guschoYB
commented
3 years ago Ohh great
Closed Col-E closed 2 years ago
guschoYB
commented
3 years ago Ohh great
Col-E
commented
2 years ago And https://github.com/xxDark/SSVM knocks it outta the park.
Runtime simulation
The ability to simulate running code in a sandbox so that unknown classes and methods can be invoked without running potentially unsafe code (Like deleting files). For primitives, strings, and other safe types this would allow users to watch / step through the execution and watch the changes applied to classes (fields) and the method stack.
Use Cases
Implementation Outline:
VirtualObj
T valueVirtualClass
Map<Identifier, VirtualField> fieldsMap<Identifier, VirtualMethod> methodsVirtualMember
identity()VirtualField extends VirtualMember
VirtualClass valueVirtualMethod extends VirtualMember
Simulation getSimulation(VirtualObj... args)Simulation
List<VirtualInsn\> instructionsList<VirtualObj\> varsStack<VirtualObj\> stackVirtualInsn models behavior from AbstractInsnNode
apply(Simulation)Current thoughts on how the simulation API will be handled. There will probably be a lot of
VirtualClassimplementations for common core Java classes. At some point enough base classes should be implemented to have things referencing them work by auto-generated logic. For example, onceStringis implemented something likeStringUtilsshould be able to have an auto-generated implementation work since all the outbound reference classes have aVirtualClassimplementation.With this lookup strategy, loading loops would have to be counted somehow. Perhaps a combination of lazy-loading and keeping a global cache for library classes (anything not residing in the primary Recaf input) would be worthwhile.
Also to reduce the complexity of certain simulations, being able to assign dummy values to things like field getters + method invokes may be a useful feature too.