[Soot-list] Something weird with ClassicCompleteBlockGraph
Chenxiong Qian
chenxiongqian at gmail.com
Mon Feb 10 03:02:25 EST 2014
Hi, Eric,
Thank you for your reply.
The code was one of the test cases of DroidBench and I think the problem was caused by the bug of “ClassicCompleteBlockGraph”; I didn’t realize that this class is just for testing. Afterwards, I tried other BlockGraph (e.g. ZonedBlockGraph) and it works well.
Best,
Shoon
On 2014年2月10日, at 下午3:52, Bodden, Eric <eric.bodden at sit.fraunhofer.de> wrote:
> Hello.
>
>> I found that the block 13 “return;” has a succor which is the exception handler, which is illogical.
>
> I guess that Soot only gives you what the bytecode states. If you look at the traps you will see:
>
>> catch java.lang.Exception from label0 to label4 with label5;
>
> Surely that range covers the return statement. Maybe can you use javap on the respective class to see what the traps look like in the original bytecode? If they look the same then there is really not much that Soot could do. In that case it's the bytecode that's illogical.
>
> Anyway: Why is this causing you problems?
>
> Eric
>
> P.S. My guess is that in the respective source code the "return" is within a try-block.
>
> On 08.02.2014, at 13:59, QIAN ChenXiong <chenxiongqian at gmail.com> wrote:
>
>> Hello,
>>
>> I found something weird when I tried to get the ClassicCompleteBlockGraph, for example, I have the following jimple code:
>>
>> protected void onResume()
>> {
>> de.ecspride.MainActivity $r0;
>> android.telephony.SmsManager $r1;
>> java.lang.String $r2;
>> byte[] $r3;
>> java.io.FileInputStream $r4;
>> int $i0, $i2;
>> java.lang.Exception $r6;
>>
>> $r0 := @this: de.ecspride.MainActivity;
>> specialinvoke $r0.<android.app.Activity: void onResume()>();
>>
>> label0:
>> $r4 = virtualinvoke $r0.<de.ecspride.MainActivity: java.io.FileInputStream openFileInput(java.lang.String)>("out.txt");
>> $r3 = newarray (byte)[256];
>> $i0 = 0;
>>
>> label1:
>> $i2 = lengthof $r3;
>> if $i0 < $i2 goto label3;
>>
>> virtualinvoke $r4.<java.io.FileInputStream: int read(byte[])>($r3);
>> virtualinvoke $r4.<java.io.FileInputStream: void close()>();
>> $r1 = staticinvoke <android.telephony.SmsManager: android.telephony.SmsManager getDefault()>();
>> $r2 = new java.lang.String;
>> specialinvoke $r2.<java.lang.String: void <init>(byte[])>($r3);
>> $r2 = virtualinvoke $r2.<java.lang.String: java.lang.String trim()>();
>> virtualinvoke $r1.<android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>("+49", null, $r2, null, null);
>>
>> label2:
>> return;
>>
>> label3:
>> $r3[$i0] = 0;
>>
>> label4:
>> $i0 = $i0 + 1;
>> goto label1;
>>
>> label5:
>> $r6 := @caughtexception;
>> goto label2;
>>
>> catch java.lang.Exception from label0 to label4 with label5;
>> }
>> ===================================================================================================
>> the block tree of ClassicCompleteBlockGraph is as follows:
>>
>> [Block 0:
>> [preds: ] [succs: 1 16 ]
>> $r0 := @this: de.ecspride.MainActivity;
>> specialinvoke $r0.<android.app.Activity: void onResume()>();
>>
>> , Block 1:
>> [preds: 0 ] [succs: 2 16 ]
>> $r4 = virtualinvoke $r0.<de.ecspride.MainActivity: java.io.FileInputStream openFileInput(java.lang.String)>("out.txt");
>> , Block 2:
>> [preds: 1 ] [succs: 3 16 ]
>> $r3 = newarray (byte)[256];
>> , Block 3:
>> [preds: 2 ] [succs: 4 16 ]
>> $i0 = 0;
>> , Block 4:
>> [preds: 3 15 ] [succs: 5 16 ]
>> $i2 = lengthof $r3;
>> , Block 5:
>> [preds: 4 ] [succs: 6 14 16 ]
>> if $i0 < $i2 goto $r3[$i0] = 0;
>> , Block 6:
>> [preds: 5 ] [succs: 7 16 ]
>> virtualinvoke $r4.<java.io.FileInputStream: int read(byte[])>($r3);
>> , Block 7:
>> [preds: 6 ] [succs: 8 16 ]
>> virtualinvoke $r4.<java.io.FileInputStream: void close()>();
>> , Block 8:
>> [preds: 7 ] [succs: 9 16 ]
>> $r1 = staticinvoke <android.telephony.SmsManager: android.telephony.SmsManager getDefault()>();
>> , Block 9:
>> [preds: 8 ] [succs: 10 16 ]
>> $r2 = new java.lang.String;
>> , Block 10:
>> [preds: 9 ] [succs: 11 16 ]
>> specialinvoke $r2.<java.lang.String: void <init>(byte[])>($r3);
>> , Block 11:
>> [preds: 10 ] [succs: 12 16 ]
>> $r2 = virtualinvoke $r2.<java.lang.String: java.lang.String trim()>();
>> , Block 12:
>> [preds: 11 ] [succs: 13 16 ]
>> virtualinvoke $r1.<android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>("+49", null, $r2, null, null);
>>
>> , Block 13:
>> [preds: 12 16 ] [succs: 16 ] ======================================== this is weird
>> return;
>>
>> , Block 14:
>> [preds: 5 ] [succs: 15 16 ]
>> $r3[$i0] = 0;
>> , Block 15:
>> [preds: 14 ] [succs: 4 ]
>> $i0 = $i0 + 1;
>> goto [?= $i2 = lengthof $r3];
>>
>> , Block 16:
>> [preds: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 0 ] [succs: 13 ]
>> $r6 := @caughtexception;
>> goto [?= return];
>> ]
>> ====================================================================
>> I found that the block 13 “return;” has a succor which is the exception handler, which is illogical.
>> _______________________________________________
>> Soot-list mailing list
>> Soot-list at sable.mcgill.ca
>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>
> --
> Prof. Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
> Head of Secure Software Engineering at Fraunhofer SIT, TU Darmstadt and EC SPRIDE
> Tel: +49 6151 16-75422 Fax: +49 6151 16-72051
> Room 3.2.14, Mornewegstr. 30, 64293 Darmstadt
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20140210/d693aab0/attachment.bin
More information about the Soot-list
mailing list