Fix the bug java.lang.IllegalArgumentException: Opcode: IPUT_OBJECT_VOLATILE #2141
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…OLATILE @ 0x0 at soot.dexpler.instructions.InstructionFactory.fromOpcode(InstructionFactory.java:382) during create jimple for apk
|
Build and Test with java 11:OK |
added 3 commits
January 24, 2025 13:02
…n("Variable " + m + " used without definition!")"
Modifications:
Replaced the code that throws a RuntimeException with a direct continue statement to skip the propagation step.
Rationale: This approach is safer because certain variables (e.g., uninitialized parameters or special variables) may legitimately lack definitions. By skipping propagation for undefined variables, the CopyPropagator aligns with compiler fault-tolerance requirements, avoiding crashes caused by unresolved variables.
Impact:
After the modification, the program continues execution gracefully when encountering undefined variables instead of terminating abruptly. This ensures robustness for cases involving uninitialized variables or special symbols (e.g., parameters).
…imple Error: ConcurrentModificationException occurs in multithreaded environments when an ArrayList is modified concurrently. Specifically, this happens during iteration over an ArrayList in the SootClass.getMethodsByNameAndParamCount() method while another thread modifies the list. Solution: Modify the getMethodsByNameAndParamCount() method to create a copy of the list before iteration. This avoids ConcurrentModificationException because the iteration is performed on the copied list. Even if the original list is modified by another thread, the iteration remains unaffected. Implementation: Create a snapshot of the list (e.g., using new ArrayList<>(originalList)). Iterate over the copied list instead of the original. Detail Exception Info Exception in thread "Thread-0" java.util.ConcurrentModificationException at java.base/java.util.ArrayList$Itr.checkForComodification(ArrayList.java:1095) at java.base/java.util.ArrayList$Itr.next(ArrayList.java:1049) at soot.SootClass.getMethodsByNameAndParamCount(SootClass.java:1326) at soot.FastHierarchy.getSignaturePolymorphicMethod(FastHierarchy.java:995) at soot.FastHierarchy.resolveMethod(FastHierarchy.java:894) at soot.FastHierarchy.resolveMethod(FastHierarchy.java:845) at soot.SootMethodRefImpl.tryResolve(SootMethodRefImpl.java:229) at soot.SootMethodRefImpl.tryResolve(SootMethodRefImpl.java:215) at soot.toolkits.exceptions.UnitThrowAnalysis.mightThrow(UnitThrowAnalysis.java:311) at soot.toolkits.exceptions.UnitThrowAnalysis$ValueSwitch.caseInstanceInvokeExpr(UnitThrowAnalysis.java:1217) at soot.toolkits.exceptions.UnitThrowAnalysis$ValueSwitch.caseInterfaceInvokeExpr(UnitThrowAnalysis.java:1034) at soot.jimple.internal.AbstractInterfaceInvokeExpr.apply(AbstractInterfaceInvokeExpr.java:121) at soot.toolkits.exceptions.UnitThrowAnalysis.mightThrow(UnitThrowAnalysis.java:303) at soot.toolkits.exceptions.UnitThrowAnalysis$UnitSwitch.caseInvokeStmt(UnitThrowAnalysis.java:813) at soot.jimple.internal.JInvokeStmt.apply(JInvokeStmt.java:99) at soot.toolkits.exceptions.UnitThrowAnalysis.mightThrow(UnitThrowAnalysis.java:287) at soot.toolkits.exceptions.UnitThrowAnalysis.mightThrow(UnitThrowAnalysis.java:282) at soot.toolkits.graph.ExceptionalUnitGraph.buildExceptionDests(ExceptionalUnitGraph.java:277) at soot.toolkits.graph.ExceptionalUnitGraph.initialize(ExceptionalUnitGraph.java:220) at soot.toolkits.graph.ExceptionalUnitGraph.<init>(ExceptionalUnitGraph.java:127) at soot.toolkits.graph.ExceptionalUnitGraphFactory.newExceptionalUnitGraph(ExceptionalUnitGraphFactory.java:55) at soot.toolkits.graph.ExceptionalUnitGraphFactory.createExceptionalUnitGraph(ExceptionalUnitGraphFactory.java:50) at soot.jimple.toolkits.scalar.CopyPropagator.internalTransform(CopyPropagator.java:141) at soot.BodyTransformer.transform(BodyTransformer.java:52) at soot.BodyTransformer.transform(BodyTransformer.java:56) at soot.toolkits.scalar.SharedInitializationLocalSplitter.internalTransform(SharedInitializationLocalSplitter.java:135) at soot.BodyTransformer.transform(BodyTransformer.java:52) at soot.BodyTransformer.transform(BodyTransformer.java:56) at soot.dexpler.DexBody.jimplify(DexBody.java:747) at soot.dexpler.DexMethod$1.getBody(DexMethod.java:117) at soot.SootMethod.retrieveActiveBody(SootMethod.java:454) at soot.SootMethod.retrieveActiveBody(SootMethod.java:409) at soot.PackManager.lambda$retrieveAllBodies$2(PackManager.java:1224) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) at java.base/java.lang.Thread.run(Thread.java:1583) Exception in thread "main" java.util.ConcurrentModificationException at java.base/java.util.ArrayList$Itr.checkForComodification(ArrayList.java:1095) at java.base/java.util.ArrayList$Itr.next(ArrayList.java:1049) at soot.SootClass.getMethodsByNameAndParamCount(SootClass.java:1326) at soot.FastHierarchy.getSignaturePolymorphicMethod(FastHierarchy.java:995) at soot.FastHierarchy.resolveMethod(FastHierarchy.java:894) at soot.FastHierarchy.resolveMethod(FastHierarchy.java:845) at soot.SootMethodRefImpl.tryResolve(SootMethodRefImpl.java:229) at soot.SootMethodRefImpl.tryResolve(SootMethodRefImpl.java:215) at soot.toolkits.exceptions.UnitThrowAnalysis.mightThrow(UnitThrowAnalysis.java:311) at soot.toolkits.exceptions.UnitThrowAnalysis$ValueSwitch.caseInstanceInvokeExpr(UnitThrowAnalysis.java:1217) at soot.toolkits.exceptions.UnitThrowAnalysis$ValueSwitch.caseInterfaceInvokeExpr(UnitThrowAnalysis.java:1034) at soot.jimple.internal.AbstractInterfaceInvokeExpr.apply(AbstractInterfaceInvokeExpr.java:121) at soot.toolkits.exceptions.UnitThrowAnalysis.mightThrow(UnitThrowAnalysis.java:303) at soot.toolkits.exceptions.UnitThrowAnalysis$UnitSwitch.caseInvokeStmt(UnitThrowAnalysis.java:813) at soot.jimple.internal.JInvokeStmt.apply(JInvokeStmt.java:99) at soot.toolkits.exceptions.UnitThrowAnalysis.mightThrow(UnitThrowAnalysis.java:287) at soot.toolkits.exceptions.UnitThrowAnalysis.mightThrow(UnitThrowAnalysis.java:282) at soot.toolkits.graph.ExceptionalUnitGraph.buildExceptionDests(ExceptionalUnitGraph.java:277) at soot.toolkits.graph.ExceptionalUnitGraph.initialize(ExceptionalUnitGraph.java:220) at soot.toolkits.graph.ExceptionalUnitGraph.<init>(ExceptionalUnitGraph.java:127) at soot.toolkits.graph.ExceptionalUnitGraphFactory.newExceptionalUnitGraph(ExceptionalUnitGraphFactory.java:55) at soot.toolkits.graph.ExceptionalUnitGraphFactory.createExceptionalUnitGraph(ExceptionalUnitGraphFactory.java:50) at soot.jimple.toolkits.scalar.CopyPropagator.internalTransform(CopyPropagator.java:141) at soot.BodyTransformer.transform(BodyTransformer.java:52) at soot.BodyTransformer.transform(BodyTransformer.java:56) at soot.toolkits.scalar.SharedInitializationLocalSplitter.internalTransform(SharedInitializationLocalSplitter.java:135) at soot.BodyTransformer.transform(BodyTransformer.java:52) at soot.BodyTransformer.transform(BodyTransformer.java:56) at soot.dexpler.DexBody.jimplify(DexBody.java:747) at soot.dexpler.DexMethod$1.getBody(DexMethod.java:117) at soot.SootMethod.retrieveActiveBody(SootMethod.java:454) at soot.SootMethod.retrieveActiveBody(SootMethod.java:409) at soot.PackManager.lambda$retrieveAllBodies$2(PackManager.java:1224) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) at java.base/java.lang.Thread.run(Thread.java:1583)
StevenArzt
requested changes
Jan 24, 2025
| result = new ArrayList<>(); | ||
| List<SootMethod> result = new ArrayList<>(); | ||
| // Create a copy to avoid concurrent modification | ||
| List<SootMethod> methodsCopy = new ArrayList<>(this.getMethods()); |
There was a problem hiding this comment.
This isn't a proper fix. The copy constructor internally iterates over the list, which can trigger the same ConcurrentModificationException. If you have a problem with concurrent modification, you need to fix the root cause.
There was a problem hiding this comment.
This problem occurs when calling soot to generate jimples from jar. The current random scenario is when processing the latest version of pixel9proxl /system/framework/services.jar. This problem causes the jimple to fail to generate.
| @@ -218,7 +218,10 @@ protected void internalTransform(Body b, String phaseName, Map<String, String> o | |||
| if (l != m) { | |||
| Integer defCount = localToDefCount.get(m); | |||
| if (defCount == null || defCount == 0) { | |||
| throw new RuntimeException("Variable " + m + " used without definition!"); | |||
| if (Options.v().verbose()) { | |||
There was a problem hiding this comment.
Don't just ignore errors. If we generate invalid code, we need to know that. Keep in mind that Soot can also write out DEX code again. If we have wrong code, the output will be invalid as well. These sanity checks are highly important.
There was a problem hiding this comment.
I print the code of the error
Exception in thread "main" java.lang.RuntimeException: Undefined variable $u-1 in method: <com.android.server.policy.PhoneWindowManager$SwitchKeyboardLayoutMessageObject: int hashCode()>
Class: com.android.server.policy.PhoneWindowManager$SwitchKeyboardLayoutMessageObject
Method body:
1: this := @this: com.android.server.policy.PhoneWindowManager$SwitchKeyboardLayoutMessageObject
2: this.<android.apex.ApexInfo: boolean isFactory> = $u0
3: $u0 = $u0
4: $u0 = $u-1
5: return $u0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[PR] Fix the error java.lang.IllegalArgumentException: Opcode: IPUT_OBJECT_VOLATILE @ 0x0 that occurs when generating Jimple from an APK, which prevents successful Jimple generation.
[Solution] Added handling for the IPUT_OBJECT_VOLATILE opcode, treating it equivalently to the standard IPUT_OBJECT opcode by using the IputInstruction class for processing. This is because IPUT_OBJECT_VOLATILE is the volatile variant of IPUT_OBJECT, and their instruction-handling logic can be unified at the implementation level. Additionally, similar handling was added for the IGET_OBJECT_VOLATILE opcode.
[Test] After implementing these changes, the error no longer occurs, and Jimple code is generated successfully.