Merge pull request #2131 from MarcMil/fixdex

Fix bugs in dexpler and toDex
soot-oss · Nov 29, 2024 · 1388b67 · 1388b67
2 parents 4d6fcfa + a55a62b
commit 1388b67
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 3 deletions.
diff --git a/src/main/java/soot/dexpler/DexBody.java b/src/main/java/soot/dexpler/DexBody.java
@@ -1307,7 +1307,16 @@ private static BooleanConstant fixBooleanConstant(IntConstant arg) {
    *          type constraints (these might be multiple valid possibilities)
    */
   private void handleKnownDexArrayTypes(Body b, Jimple jimple, MultiMap<Local, Type> typeConstraints) {
-
+    Map<Local, Integer> localsSingleDefinitions = new HashMap<>();
+    for (Unit u : b.getUnits()) {
+      if (u instanceof DefinitionStmt) {
+        Value l = ((DefinitionStmt) u).getLeftOp();
+        if (l instanceof Local) {
+          int counter = localsSingleDefinitions.getOrDefault(l, 0);
+          localsSingleDefinitions.put((Local) l, counter + 1);
+        }
+      }
+    }
     UnitPatchingChain units = jBody.getUnits();
     Unit u = units.getFirst();
     while (u != null) {
@@ -1321,7 +1330,17 @@ private void handleKnownDexArrayTypes(Body b, Jimple jimple, MultiMap<Local, Typ
               Type definiteType = dexplerTypeTag.getDefiniteType();
               if (definiteType != null) {
                 Local prev = (Local) assign.getLeftOp();
-                prev.setType(definiteType);
+                if (!(definiteType instanceof PrimType) || localsSingleDefinitions.getOrDefault(prev, 0) == 1) {
+                  prev.setType(definiteType);
+                } else {
+                  //Since there are multiple definitions, e.g. for a byte retrieved from a byte[],
+                  //there could be another non-distinct definition which uses the same variable as an int.
+                  PrimType[] wider = DexType.getWiderTypes((PrimType) definiteType);
+                  if (wider.length == 1) {
+                    prev.setType(wider[0]);
+                  }
+                }
+
                 ArrayType tp = ArrayType.v(definiteType, 1);
 
                 ArrayRef array = (ArrayRef) rop;

diff --git a/src/main/java/soot/dexpler/DexType.java b/src/main/java/soot/dexpler/DexType.java
@@ -37,6 +37,7 @@
 import soot.FloatType;
 import soot.IntType;
 import soot.LongType;
+import soot.PrimType;
 import soot.RefType;
 import soot.ShortType;
 import soot.Type;
@@ -226,4 +227,14 @@ public static String toSootAT(String type) {
   public String toString() {
     return name;
   }
+
+  public static PrimType[] getWiderTypes(PrimType tp) {
+    if (tp instanceof ByteType) {
+      return new PrimType[] { tp, IntType.v(), ShortType.v() };
+    }
+    if (tp instanceof ShortType) {
+      return new PrimType[] { tp, IntType.v() };
+    }
+    return new PrimType[] { tp };
+  }
 }
diff --git a/src/main/java/soot/toDex/ExprVisitor.java b/src/main/java/soot/toDex/ExprVisitor.java
@@ -238,7 +238,7 @@ private boolean isCallToConstructor(SpecialInvokeExpr sie) {
   }
 
   private boolean isCallToSuper(SpecialInvokeExpr sie) {
-    SootClass classWithInvokation = sie.getMethod().getDeclaringClass();
+    SootClass classWithInvokation = sie.getMethodRef().getDeclaringClass();
     SootClass currentClass = stmtV.getBelongingClass();
 
     while (currentClass != null) {