[Soot-list] suboptimal type assignment?
Eric Bodden
eric.bodden at mail.mcgill.ca
Tue Feb 12 11:24:52 EST 2008
Hi, Oege.
> assigns type soot.Value to local 'r39'. However, 'r39'
> is only assigned twice, giving types soot.jimpleEqExpr
> and soot.jimple.NeExpr. It would appear, therefore, that
> type soot.jimple.ConditionExpr is a better choice than
> soot.Value.
>
> Are we overlooking something? Is there a reason for
> making a seemingly suboptimal choice?
I think that the type assigner only looks at uses. The only use it at:
r43 = virtualinvoke $r42.<soot.jimple.Jimple: soot.jimple.IfStmt
newIfStmt(soot.Value,soot.Unit)>(r39, r5);
...where you have declared type Value. Therefore Value is the least
restrictive type that you can assign to r39 in this scenario. Of
course, ConditionExpr would work in this setting but why would you
assign an unnecessarily narrow type? In normal programming, I would
try to stick to the widest possible type, too, for the sake of better
abstraction.
> Also, any challenge benchmarks for a fast type assigner
> would be very welcome. We've tried abc already :-), but
> we could do with some weird non-javac sources of bytecode,
> and applications (typically generated methods) where the
> current type assigner is slow.
You might want to try this here:
http://www.sable.mcgill.ca/~ebodde/javados/
THIS MIGHT STALL YOUR BROWSER FOR x SECONDS IF JAVA IS INSTALLED!
It's a worst-case "exploit" that keeps the JRE bytecode verifier busy
for several seconds. Soot's type assigner takes hours (I guess) on it.
You can look at the code at:
http://www.sable.mcgill.ca/~ebodde/javados/havoc.jar
The code is described in my course project report, available here:
http://www.sable.mcgill.ca/~ebodde/javados/report.pdf
I did this report for my class on "Language Bases Security". The
interesting thing about the above code is that if one had compiled it
with a Java 6 compliant compiler that generates "StackMap" attributes,
a Java 6 JVM would verify it within milliseconds (by decoding this
"proof" of type safety).
Eric
--
Eric Bodden
Sable Research Group
McGill University, Montréal, Canada
More information about the Soot-list
mailing list