKTYPER) {
DexReturnValuePropagator.v().transform(jBody);
getCopyPopagator().transform(jBody);
DexNullThrowTransformer.v().transform(jBody);
DalvikTyper.v().typeUntypedConstrantInDiv(jBody);
DeadAssignmentEliminator.v().transform(jBody);
UnusedLocalEliminator.v().transform(jBody);
DalvikTyper.v().assignType(jBody);
// jBody.validate();
jBody.validateUses();
jBody.validateValueBoxes();
// jBody.checkInit();
// Validate.validateArrays(jBody);
// jBody.checkTypes();
// jBody.checkLocals();
} else {
// t_num.start();
DexNumTransformer.v().transform(jBody);
// t_num.end();
DexReturnValuePropagator.v().transform(jBody);
getCopyPopagator().transform(jBody);
DexNullThrowTransformer.v().transform(jBody);
// t_null.start();
DexNullTransformer.v().transform(jBody);
// t_null.end();
DexIfTransformer.v().transform(jBody);
DeadAssignmentEliminator.v().transform(jBody);
UnusedLocalEliminator.v().transform(jBody);
// DexRefsChecker.v().transform(jBody);
DexNullArrayRefTransformer.v().transform(jBody);
}
if (IDalvikTyper.ENABLE_DVKTYPER) {
for (Local l : jBody.getLocals()) {
l.setType(unknownType);
}
}
// Remove "instanceof" checks on the null constant
DexNullInstanceofTransformer.v().transform(jBody);
TypeAssigner.v().transform(jBody);
final RefType objectType = RefType.v("java.lang.Object");
if (IDalvikTyper.ENABLE_DVKTYPER) {
for (Unit u : jBody.getUnits()) {
if (u instanceof IfStmt) {
ConditionExpr expr = (ConditionExpr) ((IfStmt) u).getCondition();
if (((expr instanceof EqExpr) || (expr instanceof NeExpr))) {
Value op1 = expr.getOp1();
Value op2 = expr.getOp2();
if (op1 instanceof Constant && op2 instanceof Local) {
Local l = (Local) op2;
Type ltype = l.getType();
if (ltype instanceof PrimType)
continue;
if (// by default
!(op1 instanceof IntConstant))
// in Dalvik
continue;
IntConstant icst = (IntConstant) op1;
int val = icst.value;
if (val != 0)
continue;
expr.setOp1(nullConstant);
} else if (op1 instanceof Local && op2 instanceof Constant) {
Local l = (Local) op1;
Type ltype = l.getType();
if (ltype instanceof PrimType)
continue;
if (// by default
!(op2 instanceof IntConstant))
// in Dalvik
continue;
IntConstant icst = (IntConstant) op2;
int val = icst.value;
if (val != 0)
continue;
expr.setOp2(nullConstant);
} else if (op1 instanceof Local && op2 instanceof Local) {
// nothing to do
} else if (op1 instanceof Constant && op2 instanceof Constant) {
if (op1 instanceof NullConstant && op2 instanceof NumericConstant) {
IntConstant nc = (IntConstant) op2;
if (nc.value != 0)
throw new RuntimeException("expected value 0 for int constant. Got " + expr);
expr.setOp2(NullConstant.v());
} else if (op2 instanceof NullConstant && op1 instanceof NumericConstant) {
IntConstant nc = (IntConstant) op1;
if (nc.value != 0)
throw new RuntimeException("expected value 0 for int constant. Got " + expr);
expr.setOp1(nullConstant);
}
} else {
throw new RuntimeException("error: do not handle if: " + u);
}
}
}
}
// For null_type locals: replace their use by NullConstant()
List<ValueBox> uses = jBody.getUseBoxes();
// List<ValueBox> defs = jBody.getDefBoxes();
List<ValueBox> toNullConstantify = new ArrayList<ValueBox>();
List<Local> toRemove = new ArrayList<Local>();
for (Local l : jBody.getLocals()) {
if (l.getType() instanceof NullType) {
toRemove.add(l);
for (ValueBox vb : uses) {
Value v = vb.getValue();
if (v == l)
toNullConstantify.add(vb);
}
}
}
for (ValueBox vb : toNullConstantify) {
System.out.println("replace valuebox '" + vb + " with null constant");
vb.setValue(nullConstant);
}
for (Local l : toRemove) {
System.out.println("removing null_type local " + l);
l.setType(objectType);
}
}
// We pack locals that are not used in overlapping regions. This may
// again lead to unused locals which we have to remove.
LocalPacker.v().transform(jBody);
UnusedLocalEliminator.v().transform(jBody);
LocalNameStandardizer.v().transform(jBody);
// on the fly.
if (options.wrong_staticness() == Options.wrong_staticness_fix) {
FieldStaticnessCorrector.v().transform(jBody);
MethodStaticnessCorrector.v().transform(jBody);
}
// Inline PackManager.v().getPack("jb").apply(jBody);
// Keep only transformations that have not been done
// at this point.
TrapTightener.v().transform(jBody);
TrapMinimizer.v().transform(jBody);
// LocalSplitter.v().transform(jBody);
Aggregator.v().transform(jBody);
// UnusedLocalEliminator.v().transform(jBody);
// TypeAssigner.v().transform(jBody);
// LocalPacker.v().transform(jBody);
// LocalNameStandardizer.v().transform(jBody);
// Remove if (null == null) goto x else <madness>. We can only do this
// after we have run the constant propagation as we might not be able
// to statically decide the conditions earlier.
ConditionalBranchFolder.v().transform(jBody);
// Remove unnecessary typecasts
ConstantCastEliminator.v().transform(jBody);
IdentityCastEliminator.v().transform(jBody);
// Remove unnecessary logic operations
IdentityOperationEliminator.v().transform(jBody);
// We need to run this transformer since the conditional branch folder
// might have rendered some code unreachable (well, it was unreachable
// before as well, but we didn't know).
UnreachableCodeEliminator.v().transform(jBody);
// Not sure whether we need this even though we do it earlier on as
// the earlier pass does not have type information
// CopyPropagator.v().transform(jBody);
// we might have gotten new dead assignments and unused locals through
// copy propagation and unreachable code elimination, so we have to do
// this again
DeadAssignmentEliminator.v().transform(jBody);
UnusedLocalEliminator.v().transform(jBody);
NopEliminator.v().transform(jBody);
// Remove unnecessary chains of return statements
DexReturnPacker.v().transform(jBody);
for (Unit u : jBody.getUnits()) {
if (u instanceof AssignStmt) {
AssignStmt ass = (AssignStmt) u;
if (ass.getRightOp() instanceof CastExpr) {
CastExpr c = (CastExpr) ass.getRightOp();
if (c.getType() instanceof NullType) {
ass.setRightOp(nullConstant);
}
}
}
if (u instanceof DefinitionStmt) {
DefinitionStmt def = (DefinitionStmt) u;
// we must manually fix the hierarchy
if (def.getLeftOp() instanceof Local && def.getRightOp() instanceof CaughtExceptionRef) {
Type t = def.getLeftOp().getType();
if (t instanceof RefType) {
RefType rt = (RefType) t;
if (rt.getSootClass().isPhantom() && !rt.getSootClass().hasSuperclass() && !rt.getSootClass().getName().equals("java.lang.Throwable"))
rt.getSootClass().setSuperclass(Scene.v().getSootClass("java.lang.Throwable"));
}
}
}
}
//
for (Local l : jBody.getLocals()) {
Type t = l.getType();
if (t instanceof NullType) {
l.setType(objectType);
}
}
return jBody;
}
Also used :
Options(soot.options.Options)
ClassPath(org.jf.dexlib2.analysis.ClassPath)
LongType(soot.LongType)
CaughtExceptionRef(soot.jimple.CaughtExceptionRef)
NullConstant(soot.jimple.NullConstant)
Constant(soot.jimple.Constant)
IntConstant(soot.jimple.IntConstant)
NumericConstant(soot.jimple.NumericConstant)
AssignStmt(soot.jimple.AssignStmt)
ArrayList(java.util.ArrayList)
Unit(soot.Unit)
RetypeableInstruction(soot.dexpler.instructions.RetypeableInstruction)
RefType(soot.RefType)
LineNumberTag(soot.tagkit.LineNumberTag)
SourceLineNumberTag(soot.tagkit.SourceLineNumberTag)
CastExpr(soot.jimple.CastExpr)
PrimType(soot.PrimType)
IntConstant(soot.jimple.IntConstant)
DeferableInstruction(soot.dexpler.instructions.DeferableInstruction)
DexBackedDexFile(org.jf.dexlib2.dexbacked.DexBackedDexFile)
ClassPathResolver(org.jf.dexlib2.analysis.ClassPathResolver)
DexlibAbstractInstruction(soot.dexpler.instructions.DexlibAbstractInstruction)
NeExpr(soot.jimple.NeExpr)
JIdentityStmt(soot.jimple.internal.JIdentityStmt)
NullConstant(soot.jimple.NullConstant)
Local(soot.Local)
IOException(java.io.IOException)
LinkedList(java.util.LinkedList)
UnknownType(soot.UnknownType)
RefType(soot.RefType)
Type(soot.Type)
UnknownType(soot.UnknownType)
DoubleType(soot.DoubleType)
LongType(soot.LongType)
NullType(soot.NullType)
PrimType(soot.PrimType)
IfStmt(soot.jimple.IfStmt)
OdexInstruction(soot.dexpler.instructions.OdexInstruction)
DoubleType(soot.DoubleType)
EqExpr(soot.jimple.EqExpr)
NumericConstant(soot.jimple.NumericConstant)
ValueBox(soot.ValueBox)
ConditionExpr(soot.jimple.ConditionExpr)
Value(soot.Value)
SourceLineNumberTag(soot.tagkit.SourceLineNumberTag)
Jimple(soot.jimple.Jimple)
NullType(soot.NullType)
DefinitionStmt(soot.jimple.DefinitionStmt)
Example 3 with DexlibAbstractInstruction
use of soot.dexpler.instructions.DexlibAbstractInstruction in project soot by Sable.
the class DexBody method usedTypes.
/**
* Return the types that are used in this body.
*/
public Set<Type> usedTypes() {
Set<Type> types = new HashSet<Type>();
for (DexlibAbstractInstruction i : instructions) types.addAll(i.introducedTypes());
if (tries != null) {
for (TryBlock<? extends ExceptionHandler> tryItem : tries) {
List<? extends ExceptionHandler> hList = tryItem.getExceptionHandlers();
for (ExceptionHandler handler : hList) {
String exType = handler.getExceptionType();
if (// for handler which capture all
exType == null)
// Exceptions
continue;
types.add(DexType.toSoot(exType));
}
}
}
return types;
}
Also used :
ExceptionHandler(org.jf.dexlib2.iface.ExceptionHandler)
RefType(soot.RefType)
Type(soot.Type)
UnknownType(soot.UnknownType)
DoubleType(soot.DoubleType)
LongType(soot.LongType)
NullType(soot.NullType)
PrimType(soot.PrimType)
DexlibAbstractInstruction(soot.dexpler.instructions.DexlibAbstractInstruction)
HashSet(java.util.HashSet)
Example 4 with DexlibAbstractInstruction
use of soot.dexpler.instructions.DexlibAbstractInstruction in project soot by Sable.
the class DexBody method addTraps.
/**
* Add the traps of this body.
*
* Should only be called at the end jimplify.
*/
private void addTraps() {
final Jimple jimple = Jimple.v();
for (TryBlock<? extends ExceptionHandler> tryItem : tries) {
int startAddress = tryItem.getStartCodeAddress();
// .getTryLength();
int length = tryItem.getCodeUnitCount();
// - 1;
int endAddress = startAddress + length;
Unit beginStmt = instructionAtAddress(startAddress).getUnit();
// (startAddress + length) typically points to the first byte of the
// first instruction after the try block
// except if there is no instruction after the try block in which
// case it points to the last byte of the last
// instruction of the try block. Removing 1 from (startAddress +
// length) always points to "somewhere" in
// the last instruction of the try block since the smallest
// instruction is on two bytes (nop = 0x0000).
Unit endStmt = instructionAtAddress(endAddress).getUnit();
// the last instruction in the try block.
if (jBody.getUnits().getLast() == endStmt && instructionAtAddress(endAddress - 1).getUnit() == endStmt) {
Unit nop = jimple.newNopStmt();
jBody.getUnits().insertAfter(nop, endStmt);
endStmt = nop;
}
List<? extends ExceptionHandler> hList = tryItem.getExceptionHandlers();
for (ExceptionHandler handler : hList) {
String exceptionType = handler.getExceptionType();
if (exceptionType == null)
exceptionType = "Ljava/lang/Throwable;";
Type t = DexType.toSoot(exceptionType);
// exceptions can only be of RefType
if (t instanceof RefType) {
SootClass exception = ((RefType) t).getSootClass();
DexlibAbstractInstruction instruction = instructionAtAddress(handler.getHandlerCodeAddress());
if (!(instruction instanceof MoveExceptionInstruction))
logger.debug("" + String.format("First instruction of trap handler unit not MoveException but %s", instruction.getClass().getName()));
else
((MoveExceptionInstruction) instruction).setRealType(this, exception.getType());
Trap trap = jimple.newTrap(exception, beginStmt, endStmt, instruction.getUnit());
jBody.getTraps().add(trap);
}
}
}
}
Also used :
DexlibAbstractInstruction(soot.dexpler.instructions.DexlibAbstractInstruction)
Trap(soot.Trap)
Unit(soot.Unit)
SootClass(soot.SootClass)
MoveExceptionInstruction(soot.dexpler.instructions.MoveExceptionInstruction)
ExceptionHandler(org.jf.dexlib2.iface.ExceptionHandler)
RefType(soot.RefType)
RefType(soot.RefType)
Type(soot.Type)
UnknownType(soot.UnknownType)
DoubleType(soot.DoubleType)
LongType(soot.LongType)
NullType(soot.NullType)
PrimType(soot.PrimType)
Jimple(soot.jimple.Jimple)
Aggregations
DexlibAbstractInstruction (soot.dexpler.instructions.DexlibAbstractInstruction)4
DoubleType (soot.DoubleType)3
LongType (soot.LongType)3
NullType (soot.NullType)3
PrimType (soot.PrimType)3
RefType (soot.RefType)3
Type (soot.Type)3
UnknownType (soot.UnknownType)3
ExceptionHandler (org.jf.dexlib2.iface.ExceptionHandler)2
Unit (soot.Unit)2
Jimple (soot.jimple.Jimple)2
IOException (java.io.IOException)1
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
LinkedList (java.util.LinkedList)1
ClassPath (org.jf.dexlib2.analysis.ClassPath)1
ClassPathResolver (org.jf.dexlib2.analysis.ClassPathResolver)1
DexBackedDexFile (org.jf.dexlib2.dexbacked.DexBackedDexFile)1
Local (soot.Local)1
SootClass (soot.SootClass)1
