Error: "Inconsistency found in Dex code " in third party sdk code.
pidanxiangjiao opened this issue ยท 4 comments
- I use below config file:
{
"redex" : {
"passes" : [
"MakePublicPass",
"StripDebugInfoPass",
"RegAllocPass",
"ReduceGotosPass"
]
},
"inliner": {
"throws": false,
"multiple_callers": true,
"blocklist": [],
"no_inline_annos" : [
]
},
"RegAllocPass" : {
"live_range_splitting": false
},
"StripDebugInfoPass" : {
"drop_all_dbg_info" : false,
"drop_local_variables" : true,
"drop_line_numbers" : true,
"drop_src_files" : true,
"use_allowlist" : false,
"cls_allowlist" : [],
"method_allowlist" : [],
"drop_prologue_end" : true,
"drop_epilogue_begin" : true,
"drop_all_dbg_info_if_empty" : true
},
"keep_packages": [
"Lcom/fasterxml/jackson/",
"Lcom/google/dexmaker/mockito/"
],
"debug_info_kind": "no_custom_symbolication",
"method_move_map" : "redex-moved-methods-map.txt",
"string_sort_mode" : "class_order",
"bytecode_sort_mode" : ["method_similarity_order", "class_order"],
"ir_type_checker": {
"run_after_each_pass" : true,
"verify_moves" : false
}
}
2.run redex ,get below log info:
Evaluating MakePublicPass...
Evaluating StripDebugInfoPass...
Evaluating RegAllocPass...
Evaluating ReduceGotosPass...
Note: input type checking is turned off!
Running MakePublicPass...
Running IRTypeChecker...
libc++abi: terminating with uncaught exception of type boost::exception_detail::error_info_injector<RedexException>: libredex/PassManager.cpp:314: boost::optional<std::string> (anonymous namespace)::CheckerConfig::run_verifier(const Scope &, bool): assertion `!exit_on_fail' failed.
Inconsistency found in Dex code for Lcom/xxx/xxx/xxx/hhuhuh$7;.run:()V
Variable NEW_INSTANCE Lcom/xxx/xxx/xxx/uuuuhh;initialized with the wrong type at [0x7fe482c8c940] OPCODE: INVOKE_DIRECT v0, Ljava/lang/Object;.<init>:()V in
3.i also get the code log below:
Block B1:
preds: (goto B0)
[0x7fe482c8c8e0] OPCODE: NEW_INSTANCE Lcom/xxx/xxx/xxx/uuuuhh;
[0x7fe482c8f980] OPCODE: IOPCODE_MOVE_RESULT_PSEUDO_OBJECT v0
[0x7fe482c8c940] OPCODE: INVOKE_DIRECT v0, Ljava/lang/Object;.<init>:()V
[0x7fe482c8c9a0] OPCODE: IGET_OBJECT v9, Lcom/xxx/xxx/RL/xxx$7;.b0077w00770077ww:Lcom/xxx/xxx/xxx/jooooo;
[0x7fe482c8fa00] OPCODE: IOPCODE_MOVE_RESULT_PSEUDO_OBJECT v1
[0x7fe482c8ca00] OPCODE: IGET_OBJECT v1, Lcom/xxx/xxx/xxx/jooooo;.b006Cll006C006C006C:Ljava/util/List;
[0x7fe482c8fa60] OPCODE: IOPCODE_MOVE_RESULT_PSEUDO_OBJECT v1
[0x7fe482c8ca60] OPCODE: INVOKE_INTERFACE v1, Ljava/util/List;.isEmpty:()Z
[0x7fe482c8cac0] OPCODE: MOVE_RESULT v1
[0x7fe482c8cb20] OPCODE: IF_NEZ v1
succs: (branch B5) (goto B2)
- I also try decompile the jar file in this aar. get smali code below, same code with above log:
.method public run()V
.max stack 6
.max locals 6
aload 0
getfield xxx/xxx/xxx/xxx/xxx$7 b0077007700770077ww Lcom/xxx/xxx/xxx/xxx;
getfield com/xxx/xxx/xxx/xxx biii0069i0069 Ljava/util/concurrent/atomic/AtomicLong;
invokevirtual java/util/concurrent/atomic/AtomicLong get ()J
ldc2_w 1024L
land
lconst_0
lcmp
ifeq :L0
new com/xxx/xxx/xx/uuuuhh
dup
invokespecial xxx/xxx/xxx/xxx/uuuuhh <init> ()V
astore 1
aload 0
getfield com/xxx/xxx/xxx/hhuhuh$7 b0077w00770077ww Lcom/xxx/xxx/xxx/jooooo;
getfield com/xxx/xxx/xxx/jooooo b006Cll006C006C006C Ljava/util/List;
invokeinterface java/util/List isEmpty ()Z
ifne :L1
aload 0
getfield com/xxx/xxx/RL/hhuhuh$7 b0077w00770077ww Lcom/xxx/xxx/xxx/jooooo;
getfield com/xxx/xxx/RL/jooooo b006Cll006C006C006C Ljava/util/List;
invokeinterface java/util/List iterator ()Ljava/util/Iterator;
astore 2
:L2
The error meas new instance of uuuuhh with "Object()", but in smali code ,the uuuuhh is construct with "uuuuuhh ()V" rather than "Ljava/lang/Object;.:()V" , the code is from third-party aar code, but i wonder why redex produce this error , and how to avoid it ๏ผ is redex use different way to decompile code from dex ?
The IRTypeChecker checks if the ctor type following the new-instance matches with the type of the instance here.
Looking at the smali code, it seems like Java bytecode looks alright. What dexer do you use? If you could try to run IRTypeChecker at the beginning of Redex passes, you can confirm that the pattern exists on the input to Redex.
The Redex failure occurs at the very beginning of the brief sequence of passes, so It seems that this is pretty much the code as it came into Redex, and it's wrong.
Try using dexdump on dex file that you pass to Redex to get a better view of the actual input into Redex.
Thanks for reply ๐ ๐
I compare the byte code in below conditions:
1.decompile the 3-rd aar jar file directly:
lconst_0
lcmp
ifeq :L0
new com/xxx/xxx/RL/uuuuhh
dup
invokespecial com/xxx/xxx/RL/uuuuhh <init> ()V <---------------- difference ๐
astore 1
aload 0
getfield com/xxx/xxx/RL/hhuhuh$7 b0077w00770077ww Lcom/xxx/xxx/RL/jooooo;
getfield com/xxx/xxx/RL/jooooo b006Cll006C006C006C Ljava/util/List;
invokeinterface java/util/List isEmpty ()Z
2.decompile the final aab file and find the same code within the 3-rd aar :
new-instance v0, Lcom/xxx/xxx/RL/uuuuhh;
invoke-direct {v0}, Ljava/lang/Object;-><init>()V <---------------- difference ๐
iget-object v1, p0, Lcom/xxx/xxx/RL/hhuhuh$7;->b0077w00770077ww:Lcom/xxx/xxx/RL/jooooo;
iget-object v1, v1, Lcom/xxx/xxx/RL/jooooo;->b006Cll006C006C006C:Ljava/util/List;
invoke-interface {v1}, Ljava/util/List;->isEmpty()Z
our project use android r8 dexer and also add some kinds of aop operations when build the final aab file.
So it seems like you have found that something goes wrong before Redex already, as I would have suspected. I am closing this issue. Feel free to reopen if you can pinpoint that only Redex introduces the bad code.