Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Aggregator, TypeAssigner, LocalNameStandardizer #741

Merged
merged 25 commits into from
Nov 9, 2023
Merged

Fix Aggregator, TypeAssigner, LocalNameStandardizer #741

merged 25 commits into from
Nov 9, 2023

Conversation

swissiety
Copy link
Collaborator

@swissiety swissiety commented Nov 3, 2023
edited
Loading

  • TypeAssigner: 'found' Bottomtype to UnknownType
  • LocalNameStanrdizer: dont handle Local Types where no standard Type is given
  • fix Aggregator doing changes on Stmts like:
    from (AggregatorTest.testIssue739()):
    $l0 := @parameter0: java.lang.String[];
    $stack4 = $l0[0];
    $stack5 = staticinvoke <java.lang.Integer: java.lang.Integer valueOf(java.lang.String)>($stack4);
    $l1 = virtualinvoke $stack5.<java.lang.Integer: int intValue()>();

to (which is wrong; missing staticinvoke, wrong cast to Integer insetad of String)

    $l0 := @parameter0: java.lang.String[];
    $stack5 = $l0[0];
    $#l0 = (java.lang.Integer) $stack5;
    $l1 = virtualinvoke $#l0.<java.lang.Integer: int intValue()>();
  • fix Aggregator to not remove a needed Stmt in AggregatorTest.testIssue739():
    $stack6 = $l1 + $l1;   // removed
    $stack7 = $stack6 + $l1;

closes #739

@swissiety swissiety changed the title Fix aggregator Fix Aggregator, TypeAssigner, LocalNameStandardizer Nov 6, 2023
@swissiety swissiety requested a review from JonasKlauke November 6, 2023 13:03
@swissiety swissiety marked this pull request as ready for review November 6, 2023 13:50
@swissiety
Copy link
Collaborator Author

@JonasKlauke SourcteType already works in finding the entryMethod ;-)

@codecov Codecov
Copy link

codecov bot commented Nov 6, 2023
edited
Loading

Codecov Report

Attention: 90 lines in your changes are missing coverage. Please review.

Comparison is base (f2e1465) 63.74% compared to head (cc8a35a) 63.64%.

Additional details and impacted files 
@@              Coverage Diff              @@
##             develop     #741      +/-   ##
=============================================
- Coverage      63.74%   63.64%   -0.11%     
+ Complexity      3367     3360       -7     
=============================================
  Files            317      317              
  Lines          15145    15124      -21     
  Branches        2555     2551       -4     
=============================================
- Hits            9654     9625      -29     
- Misses          4601     4608       +7     
- Partials         890      891       +1
Files Coverage Δ
...a/sootup/callgraph/AbstractCallGraphAlgorithm.java 89.63% <100.00%> (ø)
...jimple/common/expr/AbstractInstanceInvokeExpr.java 92.30% <100.00%> (+5.64%) ⬆️
...ore/jimple/common/stmt/AbstractDefinitionStmt.java 81.25% <100.00%> (ø)
...tup/core/typehierarchy/MethodDispatchResolver.java 86.36% <100.00%> (-0.13%) ⬇️
...utlocation/JavaClassPathAnalysisInputLocation.java 55.55% <100.00%> (+0.71%) ⬆️
...ytecode/interceptors/BytecodeBodyInterceptors.java 0.00% <ø> (ø)
...ootup/java/bytecode/interceptors/TypeAssigner.java 100.00% <100.00%> (+40.00%) ⬆️
...tecode/interceptors/UnreachableCodeEliminator.java 100.00% <100.00%> (ø)
...tecode/interceptors/typeresolving/CastCounter.java 82.47% <100.00%> (ø)
.../java/sootup/core/typehierarchy/TypeHierarchy.java 78.57% <0.00%> (-2.08%) ⬇️
... and 10 more

... and 3 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@virusdefender
Copy link

Run my code with this branch ( and with BytecodeClassLoadingOptions.Default ), if some type class is not found, Could not find xxx in View Exception will be thrown.

Target_jsp.class.zip

java.lang.IllegalStateException: Failed to apply sootup.java.bytecode.interceptors.TypeAssigner@16eccb2e to <Target_jsp: org.apache.tomcat.InstanceManager _jsp_getInstanceManager()>
        at sootup.java.bytecode.frontend.AsmMethodSource.resolveBody(AsmMethodSource.java:229)
        at sootup.core.model.SootMethod.lazyBodyInitializer(SootMethod.java:98)
        at com.google.common.base.Suppliers$NonSerializableMemoizingSupplier.get(Suppliers.java:183)
        at sootup.core.model.SootMethod.getBody(SootMethod.java:177)
        at sootup.core.util.printer.JimplePrinter.printMethods(JimplePrinter.java:242)
        at sootup.core.util.printer.JimplePrinter.printTo(JimplePrinter.java:210)
        at com.cloudwalker.javawebshell.main.SootUpCommand.run(Main.kt:311)
        at picocli.CommandLine.executeUserObject(CommandLine.java:1939)
        at picocli.CommandLine.access$1300(CommandLine.java:145)
        at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2352)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2314)
        at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179)
        at picocli.CommandLine$RunLast.execute(CommandLine.java:2316)
        at picocli.CommandLine.execute(CommandLine.java:2078)
       
Caused by: java.lang.IllegalArgumentException: Could not find org.apache.jasper.runtime.HttpJspBase in View.
        at sootup.core.views.View.lambda$getClassOrThrow$0(View.java:90)
        at java.base/java.util.Optional.orElseThrow(Optional.java:403)
        at sootup.core.views.View.getClassOrThrow(View.java:89)
        at sootup.core.typehierarchy.ViewTypeHierarchy.sootClassFor(ViewTypeHierarchy.java:421)
        at sootup.core.typehierarchy.ViewTypeHierarchy.superClassOf(ViewTypeHierarchy.java:302)
        at sootup.java.bytecode.interceptors.typeresolving.BytecodeHierarchy.buildAncestryPaths(BytecodeHierarchy.java:236)
        at sootup.java.bytecode.interceptors.typeresolving.BytecodeHierarchy.getLeastCommonAncestor(BytecodeHierarchy.java:170)
        at sootup.java.bytecode.interceptors.typeresolving.TypeResolver.applyAssignmentConstraint(TypeResolver.java:209)
        at sootup.java.bytecode.interceptors.typeresolving.TypeResolver.resolve(TypeResolver.java:65)
        at sootup.java.bytecode.interceptors.TypeAssigner.interceptBody(TypeAssigner.java:42)
        at sootup.java.bytecode.frontend.AsmMethodSource.resolveBody(AsmMethodSource.java:226)
        ... 15 more

While I indeed didn't add the corresponding jar of this class to the classpath, isn't it sufficient to construct the type information in Jimple only relying on the information in the class file?

@swissiety
tame another class not in the view exception throwing; it seems typeh…
b270b08 
…ierarchy.contains() <!=> view.getClass().isPresent() as signatures could be referenced from other classes which then end up in the underlying graph of the typehierarchy
@swissiety
try if test is not executed because of naming convention
fadcf43
@swissiety
Copy link
Collaborator Author

@virusdefender thx, this should be fixed in #b270b08

@virusdefender
Copy link

thanks, it's much better now than before, but there are still a few small issues

method return value is not assigned to variable

unknown $stack0;

staticinvoke <javax.servlet.jsp.JspFactory: javax.servlet.jsp.JspFactory getDefaultFactory()>();
<$package.Target_jsp: javax.servlet.jsp.JspFactory _jspxFactory> = $stack0;

the return value of getDefaultFactory is not assigned to stack0

staticinvoke <java.lang.Runtime: java.lang.Runtime getRuntime()>();
...
$r4 = virtualinvoke $stack24.<java.lang.Runtime: java.lang.Process exec(java.lang.String[])>($r17);

the same case, stack24 should be the return value of getRuntime()

SomeType varName = null

unknown $_jspx_out, $_jspx_page_context, $stack24;

_jspx_out, _jspx_page_context are assigned to type and value null at first

image

I try to rebase this pr with #742 but the problem still exists

@kadirayk kadirayk merged commit 23503d7 into develop Nov 9, 2023
7 of 8 checks passed
@swissiety swissiety deleted the fix/739_Aggregator branch November 9, 2023 14:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kadirayk kadirayk kadirayk approved these changes

@JonasKlauke JonasKlauke Awaiting requested review from JonasKlauke

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Aggregator type cast bug
3 participants
@swissiety @virusdefender @kadirayk