Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix array type detection on fill-array-data DEX instructions - fixes #1806 #2084

Merged
merged 3 commits into from
May 27, 2024
Merged

Fix array type detection on fill-array-data DEX instructions - fixes #1806 #2084

merged 3 commits into from
May 27, 2024

Conversation

jpstotz
Copy link
Contributor

@jpstotz jpstotz commented May 27, 2024
edited
Loading

The previous FillArrayDataInstruction which converts DEX instructions to Jimpl instructions had two major problems:

  1. The array type detection was only recognizing new-array instructions, not array that are created as a return value of a function
  2. For detecting the array type it used a simple algorithm that inspected the DEX instructions before the fill-array-data instruction, not considering (conditional) branches of the control flow. This caused two problems:
  3. If the array type could not be detected a warning was logged and the fill-array-data instruction completely ignored
  4. If multiple array were defined in a method with non-linear control flow the wrong array-new instruction could be assigned to the fill-array-data instruction causing various problems in the command itself or in a later phase.

The FillArrayDataInstruction implementation provided by this PR splits processing of fill-array-data instructions into two phases:

  1. Command transforming to Jimple instructions, as the array type is not known the elements are stored as UntypedConstant
  2. In the second phase the new DexFillArrayDataTransformer checks AssignStatements that assign an UntypedConstant to an array element. It recovers the array data types and applies it to each value.

Note: The time to execute DexFillArrayDataTransformer.v().transform(jBody); was chosen as it is the latest possible point in time to execute it. The next transformer TypeAssigner.v().transform(jBody); can not handle UntypedConstant and thus throws an exception if it encounters one.

In a test the new implementation was used to process ~350 recent Android apps.

@jpstotz
Split handling of fill-array-data instructions into two phases: first
581a6e7 
the command transforming to jimple instructions and later a second phase
in DexFillArrayDataTransformer that recovers the array data types and
allies it to the values.
@StevenArzt StevenArzt merged commit 944263d into soot-oss:develop May 27, 2024
5 checks passed
@jpstotz jpstotz deleted the FillArrayData branch May 27, 2024 14:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@StevenArzt StevenArzt StevenArzt requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jpstotz @StevenArzt