[Soot-list] Error in Android validation/custom validation?

[Julian Schütte]

Hello all,

when parsing an (slightly obfuscated) Android app, I bumped into the
following Exception if Options.v().set_validate(true) is set. My
impression is that there is a bug in soot.toolkits.scalar.InitAnalysis,
but I might be wrong here. If this is the expected behavior, is there
any way to register a custom validation?

Exception in thread "main" java.lang.RuntimeException: Warning: Local
variable $r3 not definitely defined at exitmonitor $r3 in
<org.example.myapp.c: void a(org.example.myapp.b)>
    at soot.Body.checkInit(Body.java:787)
    at soot.Body.validate(Body.java:237)
    at soot.jimple.JimpleBody.validate(JimpleBody.java:72)
    at soot.PackManager.runBodyPacks(PackManager.java:900)
    at soot.PackManager.runBodyPacks(PackManager.java:584)
    at soot.PackManager.runBodyPacks(PackManager.java:487)
    at soot.PackManager.runPacksNormally(PackManager.java:464)
    at soot.PackManager.runPacks(PackManager.java:388)
    at de.linkality.test.Main.main(Main.java:105)


The following Jimple code is responsible for the Exception. It passes
the Dex verifier and executes nicely, but fails Soot's validation.

public void a(org.example.myapp.b)
    {
        org.example.myapp.c $r0;
        org.example.myapp.b $r1;
        java.util.ArrayList $r2;
        java.lang.Object $r3;
        boolean $z0;
        java.lang.Throwable $r4;
        java.util.List $r5;

        $r0 := @this: org.example.myapp.c;
        $r1 := @parameter0: org.example.myapp.b;
        $r2 = $r0.<org.example.myapp.c: java.util.ArrayList h>;
        if $r2 == null goto label5;

        $r3 = $r0.<org.example.myapp.c: java.lang.Object b>;
        entermonitor $r3;

     label0:
        $r2 = $r0.<org.example.myapp.c: java.util.ArrayList h>;
        virtualinvoke $r2.<java.util.ArrayList: boolean
add(java.lang.Object)>($r1);
        $z0 = $r0.<org.example.myapp.c: boolean f>;
        if $z0 == 0 goto label1;

        virtualinvoke $r0.<org.example.myapp.c: void
notifyDataSetChanged()>();

     label1:
        exitmonitor $r3;    // <-- NO PROBLEM HERE

     label2:
        return;

     label3:
        $r4 := @caughtexception;
        exitmonitor $r3;    // <-- ************ EXCEPTION OCCURS HERE.
InitAnalysis.getFlowBefore() is {$r0, $r1, $r2} ********

     label4:
        throw $r4;

     label5:
        $r5 = $r0.<org.example.myapp.c: java.util.List a>;
        interfaceinvoke $r5.<java.util.List: boolean
add(java.lang.Object)>($r1);
        $z0 = $r0.<org.example.myapp.c: boolean f>;
        if $z0 == 0 goto label2;

        virtualinvoke $r0.<org.example.myapp.c: void
notifyDataSetChanged()>();
        goto label2;

        catch java.lang.Throwable from label0 to label4 with label3;
    }


Best regards,
Julian