search

soot-oss / soot

Soot - A Java optimization framework
GNU Lesser General Public License v2.1
2.85k stars 706 forks source link

Array Index Out of Bounds during Instrumentation #1996

Open adityavardhanpadala opened 1 year ago

adityavardhanpadala commented 1 year ago

I am trying to instrument io.fireboard.android.zip using the following transform to sanitize the variables associated in a loop exit. 

        PackManager.v().getPack("jtp").add(new Transform("jtp.loopFinder", new BodyTransformer() {
            @Override
            protected void internalTransform(Body b, String phaseName, Map<String, String> options) {
                String m_name = b.getMethod().getName();
                String c_name = b.getMethod().getDeclaringClass().getName();

                LoopFinder loopFinder = new LoopFinder();
                loopFinder.transform(b);
                Chain<Unit> units = b.getUnits();
                int c = 0;
                for (Loop loop : loopFinder.getLoops(b)) {
                    Collection<Stmt> exits = loop.getLoopExits();
                    for (Stmt exit: exits) {
                            if(exit instanceof IfStmt) {
                                IfStmt ifStmt = (IfStmt) exit;
                                ConditionExpr condition = (ConditionExpr) ifStmt.getCondition();

                                Value leftOp = condition.getOp1();
                                Value rightOp = condition.getOp2();

                                Type ltype = leftOp.getType();
                                Type rtype = rightOp.getType();

                                Local nl = Jimple.v().newLocal("isl"+String.format("%d", c), ltype);
                                Local nr = Jimple.v().newLocal("isr"+String.format("%d", c), rtype);

                                AssignStmt asl, asr;
                                if (isPrimitiveType(ltype)) {
                                    asl = Jimple.v().newAssignStmt(nl, Jimple.v().newStaticInvokeExpr(primSinks.get(ltype).makeRef(), leftOp));
                                }
                                else {
                                    asl = Jimple.v().newAssignStmt(nl, Jimple.v().newStaticInvokeExpr(ObjSinkMet.makeRef(), leftOp));
                                }
                                if(isPrimitiveType(rtype)) {
                                    asr = Jimple.v().newAssignStmt(nr, Jimple.v().newStaticInvokeExpr(primSinks.get(rtype).makeRef(), rightOp));
                                }
                                else {
                                    asr = Jimple.v().newAssignStmt(nr, Jimple.v().newStaticInvokeExpr(ObjSinkMet.makeRef(), rightOp));

                                }
                                units.insertBefore(asl, loop.getHead());
                                units.insertBefore(asr, asl);

                            }
                    }
                }
                b.validate();
            }
        }));

and I am getting the following error. Any idea on what I might be doing wrong here?

[Thread-20] ERROR heros.solver.CountingThreadPoolExecutor - Worker thread execution failed: Index 1969673 out of bounds for length 8
java.lang.ArrayIndexOutOfBoundsException: Index 1969673 out of bounds for length 8
    at soot.toolkits.scalar.SimpleLocalDefs.init(SimpleLocalDefs.java:386)
    at soot.toolkits.scalar.SimpleLocalDefs.<init>(SimpleLocalDefs.java:342)
    at soot.toolkits.scalar.SimpleLocalDefs.<init>(SimpleLocalDefs.java:326)
    at soot.toolkits.scalar.SimpleLocalDefs.<init>(SimpleLocalDefs.java:322)
    at soot.toolkits.scalar.LocalDefsFactory.newLocalDefs(LocalDefsFactory.java:103)
    at soot.validation.UsesValidator.validate(UsesValidator.java:79)
    at soot.Body.validate(Body.java:298)
    at soot.jimple.JimpleBody.validate(JimpleBody.java:128)
    at soot.jimple.JimpleBody.validate(JimpleBody.java:114)
    at org.example.Main$2.internalTransform(Main.java:329)
    at soot.BodyTransformer.transform(BodyTransformer.java:47)
    at soot.Transform.apply(Transform.java:126)
    at soot.BodyPack.internalApply(BodyPack.java:49)
    at soot.Pack.apply(Pack.java:126)
    at soot.PackManager.runBodyPacks(PackManager.java:992)
    at soot.PackManager.lambda$runBodyPacks$0(PackManager.java:667)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
    at java.base/java.lang.Thread.run(Thread.java:833)
AlphaDora commented 1 week ago

Hello? Have you ever solved this issue? I had a similar instrumentation issue like this, but my error message is Index 1 out of bounds for length 1: [Thread-44] ERROR heros.solver.CountingThreadPoolExecutor - Worker thread execution failed: Index 1 out of bounds for length 1 java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1 at org.objectweb.asm.MethodWriter.visitParameterAnnotation(MethodWriter.java:703) at soot.AbstractASMBackend.generateMethods(AbstractASMBackend.java:347) at soot.AbstractASMBackend.generateByteCode(AbstractASMBackend.java:277) at soot.AbstractASMBackend.generateClassFile(AbstractASMBackend.java:226) at soot.PackManager.writeClass(PackManager.java:1124) at soot.PackManager.lambda$writeOutput$1(PackManager.java:705) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834)