search

soot-oss / soot

Soot - A Java optimization framework
GNU Lesser General Public License v2.1
2.85k stars 706 forks source link

IllegalArgumentException: Opcode: IGET_OBJECT_QUICK #2089

Open JordanSamhi opened 1 month ago

JordanSamhi commented 1 month ago

Describe the bug I recently came across a bug in Soot that prevents the loading bodies of methods. It seems the problem is related to Dexpler and opcodes. Have you ever come across this problem? (stack trace below).

Input file Here are two examples of files for which the bug is triggered: E29E97ADCCC17FAE4053002F978B331C3898CC97A31066B44E2CA24B12DA79FB E14F0E92F5818687BD21EA939131DE8431347E2D1E515F85E874D449FD12966E

To reproduce It used Soot programmatically but it can be reproduced like this: java -jar soot.jar -src-prec apk -allow-phantom-refs -android-jars ./Android-platforms/ -f J -process-dir E14F0E92F5818687BD21EA939131DE8431347E2D1E515F85E874D449FD12966E.apk -process-multiple-dex

Stacktrace Example of 2 stack traces:

[] Setting up environment... [✓] Done. [] Instrumentation in progress... Exception in thread "main" Exception in thread "Thread-4" java.lang.IllegalArgumentException: Opcode: IGET_OBJECT_QUICK @ 0x2a2 at soot.dexpler.instructions.InstructionFactory.fromOpcode(InstructionFactory.java:381) at soot.dexpler.instructions.InstructionFactory.fromInstruction(InstructionFactory.java:48) at soot.dexpler.DexBody.extractDexInstructions(DexBody.java:338) at soot.dexpler.DexBody.(DexBody.java:272) at soot.dexpler.DexMethod$1.getBody(DexMethod.java:116) at soot.SootMethod.retrieveActiveBody(SootMethod.java:447) at soot.PackManager.lambda$retrieveAllBodies$2(PackManager.java:1250) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) java.lang.IllegalArgumentException: Opcode: IGET_OBJECT_QUICK @ 0x2a2 at soot.dexpler.instructions.InstructionFactory.fromOpcode(InstructionFactory.java:381) at soot.dexpler.instructions.InstructionFactory.fromInstruction(InstructionFactory.java:48) at soot.dexpler.DexBody.extractDexInstructions(DexBody.java:338) at soot.dexpler.DexBody.(DexBody.java:272) at soot.dexpler.DexMethod$1.getBody(DexMethod.java:116) at soot.SootMethod.retrieveActiveBody(SootMethod.java:447) at soot.PackManager.lambda$retrieveAllBodies$2(PackManager.java:1250) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)

Process finished with exit code 1

Exception in thread "Thread-12" Exception in thread "main" java.lang.IllegalArgumentException: Opcode: IPUT_QUICK @ 0x1e4b at soot.dexpler.instructions.InstructionFactory.fromOpcode(InstructionFactory.java:381) at soot.dexpler.instructions.InstructionFactory.fromInstruction(InstructionFactory.java:48) at soot.dexpler.DexBody.extractDexInstructions(DexBody.java:338) at soot.dexpler.DexBody.(DexBody.java:272) at soot.dexpler.DexMethod$1.getBody(DexMethod.java:116) at soot.SootMethod.retrieveActiveBody(SootMethod.java:447) at soot.PackManager.lambda$retrieveAllBodies$2(PackManager.java:1250) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) java.lang.IllegalArgumentException: Opcode: IPUT_QUICK @ 0x1e4b at soot.dexpler.instructions.InstructionFactory.fromOpcode(InstructionFactory.java:381) at soot.dexpler.instructions.InstructionFactory.fromInstruction(InstructionFactory.java:48) at soot.dexpler.DexBody.extractDexInstructions(DexBody.java:338) at soot.dexpler.DexBody.(DexBody.java:272) at soot.dexpler.DexMethod$1.getBody(DexMethod.java:116) at soot.SootMethod.retrieveActiveBody(SootMethod.java:447) at soot.PackManager.lambda$retrieveAllBodies$2(PackManager.java:1250) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)

Process finished with exit code 1

Additional context First time I come across this problem, ever happened to anyone else? Should Dexpler be updated?

JordanSamhi commented 1 month ago

E14F0E92F5818687BD21EA939131DE8431347E2D1E515F85E874D449FD12966E.zip E29E97ADCCC17FAE4053002F978B331C3898CC97A31066B44E2CA24B12DA79FB.zip

MarcMil commented 1 month ago

Thanks for the APKs!

According to http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html, the instruction in question is "an unsafe instruction and occurs only in ODEX files."

A quote from Steven in this regard:

Problem with these odex instructions: They are of the format "call method with vtable entry X on register y". To get the target method, we need types. The code is however not typed till much later. This needs more attention at some point.

Originally posted by @StevenArzt in https://github.com/soot-oss/soot/issues/331#issuecomment-71215504

So it's not trivial to add support for this type of instructions. Unfortunately, I currently do not have the time to take a deeper look into this myself.

JordanSamhi commented 1 month ago

Yes I guess it is not trivial, I mean it is fine, it is only a few APKs... Thanks!