[Soot-list] Instrumentation problem for GOTO instructions
Aaloan Miftah
aaloanmiftah at yahoo.com
Sat Mar 24 11:41:44 EDT 2012
Hey Joe,
This is a problem with Jasmin, I have attached a patch that _should_ work (note: you will need to apply the patch & compile Jasmin from source).
Regards,
Aaloan
________________________________
From: Joe <owqian at gmail.com>
To: soot-list <soot-list at sable.mcgill.ca>
Sent: Saturday, March 24, 2012 8:41 AM
Subject: Re: [Soot-list] Instrumentation problem for GOTO instructions
Hi Eric,
I mean instrumenting the instructions and hooking the execution
of each assignment and method call.
The instrumented bytecode is like following:
1886: aload 59
1888: invokestatic #1818; //Method
com/xxx/tracer/RefTracer.afterInstanceFieldLoad:(JILjava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)V
1891: aload 22
1893: astore 184
1895: iload 27
1897: invokestatic #1393; //Method
soot/jimple/IntConstant.v:(I)Lsoot/jimple/IntConstant;
1900: astore 22
1902: lload 182
1904: ldc_w #1586; //int 545952
1907: aload 184
1909: aload 22
1911: invokestatic #431; //Method
com/xxx/tracer/RefTracer.afterAssignByStaticCall:(JILjava/lang/Object;Ljava/lang/Object;)V
1914: aload 60
1916: astore 184
I use JustIce to verify the instrumented bytecode. The tool reports "bad bytecode", because
there are invalid branch targets in the instrumented code. I've
checked the instrumented Jimple representation,
and its Jasmin format. The jump statements are correct. But when
the jasmin format is translated to .class format.
The goto instructions jump to incorrect locations.
2034: invokevirtual #959; //Method
soot/jimple/Jimple.newAssignStmt:(Lsoot/Value;Lsoot/Value;)Lsoot/jimple/AssignStmt;
2037: astore 20
2039: lload 182
2041: ldc_w #1587; //int 545950
2044: aload 184
2046: aload 20
2048: aload 60
2050: invokestatic #604; //Method
com/xxx/tracer/RefTracer.afterAssignByInstanceCall:(JILjava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)V
2053: goto -14285 // should be a positive number, turn to negative because of integer overflow
....
51251: aload 20 // jump target
51253: aconst_null
51254: invokestatic #1049; //Method
com/xxx/tracer/RefTracer.beforeRefEqualityTest:(Ljava/lang/Object;Ljava/lang/Object;)V
51257: aload 20
51259: ifnull 51395
51262: aload 180
The reason is that after instrumentation the goto offset largely increases compared to the original one
(larger than a short integer type, because of the added code), but
we still use goto instead of goto_w in the
generated bytecode.
I think this kind of situation rarely occurs. Maybe we do not
need to fix the bug. But, its better
to given a warning when use Jasmin to generate the bytecode.
Thanks for your reply.
Regards,
Joe
On 2012/3/24 18:14, Eric Bodden wrote:
Hi Joe. Sorry but what exactly do you mean by "hooking"? Cheers,
Eric On 24 March 2012 09:52, Joe <owqian at gmail.com> wrote:
>Hi All, I find a strange problem when hooking soot.coffi.CFG.generateJimple
method.
The method is very large. After hooking, the goto instructions become
invalid. It seems
that the jump offsets overflow the short integer type.
(The hooked method is still less than 64k bytes. No more than the
maximum JVM method size. ) package jas;
public class Label extends Insn implements RuntimeConstants
{
void writeOffset(CodeAttr ce, Insn source, DataOutputStream
out)
throws jasError, IOException
{ // write the offset (as a short)
// of source
int pc, tpc;
pc = ce.getPc(this); // pc = 51250
if (source == null)
tpc = 0;
else
tpc = ce.getPc(source); // tpc = 2053
short offset = (short) (pc - tpc); // overflow here
out.writeShort(offset);
} Now, I'm searching for ways to fix this problem. Can Soot
automatically change
the goto instructions into goto_w instructions? Joe _______________________________________________
Soot-list mailing list Soot-list at sable.mcgill.ca http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
_______________________________________________
Soot-list mailing list
Soot-list at sable.mcgill.ca
http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20120324/6c4c42fb/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: goto.patch
Type: application/octet-stream
Size: 1442 bytes
Desc: not available
Url : http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20120324/6c4c42fb/attachment-0001.obj
More information about the Soot-list
mailing list