Dexpler fails with ClassCastException during jmplify #40
Comments
|
Hi Steven, I can have a look at it. Thanks, On Thu, 2013-04-18 at 13:56 -0700, Steven Arzt wrote:
|
|
Hi Alexandre, I have attached the APK file. Thank you for your help. Best regards, Steven Von: Alexandre-Bartel [mailto:notifications@github.com] Hi Steven, I can have a look at it. Thanks, On Thu, 2013-04-18 at 13:56 -0700, Steven Arzt wrote:
— |
|
The issue seems to arise in method <android.support.v4.app.FragmentManagerImpl: android.os.Parcelable saveAllState()>. First, a local "$u3" is initialized to null. Afterwards, there are two separate pieces of code, one using $u3 as an object and one using $u3 as an array. Both however share the same initialization to null, so the LocalSplitter does not separate them. As a consequence, there is no common type, and the type assigner uses "Object". For the code part that uses $u3 as an array, this is however invalid. The whole issue is quite non-trivial since a plain def/use analysis does not do the job because one definition (the initialization to zero) is actually shared between the two otherwise distinct code parts. I'm thinking about copying the initialization statement in such cases, but I'll have to spend some more time on that. |
ghost
assigned 
|
Hello, I am having the same issue. Any updates on that? Is there an easy way to get around the error with probably wrong behavior? I can tolerate some wrong output for now till things get resolved. |
|
@wazeer The problem as such has not been solved, i.e. we don't have a local splitter capable of handling the situations I described in my previous post. Nevertheless, some things have been done to insert casts instead of just failing. For some reason, this seems to be insufficient for your APK. Can you send me your APK file to Steven.Arzt@cased.de so that I can have a look at it? |
|
It seems I didn't update my local copy with the latest changes. I will do so and will let you know if I still have issues. |
|
Since there were no further reports of this issue, I close it as the fix seems to be sufficient in practice. |
On the "v2_com.starfinanz.smob.android.sfinanzstatus_1_20727_Sparkasse.apk" from Google Play, the dexpler component fails to correctly load some classes and instead throws a ClassCastException:
Exception in thread "main" java.lang.ClassCastException: soot.RefType cannot be cast to soot.ArrayType
at soot.jimple.toolkits.typing.integer.ConstraintCollector.caseAssignStmt(ConstraintCollector.java:237)
at soot.jimple.internal.JAssignStmt.apply(JAssignStmt.java:221)
at soot.jimple.toolkits.typing.integer.ConstraintCollector.collect(ConstraintCollector.java:48)
at soot.jimple.toolkits.typing.integer.TypeResolver.collect_constraints_1(TypeResolver.java:227)
at soot.jimple.toolkits.typing.integer.TypeResolver.resolve_step_1(TypeResolver.java:180)
at soot.jimple.toolkits.typing.integer.TypeResolver.resolve(TypeResolver.java:140)
at soot.jimple.toolkits.typing.fast.TypeResolver.inferTypes(TypeResolver.java:140)
at soot.jimple.toolkits.typing.TypeAssigner.internalTransform(TypeAssigner.java:102)
at soot.BodyTransformer.transform(BodyTransformer.java:51)
at soot.BodyTransformer.transform(BodyTransformer.java:58)
at soot.BodyTransformer.transform(BodyTransformer.java:63)
at soot.dexpler.DexBody.jimplify(DexBody.java:537)
at soot.dexpler.DexMethod$1.getBody(DexMethod.java:236)
at soot.SootMethod.getBodyFromMethodSource(SootMethod.java:89)
at soot.SootMethod.retrieveActiveBody(SootMethod.java:322)
at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.processNewMethod(OnFlyCallGraphBuilder.java:532)
at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.processReachables(OnFlyCallGraphBuilder.java:427)
at soot.jimple.toolkits.callgraph.CallGraphBuilder.build(CallGraphBuilder.java:84)
at soot.jimple.toolkits.callgraph.CHATransformer.internalTransform(CHATransformer.java:43)
at soot.SceneTransformer.transform(SceneTransformer.java:39)
at soot.Transform.apply(Transform.java:89)
at soot.RadioScenePack.internalApply(RadioScenePack.java:57)
at soot.jimple.toolkits.callgraph.CallGraphPack.internalApply(CallGraphPack.java:49)
at soot.Pack.apply(Pack.java:114)
at soot.PackManager.runWholeProgramPacks(PackManager.java:460)
at soot.PackManager.runPacksNormally(PackManager.java:369)
at soot.PackManager.runPacks(PackManager.java:335)
at soot.jimple.infoflow.android.SetupApplication.runSootBasedPhases(SetupApplication.java:203)
at soot.jimple.infoflow.android.SetupApplication.calculateSourcesSinksEntrypoints(SetupApplication.java:127)
at soot.jimple.infoflow.android.TestApps.Test.main(Test.java:72)
In this example, it happens during Soot's "cg" phase in the attempt to load the class hierarchies. I can provide you with the APK file on request, Github does not seem to allow file attachments to bug reports.
@Alexandre-Bartel Could you please take a look at this?
The text was updated successfully, but these errors were encountered: