ASM 从堆栈帧中获取精确值
ASM Get exact value from stack frame
我有一些方法,其中包含像 ILOAD 这样的指令,我想以某种方式在这条指令之后获取堆栈的值。不仅是类型,还有精确值。我知道我需要模拟方法执行才能做到这一点,但我不知道如何正确地做到这一点。
我有这样的测试方法叫做 main:
sipush 15649
istore_0 /* c */
getstatic java/lang/System.out:Ljava/io/PrintStream;
bipush 45
bipush 11
iload_0 /* c */
...
我想获取值,由iload_0加载。
我尝试制作 Analyzer 然后查看帧值,但它们只包含值的类型,而不是我想要的。
ClassReader cr = new ClassReader(new FileInputStream(new File("input.class")));
ClassNode cn = new ClassNode(Opcodes.ASM5);
cr.accept(cn, 0);
Iterator<MethodNode> methods = cn.methods.iterator();
while (methods.hasNext()) {
MethodNode mn = methods.next();
if (!mn.name.equals("main")) continue;
AbstractInsnNode[] nodes = mn.instructions.toArray();
Analyzer analyzer = new Analyzer(new BasicInterpreter());
analyzer.analyze(cn.name, mn);
int i = -1;
for (Frame frame : analyzer.getFrames()) {
i++;
if (frame == null) continue;
if (nodes[i].getOpcode() != Opcodes.ILOAD) continue;
System.out.print(frame.getStack(0) + "|" + frame.getStack(1));
System.out.print(" - " + nodes[i].getOpcode() + "\n");
}
}
显示结果:R|I - 21
如何获得 15649 的值?我尝试 google 几个小时,但找不到任何有用的东西。提前致谢。
您的代码几乎完全忽略了 Java 5 的优点。当你更新它时,你会得到
for(MethodNode mn: cn.methods) {
if(!mn.name.equals("main")) continue;
Analyzer<BasicValue> analyzer = new Analyzer<>(new BasicInterpreter());
analyzer.analyze(cn.name, mn);
int i = -1;
for (Frame<BasicValue> frame: analyzer.getFrames()) {
i++;
if(frame == null) continue;
int opcode = mn.instructions.get(i).getOpcode();
if(opcode != Opcodes.ILOAD) continue;
BasicValue stackValue = frame.getStack(0);
System.out.print(stackValue + "|" + frame.getStack(1));
System.out.print(" - " + opcode + "\n");
}
}
并且你可以立即看到你得到的是一个BasicValue,适合验证代码或计算stackmap帧,但不适合获取实际值。
是解释器的属性,这里是BasicInterpreter,只维护BasicValues(因此得名)。另一种方法是 SourceInterpreter ,它允许您跟踪值可能源自哪些指令,在您的情况下是 istore_0 ,但这仍然没有给您实际值。
所以如果你想获得实际值(如果可以预测的话),你需要你自己的解释器。一个相当简单的,只有真正源自推送常量的跟踪值是:
import static org.objectweb.asm.Opcodes.*;
import java.util.List;
import java.util.Objects;
import org.objectweb.asm.Type;
import org.objectweb.asm.tree.*;
import org.objectweb.asm.tree.analysis.*;
public class ConstantTracker extends Interpreter<ConstantTracker.ConstantValue> {
static final ConstantValue NULL = new ConstantValue(BasicValue.REFERENCE_VALUE, null);
public static final class ConstantValue implements Value {
final Object value; // null if unknown or NULL
final BasicValue type;
ConstantValue(BasicValue type, Object value) {
this.value = value;
this.type = Objects.requireNonNull(type);
}
@Override public int getSize() { return type.getSize(); }
@Override public String toString() {
Type t = type.getType();
if(t == null) return "uninitialized";
String typeName = type==BasicValue.REFERENCE_VALUE? "a reference type": t.getClassName();
return this == NULL? "null":
value == null? "unknown value of "+typeName: value+" ("+typeName+")";
}
@Override
public boolean equals(Object obj) {
if(this == obj) return true;
if(this == NULL || obj == NULL || !(obj instanceof ConstantValue))
return false;
ConstantValue that = (ConstantValue)obj;
return Objects.equals(this.value, that.value)
&& Objects.equals(this.type, that.type);
}
@Override
public int hashCode() {
if(this == NULL) return ~0;
return (value==null? 7: value.hashCode())+type.hashCode()*31;
}
}
BasicInterpreter basic = new BasicInterpreter(ASM5) {
@Override public BasicValue newValue(Type type) {
return type!=null && (type.getSort()==Type.OBJECT || type.getSort()==Type.ARRAY)?
new BasicValue(type): super.newValue(type);
}
@Override public BasicValue merge(BasicValue a, BasicValue b) {
if(a.equals(b)) return a;
if(a.isReference() && b.isReference())
// this is the place to consider the actual type hierarchy if you want
return BasicValue.REFERENCE_VALUE;
return BasicValue.UNINITIALIZED_VALUE;
}
};
public ConstantTracker() {
super(ASM5);
}
@Override
public ConstantValue newOperation(AbstractInsnNode insn) throws AnalyzerException {
switch(insn.getOpcode()) {
case ACONST_NULL: return NULL;
case ICONST_M1: case ICONST_0: case ICONST_1: case ICONST_2:
case ICONST_3: case ICONST_4: case ICONST_5:
return new ConstantValue(BasicValue.INT_VALUE, insn.getOpcode()-ICONST_0);
case LCONST_0: case LCONST_1:
return new ConstantValue(BasicValue.LONG_VALUE, (long)(insn.getOpcode()-LCONST_0));
case FCONST_0: case FCONST_1: case FCONST_2:
return new ConstantValue(BasicValue.FLOAT_VALUE, (float)(insn.getOpcode()-FCONST_0));
case DCONST_0: case DCONST_1:
return new ConstantValue(BasicValue.DOUBLE_VALUE, (double)(insn.getOpcode()-DCONST_0));
case BIPUSH: case SIPUSH:
return new ConstantValue(BasicValue.INT_VALUE, ((IntInsnNode)insn).operand);
case LDC:
return new ConstantValue(basic.newOperation(insn), ((LdcInsnNode)insn).cst);
default:
BasicValue v = basic.newOperation(insn);
return v == null? null: new ConstantValue(v, null);
}
}
@Override
public ConstantValue copyOperation(AbstractInsnNode insn, ConstantValue value) {
return value;
}
@Override
public ConstantValue newValue(Type type) {
BasicValue v = basic.newValue(type);
return v == null? null: new ConstantValue(v, null);
}
@Override
public ConstantValue unaryOperation(AbstractInsnNode insn, ConstantValue value) throws AnalyzerException {
BasicValue v = basic.unaryOperation(insn, value.type);
return v == null? null: new ConstantValue(v, insn.getOpcode()==CHECKCAST? value.value: null);
}
@Override
public ConstantValue binaryOperation(AbstractInsnNode insn, ConstantValue a, ConstantValue b) throws AnalyzerException {
BasicValue v = basic.binaryOperation(insn, a.type, b.type);
return v == null? null: new ConstantValue(v, null);
}
@Override
public ConstantValue ternaryOperation(AbstractInsnNode insn, ConstantValue a, ConstantValue b, ConstantValue c) {
return null;
}
@Override
public ConstantValue naryOperation(AbstractInsnNode insn, List<? extends ConstantValue> values) throws AnalyzerException {
List<BasicValue> unusedByBasicInterpreter = null;
BasicValue v = basic.naryOperation(insn, unusedByBasicInterpreter);
return v == null? null: new ConstantValue(v, null);
}
@Override
public void returnOperation(AbstractInsnNode insn, ConstantValue value, ConstantValue expected) {}
@Override
public ConstantValue merge(ConstantValue a, ConstantValue b) {
if(a == b) return a;
BasicValue t = basic.merge(a.type, b.type);
return t.equals(a.type) && (a.value==null&&a!=NULL || a.value.equals(b.value))? a:
t.equals(b.type) && b.value==null&&b!=NULL? b: new ConstantValue(t, null);
}
}
那么,你可以像这样使用它
private static void analyze() throws IOException, AnalyzerException {
ClassReader cr = new ClassReader(new FileInputStream(new File("input.class")));
ClassNode cn = new ClassNode(Opcodes.ASM5);
cr.accept(cn, 0);
for(MethodNode mn: cn.methods) {
if(!mn.name.equals("main")) continue;
Analyzer<ConstantTracker.ConstantValue> analyzer
= new Analyzer<>(new ConstantTracker());
analyzer.analyze(cn.name, mn);
int i = -1;
for(Frame<ConstantTracker.ConstantValue> frame: analyzer.getFrames()) {
i++;
if(frame == null) continue;
AbstractInsnNode n = mn.instructions.get(i);
if(n.getOpcode() != Opcodes.ILOAD) continue;
VarInsnNode vn = (VarInsnNode)n;
System.out.println("accessing variable # "+vn.var);
ConstantTracker.ConstantValue var = frame.getLocal(vn.var);
System.out.println("\tcontains "+var);
}
}
}
这适用于所有加载指令,不仅 ILOAD,即 ALOAD、LLOAD、FLOAD 和 DLOAD
当然,解释器还有很大的改进空间,例如用于跟踪琐碎的转换,例如将 int 常量转换为 short 或 byte 或进行简单的数学运算,但我认为现在情况更清晰了,这取决于您的实际用例,您有多少想要跟踪或解释。
我有一些方法,其中包含像 ILOAD 这样的指令,我想以某种方式在这条指令之后获取堆栈的值。不仅是类型,还有精确值。我知道我需要模拟方法执行才能做到这一点,但我不知道如何正确地做到这一点。
我有这样的测试方法叫做 main:
sipush 15649
istore_0 /* c */
getstatic java/lang/System.out:Ljava/io/PrintStream;
bipush 45
bipush 11
iload_0 /* c */
...
我想获取值,由iload_0加载。
我尝试制作 Analyzer 然后查看帧值,但它们只包含值的类型,而不是我想要的。
ClassReader cr = new ClassReader(new FileInputStream(new File("input.class")));
ClassNode cn = new ClassNode(Opcodes.ASM5);
cr.accept(cn, 0);
Iterator<MethodNode> methods = cn.methods.iterator();
while (methods.hasNext()) {
MethodNode mn = methods.next();
if (!mn.name.equals("main")) continue;
AbstractInsnNode[] nodes = mn.instructions.toArray();
Analyzer analyzer = new Analyzer(new BasicInterpreter());
analyzer.analyze(cn.name, mn);
int i = -1;
for (Frame frame : analyzer.getFrames()) {
i++;
if (frame == null) continue;
if (nodes[i].getOpcode() != Opcodes.ILOAD) continue;
System.out.print(frame.getStack(0) + "|" + frame.getStack(1));
System.out.print(" - " + nodes[i].getOpcode() + "\n");
}
}
显示结果:R|I - 21
如何获得 15649 的值?我尝试 google 几个小时,但找不到任何有用的东西。提前致谢。
您的代码几乎完全忽略了 Java 5 的优点。当你更新它时,你会得到
for(MethodNode mn: cn.methods) {
if(!mn.name.equals("main")) continue;
Analyzer<BasicValue> analyzer = new Analyzer<>(new BasicInterpreter());
analyzer.analyze(cn.name, mn);
int i = -1;
for (Frame<BasicValue> frame: analyzer.getFrames()) {
i++;
if(frame == null) continue;
int opcode = mn.instructions.get(i).getOpcode();
if(opcode != Opcodes.ILOAD) continue;
BasicValue stackValue = frame.getStack(0);
System.out.print(stackValue + "|" + frame.getStack(1));
System.out.print(" - " + opcode + "\n");
}
}
并且你可以立即看到你得到的是一个BasicValue,适合验证代码或计算stackmap帧,但不适合获取实际值。
是解释器的属性,这里是BasicInterpreter,只维护BasicValues(因此得名)。另一种方法是 SourceInterpreter ,它允许您跟踪值可能源自哪些指令,在您的情况下是 istore_0 ,但这仍然没有给您实际值。
所以如果你想获得实际值(如果可以预测的话),你需要你自己的解释器。一个相当简单的,只有真正源自推送常量的跟踪值是:
import static org.objectweb.asm.Opcodes.*;
import java.util.List;
import java.util.Objects;
import org.objectweb.asm.Type;
import org.objectweb.asm.tree.*;
import org.objectweb.asm.tree.analysis.*;
public class ConstantTracker extends Interpreter<ConstantTracker.ConstantValue> {
static final ConstantValue NULL = new ConstantValue(BasicValue.REFERENCE_VALUE, null);
public static final class ConstantValue implements Value {
final Object value; // null if unknown or NULL
final BasicValue type;
ConstantValue(BasicValue type, Object value) {
this.value = value;
this.type = Objects.requireNonNull(type);
}
@Override public int getSize() { return type.getSize(); }
@Override public String toString() {
Type t = type.getType();
if(t == null) return "uninitialized";
String typeName = type==BasicValue.REFERENCE_VALUE? "a reference type": t.getClassName();
return this == NULL? "null":
value == null? "unknown value of "+typeName: value+" ("+typeName+")";
}
@Override
public boolean equals(Object obj) {
if(this == obj) return true;
if(this == NULL || obj == NULL || !(obj instanceof ConstantValue))
return false;
ConstantValue that = (ConstantValue)obj;
return Objects.equals(this.value, that.value)
&& Objects.equals(this.type, that.type);
}
@Override
public int hashCode() {
if(this == NULL) return ~0;
return (value==null? 7: value.hashCode())+type.hashCode()*31;
}
}
BasicInterpreter basic = new BasicInterpreter(ASM5) {
@Override public BasicValue newValue(Type type) {
return type!=null && (type.getSort()==Type.OBJECT || type.getSort()==Type.ARRAY)?
new BasicValue(type): super.newValue(type);
}
@Override public BasicValue merge(BasicValue a, BasicValue b) {
if(a.equals(b)) return a;
if(a.isReference() && b.isReference())
// this is the place to consider the actual type hierarchy if you want
return BasicValue.REFERENCE_VALUE;
return BasicValue.UNINITIALIZED_VALUE;
}
};
public ConstantTracker() {
super(ASM5);
}
@Override
public ConstantValue newOperation(AbstractInsnNode insn) throws AnalyzerException {
switch(insn.getOpcode()) {
case ACONST_NULL: return NULL;
case ICONST_M1: case ICONST_0: case ICONST_1: case ICONST_2:
case ICONST_3: case ICONST_4: case ICONST_5:
return new ConstantValue(BasicValue.INT_VALUE, insn.getOpcode()-ICONST_0);
case LCONST_0: case LCONST_1:
return new ConstantValue(BasicValue.LONG_VALUE, (long)(insn.getOpcode()-LCONST_0));
case FCONST_0: case FCONST_1: case FCONST_2:
return new ConstantValue(BasicValue.FLOAT_VALUE, (float)(insn.getOpcode()-FCONST_0));
case DCONST_0: case DCONST_1:
return new ConstantValue(BasicValue.DOUBLE_VALUE, (double)(insn.getOpcode()-DCONST_0));
case BIPUSH: case SIPUSH:
return new ConstantValue(BasicValue.INT_VALUE, ((IntInsnNode)insn).operand);
case LDC:
return new ConstantValue(basic.newOperation(insn), ((LdcInsnNode)insn).cst);
default:
BasicValue v = basic.newOperation(insn);
return v == null? null: new ConstantValue(v, null);
}
}
@Override
public ConstantValue copyOperation(AbstractInsnNode insn, ConstantValue value) {
return value;
}
@Override
public ConstantValue newValue(Type type) {
BasicValue v = basic.newValue(type);
return v == null? null: new ConstantValue(v, null);
}
@Override
public ConstantValue unaryOperation(AbstractInsnNode insn, ConstantValue value) throws AnalyzerException {
BasicValue v = basic.unaryOperation(insn, value.type);
return v == null? null: new ConstantValue(v, insn.getOpcode()==CHECKCAST? value.value: null);
}
@Override
public ConstantValue binaryOperation(AbstractInsnNode insn, ConstantValue a, ConstantValue b) throws AnalyzerException {
BasicValue v = basic.binaryOperation(insn, a.type, b.type);
return v == null? null: new ConstantValue(v, null);
}
@Override
public ConstantValue ternaryOperation(AbstractInsnNode insn, ConstantValue a, ConstantValue b, ConstantValue c) {
return null;
}
@Override
public ConstantValue naryOperation(AbstractInsnNode insn, List<? extends ConstantValue> values) throws AnalyzerException {
List<BasicValue> unusedByBasicInterpreter = null;
BasicValue v = basic.naryOperation(insn, unusedByBasicInterpreter);
return v == null? null: new ConstantValue(v, null);
}
@Override
public void returnOperation(AbstractInsnNode insn, ConstantValue value, ConstantValue expected) {}
@Override
public ConstantValue merge(ConstantValue a, ConstantValue b) {
if(a == b) return a;
BasicValue t = basic.merge(a.type, b.type);
return t.equals(a.type) && (a.value==null&&a!=NULL || a.value.equals(b.value))? a:
t.equals(b.type) && b.value==null&&b!=NULL? b: new ConstantValue(t, null);
}
}
那么,你可以像这样使用它
private static void analyze() throws IOException, AnalyzerException {
ClassReader cr = new ClassReader(new FileInputStream(new File("input.class")));
ClassNode cn = new ClassNode(Opcodes.ASM5);
cr.accept(cn, 0);
for(MethodNode mn: cn.methods) {
if(!mn.name.equals("main")) continue;
Analyzer<ConstantTracker.ConstantValue> analyzer
= new Analyzer<>(new ConstantTracker());
analyzer.analyze(cn.name, mn);
int i = -1;
for(Frame<ConstantTracker.ConstantValue> frame: analyzer.getFrames()) {
i++;
if(frame == null) continue;
AbstractInsnNode n = mn.instructions.get(i);
if(n.getOpcode() != Opcodes.ILOAD) continue;
VarInsnNode vn = (VarInsnNode)n;
System.out.println("accessing variable # "+vn.var);
ConstantTracker.ConstantValue var = frame.getLocal(vn.var);
System.out.println("\tcontains "+var);
}
}
}
这适用于所有加载指令,不仅 ILOAD,即 ALOAD、LLOAD、FLOAD 和 DLOAD
当然,解释器还有很大的改进空间,例如用于跟踪琐碎的转换,例如将 int 常量转换为 short 或 byte 或进行简单的数学运算,但我认为现在情况更清晰了,这取决于您的实际用例,您有多少想要跟踪或解释。