[Soot-list] Bug in traps translation
Martin Schäf
martinschaef at gmail.com
Wed Sep 10 00:29:58 EDT 2014
Sorry for nagging all the time... here is a java program (a piece of
Tomcat):
public class FalsePositives08 {
Object constraintsLock;
private String[] constraints;
private String constraint;
public void fp01() {
synchronized (constraintsLock) {
String results[] =
new String[constraints.length + 1];
for (int i = 0; i < constraints.length; i++)
results[i] = constraints[i];
results[constraints.length] = constraint;
constraints = results;
}
}
}
The bytecode is attached in lala.txt. You can see in the exception table:
Exception table:
from to target type
7 62 65 any
65 69 65 any
so the code from 65 to 69 (exclusive) gets caught by 65 ...
65: astore 4
67: aload_1
68: monitorexit
69: aload 4
71: athrow
if not, it rethrows, which is basically a finally block.
In the jimple program (also attached), you can see however:
label4:
nop;
temp$17 := @caughtexception;
exitmonitor temp$0;
throw temp$17;
label5:
nop;
return;
catch java.lang.Throwable from label0 to label5 with label4;
Which means that block4 goes into an infinite loop if I'm not mistaking,
right?
That causes a lot of headache in my analysis... is there an easy way I can
fix that? Btw., I'm still on soot-2.5.0 because of the line number problem.
Someone mentioned I can fix that by using coffi instead of ASM but I have
no idea what that means :(
Many Thanks,
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140909/52a02636/attachment-0001.html
-------------- next part --------------
Classfile /Users/schaef/git/jar2bpl/jar2bpl_test/regression/false_positives/fp08/FalsePositives08.class
Last modified Sep 9, 2014; size 770 bytes
MD5 checksum 9317bef138491898b38212c54e5f11d9
Compiled from "FalsePositives08.java"
public class FalsePositives08
SourceFile: "FalsePositives08.java"
minor version: 0
major version: 51
flags: ACC_PUBLIC, ACC_SUPER
Constant pool:
#1 = Methodref #7.#32 // java/lang/Object."<init>":()V
#2 = Fieldref #6.#33 // FalsePositives08.constraintsLock:Ljava/lang/Object;
#3 = Fieldref #6.#34 // FalsePositives08.constraints:[Ljava/lang/String;
#4 = Class #35 // java/lang/String
#5 = Fieldref #6.#36 // FalsePositives08.constraint:Ljava/lang/String;
#6 = Class #37 // FalsePositives08
#7 = Class #38 // java/lang/Object
#8 = Utf8 constraintsLock
#9 = Utf8 Ljava/lang/Object;
#10 = Utf8 constraints
#11 = Utf8 [Ljava/lang/String;
#12 = Utf8 constraint
#13 = Utf8 Ljava/lang/String;
#14 = Utf8 <init>
#15 = Utf8 ()V
#16 = Utf8 Code
#17 = Utf8 LineNumberTable
#18 = Utf8 LocalVariableTable
#19 = Utf8 this
#20 = Utf8 LFalsePositives08;
#21 = Utf8 fp01
#22 = Utf8 i
#23 = Utf8 I
#24 = Utf8 results
#25 = Utf8 StackMapTable
#26 = Class #38 // java/lang/Object
#27 = Class #11 // "[Ljava/lang/String;"
#28 = Class #37 // FalsePositives08
#29 = Class #39 // java/lang/Throwable
#30 = Utf8 SourceFile
#31 = Utf8 FalsePositives08.java
#32 = NameAndType #14:#15 // "<init>":()V
#33 = NameAndType #8:#9 // constraintsLock:Ljava/lang/Object;
#34 = NameAndType #10:#11 // constraints:[Ljava/lang/String;
#35 = Utf8 java/lang/String
#36 = NameAndType #12:#13 // constraint:Ljava/lang/String;
#37 = Utf8 FalsePositives08
#38 = Utf8 java/lang/Object
#39 = Utf8 java/lang/Throwable
{
java.lang.Object constraintsLock;
flags:
public FalsePositives08();
flags: ACC_PUBLIC
Code:
stack=1, locals=1, args_size=1
0: aload_0
1: invokespecial #1 // Method java/lang/Object."<init>":()V
4: return
LineNumberTable:
line 3: 0
LocalVariableTable:
Start Length Slot Name Signature
0 5 0 this LFalsePositives08;
public void fp01();
flags: ACC_PUBLIC
Code:
stack=4, locals=5, args_size=1
0: aload_0
1: getfield #2 // Field constraintsLock:Ljava/lang/Object;
4: dup
5: astore_1
6: monitorenter
7: aload_0
8: getfield #3 // Field constraints:[Ljava/lang/String;
11: arraylength
12: iconst_1
13: iadd
14: anewarray #4 // class java/lang/String
17: astore_2
18: iconst_0
19: istore_3
20: iload_3
21: aload_0
22: getfield #3 // Field constraints:[Ljava/lang/String;
25: arraylength
26: if_icmpge 44
29: aload_2
30: iload_3
31: aload_0
32: getfield #3 // Field constraints:[Ljava/lang/String;
35: iload_3
36: aaload
37: aastore
38: iinc 3, 1
41: goto 20
44: aload_2
45: aload_0
46: getfield #3 // Field constraints:[Ljava/lang/String;
49: arraylength
50: aload_0
51: getfield #5 // Field constraint:Ljava/lang/String;
54: aastore
55: aload_0
56: aload_2
57: putfield #3 // Field constraints:[Ljava/lang/String;
60: aload_1
61: monitorexit
62: goto 72
65: astore 4
67: aload_1
68: monitorexit
69: aload 4
71: athrow
72: return
Exception table:
from to target type
7 62 65 any
65 69 65 any
LineNumberTable:
line 10: 0
line 11: 7
line 13: 18
line 14: 29
line 13: 38
line 15: 44
line 16: 55
line 17: 60
line 19: 72
LocalVariableTable:
Start Length Slot Name Signature
20 24 3 i I
18 42 2 results [Ljava/lang/String;
0 73 0 this LFalsePositives08;
StackMapTable: number_of_entries = 4
frame_type = 254 /* append */
offset_delta = 20
locals = [ class java/lang/Object, class "[Ljava/lang/String;", int ]
frame_type = 250 /* chop */
offset_delta = 23
frame_type = 255 /* full_frame */
offset_delta = 20
locals = [ class FalsePositives08, class java/lang/Object ]
stack = [ class java/lang/Throwable ]
frame_type = 250 /* chop */
offset_delta = 6
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: FalsePositives08.jimple
Type: application/octet-stream
Size: 2260 bytes
Desc: not available
Url : http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140909/52a02636/attachment-0001.obj
More information about the Soot-list
mailing list