[Soot-list] Something weird with ClassicCompleteBlockGraph

Bodden, Eric eric.bodden at sit.fraunhofer.de
Mon Feb 10 02:52:05 EST 2014 

Hello.

> I found that the block 13 “return;” has a succor which is the exception handler, which is illogical.

I guess that Soot only gives you what the bytecode states. If you look at the traps you will see:

>         catch java.lang.Exception from label0 to label4 with label5;

Surely that range covers the return statement. Maybe can you use javap on the respective class to see what the traps look like in the original bytecode? If they look the same then there is really not much that Soot could do. In that case it's the bytecode that's illogical.

Anyway: Why is this causing you problems?

Eric

P.S. My guess is that in the respective source code the "return" is within a try-block.

On 08.02.2014, at 13:59, QIAN ChenXiong <chenxiongqian at gmail.com> wrote:

> Hello,
> 
> I found something weird when I tried to get the ClassicCompleteBlockGraph, for example, I have the following jimple code:
> 
>     protected void onResume()
>     {
>         de.ecspride.MainActivity $r0;
>         android.telephony.SmsManager $r1;
>         java.lang.String $r2;
>         byte[] $r3;
>         java.io.FileInputStream $r4;
>         int $i0, $i2;
>         java.lang.Exception $r6;
> 
>         $r0 := @this: de.ecspride.MainActivity;
>         specialinvoke $r0.<android.app.Activity: void onResume()>();
> 
>      label0:
>         $r4 = virtualinvoke $r0.<de.ecspride.MainActivity: java.io.FileInputStream openFileInput(java.lang.String)>("out.txt");
>         $r3 = newarray (byte)[256];
>         $i0 = 0;
> 
>      label1:
>         $i2 = lengthof $r3;
>         if $i0 < $i2 goto label3;
> 
>         virtualinvoke $r4.<java.io.FileInputStream: int read(byte[])>($r3);
>         virtualinvoke $r4.<java.io.FileInputStream: void close()>();
>         $r1 = staticinvoke <android.telephony.SmsManager: android.telephony.SmsManager getDefault()>();
>         $r2 = new java.lang.String;
>         specialinvoke $r2.<java.lang.String: void <init>(byte[])>($r3);
>         $r2 = virtualinvoke $r2.<java.lang.String: java.lang.String trim()>();
>         virtualinvoke $r1.<android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>("+49", null, $r2, null, null);
> 
>      label2:
>         return;
> 
>      label3:
>         $r3[$i0] = 0;
> 
>      label4:
>         $i0 = $i0 + 1;
>         goto label1;
> 
>      label5:
>         $r6 := @caughtexception;
>         goto label2;
> 
>         catch java.lang.Exception from label0 to label4 with label5;
>     }
> ===================================================================================================
> the block tree of ClassicCompleteBlockGraph is as follows:
> 
> [Block 0:
> [preds: ] [succs: 1 16 ]
> $r0 := @this: de.ecspride.MainActivity;
> specialinvoke $r0.<android.app.Activity: void onResume()>();
> 
> , Block 1:
> [preds: 0 ] [succs: 2 16 ]
> $r4 = virtualinvoke $r0.<de.ecspride.MainActivity: java.io.FileInputStream openFileInput(java.lang.String)>("out.txt");
> , Block 2:
> [preds: 1 ] [succs: 3 16 ]
> $r3 = newarray (byte)[256];
> , Block 3:
> [preds: 2 ] [succs: 4 16 ]
> $i0 = 0;
> , Block 4:
> [preds: 3 15 ] [succs: 5 16 ]
> $i2 = lengthof $r3;
> , Block 5:
> [preds: 4 ] [succs: 6 14 16 ]
> if $i0 < $i2 goto $r3[$i0] = 0;
> , Block 6:
> [preds: 5 ] [succs: 7 16 ]
> virtualinvoke $r4.<java.io.FileInputStream: int read(byte[])>($r3);
> , Block 7:
> [preds: 6 ] [succs: 8 16 ]
> virtualinvoke $r4.<java.io.FileInputStream: void close()>();
> , Block 8:
> [preds: 7 ] [succs: 9 16 ]
> $r1 = staticinvoke <android.telephony.SmsManager: android.telephony.SmsManager getDefault()>();
> , Block 9:
> [preds: 8 ] [succs: 10 16 ]
> $r2 = new java.lang.String;
> , Block 10:
> [preds: 9 ] [succs: 11 16 ]
> specialinvoke $r2.<java.lang.String: void <init>(byte[])>($r3);
> , Block 11:
> [preds: 10 ] [succs: 12 16 ]
> $r2 = virtualinvoke $r2.<java.lang.String: java.lang.String trim()>();
> , Block 12:
> [preds: 11 ] [succs: 13 16 ]
> virtualinvoke $r1.<android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>("+49", null, $r2, null, null);
> 
> , Block 13:
> [preds: 12 16 ] [succs: 16 ] ======================================== this is weird
> return;
> 
> , Block 14:
> [preds: 5 ] [succs: 15 16 ]
> $r3[$i0] = 0;
> , Block 15:
> [preds: 14 ] [succs: 4 ]
> $i0 = $i0 + 1;
> goto [?= $i2 = lengthof $r3];
> 
> , Block 16:
> [preds: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 0 ] [succs: 13 ]
> $r6 := @caughtexception;
> goto [?= return];
> ]
> ====================================================================
> I found that the block 13 “return;” has a succor which is the exception handler, which is illogical.
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list

--
Prof. Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
Head of Secure Software Engineering  at Fraunhofer SIT, TU Darmstadt and EC SPRIDE
Tel: +49 6151 16-75422    Fax: +49 6151 16-72051
Room 3.2.14, Mornewegstr. 30, 64293 Darmstadt

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20140210/b6ff236a/attachment.bin

More information about the Soot-list mailing list