toDex: "check-cast on non-reference in v0" with k9mail APK

[ThomasGP]

As reported by Shengqian on the Soot-list, running an APK from k9mail through Soot without modifications produces an APK with an invalid opcode or register state. The generated APK yields a VerifiyError if installed on an emulator for Android 2.2:

01-22 17:50:09.845: W/dalvikvm(468): VFY: check-cast on non-reference in v0
01-22 17:50:09.845: W/dalvikvm(468): VFY:  rejecting opcode 0x1f at 0x0959
01-22 17:50:09.845: W/dalvikvm(468): VFY:  rejected Lcom/android/email/MessagingController;.synchronizeMailboxSynchronous (Lcom/android/email/Account;Ljava/lang/String;)V
01-22 17:50:09.855: W/dalvikvm(468): Verifier rejected class Lcom/android/email/MessagingController;
01-22 17:50:09.855: D/AndroidRuntime(468): Shutting down VM
01-22 17:50:09.855: W/dalvikvm(468): threadid=3: thread exiting with uncaught exception (group=0x4001aa28)
01-22 17:50:09.855: E/AndroidRuntime(468): Uncaught handler: thread main exiting due to uncaught exception
01-22 17:50:09.855: E/AndroidRuntime(468): java.lang.VerifyError: com.android.email.MessagingController
01-22 17:50:09.855: E/AndroidRuntime(468):     at com.android.email.Email.onCreate(Unknown Source)
01-22 17:50:09.855: E/AndroidRuntime(468):     at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1045)
01-22 17:50:09.855: E/AndroidRuntime(468):     at android.app.ActivityThread.handleBindApplication(ActivityThread.java:3871)
01-22 17:50:09.855: E/AndroidRuntime(468):     at android.app.ActivityThread.access$2800(ActivityThread.java:116)
01-22 17:50:09.855: E/AndroidRuntime(468):     at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1831)
01-22 17:50:09.855: E/AndroidRuntime(468):     at android.os.Handler.dispatchMessage(Handler.java:99)
01-22 17:50:09.855: E/AndroidRuntime(468):     at android.os.Looper.loop(Looper.java:123)
01-22 17:50:09.855: E/AndroidRuntime(468):     at android.app.ActivityThread.main(ActivityThread.java:4203)
01-22 17:50:09.855: E/AndroidRuntime(468):     at java.lang.reflect.Method.invokeNative(Native Method)
01-22 17:50:09.855: E/AndroidRuntime(468):     at java.lang.reflect.Method.invoke(Method.java:521)
01-22 17:50:09.855: E/AndroidRuntime(468):     at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:791)
01-22 17:50:09.855: E/AndroidRuntime(468):     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:549)
01-22 17:50:09.855: E/AndroidRuntime(468):     at dalvik.system.NativeStart.main(Native Method)

Unfortunatelly, I cannot reproduce this with my emulator, with runs Android 4.0.3.

Usually when this error message appears, one can hunt down the cause of the bug by inspecting the generated APK with baksmali. Disassembling the APK with register information (use "--register-info ALL" and "-d dir" where dir points to android's {core,framework,...}.jar) should show the instruction at which the register v0 is filled with a non-reference. Follow the control-flow backwards from the instruction at 0x0959 in the method Lcom/android/email/MessagingController;.synchronizeMailboxSynchronous (Lcom/android/email/Account;Ljava/lang/String;)V. I guess that the check-cast itself is correct, but some other instruction is not.

[StevenArzt]

The verifier error is not reproducible with the most current version of K9 Mail and Soot, but something else seems to go wrong. Directly on launch, the app dies with an IllegalArgumentException while initializing com.actionbarsherlock.ActionBarSherlock.

[StevenArzt]

Looking into the issue a bit more, the exception is raised because method "registerImplementation(java.lang.Class)" which is called inside the static initializer of ActionBarSherlock checks for an annotation (java.lang.Class.isAnnotationPresent) on the class it receives as an argument. However, all annotations are lost somewhere in the process. I'm currently not sure how Soot handles annotations in general - checking back with @ericbodden on that topic.

[Alexandre-Bartel]

I cannot reproduce this bug with the latest version of Soot and an emulator running Android 2.2.
@StevenArzt Could you check if it's fine on your side as well and close the issue?

[StevenArzt]

@Alexandre-Bartel This is still an open issue for the same reason I stated above. I have just tested it once again on a real phone running Android 4.3. Presumably there's little other chance than implementing the missing support for annotation in Dexpler.

[Alexandre-Bartel]

@StevenArzt Which version of the app are you using? http://code.google.com/p/k9mail/downloads/list

[StevenArzt]

@Alexandre-Bartel It's 4.409. I've sent the file I have on my disk (and that definitely fails) to you via e-mail.

[Alexandre-Bartel]

@StevenArzt Annotations are now supported and 4.409 seems to work with the latest version of Soot. Could you confirm?

[StevenArzt]

Great, the annotations are now preserved. Thank you, @Alexandre-Bartel