[Soot-list] exception table question
Heejong Lee
heejong at gmail.com
Fri Oct 12 14:05:56 EDT 2012
Hi Eric,
I generated jar from apk and translated it to Jimple.
It seems that jar converted from dex hits many corner cases
that we can rarely see in a normal java bytecode.
Anyway, I patched soot to draw edges to shadowed exception
handlers only in LocalSplitter phase and can confirm that the
error in the previous mail is gone.
You can see the changes here:
https://github.com/ihji/soot/commit/2e9880446c8af6d3113b9e1c7a0396a6504e194d
-- Heejong
On Thu, Oct 11, 2012 at 5:39 PM, Eric Bodden <eric.bodden at ec-spride.de> wrote:
> Hello.
>
> Yes I think your interpretation is correct. I have seen this before.
> How are you currently generating this Jimple code?
>
> Eric
>
> On 11 October 2012 10:18, Heejong Lee <heejong at gmail.com> wrote:
>> Hi Eric,
>>
>> Thank you for your answer.
>> The exception table I attached was from following methods.
>> The first one is untyped and the second one is typed:
>>
>> <net.youmi.android.appoffers.cj: boolean
>> a(android.content.Context,java.lang.String,java.lang.String)>
>> private static boolean a(android.content.Context,
>> java.lang.String, java.lang.String)
>> {
>> unknown l0, l1, l2, l5, l3, l4, l6, $stack0#5, l4#2,
>> $stack0#15, l4#3, $stack0#21, l4#4, $stack0#22, l3#2, l6#2,
>> $stack0#29, l3#3, $stack0#30, l3#4, $stack0#31, l4#5, $stack0#32,
>> l4#6, $stack0#33, l4#7, $stack0#34, $stack0#35, l5#2, $stack0#37,
>> l4#8, $stack0#40, l5#3;
>>
>> l0 := @parameter0: android.content.Context;
>> l1 := @parameter1: java.lang.String;
>> l2 := @parameter2: java.lang.String;
>> l5 = null;
>> l3 = 0;
>> l4 = 0;
>>
>> label0:
>> $stack0#5 = virtualinvoke l0.<android.content.Context:
>> java.io.FileOutputStream openFileOutput(java.lang.String,int)>(l1,
>> l4);
>>
>> label1:
>> l6 = $stack0#5;
>>
>> label2:
>> l4#2 = new java.io.ObjectOutputStream;
>> specialinvoke l4#2.<java.io.ObjectOutputStream: void
>> <init>(java.io.OutputStream)>(l6);
>>
>> label3:
>> virtualinvoke l4#2.<java.io.ObjectOutputStream: void
>> writeUTF(java.lang.String)>(l2);
>>
>> label4:
>> if l4#2 == null goto label6;
>>
>> label5:
>> virtualinvoke l4#2.<java.io.ObjectOutputStream: void close()>();
>>
>> label6:
>> if l6 == null goto label8;
>>
>> label7:
>> virtualinvoke l6.<java.io.FileOutputStream: void close()>();
>>
>> label8:
>> l3 = 1;
>>
>> label9:
>> return l3;
>>
>> label10:
>> $stack0#15 := @caughtexception;
>> l4#3 = $stack0#15;
>> l4#2 = l5;
>>
>> label11:
>> if l4#2 == null goto label13;
>>
>> label12:
>> virtualinvoke l4#2.<java.io.ObjectOutputStream: void close()>();
>>
>> label13:
>> if l5 == null goto label9;
>>
>> label14:
>> virtualinvoke l5.<java.io.FileOutputStream: void close()>();
>>
>> label15:
>> goto label9;
>>
>> label16:
>> $stack0#21 := @caughtexception;
>> l4#4 = $stack0#21;
>> goto label9;
>>
>> label17:
>> $stack0#22 := @caughtexception;
>> l3#2 = $stack0#22;
>> l6#2 = l5;
>>
>> label18:
>> if l5#2 == null goto label20;
>>
>> label19:
>> virtualinvoke l5#2.<java.io.ObjectOutputStream: void close()>();
>>
>> label20:
>> if l6#2 == null goto label22;
>>
>> label21:
>> virtualinvoke l6#2.<java.io.FileOutputStream: void close()>();
>>
>> label22:
>> throw l3#2;
>>
>> label23:
>> $stack0#29 := @caughtexception;
>> l3#3 = $stack0#29;
>> goto label6;
>>
>> label24:
>> $stack0#30 := @caughtexception;
>> l3#4 = $stack0#30;
>> goto label8;
>>
>> label25:
>> $stack0#31 := @caughtexception;
>> l4#5 = $stack0#31;
>> goto label13;
>>
>> label26:
>> $stack0#32 := @caughtexception;
>> l4#6 = $stack0#32;
>> goto label20;
>>
>> label27:
>> $stack0#33 := @caughtexception;
>> l4#7 = $stack0#33;
>> goto label22;
>>
>> label28:
>> $stack0#34 := @caughtexception;
>> l3#2 = $stack0#34;
>> goto label18;
>>
>> label29:
>> $stack0#35 := @caughtexception;
>> l3#2 = $stack0#35;
>> l5#2 = l4;
>> goto label18;
>>
>> label30:
>> $stack0#37 := @caughtexception;
>> l4#8 = $stack0#37;
>> l4#2 = l5;
>> l5 = l6;
>> goto label11;
>>
>> label31:
>> $stack0#40 := @caughtexception;
>> l5#3 = $stack0#40;
>> l5 = l6;
>> goto label11;
>>
>> catch java.lang.Throwable from label0 to label1 with label10;
>> catch java.lang.Throwable from label0 to label1 with label17;
>> catch java.lang.Throwable from label2 to label3 with label30;
>> catch java.lang.Throwable from label2 to label3 with label28;
>> catch java.lang.Throwable from label3 to label4 with label31;
>> catch java.lang.Throwable from label3 to label4 with label29;
>> catch java.lang.Throwable from label5 to label6 with label23;
>> catch java.lang.Throwable from label7 to label8 with label24;
>> catch java.lang.Throwable from label12 to label13 with label25;
>> catch java.lang.Throwable from label14 to label15 with label16;
>> catch java.lang.Throwable from label19 to label20 with label26;
>> catch java.lang.Throwable from label21 to label22 with label27;
>> }
>>
>>
>> <net.youmi.android.appoffers.cj: boolean
>> a(android.content.Context,java.lang.String,java.lang.String)>
>> private static boolean a(android.content.Context,
>> java.lang.String, java.lang.String)
>> {
>> android.content.Context r0;
>> java.lang.String r1, r2;
>> java.io.FileOutputStream r3, r4, $r5, r13;
>> boolean z0;
>> int i0, i1;
>> java.lang.Object r6;
>> java.lang.Throwable $r7, r8, $r9, r10, $r11, r12, $r14, r15,
>> $r16, r17, $r18, r19, $r20, r21, $r22, r23, $r24, $r25, $r26, r27,
>> $r28, r29;
>> java.io.ObjectOutputStream r30, r31, r32, r33, r34;
>>
>> r0 := @parameter0: android.content.Context;
>> r1 := @parameter1: java.lang.String;
>> r2 := @parameter2: java.lang.String;
>> r3 = null;
>> z0 = 0;
>> i0 = 0;
>>
>> label0:
>> $r5 = virtualinvoke r0.<android.content.Context:
>> java.io.FileOutputStream openFileOutput(java.lang.String,int)>(r1,
>> i0);
>>
>> label1:
>> r4 = $r5;
>>
>> label2:
>> r30 = new java.io.ObjectOutputStream;
>> r6 = r30;
>> specialinvoke r30.<java.io.ObjectOutputStream: void
>> <init>(java.io.OutputStream)>(r4);
>>
>> label3:
>> r31 = (java.io.ObjectOutputStream) r6;
>> virtualinvoke r31.<java.io.ObjectOutputStream: void
>> writeUTF(java.lang.String)>(r2);
>>
>> label4:
>> if r6 == null goto label6;
>>
>> label5:
>> r32 = (java.io.ObjectOutputStream) r6;
>> virtualinvoke r32.<java.io.ObjectOutputStream: void close()>();
>>
>> label6:
>> if r4 == null goto label8;
>>
>> label7:
>> virtualinvoke r4.<java.io.FileOutputStream: void close()>();
>>
>> label8:
>> z0 = 1;
>>
>> label9:
>> return z0;
>>
>> label10:
>> $r7 := @caughtexception;
>> r8 = $r7;
>> r6 = r3;
>>
>> label11:
>> if r6 == null goto label13;
>>
>> label12:
>> r33 = (java.io.ObjectOutputStream) r6;
>> virtualinvoke r33.<java.io.ObjectOutputStream: void close()>();
>>
>> label13:
>> if r3 == null goto label9;
>>
>> label14:
>> virtualinvoke r3.<java.io.FileOutputStream: void close()>();
>>
>> label15:
>> goto label9;
>>
>> label16:
>> $r9 := @caughtexception;
>> r10 = $r9;
>> goto label9;
>>
>> label17:
>> $r11 := @caughtexception;
>> r12 = $r11;
>> r13 = r3;
>>
>> label18:
>> if i1 == null goto label20;
>>
>> label19:
>> r34 = (java.io.ObjectOutputStream) i1;
>> virtualinvoke r34.<java.io.ObjectOutputStream: void close()>();
>>
>> label20:
>> if r13 == null goto label22;
>>
>> label21:
>> virtualinvoke r13.<java.io.FileOutputStream: void close()>();
>>
>> label22:
>> throw r12;
>>
>> label23:
>> $r14 := @caughtexception;
>> r15 = $r14;
>> goto label6;
>>
>> label24:
>> $r16 := @caughtexception;
>> r17 = $r16;
>> goto label8;
>>
>> label25:
>> $r18 := @caughtexception;
>> r19 = $r18;
>> goto label13;
>>
>> label26:
>> $r20 := @caughtexception;
>> r21 = $r20;
>> goto label20;
>>
>> label27:
>> $r22 := @caughtexception;
>> r23 = $r22;
>> goto label22;
>>
>> label28:
>> $r24 := @caughtexception;
>> r12 = $r24;
>> goto label18;
>>
>> label29:
>> $r25 := @caughtexception;
>> r12 = $r25;
>> i1 = i0;
>> goto label18;
>>
>> label30:
>> $r26 := @caughtexception;
>> r27 = $r26;
>> r6 = r3;
>> r3 = r4;
>> goto label11;
>>
>> label31:
>> $r28 := @caughtexception;
>> r29 = $r28;
>> r3 = r4;
>> goto label11;
>>
>> catch java.lang.Throwable from label0 to label1 with label10;
>> catch java.lang.Throwable from label0 to label1 with label17;
>> catch java.lang.Throwable from label2 to label3 with label30;
>> catch java.lang.Throwable from label2 to label3 with label28;
>> catch java.lang.Throwable from label3 to label4 with label31;
>> catch java.lang.Throwable from label3 to label4 with label29;
>> catch java.lang.Throwable from label5 to label6 with label23;
>> catch java.lang.Throwable from label7 to label8 with label24;
>> catch java.lang.Throwable from label12 to label13 with label25;
>> catch java.lang.Throwable from label14 to label15 with label16;
>> catch java.lang.Throwable from label19 to label20 with label26;
>> catch java.lang.Throwable from label21 to label22 with label27;
>> }
>>
>> As you may see it, the first statement of label 19 in the second method
>> is illegally typed [r34 = (java.io.ObjectOutputStream) i1;] because integer
>> variable is cast to java.io.ObjectOutputStream.
>>
>> I think the second statement of label 29 in the first method should be
>> [l5#2 = l4#2;],
>> not [l5#2 = l4;] and the reason why soot misinterpreted
>> this is the entry "catch java.lang.Throwable from label3 to label4
>> with label29;"
>> in the exception table is shadowed by
>> "catch java.lang.Throwable from label3 to label4 with label31;". Am I
>> guessing right?
>>
>> Sorry for bothering you.
>>
>> -- Heejong
>>
>>
>>
>> On Thu, Oct 11, 2012 at 4:49 PM, Eric Bodden <eric.bodden at ec-spride.de> wrote:
>>> Hello.
>>>
>>>> Is the first exception table illegal?
>>>
>>> Stricktly speaking, to the best of my knowledge, it is not illegal, as
>>> it is covered by the JVM spec. Whether it makes sense is another
>>> questions.
>>>
>>>> What does "any" mean in the first table?
>>>
>>> I think it's a performance optimized version that has the same
>>> semantics as "Class java/lang/Throwable". Hence also the translation
>>> by Soot that you see...
>>>
>>>> Can I safely remove line 2, 4, 6 (the entry of type any) in the original table?
>>>
>>> Probably not. The semantics is that if more than one handlers match,
>>> as can be the case here, then the first will execute. Maybe your
>>> analysis should take that into account.
>>>
>>> Eric
>>
>>
>>
>> --
>> Heejong Lee
>>
>> Associate Research Engineer
>> Program Analysis Division
>> Fasoo.com, Inc. (www.spa-arrow.com)
>
>
>
> --
> Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
> Head of Secure Software Engineering Group at EC SPRIDE
> Tel: +49 6151 16-75422 Fax: +49 6151 16-72051
> Room 3.2.14, Mornewegstr. 30, 64293 Darmstadt
--
Heejong Lee
Associate Research Engineer
Program Analysis Division
Fasoo.com, Inc. (www.spa-arrow.com)
More information about the Soot-list
mailing list