search

soot-oss / soot

Soot - A Java optimization framework
GNU Lesser General Public License v2.1
2.83k stars 708 forks source link

Strange issues with whatsapp #519

Closed MarcMil closed 8 years ago

MarcMil commented 8 years ago

When downloading the most recent version of whatsapp from Evozi's apk downloader, I am facing strange issues.

This bug might be due to multi threading issues? time java -Xmx6g -jar soot-trunk.jar --allow-phantom-refs -f dex -src-prec apk -cp /home/marc/adt-bundle-linux-x86_64-20140702/sdk/platforms/android-18/android.jar -process-dir "/home/marc/Downloads/com.whatsapp (1).apk" Soot started on Thu Dec 31 16:33:27 CET 2015 Warning: java.lang.invoke.LambdaMetafactory is a phantom class! Warning: java.lang.ref.Finalizer is a phantom class! Warning: android.animation.Animator$AnimatorPauseListener is a phantom class! Warning: android.app.Notification$Action$Builder is a phantom class! Warning: android.app.Notification$Action is a phantom class! Warning: android.app.Notification$MediaStyle is a phantom class! Warning: android.app.RemoteInput$Builder is a phantom class! Warning: android.app.RemoteInput is a phantom class! Warning: android.app.SharedElementCallback is a phantom class! Warning: android.content.pm.PackageInstaller$SessionInfo is a phantom class! Warning: android.content.pm.PackageInstaller is a phantom class! Warning: android.graphics.Outline is a phantom class! Warning: android.graphics.drawable.Icon is a phantom class! Warning: android.graphics.pdf.PdfRenderer$Page is a phantom class! Warning: android.graphics.pdf.PdfRenderer is a phantom class! Warning: android.media.session.MediaSession$Token is a phantom class! Warning: android.net.Network is a phantom class! Warning: android.net.NetworkCapabilities is a phantom class! Warning: android.provider.Telephony$Sms is a phantom class! Warning: android.service.chooser.ChooserTarget is a phantom class! Warning: android.service.chooser.ChooserTargetService is a phantom class! Warning: android.transition.Transition$EpicenterCallback is a phantom class! Warning: android.transition.Transition is a phantom class! Warning: android.view.View$OnApplyWindowInsetsListener is a phantom class! Warning: android.view.WindowInsets is a phantom class! Warning: android.view.SearchEvent is a phantom class! Warning: android.transition.Fade is a phantom class! Warning: android.transition.PathMotion is a phantom class! Warning: android.transition.Slide is a phantom class! Warning: android.transition.TransitionInflater is a phantom class! Warning: android.transition.TransitionManager is a phantom class! Warning: android.transition.TransitionSet is a phantom class! Warning: android.transition.TransitionValues is a phantom class! Warning: android.transition.Visibility is a phantom class! Warning: android.view.ViewAnimationUtils is a phantom class! Warning: android.view.ViewOutlineProvider is a phantom class! Warning: android.view.accessibility.AccessibilityNodeInfo$AccessibilityAction is a phantom class! Warning: android.widget.ThemedSpinnerAdapter is a phantom class! Warning: com.amazon.device.home.GroupedListHeroWidget$Group is a phantom class! Warning: com.amazon.device.home.GroupedListHeroWidget$ListEntry is a phantom class! Warning: com.amazon.device.home.GroupedListHeroWidget$VisualStyle is a phantom class! Warning: com.amazon.device.home.GroupedListHeroWidget is a phantom class! Warning: com.amazon.device.home.HeroWidget is a phantom class! Warning: com.amazon.device.home.HeroWidgetActivityStarterIntent is a phantom class! Warning: com.amazon.device.home.HeroWidgetIntent is a phantom class! Warning: com.amazon.device.home.HomeManager is a phantom class! Warning: com.amazon.device.messaging.ADM is a phantom class! Warning: com.amazon.device.messaging.ADMMessageHandlerBase is a phantom class! Warning: com.amazon.device.messaging.ADMMessageReceiver is a phantom class! Warning: com.google.android.maps.GeoPoint is a phantom class! Warning: com.google.android.maps.ItemizedOverlay$OnFocusChangeListener is a phantom class! Warning: com.google.android.maps.ItemizedOverlay is a phantom class! Warning: com.google.android.maps.MapActivity is a phantom class! Warning: com.google.android.maps.MapController is a phantom class! Warning: com.google.android.maps.MapView$LayoutParams is a phantom class! Warning: com.google.android.maps.MapView is a phantom class! Warning: com.google.android.maps.MyLocationOverlay is a phantom class! Warning: com.google.android.maps.OverlayItem is a phantom class! Warning: com.google.android.maps.Projection is a phantom class! Warning: java.lang.SafeVarargs is a phantom class! [Thread-5] ERROR heros.solver.CountingThreadPoolExecutor - Worker thread execution failed: oops, base type must be PrimType or RefType but not 'unknown' java.lang.RuntimeException: oops, base type must be PrimType or RefType but not 'unknown' at soot.ArrayType.(ArrayType.java:60) at soot.ArrayType.v(ArrayType.java:86) at soot.Type.makeArrayType(Type.java:76) at soot.jimple.internal.JArrayRef.getType(JArrayRef.java:151) at soot.dexpler.DexNumTransformer$2.caseAssignStmt(DexNumTransformer.java:267) at soot.jimple.internal.JAssignStmt.apply(JAssignStmt.java:238) at soot.dexpler.DexNumTransformer.internalTransform(DexNumTransformer.java:204) at soot.BodyTransformer.transform(BodyTransformer.java:51) at soot.BodyTransformer.transform(BodyTransformer.java:58) at soot.BodyTransformer.transform(BodyTransformer.java:63) at soot.dexpler.DexBody.jimplify(DexBody.java:535) at soot.dexpler.DexMethod$1.getBody(DexMethod.java:150) at soot.SootMethod.getBodyFromMethodSource(SootMethod.java:91) at soot.SootMethod.retrieveActiveBody(SootMethod.java:322) at soot.PackManager$3.run(PackManager.java:1222) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) java.lang.RuntimeException: oops, base type must be PrimType or RefType but not 'unknown' at soot.ArrayType.(ArrayType.java:60) at soot.ArrayType.v(ArrayType.java:86) at soot.Type.makeArrayType(Type.java:76) at soot.jimple.internal.JArrayRef.getType(JArrayRef.java:151) at soot.dexpler.DexNumTransformer$2.caseAssignStmt(DexNumTransformer.java:267) at soot.jimple.internal.JAssignStmt.apply(JAssignStmt.java:238) at soot.dexpler.DexNumTransformer.internalTransform(DexNumTransformer.java:204) at soot.BodyTransformer.transform(BodyTransformer.java:51) at soot.BodyTransformer.transform(BodyTransformer.java:58) at soot.BodyTransformer.transform(BodyTransformer.java:63) at soot.dexpler.DexBody.jimplify(DexBody.java:535) at soot.dexpler.DexMethod$1.getBody(DexMethod.java:150) at soot.SootMethod.getBodyFromMethodSource(SootMethod.java:91) at soot.SootMethod.retrieveActiveBody(SootMethod.java:322) at soot.PackManager$3.run(PackManager.java:1222) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) Exception in thread "Thread-5" java.lang.RuntimeException: oops, base type must be PrimType or RefType but not 'unknown' at soot.ArrayType.(ArrayType.java:60) at soot.ArrayType.v(ArrayType.java:86) at soot.Type.makeArrayType(Type.java:76) at soot.jimple.internal.JArrayRef.getType(JArrayRef.java:151) at soot.dexpler.DexNumTransformer$2.caseAssignStmt(DexNumTransformer.java:267) at soot.jimple.internal.JAssignStmt.apply(JAssignStmt.java:238) at soot.dexpler.DexNumTransformer.internalTransform(DexNumTransformer.java:204) at soot.BodyTransformer.transform(BodyTransformer.java:51) at soot.BodyTransformer.transform(BodyTransformer.java:58) at soot.BodyTransformer.transform(BodyTransformer.java:63) at soot.dexpler.DexBody.jimplify(DexBody.java:535) at soot.dexpler.DexMethod$1.getBody(DexMethod.java:150) at soot.SootMethod.getBodyFromMethodSource(SootMethod.java:91) at soot.SootMethod.retrieveActiveBody(SootMethod.java:322) at soot.PackManager$3.run(PackManager.java:1222) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745)

Ouuups... something went wrong! Sorry about that. Follow these steps to fix the problem: 1.) Are you sure you used the right command line? Click here to double-check: https://ssebuild.cased.de/nightly/soot/doc/soot_options.htm

2.) Not sure whether it's a bug? Feel free to discuss the issue on the Soot mailing list: https://github.com/Sable/soot/wiki/Getting-help

3.) Sure it's a bug? Click this link to report it. https://github.com/Sable/soot/issues/new?title=java.lang.RuntimeException+when+...&body=Steps+to+reproduce%3A%0A1.%29+...%0A%0AFiles+used+to+reproduce%3A+%0A...%0A%0ASoot+version%3A+%3Cpre%3Etrunk%3C%2Fpre%3E%0A%0ACommand+line%3A%0A%3Cpre%3E--allow-phantom-refs+-f+dex+-src-prec+apk+-cp+%2Fhome%2Fmarc%2Fadt-bundle-linux-x86_64-20140702%2Fsdk%2Fplatforms%2Fandroid-18%2Fandroid.jar+-process-dir+%2Fhome%2Fmarc%2FDownloads%2Fcom.whatsapp+%281%29.apk%3C%2Fpre%3E%0A%0AMax+Memory%3A%0A%3Cpre%3E5461MB%3C%2Fpre%3E%0A%0AStack+trace%3A%0A%3Cpre%3Ejava.lang.RuntimeException%3A+oops%2C++base+type+must+be+PrimType+or+RefType+but+not+%26%2339%3Bunknown%26%2339%3B%0A%09at+soot.ArrayType.%26%2360%3Binit%26%2362%3B%28ArrayType.java%3A60%29%0A%09at+soot.ArrayType.v%28ArrayType.java%3A86%29%0A%09at+soot.Type.makeArrayType%28Type.java%3A76%29%0A%09at+soot.jimple.internal.JArrayRef.getType%28JArrayRef.java%3A151%29%0A%09at+soot.dexpler.DexNumTransformer%242.caseAssignStmt%28DexNumTransformer.java%3A267%29%0A%09at+soot.jimple.internal.JAssignStmt.apply%28JAssignStmt.java%3A238%29%0A%09at+soot.dexpler.DexNumTransformer.internalTransform%28DexNumTransformer.java%3A204%29%0A%09at+soot.BodyTransformer.transform%28BodyTransformer.java%3A51%29%0A%09at+soot.BodyTransformer.transform%28BodyTransformer.java%3A58%29%0A%09at+soot.BodyTransformer.transform%28BodyTransformer.java%3A63%29%0A%09at+soot.dexpler.DexBody.jimplify%28DexBody.java%3A535%29%0A%09at+soot.dexpler.DexMethod%241.getBody%28DexMethod.java%3A150%29%0A%09at+soot.SootMethod.getBodyFromMethodSource%28SootMethod.java%3A91%29%0A%09at+soot.SootMethod.retrieveActiveBody%28SootMethod.java%3A322%29%0A%09at+soot.PackManager%243.run%28PackManager.java%3A1222%29%0A%09at+java.util.concurrent.ThreadPoolExecutor.runWorker%28ThreadPoolExecutor.java%3A1145%29%0A%09at+java.util.concurrent.ThreadPoolExecutor%24Worker.run%28ThreadPoolExecutor.java%3A615%29%0A%09at+java.lang.Thread.run%28Thread.java%3A745%29%0A%3C%2Fpre%3E Please be as precise as possible when giving us information on how to reproduce the problem. Thanks!

Before that I had a run with the same config, which hung at some point for around 45 minutes.

I would recommend to run this command in a loop for a couple of times and check whether it hangs or crashes.

MarcMil commented 8 years ago

I guess, I might have found the issue. in JArrayRef.getType():

        if(type.equals(UnknownType.v()))
            return UnknownType.v();
        else if(type.equals(NullType.v()))
            return NullType.v();

The problem is, that the static initializers UnknownType.v() and NullType.v() are not thread safe, and as such, multiple UnknownType instances might be created and thus the check might fail. Synchronizing the static initializers is probably slowing everything down, but we could instead call some static initializers before entering the multi threaded part of retrieving the Jimple code. This would guarante each thread accesses the same instance. Or using instanceof instead of equals (or using instanceof within the equals method).

Besides these, also IntType, LongType, FloatType, etc. are probably affected. We should fix this for all subclasses of Type.

StevenArzt commented 8 years ago

@MarcMil Can you please test again?

MarcMil commented 8 years ago

Seems good now, thanks.