gmu-swe / phosphor Goto Github PK
View Code? Open in Web Editor NEWPhosphor: Dynamic Taint Tracking for the JVM
License: MIT License
phosphor's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
mikefhsu manojrthakur mwangcs dleyanlin joecox josepablocam rzs840707 princessd8251 mek442 dongmu chubbymaggie idkwim csky6688 dmark1021 gcf0082 bahaihe antbean rongqinglee willemneal jianyu-m ksluckow iuliandumitru qorost davidyoung8906 jsinglet chhokrad gcxtx hakantunc parasol-aser ecek93 tiandiyixian tim-hoffman programming-systems-lab qiangxu1996 aaronemassey ckaestne dencat goatgoose 0x6b7966 achaudhary997 miguelvelezmj25 unshorn leoonzhang yijunwu zhaoh0104 shenruobing yu-wch threatintel-c coder-chenzhi dddinary minghuawang anditty jtmelton ymm238 0x554simon crackercat cor0ps icezhaol thakkarparth007 fwhdzh t0w3n yuhala aoli-al roksui jeremylong 5l1v3r1 squirhong zaizai000 stoneyironcat zhu1971 rmtbckpphosphor's Issues
Expected result of sample project
Hello,
so I tried to play-around a bit with Phosphor. All the steps executed as it is provided in the README file expect for the example project. Whenever, I provide the following command:
XYZ-computer:target payel$ jre-inst/bin/java -Xbootclasspath/a:Phosphor-0.0.3-SNAPSHOT.jar -javaagent:Phosphor-0.0.3-SNAPSHOT.jar -cp inst/phosphortests.jar -ea phosphor.test.DroidBenchTest
As, it is specified in the README file, I am running all the commands (including the above command) from target directory of Phosphor project.
then I get the below result. Can you let me know if the result is correct i.e. it shows a list of test cases, with assertion errors for each "testImplicitFlow" test case.
objc[8233]: Class JavaLaunchHelper is implemented in both /Users/payel/Documents/FreshPhosphorLookMarch/phosphor/Phosphor/target/jre-inst/bin/java and /Users/payel/Documents/FreshPhosphorLookMarch/phosphor/Phosphor/target/jre-inst/lib/libinstrument.dylib. One of the two will be used. Which one is undefined. testFieldSensitivity1 testFieldSensitivity2 testFieldSensitivity3 testFieldSensitivity4 testInheritedObjects1 testObjectSensitivity1 testObjectSensitivity2 testExceptions1 testExceptions2 testExceptions3 testExceptions4 testLoopExample1 testLoopExample2 testSourceCodeSpecific1 testStaticInitialization1 testStaticInitialization2 testUnreachableCode testImplicitFlow1 java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at phosphor.test.DroidBenchTest.main(DroidBenchTest.java:521) Caused by: java.lang.AssertionError at phosphor.test.DroidBenchTest$ImplicitFlow1.writeToLog(DroidBenchTest.java:361) at phosphor.test.DroidBenchTest$ImplicitFlow1.doTest(DroidBenchTest.java:294) at phosphor.test.DroidBenchTest.testImplicitFlow1(DroidBenchTest.java:366) ... 5 more testImplicitFlow2 java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at phosphor.test.DroidBenchTest.main(DroidBenchTest.java:521) Caused by: java.lang.AssertionError at phosphor.test.DroidBenchTest.testImplicitFlow2(DroidBenchTest.java:375) ... 5 more testImplicitFlow3 java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at phosphor.test.DroidBenchTest.main(DroidBenchTest.java:521) Caused by: java.lang.ClassCastException: java.util.ArrayList cannot be cast to edu.columbia.cs.psl.phosphor.struct.TaintedWithObjTag at phosphor.test.DroidBenchTest$ImplicitFlow3.doTest(DroidBenchTest.java:270) at phosphor.test.DroidBenchTest.testImplicitFlow3(DroidBenchTest.java:379) ... 5 more testImplicitFlow4 java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at phosphor.test.DroidBenchTest.main(DroidBenchTest.java:521) Caused by: java.lang.AssertionError at phosphor.test.DroidBenchTest$ImplicitFlow4.doTest(DroidBenchTest.java:253) at phosphor.test.DroidBenchTest.testImplicitFlow4(DroidBenchTest.java:383) ... 5 more testArrayAccess1 testArrayAccess2 testHashMapAccess1 testListAccess1 testReflectionTest1 testReflectionTest2 testReflectionTest3 testReflectionTest4
Please let me know if I am getting the correct result. I am absolutely new and a bit confused on the expected output.
Thanks!
Exception in instrumenting JRE with controlTrack flag
Hello,
When I instrumented the jre with control track flag, it threw an exception. However, if I removed the control track flag, the instrumentation was successful.
My jdk environment is
> java version "1.8.0_131"
> Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
> Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)
The process of instrumentation is
1)generate Phosphor-0.0.3-SNAPSHOT.jar
mvn package
2)instrument jre
java -jar Phosphor-0.0.3-SNAPSHOT.jar -controlTrack /usr/lib/jvm/jdk1.8.0_131/jre jre-inst
However, the exception comes
Processed: 24000/31566
Processed: 25000/31566
Processed: 26000/31566
edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.AnalyzerException: Error at instruction 57: Incompatible stack heights
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.Analyzer.analyze(Unknown Source)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.util.CheckMethodAdapter$1.visitEnd(Unknown Source)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.MethodVisitor.visitEnd(Unknown Source)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.util.CheckMethodAdapter.visitEnd(Unknown Source)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassReader.b(Unknown Source)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassReader.accept(Unknown Source)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassReader.accept(Unknown Source)
at edu.columbia.cs.psl.phosphor.PreMain$PCLoggingTransformer._transform(PreMain.java:317)
at edu.columbia.cs.psl.phosphor.PreMain$PCLoggingTransformer.transform(PreMain.java:161)
at edu.columbia.cs.psl.phosphor.Instrumenter.instrumentClass(Instrumenter.java:195)
at edu.columbia.cs.psl.phosphor.Instrumenter.processZip(Instrumenter.java:620)
at edu.columbia.cs.psl.phosphor.Instrumenter.processDirectory(Instrumenter.java:565)
at edu.columbia.cs.psl.phosphor.Instrumenter.processDirectory(Instrumenter.java:561)
at edu.columbia.cs.psl.phosphor.Instrumenter._main(Instrumenter.java:514)
at edu.columbia.cs.psl.phosphor.Instrumenter.main(Instrumenter.java:404)
Caused by: edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.AnalyzerException: Incompatible stack heights
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.Frame.merge(Frame.java:687)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.Analyzer.merge(Unknown Source)
... 15 more
Before that I think my jdk environment maybe has some problem, so I change my jdk enviroment from openjdk-8-amd64 to jdk1.8.0_131. However, both of them have the problem. If I don't use the control track flag, it success like that. But I need control flow tracking.
Processed: 27000/31566
Processed: 28000/31566
Processed: 29000/31566
Processed: 30000/31566
Processed: 31000/31566
Done after 115665 ms
Any help will be appreciated. Thanks!
The deps seem to be recorded in lbl after writing to array
On the lazy-arrays branch, the dependencies of array elements seem to recorded in its label, not deps.
Assume int i (lbl = i) and int[] arr (lbl = arr) are tainted.
arr[0] = i + 9;
Taint t = MultiTainter.getTaint(arr[0]);
The expected deps of t should be [i]? Currently the label i is recorded in t's label.
java.lang.VerifyError: Inconsistent stackmap frames at branch target
Hello Professor,
I instrumented the java version of berkeley db with int tags and got the following error when executing one workload:
./target/jre-inst-int/bin/java -Xbootclasspath/a:./target/Phosphor-0.0.4-SNAPSHOT.jar -javaagent:./target/Phosphor-0.0.4-SNAPSHOT.jar -cp ../../performance-mapper-evaluation/original/berkeley-db/phosphor/berkeleydb-1.0-SNAPSHOT.jar com.sleepycat.analysis.Run
Command line arguments:
Effective arguments: action=Populate dupDb=false keysOnly=false preload=false sequentialWrites=false nRecords=300000 keySize=10 dataSize=1000 lsnBatchSize=9223372036854775807 internalMemoryLimit=100000000 jeCacheSize=1000000000
java.lang.VerifyError: Inconsistent stackmap frames at branch target 93
Exception Details:
Location:
com/sleepycat/je/log/FileManager$LogEndFileDescriptor.enqueueWrite1$$PHOSPHORTAGGED(IJLedu/columbia/cs/psl/phosphor/struct/LazyByteArrayIntTags;[BIJIIII)V @93: istore
Reason:
Type 'edu/columbia/cs/psl/phosphor/struct/LazyByteArrayIntTags' (current frame, locals[15]) is not assignable to '[B' (stack map, locals[15])
Current Frame:
bci: @89
flags: { }
locals: { 'com/sleepycat/je/log/FileManager$LogEndFileDescriptor', integer, long, long_2nd, 'edu/columbia/cs/psl/phosphor/struct/LazyByteArrayIntTags', '[B', integer, long, long_2nd, integer, integer, integer, integer, 'edu/columbia/cs/psl/phosphor/struct/TaintedLongWithIntTag', 'edu/columbia/cs/psl/phosphor/struct/TaintedIntWithIntTag', 'edu/columbia/cs/psl/phosphor/struct/LazyByteArrayIntTags', 'edu/columbia/cs/psl/phosphor/struct/LazyByteArrayIntTags' }
stack: { integer }
Stackmap Frame:
bci: @93
flags: { }
locals: { 'com/sleepycat/je/log/FileManager$LogEndFileDescriptor', integer, long, long_2nd, 'edu/columbia/cs/psl/phosphor/struct/LazyByteArrayIntTags', '[B', integer, long, long_2nd, integer, integer, integer, integer, 'edu/columbia/cs/psl/phosphor/struct/TaintedLongWithIntTag', 'edu/columbia/cs/psl/phosphor/struct/TaintedIntWithIntTag', '[B', 'edu/columbia/cs/psl/phosphor/struct/LazyByteArrayIntTags' }
stack: { integer }
Bytecode:
0x0000000: bb01 c059 b701 c13a 0dbb 0195 59b7 0196
0x0000010: 3a0e 2ab4 0011 2094 9c00 172a b700 212a
0x0000020: 1b20 5e58 5f5a 5fb5 01b5 5b57 b500 112a
0x0000030: 59b4 01af 5fb4 000d 5a3a 0f3a 10c2 2ab4
0x0000040: 0005 190e b801 a4b4 01a6 2ab4 000e 6415
0x0000050: 0ca2 000b 0419 103a 0fa7 0004 0336 1315
0x0000060: 1399 0011 2ab4 0005 b400 23b6 001a b200
0x0000070: 24bf b200 1b9a 0014 2ab4 0011 2094 9900
0x0000080: 0bbb 001d 59b7 001e bf2a b400 0e36 1115
0x0000090: 119a 0015 2a15 0616 075e 585f 5a5f b501
0x00000a0: cf5b 57b5 0014 1511 852a b400 1461 1607
0x00000b0: 9499 003c bb00 2559 2ab4 0005 b800 26b2
0x00000c0: 0027 bb00 2859 b700 2912 2ab6 002b 2a59
0x00000d0: b401 b25f b400 0eb6 01f5 122d b600 2b15
0x00000e0: 0616 07b6 01f8 b600 2fb7 0030 bf19 0419
0x00000f0: 0515 0915 0a2a 59b4 01af 5fb4 000d 2a59
0x0000100: b401 b25f b400 0e15 0b15 0cb8 01fd 2a59
0x0000110: 59b4 01b2 5fb4 000e 150b 150c 3614 5f15
0x0000120: 1460 5b57 805f 5d58 5b5f b500 0eb5 01b2
0x0000130: 190f c3a7 000b 3a12 190f c319 12bf b1
Exception Handler Table:
bci [62, 307] => handler: 310
bci [310, 315] => handler: 310
Stackmap Table:
append_frame(@47,Object[#448],Object[#405])
append_frame(@92,Object[#125],Object[#424])
same_locals_1_stack_item_frame(@93,Integer)
append_frame(@114,Top,Top,Integer)
same_frame(@137)
full_frame(@166,{Object[#123],Integer,Long,Object[#424],Object[#125],Integer,Long,Integer,Integer,Integer,Integer,Object[#448],Object[#405],Object[#125],Object[#424],Integer,Top,Integer},{})
same_frame_extended(@237)
full_frame(@310,{Object[#123],Integer,Long,Object[#424],Object[#125],Integer,Long,Integer,Integer,Integer,Integer,Object[#448],Object[#405],Object[#125],Object[#424]},{Object[#138]})
chop_frame(@318,2)
at com.sleepycat.je.log.FileManager.<init>(FileManager.java:395)
at com.sleepycat.je.dbi.EnvironmentImpl.<init>(EnvironmentImpl.java:602)
at com.sleepycat.je.dbi.EnvironmentImpl.<init>(EnvironmentImpl.java:488)
at com.sleepycat.je.dbi.DbEnvPool.getEnvironment$$PHOSPHORTAGGED(DbEnvPool.java:192)
at com.sleepycat.je.Environment.makeEnvironmentImpl(Environment.java:267)
at com.sleepycat.je.Environment.<init>(Environment.java:252)
at com.sleepycat.je.Environment.<init>(Environment.java:222)
at com.sleepycat.analysis.Run.open(Run.java:265)
at com.sleepycat.analysis.Run.run(Run.java:218)
at com.sleepycat.analysis.Run.main(Run.java:83)
It seems like the lazy array cannot be assigned at that position. Could you please help me understand this issue? Attached are the uninstrumented jar file and, in the phosphor directory, the instrumented jar.
Thanks.
java.lang.AbstractMethodError: java.util.stream.IntPipeline$$Lambda$5/1132547352.applyAsInt$$PHOSPHORTAGGED
Hello Professor,
I instrumented a demo workload of lucene with int tags and got the following error:
Exception in thread "main" java.lang.AbstractMethodError: java.util.stream.IntPipeline$$Lambda$5/1525037790.applyAsInt$$PHOSPHORTAGGED(IIIILedu/columbia/cs/psl/phosphor/struct/TaintedIntWithIntTag;)Ledu/columbia/cs/psl/phosphor/struct/TaintedIntWithIntTag;
at java.util.stream.ReduceOps$5ReducingSink.accept$$PHOSPHORTAGGED(ReduceOps.java:258)
at java.util.Spliterators$IntArraySpliterator.forEachRemaining(Spliterators.java:1032)
at java.util.Spliterator$OfInt.forEachRemaining(Spliterator.java:693)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.IntPipeline.reduce$$PHOSPHORTAGGED(IntPipeline.java:456)
at java.util.stream.IntPipeline.sum$$PHOSPHORTAGGED(IntPipeline.java:414)
at org.apache.lucene.util.bkd.BKDWriter.writeLeafBlockPackedValues$$PHOSPHORTAGGED(BKDWriter.java:1274)
at org.apache.lucene.util.bkd.BKDWriter.access$1200$$PHOSPHORTAGGED(BKDWriter.java:82)
at org.apache.lucene.util.bkd.BKDWriter$OneDimensionBKDWriter.writeLeafBlock(BKDWriter.java:697)
at org.apache.lucene.util.bkd.BKDWriter$OneDimensionBKDWriter.finish$$PHOSPHORTAGGED(BKDWriter.java:626)
at org.apache.lucene.util.bkd.BKDWriter.writeField1Dim$$PHOSPHORTAGGED(BKDWriter.java:519)
at org.apache.lucene.util.bkd.BKDWriter.writeField$$PHOSPHORTAGGED(BKDWriter.java:427)
at org.apache.lucene.codecs.lucene60.Lucene60PointsWriter.writeField(Lucene60PointsWriter.java:105)
at org.apache.lucene.index.PointValuesWriter.flush(PointValuesWriter.java:183)
at org.apache.lucene.index.DefaultIndexingChain.writePoints(DefaultIndexingChain.java:204)
at org.apache.lucene.index.DefaultIndexingChain.flush(DefaultIndexingChain.java:139)
at org.apache.lucene.index.DocumentsWriterPerThread.flush(DocumentsWriterPerThread.java:470)
at org.apache.lucene.index.DocumentsWriter.doFlush$$PHOSPHORTAGGED(DocumentsWriter.java:554)
at org.apache.lucene.index.DocumentsWriter.flushAllThreads$$PHOSPHORTAGGED(DocumentsWriter.java:719)
at org.apache.lucene.index.IndexWriter.doFlush$$PHOSPHORTAGGED(IndexWriter.java:3595)
at org.apache.lucene.index.IndexWriter.flush$$PHOSPHORTAGGED(IndexWriter.java:3570)
at org.apache.lucene.index.IndexWriter.shutdown(IndexWriter.java:1028)
at org.apache.lucene.index.IndexWriter.close(IndexWriter.java:1071)
at org.apache.lucene.demo.IndexFiles.main(IndexFiles.java:123)
Based on what you told me about AbstractMethodErrors, it seems that the implementation of applyAsInt, which I guess comes from a lambda expression, is not instrumented.
I have attached the 4 original jar files needed to run the demo. I instrumented all of them. The main class is org.apache.lucene.demo.IndexFiles. It takes one program argument, [-docs DOCS_PATH]. I passed the Phosphor's src directory as the path and got the error.
Is it correct that there might be some class file not being instrumented by the java agent? Thanks.
More problems with reflection and primitive arrays
public class rough_work {
public static class MyStruct_arr {
public int[] arr_i = { 1, 2, 3 };
}
public static void main(String[] args) throws Exception {
MyStruct_arr m = new MyStruct_arr();
MultiTainter.taintedObject(m, new Taint<String>("tainted_dierctly"));
MultiTainter.taintedIntArray(m.arr_i, "tainted_directly");
System.out.println(MultiTainter.getTaint(m.arr_i[0]));
System.out.println(MultiTainter.getTaint(m.arr_i[1]));
System.out.println(MultiTainter.getTaint(m.arr_i[2]));
for (Field f : m.getClass().getDeclaredFields()) {
if (f.getType().isArray()) {
int[] temp = (int[]) f.get(m);
for (int i = 0; i < Array.getLength(temp); i++)
System.out.println(MultiTainter.getTaint(temp[i]));
}
}
}
// Output
>Taint [lbl=tainted_directly deps = []]
>Taint [lbl=tainted_directly deps = []]
>Taint [lbl=tainted_directly deps = []]
>null
>null
>nullA Fatal Error Detected by the JRE
Hi,
When I use control flow tracking, a fatal error has been detected by the JRE. It looks like that the program tried to access the invalid address(0x0000000000000010).
Below are my commands.
java -jar Phosphor-0.0.3-SNAPSHOT.jar -controlTrack -serialization -multiTaint -forceUnboxAcmpEq -withEnumsByValue /usr/lib/jvm/jdk1.8.0_131/jre jre-inst
chmod +x jre-inst/bin/*
chmod +x jre-inst/lib/*
java -jar Phosphor-0.0.3-SNAPSHOT.jar -controlTrack weka.jar inst
ulimit -c unlimited
jre-inst/bin/java -Xmx4g -Xbootclasspath/a:Phosphor-0.0.3-SNAPSHOT.jar -javaagent:Phosphor-0.0.3-SNAPSHOT.jar -noverify -cp inst/weka.jar -ea weka.classifiers.bayes.NaiveBayes -t 1fold1.arff -T 1fold2.arff
So was this problem caused by my program(weka.jar) or the tool(phosphor) or jvm? I'm confused.
The simple information is
A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007f519303a3f3, pid=2026, tid=0x00007f5194438700
#
# JRE version: Java(TM) SE Runtime Environment (8.0_131-b11) (build 1.8.0_131-b11)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (25.131-b11 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# V [libjvm.so+0x7fb3f3] LinkResolver::resolve_invokevirtual(CallInfo&, Handle, constantPoolHandle, int, Thread*)+0x233
#
# Core dump written. Default location: /home/davidchen/testWeka/core or core.2026
#
# An error report file with more information is saved as:
# /home/davidchen/testWeka/hs_err_pid2026.log
#
# If you would like to submit a bug report, please visit:
# http://bugreport.java.com/bugreport/crash.jsp
The error report is
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007f519303a3f3, pid=2026, tid=0x00007f5194438700
#
# JRE version: Java(TM) SE Runtime Environment (8.0_131-b11) (build 1.8.0_131-b11)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (25.131-b11 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# V [libjvm.so+0x7fb3f3] LinkResolver::resolve_invokevirtual(CallInfo&, Handle, constantPoolHandle, int, Thread*)+0x233
#
# Core dump written. Default location: /home/davidchen/testWeka/core or core.2026
#
# If you would like to submit a bug report, please visit:
# http://bugreport.java.com/bugreport/crash.jsp
#
--------------- T H R E A D ---------------
Current thread (0x00007f518c00a800): JavaThread "main" [_thread_in_vm, id=2027, stack(0x00007f5194338000,0x00007f5194439000)]
siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x0000000000000010
Registers:
RAX=0x00007f51937d19a0, RBX=0x00007f518c008150, RCX=0x0000000000000022, RDX=0x0000000000000008
RSP=0x00007f5194436660, RBP=0x00007f5194436700, RSI=0x00007f516f977ec8, RDI=0x0000000000000007
R8 =0x00007f518c008150, R9 =0x0000000000000007, R10=0x0000000000000006, R11=0x00000007c001a810
R12=0x0000000000000000, R13=0x00007f518c00a800, R14=0x00007f516f977ec8, R15=0x0000000000000002
RIP=0x00007f519303a3f3, EFLAGS=0x0000000000010202, CSGSFS=0x0000000000000033, ERR=0x0000000000000004
TRAPNO=0x000000000000000e
Top of Stack: (sp=0x00007f5194436660)
0x00007f5194436660: 00007f518c00a800 00007f518c00a800
0x00007f5194436670: 00007f516f978e30 00007f518c00a800
0x00007f5194436680: 00007f518c008240 00007f5194436820
0x00007f5194436690: 00007f516f977ec8 00007f518c00a800
0x00007f51944366a0: 00000007c0019468 00007f5193221dea
0x00007f51944366b0: 00007f51942912f0 00007f518c0afc00
0x00007f51944366c0: 00000007c001a810 00007f51932225c7
0x00007f51944366d0: 00007f5194436710 00007f518c008150
0x00007f51944366e0: 0000000000000000 00007f518c008240
0x00007f51944366f0: 00007f518c00a800 0000000000000002
0x00007f5194436700: 00007f51944367b0 00007f519303c898
0x00007f5194436710: 000000000000002e 00007f5194436820
0x00007f5194436720: 00007f5194436740 00007f5193126bc9
0x00007f5194436730: 00007f5194436770 0000000000000000
0x00007f5194436740: 00007f5194436760 00007f5192ecb4a5
0x00007f5194436750: 00007f516f977ec8 00007f518c00a800
0x00007f5194436760: 00007f51944367b0 00007f5192ecb540
0x00007f5194436770: 00007f5194436a90 00007f517d023263
0x00007f5194436780: 00007f517d0055d0 0000000000000002
0x00007f5194436790: 0000000000000000 00007f518c00a800
0x00007f51944367a0: 00007f518c008240 00007f518c0081b0
0x00007f51944367b0: 00007f5194436a70 00007f5192eca3a9
0x00007f51944367c0: 00007f5194436ae8 00007f517d023263
0x00007f51944367d0: 00007f516f978e30 00007f518c00a800
0x00007f51944367e0: 00007f5194436820 000000b600000000
0x00007f51944367f0: 00007f518c00b210 00007f518c00b220
0x00007f5194436800: 00007f518c00b5f8 00000000000003d8
0x00007f5194436810: 00007f5194436ad0 00007f5192ecb0af
0x00007f5194436820: 0000000000000000 0000000000000000
0x00007f5194436830: 0000000000000000 0000000000000000
0x00007f5194436840: 0000000000000000 0000000000000000
0x00007f5194436850: 00007f518c00b210 0000000000000000
Instructions: (pc=0x00007f519303a3f3)
0x00007f519303a3d3: 83 7d 80 00 74 26 48 8b 45 80 48 8b 10 48 8b 05
0x00007f519303a3e3: 09 aa 77 00 80 38 00 74 69 48 8b 05 2d 84 77 00
0x00007f519303a3f3: 8b 52 08 8b 48 08 48 d3 e2 48 03 10 48 8b 4d c0
0x00007f519303a403: 4c 89 6c 24 18 c7 44 24 10 01 00 00 00 c7 44 24
Register to memory mapping:
RAX=0x00007f51937d19a0: <offset 0xf929a0> in /home/davidchen/testWeka/jre-inst/lib/amd64/server/libjvm.so at 0x00007f519283f000
RBX=0x00007f518c008150 is an unknown value
RCX=0x0000000000000022 is an unknown value
RDX=0x0000000000000008 is an unknown value
RSP=0x00007f5194436660 is pointing into the stack for thread: 0x00007f518c00a800
RBP=0x00007f5194436700 is pointing into the stack for thread: 0x00007f518c00a800
RSI=0x00007f516f977ec8 is pointing into metadata
RDI=0x0000000000000007 is an unknown value
R8 =0x00007f518c008150 is an unknown value
R9 =0x0000000000000007 is an unknown value
R10=0x0000000000000006 is an unknown value
R11=0x00000007c001a810 is pointing into metadata
R12=0x0000000000000000 is an unknown value
R13=0x00007f518c00a800 is a thread
R14=0x00007f516f977ec8 is pointing into metadata
R15=0x0000000000000002 is an unknown value
Stack: [0x00007f5194338000,0x00007f5194439000], sp=0x00007f5194436660, free space=1017k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x7fb3f3] LinkResolver::resolve_invokevirtual(CallInfo&, Handle, constantPoolHandle, int, Thread*)+0x233
V [libjvm.so+0x7fd898] LinkResolver::resolve_invoke(CallInfo&, Handle, constantPoolHandle, int, Bytecodes::Code, Thread*)+0x2e8
V [libjvm.so+0x68b3a9] InterpreterRuntime::resolve_invoke(JavaThread*, Bytecodes::Code)+0x1b9
j edu.columbia.cs.psl.phosphor.struct.ControlTaintTagStack.getTag()Ledu/columbia/cs/psl/phosphor/runtime/Taint;+11
j edu.columbia.cs.psl.phosphor.struct.ControlTaintTagStack.copyTag()Ledu/columbia/cs/psl/phosphor/runtime/Taint;+8
j java.io.ObjectOutputStream.writeObject0$$PHOSPHORTAGGED(Ljava/lang/Object;Ledu/columbia/cs/psl/phosphor/runtime/Taint;ZLedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V+2526
j java.io.ObjectOutputStream.writeObject$$PHOSPHORTAGGED(Ljava/lang/Object;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V+45
j weka.core.SerializedObject.<init>(Ljava/lang/Object;Ledu/columbia/cs/psl/phosphor/runtime/Taint;ZLedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;Ledu/columbia/cs/psl/phosphor/runtime/TaintSentinel;)V+112
j weka.core.SerializedObject.<init>(Ljava/lang/Object;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;Ledu/columbia/cs/psl/phosphor/runtime/TaintSentinel;)V+9
j weka.classifiers.AbstractClassifier.makeCopy$$PHOSPHORTAGGED(Lweka/classifiers/Classifier;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Lweka/classifiers/Classifier;+7
j weka.classifiers.evaluation.Evaluation.evaluateModel$$PHOSPHORTAGGED(Lweka/classifiers/Classifier;[Ljava/lang/String;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ljava/lang/String;+7863
j weka.classifiers.Evaluation.evaluateModel$$PHOSPHORTAGGED(Lweka/classifiers/Classifier;[Ljava/lang/String;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ljava/lang/String;+3
j weka.classifiers.AbstractClassifier.runClassifier$$PHOSPHORTAGGED(Lweka/classifiers/Classifier;[Ljava/lang/String;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V+62
j weka.classifiers.bayes.NaiveBayes.main$$PHOSPHORTAGGED([Ljava/lang/String;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V+11
j weka.classifiers.bayes.NaiveBayes.main([Ljava/lang/String;)V+8
v ~StubRoutines::call_stub
V [libjvm.so+0x691d16] JavaCalls::call_helper(JavaValue*, methodHandle*, JavaCallArguments*, Thread*)+0x1056
V [libjvm.so+0x6d3132] jni_invoke_static(JNIEnv_*, JavaValue*, _jobject*, JNICallType, _jmethodID*, JNI_ArgumentPusher*, Thread*)+0x362
V [libjvm.so+0x6ef99a] jni_CallStaticVoidMethod+0x17a
C [libjli.so+0x7bdf] JavaMain+0x81f
C [libpthread.so.0+0x76aa] start_thread+0xca
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j edu.columbia.cs.psl.phosphor.struct.ControlTaintTagStack.getTag()Ledu/columbia/cs/psl/phosphor/runtime/Taint;+11
j edu.columbia.cs.psl.phosphor.struct.ControlTaintTagStack.copyTag()Ledu/columbia/cs/psl/phosphor/runtime/Taint;+8
j java.io.ObjectOutputStream.writeObject0$$PHOSPHORTAGGED(Ljava/lang/Object;Ledu/columbia/cs/psl/phosphor/runtime/Taint;ZLedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V+2526
j java.io.ObjectOutputStream.writeObject$$PHOSPHORTAGGED(Ljava/lang/Object;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V+45
j weka.core.SerializedObject.<init>(Ljava/lang/Object;Ledu/columbia/cs/psl/phosphor/runtime/Taint;ZLedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;Ledu/columbia/cs/psl/phosphor/runtime/TaintSentinel;)V+112
j weka.core.SerializedObject.<init>(Ljava/lang/Object;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;Ledu/columbia/cs/psl/phosphor/runtime/TaintSentinel;)V+9
j weka.classifiers.AbstractClassifier.makeCopy$$PHOSPHORTAGGED(Lweka/classifiers/Classifier;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Lweka/classifiers/Classifier;+7
j weka.classifiers.evaluation.Evaluation.evaluateModel$$PHOSPHORTAGGED(Lweka/classifiers/Classifier;[Ljava/lang/String;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ljava/lang/String;+7863
j weka.classifiers.Evaluation.evaluateModel$$PHOSPHORTAGGED(Lweka/classifiers/Classifier;[Ljava/lang/String;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ljava/lang/String;+3
j weka.classifiers.AbstractClassifier.runClassifier$$PHOSPHORTAGGED(Lweka/classifiers/Classifier;[Ljava/lang/String;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V+62
j weka.classifiers.bayes.NaiveBayes.main$$PHOSPHORTAGGED([Ljava/lang/String;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V+11
j weka.classifiers.bayes.NaiveBayes.main([Ljava/lang/String;)V+8
v ~StubRoutines::call_stub
--------------- P R O C E S S ---------------
Java Threads: ( => current thread )
0x00007f518c32a800 JavaThread "Service Thread" daemon [_thread_blocked, id=2044, stack(0x00007f516cb21000,0x00007f516cc22000)]
0x00007f518c2b6800 JavaThread "C1 CompilerThread3" daemon [_thread_blocked, id=2043, stack(0x00007f516cc22000,0x00007f516cd23000)]
0x00007f518c2b5000 JavaThread "C2 CompilerThread2" daemon [_thread_in_native, id=2042, stack(0x00007f516cd23000,0x00007f516ce24000)]
0x00007f518c2b1000 JavaThread "C2 CompilerThread1" daemon [_thread_blocked, id=2041, stack(0x00007f516ce24000,0x00007f516cf25000)]
0x00007f518c2aa000 JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=2040, stack(0x00007f516cf25000,0x00007f516d026000)]
0x00007f518c2a4800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2039, stack(0x00007f516d026000,0x00007f516d127000)]
0x00007f518c21a800 JavaThread "Finalizer" daemon [_thread_blocked, id=2038, stack(0x00007f516d809000,0x00007f516d90a000)]
0x00007f518c218800 JavaThread "Reference Handler" daemon [_thread_blocked, id=2037, stack(0x00007f516d90a000,0x00007f516da0b000)]
=>0x00007f518c00a800 JavaThread "main" [_thread_in_vm, id=2027, stack(0x00007f5194338000,0x00007f5194439000)]
Other Threads:
0x00007f518c0c8800 VMThread [stack: 0x00007f516da0b000,0x00007f516db0c000] [id=2036]
0x00007f518c32f000 WatcherThread [stack: 0x00007f516ca20000,0x00007f516cb21000] [id=2045]
VM state:not at safepoint (normal execution)
VM Mutex/Monitor currently owned by a thread: None
Heap:
PSYoungGen total 74752K, used 40178K [0x000000076ab00000, 0x000000076fe00000, 0x00000007c0000000)
eden space 64512K, 62% used [0x000000076ab00000,0x000000076d23c960,0x000000076ea00000)
from space 10240K, 0% used [0x000000076f400000,0x000000076f400000,0x000000076fe00000)
to space 10240K, 0% used [0x000000076ea00000,0x000000076ea00000,0x000000076f400000)
ParOldGen total 171008K, used 0K [0x00000006c0000000, 0x00000006ca700000, 0x000000076ab00000)
object space 171008K, 0% used [0x00000006c0000000,0x00000006c0000000,0x00000006ca700000)
Metaspace used 10222K, capacity 10368K, committed 10752K, reserved 1058816K
class space used 652K, capacity 690K, committed 768K, reserved 1048576K
Card table byte_map: [0x00007f51906d3000,0x00007f5190ed4000] byte_map_base: 0x00007f518d0d3000
Marking Bits: (ParMarkBitMap*) 0x00007f5193804f60
Begin Bits: [0x00007f51748f9000, 0x00007f51788f9000)
End Bits: [0x00007f51788f9000, 0x00007f517c8f9000)
Polling page: 0x00007f5194454000
CodeCache: size=245760Kb used=3662Kb max_used=3670Kb free=242097Kb
bounds [0x00007f517d000000, 0x00007f517d3a0000, 0x00007f518c000000]
total_blobs=783 nmethods=323 adapters=374
compilation: enabled
Compilation events (10 events):
Event: 0.478 Thread 0x00007f518c2b6800 321 3 java.io.ObjectStreamField::getName$$PHOSPHORTAGGED (5 bytes)
Event: 0.478 Thread 0x00007f518c2b6800 nmethod 321 0x00007f517d393250 code [0x00007f517d3933a0, 0x00007f517d393510]
Event: 0.478 Thread 0x00007f518c2b6800 322 3 java.lang.Class::isArray$$PHOSPHORTAGGED (16 bytes)
Event: 0.478 Thread 0x00007f518c2b6800 nmethod 322 0x00007f517d393590 code [0x00007f517d393700, 0x00007f517d3938c8]
Event: 0.478 Thread 0x00007f518c2b6800 323 3 java.util.HashMap::newNode$$PHOSPHORTAGGED (18 bytes)
Event: 0.478 Thread 0x00007f518c2b6800 nmethod 323 0x00007f517d393990 code [0x00007f517d393b00, 0x00007f517d393d28]
Event: 0.478 Thread 0x00007f518c2b6800 324 3 java.util.HashMap::afterNodeInsertion$$PHOSPHORTAGGED (1 bytes)
Event: 0.478 Thread 0x00007f518c2b6800 nmethod 324 0x00007f517d393e10 code [0x00007f517d393f60, 0x00007f517d3940b0]
Event: 0.479 Thread 0x00007f518c2b6800 325 3 java.util.HashMap::put$$PHOSPHORTAGGED (42 bytes)
Event: 0.479 Thread 0x00007f518c2b1000 nmethod 317 0x00007f517d397050 code [0x00007f517d3971c0, 0x00007f517d3974b8]
GC Heap History (0 events):
No events
Deoptimization events (9 events):
Event: 0.227 Thread 0x00007f518c00a800 Uncommon trap: reason=unstable_if action=reinterpret pc=0x00007f517d13d6f0 method=edu.columbia.cs.psl.phosphor.TaintUtils.getTaintObj(Ljava/lang/Object;)Ledu/columbia/cs/psl/phosphor/runtime/Taint; @ 133
Event: 0.249 Thread 0x00007f518c00a800 Uncommon trap: reason=null_check action=make_not_entrant pc=0x00007f517d17c160 method=edu.columbia.cs.psl.phosphor.TaintUtils.ensureUnboxed(Ljava/lang/Object;)Ljava/lang/Object; @ 28
Event: 0.342 Thread 0x00007f518c00a800 Uncommon trap: reason=unstable_if action=reinterpret pc=0x00007f517d180f30 method=edu.columbia.cs.psl.phosphor.TaintUtils.getTaintObj(Ljava/lang/Object;)Ledu/columbia/cs/psl/phosphor/runtime/Taint; @ 118
Event: 0.419 Thread 0x00007f518c00a800 Uncommon trap: reason=range_check action=make_not_entrant pc=0x00007f517d11c2b0 method=edu.columbia.cs.psl.phosphor.struct.LazyCharArrayObjTags.getImplicit([CILedu/columbia/cs/psl/phosphor/struct/TaintedCharWithObjTag;Ledu/columbia/cs/psl/phosphor/struct/
Event: 0.432 Thread 0x00007f518c00a800 Uncommon trap: reason=unstable_if action=reinterpret pc=0x00007f517d21bc18 method=java.lang.String.<init>(Ledu/columbia/cs/psl/phosphor/struct/LazyCharArrayObjTags;[CLedu/columbia/cs/psl/phosphor/runtime/Taint;ILedu/columbia/cs/psl/phosphor/runtime/Taint;
Event: 0.456 Thread 0x00007f518c00a800 Uncommon trap: reason=unstable_if action=reinterpret pc=0x00007f517d1ba544 method=java.lang.String.charAt$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/runtime/Taint;ILedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;Ledu/columbia/cs/psl/phosphor/
Event: 0.479 Thread 0x00007f518c00a800 Uncommon trap: reason=unstable_if action=reinterpret pc=0x00007f517d118e70 method=edu.columbia.cs.psl.phosphor.struct.ControlTaintTagStack.isEmpty()Z @ 4
Event: 0.479 Thread 0x00007f518c00a800 Uncommon trap: reason=unstable_if action=reinterpret pc=0x00007f517d138698 method=edu.columbia.cs.psl.phosphor.struct.ControlTaintTagStack.isEmpty()Z @ 4
Event: 0.480 Thread 0x00007f518c00a800 Uncommon trap: reason=unstable_if action=reinterpret pc=0x00007f517d115db4 method=edu.columbia.cs.psl.phosphor.struct.ControlTaintTagStack.copyTag()Ledu/columbia/cs/psl/phosphor/runtime/Taint; @ 4
Internal exceptions (10 events):
Event: 0.361 Thread 0x00007f518c00a800 Exception <a 'java/security/PrivilegedActionException'> (0x000000076c114040) thrown at [/HUDSON/workspace/8-2-build-linux-amd64/jdk8u131/8869/hotspot/src/share/vm/prims/jvm.cpp, line 1390]
Event: 0.361 Thread 0x00007f518c00a800 Exception <a 'java/security/PrivilegedActionException'> (0x000000076c11bfe8) thrown at [/HUDSON/workspace/8-2-build-linux-amd64/jdk8u131/8869/hotspot/src/share/vm/prims/jvm.cpp, line 1390]
Event: 0.361 Thread 0x00007f518c00a800 Exception <a 'java/security/PrivilegedActionException'> (0x000000076c11c428) thrown at [/HUDSON/workspace/8-2-build-linux-amd64/jdk8u131/8869/hotspot/src/share/vm/prims/jvm.cpp, line 1390]
Event: 0.396 Thread 0x00007f518c00a800 Exception <a 'java/lang/ClassNotFoundException': weka/classifiers/bayes/NaiveBayesBeanInfo> (0x000000076c56eec8) thrown at [/HUDSON/workspace/8-2-build-linux-amd64/jdk8u131/8869/hotspot/src/share/vm/classfile/systemDictionary.cpp, line 210]
Event: 0.397 Thread 0x00007f518c00a800 Exception <a 'java/lang/ClassNotFoundException': weka/classifiers/bayes/NaiveBayesCustomizer> (0x000000076c583530) thrown at [/HUDSON/workspace/8-2-build-linux-amd64/jdk8u131/8869/hotspot/src/share/vm/classfile/systemDictionary.cpp, line 210]
Event: 0.419 Thread 0x00007f518c00a800 Exception <a 'java/lang/ArrayIndexOutOfBoundsException': 18> (0x000000076c70a318) thrown at [/HUDSON/workspace/8-2-build-linux-amd64/jdk8u131/8869/hotspot/src/share/vm/interpreter/interpreterRuntime.cpp, line 366]
Event: 0.420 Thread 0x00007f518c00a800 Exception <a 'java/lang/ArrayIndexOutOfBoundsException': 254> (0x000000076c714b58) thrown at [/HUDSON/workspace/8-2-build-linux-amd64/jdk8u131/8869/hotspot/src/share/vm/interpreter/interpreterRuntime.cpp, line 366]
Event: 0.434 Thread 0x00007f518c00a800 Exception <a 'java/lang/ClassNotFoundException': weka/classifiers/AbstractClassifierBeanInfo> (0x000000076c9e3d10) thrown at [/HUDSON/workspace/8-2-build-linux-amd64/jdk8u131/8869/hotspot/src/share/vm/classfile/systemDictionary.cpp, line 210]
Event: 0.435 Thread 0x00007f518c00a800 Exception <a 'java/lang/ClassNotFoundException': weka/classifiers/AbstractClassifierCustomizer> (0x000000076c9ecab0) thrown at [/HUDSON/workspace/8-2-build-linux-amd64/jdk8u131/8869/hotspot/src/share/vm/classfile/systemDictionary.cpp, line 210]
Event: 0.456 Thread 0x00007f518c00a800 Implicit null exception at 0x00007f517d1ba38e to 0x00007f517d1ba521
Events (10 events):
Event: 0.479 loading class java/io/ObjectStreamClass$ClassDataSlot done
Event: 0.479 Thread 0x00007f518c00a800 Uncommon trap: trap_request=0xffffff65 fr.pc=0x00007f517d118e70
Event: 0.479 Thread 0x00007f518c00a800 DEOPT PACKING pc=0x00007f517d118e70 sp=0x00007f5194436830
Event: 0.479 Thread 0x00007f518c00a800 DEOPT UNPACKING pc=0x00007f517d005229 sp=0x00007f51944367a0 mode 2
Event: 0.479 Thread 0x00007f518c00a800 Uncommon trap: trap_request=0xffffff65 fr.pc=0x00007f517d138698
Event: 0.479 Thread 0x00007f518c00a800 DEOPT PACKING pc=0x00007f517d138698 sp=0x00007f5194436a30
Event: 0.480 Thread 0x00007f518c00a800 DEOPT UNPACKING pc=0x00007f517d005229 sp=0x00007f51944369a8 mode 2
Event: 0.480 Thread 0x00007f518c00a800 Uncommon trap: trap_request=0xffffff65 fr.pc=0x00007f517d115db4
Event: 0.480 Thread 0x00007f518c00a800 DEOPT PACKING pc=0x00007f517d115db4 sp=0x00007f5194436b10
Event: 0.480 Thread 0x00007f518c00a800 DEOPT UNPACKING pc=0x00007f517d005229 sp=0x00007f5194436ad8 mode 2
Dynamic libraries:
00400000-00401000 r-xp 00000000 08:07 793608 /home/davidchen/testWeka/jre-inst/bin/java
00600000-00601000 rw-p 00000000 08:07 793608 /home/davidchen/testWeka/jre-inst/bin/java
01667000-01688000 rw-p 00000000 00:00 0 [heap]
6c0000000-6ca700000 rw-p 00000000 00:00 0
6ca700000-76ab00000 ---p 00000000 00:00 0
76ab00000-76fe00000 rw-p 00000000 00:00 0
76fe00000-7c0000000 ---p 00000000 00:00 0
7c0000000-7c00c0000 rw-p 00000000 00:00 0
7c00c0000-800000000 ---p 00000000 00:00 0
7f5118000000-7f5118021000 rw-p 00000000 00:00 0
7f5118021000-7f511c000000 ---p 00000000 00:00 0
7f511c000000-7f511c021000 rw-p 00000000 00:00 0
7f511c021000-7f5120000000 ---p 00000000 00:00 0
7f5120000000-7f51202ed000 rw-p 00000000 00:00 0
7f51202ed000-7f5124000000 ---p 00000000 00:00 0
7f5124000000-7f5124623000 rw-p 00000000 00:00 0
7f5124623000-7f5128000000 ---p 00000000 00:00 0
7f5128000000-7f5128492000 rw-p 00000000 00:00 0
7f5128492000-7f512c000000 ---p 00000000 00:00 0
7f512c000000-7f512c2a4000 rw-p 00000000 00:00 0
7f512c2a4000-7f5130000000 ---p 00000000 00:00 0
7f5130000000-7f5130021000 rw-p 00000000 00:00 0
7f5130021000-7f5134000000 ---p 00000000 00:00 0
7f5134000000-7f5134021000 rw-p 00000000 00:00 0
7f5134021000-7f5138000000 ---p 00000000 00:00 0
7f5138000000-7f5138021000 rw-p 00000000 00:00 0
7f5138021000-7f513c000000 ---p 00000000 00:00 0
7f513c000000-7f513c021000 rw-p 00000000 00:00 0
7f513c021000-7f5140000000 ---p 00000000 00:00 0
7f5140000000-7f5140021000 rw-p 00000000 00:00 0
7f5140021000-7f5144000000 ---p 00000000 00:00 0
7f5144000000-7f5144021000 rw-p 00000000 00:00 0
7f5144021000-7f5148000000 ---p 00000000 00:00 0
7f5148000000-7f5148021000 rw-p 00000000 00:00 0
7f5148021000-7f514c000000 ---p 00000000 00:00 0
7f5150000000-7f5150021000 rw-p 00000000 00:00 0
7f5150021000-7f5154000000 ---p 00000000 00:00 0
7f5158000000-7f5158021000 rw-p 00000000 00:00 0
7f5158021000-7f515c000000 ---p 00000000 00:00 0
7f5160000000-7f5160021000 rw-p 00000000 00:00 0
7f5160021000-7f5164000000 ---p 00000000 00:00 0
7f5168000000-7f5168021000 rw-p 00000000 00:00 0
7f5168021000-7f516c000000 ---p 00000000 00:00 0
7f516c4b4000-7f516c9e0000 rw-p 00000000 00:00 0
7f516c9e0000-7f516ca20000 ---p 00000000 00:00 0
7f516ca20000-7f516ca21000 ---p 00000000 00:00 0
7f516ca21000-7f516cb21000 rw-p 00000000 00:00 0 [stack:2045]
7f516cb21000-7f516cb24000 ---p 00000000 00:00 0
7f516cb24000-7f516cc22000 rw-p 00000000 00:00 0 [stack:2044]
7f516cc22000-7f516cc25000 ---p 00000000 00:00 0
7f516cc25000-7f516cd23000 rw-p 00000000 00:00 0 [stack:2043]
7f516cd23000-7f516cd26000 ---p 00000000 00:00 0
7f516cd26000-7f516ce24000 rw-p 00000000 00:00 0 [stack:2042]
7f516ce24000-7f516ce27000 ---p 00000000 00:00 0
7f516ce27000-7f516cf25000 rw-p 00000000 00:00 0 [stack:2041]
7f516cf25000-7f516cf28000 ---p 00000000 00:00 0
7f516cf28000-7f516d026000 rw-p 00000000 00:00 0 [stack:2040]
7f516d026000-7f516d029000 ---p 00000000 00:00 0
7f516d029000-7f516d127000 rw-p 00000000 00:00 0 [stack:2039]
7f516d127000-7f516d809000 r--p 00000000 08:06 401581 /usr/lib/locale/locale-archive
7f516d809000-7f516d80c000 ---p 00000000 00:00 0
7f516d80c000-7f516d90a000 rw-p 00000000 00:00 0 [stack:2038]
7f516d90a000-7f516d90d000 ---p 00000000 00:00 0
7f516d90d000-7f516da0b000 rw-p 00000000 00:00 0 [stack:2037]
7f516da0b000-7f516da0c000 ---p 00000000 00:00 0
7f516da0c000-7f516f627000 rw-p 00000000 00:00 0 [stack:2036]
7f516f627000-7f516f800000 r--s 03a4e000 08:07 793557 /home/davidchen/testWeka/jre-inst/lib/rt.jar
7f516f800000-7f5170000000 rw-p 00000000 00:00 0
7f5170000000-7f5170021000 rw-p 00000000 00:00 0
7f5170021000-7f5174000000 ---p 00000000 00:00 0
7f517404b000-7f51740aa000 r--s 011db000 08:07 786966 /home/davidchen/testWeka/inst/weka.jar
7f51740aa000-7f517c8f9000 rw-p 00000000 00:00 0
7f517c8f9000-7f517c8fa000 ---p 00000000 00:00 0
7f517c8fa000-7f517c9fa000 rw-p 00000000 00:00 0 [stack:2035]
7f517c9fa000-7f517c9fb000 ---p 00000000 00:00 0
7f517c9fb000-7f517cafb000 rw-p 00000000 00:00 0 [stack:2034]
7f517cafb000-7f517cafc000 ---p 00000000 00:00 0
7f517cafc000-7f517cbfc000 rw-p 00000000 00:00 0 [stack:2033]
7f517cbfc000-7f517cbfd000 ---p 00000000 00:00 0
7f517cbfd000-7f517ccfd000 rw-p 00000000 00:00 0 [stack:2032]
7f517ccfd000-7f517ccfe000 ---p 00000000 00:00 0
7f517ccfe000-7f517cdfe000 rw-p 00000000 00:00 0 [stack:2031]
7f517cdfe000-7f517cdff000 ---p 00000000 00:00 0
7f517cdff000-7f517ceff000 rw-p 00000000 00:00 0 [stack:2030]
7f517ceff000-7f517cf00000 ---p 00000000 00:00 0
7f517cf00000-7f517d000000 rw-p 00000000 00:00 0 [stack:2029]
7f517d000000-7f517d3a0000 rwxp 00000000 00:00 0
7f517d3a0000-7f518c000000 ---p 00000000 00:00 0
7f518c000000-7f518c4fe000 rw-p 00000000 00:00 0
7f518c4fe000-7f5190000000 ---p 00000000 00:00 0
7f5190006000-7f519007c000 rw-p 00000000 00:00 0
7f519007c000-7f519007d000 ---p 00000000 00:00 0
7f519007d000-7f51901d1000 rw-p 00000000 00:00 0 [stack:2028]
7f51901d1000-7f51906d3000 ---p 00000000 00:00 0
7f51906d3000-7f5190727000 rw-p 00000000 00:00 0
7f5190727000-7f5190c28000 ---p 00000000 00:00 0
7f5190c28000-7f5190c52000 rw-p 00000000 00:00 0
7f5190c52000-7f5190ed3000 ---p 00000000 00:00 0
7f5190ed3000-7f5190ee3000 rw-p 00000000 00:00 0
7f5190ee3000-7f5191294000 ---p 00000000 00:00 0
7f5191294000-7f51912ae000 r-xp 00000000 08:07 791017 /home/davidchen/testWeka/jre-inst/lib/amd64/libzip.so
7f51912ae000-7f51914ae000 ---p 0001a000 08:07 791017 /home/davidchen/testWeka/jre-inst/lib/amd64/libzip.so
7f51914ae000-7f51914af000 rw-p 0001a000 08:07 791017 /home/davidchen/testWeka/jre-inst/lib/amd64/libzip.so
7f51914af000-7f51914bb000 r-xp 00000000 08:06 528221 /lib/x86_64-linux-gnu/libnss_files-2.21.so
7f51914bb000-7f51916ba000 ---p 0000c000 08:06 528221 /lib/x86_64-linux-gnu/libnss_files-2.21.so
7f51916ba000-7f51916bb000 r--p 0000b000 08:06 528221 /lib/x86_64-linux-gnu/libnss_files-2.21.so
7f51916bb000-7f51916bc000 rw-p 0000c000 08:06 528221 /lib/x86_64-linux-gnu/libnss_files-2.21.so
7f51916bc000-7f51916c7000 r-xp 00000000 08:06 528231 /lib/x86_64-linux-gnu/libnss_nis-2.21.so
7f51916c7000-7f51918c6000 ---p 0000b000 08:06 528231 /lib/x86_64-linux-gnu/libnss_nis-2.21.so
7f51918c6000-7f51918c7000 r--p 0000a000 08:06 528231 /lib/x86_64-linux-gnu/libnss_nis-2.21.so
7f51918c7000-7f51918c8000 rw-p 0000b000 08:06 528231 /lib/x86_64-linux-gnu/libnss_nis-2.21.so
7f51918c8000-7f51918df000 r-xp 00000000 08:06 528215 /lib/x86_64-linux-gnu/libnsl-2.21.so
7f51918df000-7f5191ade000 ---p 00017000 08:06 528215 /lib/x86_64-linux-gnu/libnsl-2.21.so
7f5191ade000-7f5191adf000 r--p 00016000 08:06 528215 /lib/x86_64-linux-gnu/libnsl-2.21.so
7f5191adf000-7f5191ae0000 rw-p 00017000 08:06 528215 /lib/x86_64-linux-gnu/libnsl-2.21.so
7f5191ae0000-7f5191ae2000 rw-p 00000000 00:00 0
7f5191ae2000-7f5191aea000 r-xp 00000000 08:06 528217 /lib/x86_64-linux-gnu/libnss_compat-2.21.so
7f5191aea000-7f5191ce9000 ---p 00008000 08:06 528217 /lib/x86_64-linux-gnu/libnss_compat-2.21.so
7f5191ce9000-7f5191cea000 r--p 00007000 08:06 528217 /lib/x86_64-linux-gnu/libnss_compat-2.21.so
7f5191cea000-7f5191ceb000 rw-p 00008000 08:06 528217 /lib/x86_64-linux-gnu/libnss_compat-2.21.so
7f5191ceb000-7f5191cf5000 r-xp 00000000 08:07 791055 /home/davidchen/testWeka/jre-inst/lib/amd64/libinstrument.so
7f5191cf5000-7f5191ef4000 ---p 0000a000 08:07 791055 /home/davidchen/testWeka/jre-inst/lib/amd64/libinstrument.so
7f5191ef4000-7f5191ef5000 rw-p 00009000 08:07 791055 /home/davidchen/testWeka/jre-inst/lib/amd64/libinstrument.so
7f5191ef5000-7f5191f20000 r-xp 00000000 08:07 790537 /home/davidchen/testWeka/jre-inst/lib/amd64/libjava.so
7f5191f20000-7f519211f000 ---p 0002b000 08:07 790537 /home/davidchen/testWeka/jre-inst/lib/amd64/libjava.so
7f519211f000-7f5192121000 rw-p 0002a000 08:07 790537 /home/davidchen/testWeka/jre-inst/lib/amd64/libjava.so
7f5192121000-7f519212e000 r-xp 00000000 08:07 790842 /home/davidchen/testWeka/jre-inst/lib/amd64/libverify.so
7f519212e000-7f519232d000 ---p 0000d000 08:07 790842 /home/davidchen/testWeka/jre-inst/lib/amd64/libverify.so
7f519232d000-7f519232f000 rw-p 0000c000 08:07 790842 /home/davidchen/testWeka/jre-inst/lib/amd64/libverify.so
7f519232f000-7f5192336000 r-xp 00000000 08:06 528276 /lib/x86_64-linux-gnu/librt-2.21.so
7f5192336000-7f5192535000 ---p 00007000 08:06 528276 /lib/x86_64-linux-gnu/librt-2.21.so
7f5192535000-7f5192536000 r--p 00006000 08:06 528276 /lib/x86_64-linux-gnu/librt-2.21.so
7f5192536000-7f5192537000 rw-p 00007000 08:06 528276 /lib/x86_64-linux-gnu/librt-2.21.so
7f5192537000-7f519263e000 r-xp 00000000 08:06 528194 /lib/x86_64-linux-gnu/libm-2.21.so
7f519263e000-7f519283d000 ---p 00107000 08:06 528194 /lib/x86_64-linux-gnu/libm-2.21.so
7f519283d000-7f519283e000 r--p 00106000 08:06 528194 /lib/x86_64-linux-gnu/libm-2.21.so
7f519283e000-7f519283f000 rw-p 00107000 08:06 528194 /lib/x86_64-linux-gnu/libm-2.21.so
7f519283f000-7f519350e000 r-xp 00000000 08:07 791070 /home/davidchen/testWeka/jre-inst/lib/amd64/server/libjvm.so
7f519350e000-7f519370e000 ---p 00ccf000 08:07 791070 /home/davidchen/testWeka/jre-inst/lib/amd64/server/libjvm.so
7f519370e000-7f51937e7000 rw-p 00ccf000 08:07 791070 /home/davidchen/testWeka/jre-inst/lib/amd64/server/libjvm.so
7f51937e7000-7f5193832000 rw-p 00000000 00:00 0
7f5193832000-7f51939f2000 r-xp 00000000 08:06 528135 /lib/x86_64-linux-gnu/libc-2.21.so
7f51939f2000-7f5193bf2000 ---p 001c0000 08:06 528135 /lib/x86_64-linux-gnu/libc-2.21.so
7f5193bf2000-7f5193bf6000 r--p 001c0000 08:06 528135 /lib/x86_64-linux-gnu/libc-2.21.so
7f5193bf6000-7f5193bf8000 rw-p 001c4000 08:06 528135 /lib/x86_64-linux-gnu/libc-2.21.so
7f5193bf8000-7f5193bfc000 rw-p 00000000 00:00 0
7f5193bfc000-7f5193bff000 r-xp 00000000 08:06 528152 /lib/x86_64-linux-gnu/libdl-2.21.so
7f5193bff000-7f5193dfe000 ---p 00003000 08:06 528152 /lib/x86_64-linux-gnu/libdl-2.21.so
7f5193dfe000-7f5193dff000 r--p 00002000 08:06 528152 /lib/x86_64-linux-gnu/libdl-2.21.so
7f5193dff000-7f5193e00000 rw-p 00003000 08:06 528152 /lib/x86_64-linux-gnu/libdl-2.21.so
7f5193e00000-7f5193e15000 r-xp 00000000 08:07 791066 /home/davidchen/testWeka/jre-inst/lib/amd64/jli/libjli.so
7f5193e15000-7f5194015000 ---p 00015000 08:07 791066 /home/davidchen/testWeka/jre-inst/lib/amd64/jli/libjli.so
7f5194015000-7f5194016000 rw-p 00015000 08:07 791066 /home/davidchen/testWeka/jre-inst/lib/amd64/jli/libjli.so
7f5194016000-7f519402e000 r-xp 00000000 08:06 528268 /lib/x86_64-linux-gnu/libpthread-2.21.so
7f519402e000-7f519422e000 ---p 00018000 08:06 528268 /lib/x86_64-linux-gnu/libpthread-2.21.so
7f519422e000-7f519422f000 r--p 00018000 08:06 528268 /lib/x86_64-linux-gnu/libpthread-2.21.so
7f519422f000-7f5194230000 rw-p 00019000 08:06 528268 /lib/x86_64-linux-gnu/libpthread-2.21.so
7f5194230000-7f5194234000 rw-p 00000000 00:00 0
7f5194234000-7f5194258000 r-xp 00000000 08:06 528107 /lib/x86_64-linux-gnu/ld-2.21.so
7f519428d000-7f5194338000 rw-p 00000000 00:00 0
7f5194338000-7f519433b000 ---p 00000000 00:00 0
7f519433b000-7f519443d000 rw-p 00000000 00:00 0 [stack:2027]
7f5194440000-7f5194443000 rw-p 00000000 00:00 0
7f5194443000-7f519444b000 r--s 0008c000 08:07 790201 /home/davidchen/testWeka/Phosphor-0.0.3-SNAPSHOT.jar
7f519444b000-7f5194453000 rw-s 00000000 08:06 1054628 /tmp/hsperfdata_davidchen/2026
7f5194453000-7f5194454000 rw-p 00000000 00:00 0
7f5194454000-7f5194455000 r--p 00000000 00:00 0
7f5194455000-7f5194457000 rw-p 00000000 00:00 0
7f5194457000-7f5194458000 r--p 00023000 08:06 528107 /lib/x86_64-linux-gnu/ld-2.21.so
7f5194458000-7f5194459000 rw-p 00024000 08:06 528107 /lib/x86_64-linux-gnu/ld-2.21.so
7f5194459000-7f519445a000 rw-p 00000000 00:00 0
7ffdd7fc5000-7ffdd7fe6000 rw-p 00000000 00:00 0 [stack]
7ffdd7ff2000-7ffdd7ff4000 r--p 00000000 00:00 0 [vvar]
7ffdd7ff4000-7ffdd7ff6000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
VM Arguments:
jvm_args: -Xmx4g -Xbootclasspath/a:Phosphor-0.0.3-SNAPSHOT.jar -javaagent:Phosphor-0.0.3-SNAPSHOT.jar -Xverify:none -ea
java_command: weka.classifiers.bayes.NaiveBayes -t 1fold1.arff -T 1fold2.arff
java_class_path (initial): inst/weka.jar:Phosphor-0.0.3-SNAPSHOT.jar
Launcher Type: SUN_STANDARD
Environment Variables:
PATH=/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin
SHELL=/bin/bash
DISPLAY=:10.0
Signal Handlers:
SIGSEGV: [libjvm.so+0xac8af0], sa_mask[0]=11111111011111111101111111111110, sa_flags=SA_RESTART|SA_SIGINFO
SIGBUS: [libjvm.so+0xac8af0], sa_mask[0]=11111111011111111101111111111110, sa_flags=SA_RESTART|SA_SIGINFO
SIGFPE: [libjvm.so+0x921dd0], sa_mask[0]=11111111011111111101111111111110, sa_flags=SA_RESTART|SA_SIGINFO
SIGPIPE: [libjvm.so+0x921dd0], sa_mask[0]=11111111011111111101111111111110, sa_flags=SA_RESTART|SA_SIGINFO
SIGXFSZ: [libjvm.so+0x921dd0], sa_mask[0]=11111111011111111101111111111110, sa_flags=SA_RESTART|SA_SIGINFO
SIGILL: [libjvm.so+0x921dd0], sa_mask[0]=11111111011111111101111111111110, sa_flags=SA_RESTART|SA_SIGINFO
SIGUSR1: SIG_DFL, sa_mask[0]=00000000000000000000000000000000, sa_flags=none
SIGUSR2: [libjvm.so+0x923610], sa_mask[0]=00000000000000000000000000000000, sa_flags=SA_RESTART|SA_SIGINFO
SIGHUP: [libjvm.so+0x924a10], sa_mask[0]=11111111011111111101111111111110, sa_flags=SA_RESTART|SA_SIGINFO
SIGINT: [libjvm.so+0x924a10], sa_mask[0]=11111111011111111101111111111110, sa_flags=SA_RESTART|SA_SIGINFO
SIGTERM: [libjvm.so+0x924a10], sa_mask[0]=11111111011111111101111111111110, sa_flags=SA_RESTART|SA_SIGINFO
SIGQUIT: [libjvm.so+0x924a10], sa_mask[0]=11111111011111111101111111111110, sa_flags=SA_RESTART|SA_SIGINFO
--------------- S Y S T E M ---------------
OS:DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=15.04
DISTRIB_CODENAME=vivid
DISTRIB_DESCRIPTION="Ubuntu 15.04"
uname:Linux 3.19.0-15-generic #15-Ubuntu SMP Thu Apr 16 23:32:37 UTC 2015 x86_64
libc:glibc 2.21 NPTL 2.21
rlimit: STACK 8192k, CORE infinity, NPROC 63623, NOFILE 4096, AS infinity
load average:0.03 0.02 0.01
/proc/meminfo:
MemTotal: 16309956 kB
MemFree: 15109528 kB
MemAvailable: 15483060 kB
Buffers: 46988 kB
Cached: 560932 kB
SwapCached: 0 kB
Active: 674384 kB
Inactive: 371460 kB
Active(anon): 452788 kB
Inactive(anon): 66184 kB
Active(file): 221596 kB
Inactive(file): 305276 kB
Unevictable: 0 kB
Mlocked: 0 kB
SwapTotal: 10740732 kB
SwapFree: 10740732 kB
Dirty: 36 kB
Writeback: 0 kB
AnonPages: 438016 kB
Mapped: 208248 kB
Shmem: 81056 kB
Slab: 61404 kB
SReclaimable: 31172 kB
SUnreclaim: 30232 kB
KernelStack: 6960 kB
PageTables: 22504 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 18895708 kB
Committed_AS: 2779928 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 387904 kB
VmallocChunk: 34359341328 kB
HardwareCorrupted: 0 kB
AnonHugePages: 79872 kB
CmaTotal: 0 kB
CmaFree: 0 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
DirectMap4k: 91600 kB
DirectMap2M: 16564224 kB
CPU:total 8 (initial active 8) (4 cores per cpu, 2 threads per core) family 6 model 42 stepping 7, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3, sse4.1, sse4.2, popcnt, avx, aes, clmul, ht, tsc, tscinvbit
/proc/cpuinfo:
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 42
model name : Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
stepping : 7
microcode : 0x29
cpu MHz : 3499.609
cache size : 8192 KB
physical id : 0
siblings : 8
core id : 0
cpu cores : 4
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt
bugs :
bogomips : 6784.27
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:
processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 42
model name : Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
stepping : 7
microcode : 0x29
cpu MHz : 3551.539
cache size : 8192 KB
physical id : 0
siblings : 8
core id : 1
cpu cores : 4
apicid : 2
initial apicid : 2
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt
bugs :
bogomips : 6784.27
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:
processor : 2
vendor_id : GenuineIntel
cpu family : 6
model : 42
model name : Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
stepping : 7
microcode : 0x29
cpu MHz : 3534.406
cache size : 8192 KB
physical id : 0
siblings : 8
core id : 2
cpu cores : 4
apicid : 4
initial apicid : 4
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt
bugs :
bogomips : 6784.27
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:
processor : 3
vendor_id : GenuineIntel
cpu family : 6
model : 42
model name : Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
stepping : 7
microcode : 0x29
cpu MHz : 3524.843
cache size : 8192 KB
physical id : 0
siblings : 8
core id : 3
cpu cores : 4
apicid : 6
initial apicid : 6
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt
bugs :
bogomips : 6784.27
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:
processor : 4
vendor_id : GenuineIntel
cpu family : 6
model : 42
model name : Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
stepping : 7
microcode : 0x29
cpu MHz : 3534.140
cache size : 8192 KB
physical id : 0
siblings : 8
core id : 0
cpu cores : 4
apicid : 1
initial apicid : 1
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt
bugs :
bogomips : 6784.27
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:
processor : 5
vendor_id : GenuineIntel
cpu family : 6
model : 42
model name : Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
stepping : 7
microcode : 0x29
cpu MHz : 3528.695
cache size : 8192 KB
physical id : 0
siblings : 8
core id : 1
cpu cores : 4
apicid : 3
initial apicid : 3
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt
bugs :
bogomips : 6784.27
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:
processor : 6
vendor_id : GenuineIntel
cpu family : 6
model : 42
model name : Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
stepping : 7
microcode : 0x29
cpu MHz : 1601.320
cache size : 8192 KB
physical id : 0
siblings : 8
core id : 2
cpu cores : 4
apicid : 5
initial apicid : 5
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt
bugs :
bogomips : 6784.27
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:
processor : 7
vendor_id : GenuineIntel
cpu family : 6
model : 42
model name : Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
stepping : 7
microcode : 0x29
cpu MHz : 3577.039
cache size : 8192 KB
physical id : 0
siblings : 8
core id : 3
cpu cores : 4
apicid : 7
initial apicid : 7
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt
bugs :
bogomips : 6784.27
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:
Memory: 4k page, physical 16309956k(15109528k free), swap 10740732k(10740732k free)
vm_info: Java HotSpot(TM) 64-Bit Server VM (25.131-b11) for linux-amd64 JRE (1.8.0_131-b11), built on Mar 15 2017 01:23:40 by "java_re" with gcc 4.3.0 20080428 (Red Hat 4.3.0-8)
Tainting Arrays using reflection
Hi Jon,
Thanks for your help with my previous issue, I have encountered another problem and would really appreciate your help again. This time I am having trouble tainting elements of an array, which is an instance variable, using reflection. I have made a pull request for the same.
java.lang.BootstrapMethodError under -controlTrack
Hello,
I was trying to run the following program with the flag -controlTrack enabled.
public class Test {
public static void main(String[] args) throws IOException, ClassNotFoundException {
File f = new File("/home/bhchen/Desktop/msg");
if (f.exists()) { f.delete(); }
ObjectOutputStream oot = new ObjectOutputStream(new FileOutputStream("/home/bhchen/Desktop/msg"));
oot.writeInt(11);
oot.close();
ObjectInputStream ois = new ObjectInputStream(new FileInputStream("/home/bhchen/Desktop/msg"));
int obj = ois.readInt();
System.out.println(obj);
ois.close();
}
}Phosphor (the current head) threw the following exception.
Exception in thread "main" java.lang.BootstrapMethodError: call site initialization exception
at java.lang.Throwable.fillInStackTrace$$PHOSPHORTAGGED(Throwable.java)
at java.lang.Throwable.fillInStackTrace$$PHOSPHORTAGGED(Throwable.java:783)
at java.lang.Throwable.<init>(Throwable.java:287)
at java.lang.Error.<init>(Error.java:88)
at java.lang.LinkageError.<init>(LinkageError.java:67)
at java.lang.BootstrapMethodError.<init>(BootstrapMethodError.java:66)
at java.lang.invoke.CallSite.makeSite$$PHOSPHORTAGGED(CallSite.java:341)
at java.lang.invoke.MethodHandleNatives.linkCallSiteImpl$$PHOSPHORTAGGED(MethodHandleNatives.java:307)
at java.lang.invoke.MethodHandleNatives.linkCallSite$$PHOSPHORTAGGED(MethodHandleNatives.java:297)
at java.lang.invoke.MethodHandleNatives.linkCallSite(MethodHandleNatives.java)
at java.io.ObjectInputStream.<clinit>(ObjectInputStream.java:3578)
at chronicle.test.Test.main$$PHOSPHORTAGGED(Test.java:50)
at chronicle.test.Test.main(Test.java)
Caused by: java.lang.invoke.LambdaConversionException: Type mismatch in captured lambda parameter 0: expecting class edu.columbia.cs.psl.phosphor.struct.ControlTaintTagStack, found class java.io.ObjectInputStream
at java.lang.Throwable.fillInStackTrace$$PHOSPHORTAGGED(Throwable.java)
at java.lang.Throwable.fillInStackTrace$$PHOSPHORTAGGED(Throwable.java:783)
at java.lang.Throwable.<init>(Throwable.java:265)
at java.lang.Exception.<init>(Exception.java:66)
at java.lang.invoke.LambdaConversionException.<init>(LambdaConversionException.java:45)
at java.lang.invoke.AbstractValidatingLambdaMetafactory.validateMetafactoryArgs$$PHOSPHORTAGGED(AbstractValidatingLambdaMetafactory.java:256)
at java.lang.invoke.LambdaMetafactory.metafactory$$PHOSPHORTAGGED(LambdaMetafactory.java:303)
at java.lang.invoke.LambdaMetafactory.metafactory(LambdaMetafactory.java)
at java.lang.invoke.CallSite.makeSite$$PHOSPHORTAGGED(CallSite.java:302)
... 6 moreHowever, if the flag -controlTrack was disabled, Phosphor worked well.
I found a similar issue https://github.com/Programming-Systems-Lab/phosphor/issues/3, but it failed in my case. It seems this results from the MultiTaint mode as MultiTaint mode is enabled automatically under controlTrack. Please help to have a look.
Thanks,
Bihuan
Array Length Taint
Hi Jon
I have couple of questions :
- I created an instrumented JRE with the following options -serialization -multiTaint -forceUnboxAcmpEq -withEnumsByValue -withArrayLengthTags -withArrayIndexTags. But I am unable to taint length of an array as shown in the example below
public static void main(String[] args) throws Exception {
int tainted_length = MultiTainter.taintedInt(3, "length_tainted");
int[] array = new int[tainted_length];
System.out.println(MultiTainter.getTaint(array.length)); // prints null
}- Could you please give more information about these options -withoutFieldHiding and -withSelectiveInst with the help of examples
Taint tracking with objects
Hi,
I have a simple code that gets the integer and prints it.
public static int getData() {
return 111;
}
public static void outputData() {
int record = getData();
String line = Integer.toString(record);
// not tracked by Phosphor
System.out.println(line);
// tracked by Phosphor
System.out.println(record);
}
I specify getData()I method as a source and these methods as sinks:
java/io/PrintStream.println(D)V
java/io/PrintStream.println(F)V
java/io/PrintStream.println(J)V
java/io/PrintStream.println(Ljava/lang/Object;)V
java/io/PrintStream.println(Ljava/lang/String;)V
java/io/PrintStream.println([C)V
java/io/PrintStream.println()V
java/io/PrintStream.println(Z)V
java/io/PrintStream.println(C)V
java/io/PrintStream.println(I)V
Phosphor throws illegal exception when I try to print received integer as it is. However, when I convert the received integer to string and print it, Phosphor does nothing. I'm using obj instrumented jre with -multiTaint flag. I instrument the code with -multiTaint flag as well.
Problem with tomcat 9.0.17 startup
Hi,
I try to run instrumented tomcat 9.0.17, but it isn't work:
java.lang.IllegalArgumentException: argument type mismatch
at java.lang.Throwable.fillInStackTrace$$PHOSPHORTAGGED(Throwable.java)
at java.lang.Throwable.fillInStackTrace$$PHOSPHORTAGGED(Throwable.java:783)
at java.lang.Throwable.<init>(Throwable.java:265)
at java.lang.Exception.<init>(Exception.java:66)
at java.lang.RuntimeException.<init>(RuntimeException.java:62)
at java.lang.IllegalArgumentException.<init>(IllegalArgumentException.java:52)
at java.lang.IllegalArgumentException.<init>(IllegalArgumentException.java)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke0$$PHOSPHORTAGGED(NativeMethodAccessorImpl.java)
at sun.reflect.NativeMethodAccessorImpl.invoke$$PHOSPHORTAGGED(NativeMethodAccessorImpl.java:62)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java)
at sun.reflect.DelegatingMethodAccessorImpl.invoke$$PHOSPHORTAGGED(DelegatingMethodAccessorImpl.java:43)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java)
at java.lang.reflect.Method.invoke$$PHOSPHORTAGGED(Method.java:498)
at org.apache.catalina.startup.Bootstrap.setAwait$$PHOSPHORTAGGED(Bootstrap.java:422)
at org.apache.catalina.startup.Bootstrap.main$$PHOSPHORTAGGED(Bootstrap.java:490)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java)
Phosphor was launched with "-controlTrack" argument.
Do you have any idea what happened?
Thank you!
problem during "mvn verify"
Based on the README, you use jdk 1.7.0_45. I install this version:
$ mvn -version
Apache Maven 3.3.9
Maven home: /usr/share/maven
Java version: 1.7.0_45, vendor: Oracle Corporation
Java home: /opt/jdk1.7.0_45/jre
...
Then I clone this repo and execute "mvn verify" recommended by README. I encounter the following error:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:testCompile (default-testCompile) on project Phosphor: Fatal error compiling: invalid target release: 1.8 -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
More error logs refer to Full Log.
java.lang.NoSuchMethodError when instrumenting with obj tag instrumented JRE
Hi
When running my instrumented app with obj tag instrumented JRE I get the following error:
Exception in thread "main" java.lang.NoSuchMethodError:
java.lang.Integer.toString$$PHOSPHORTAGGED(II)Ljava/lang/String;
at BoxClient.outputData(BoxClient.java:22)
at BoxClient.main(BoxClient.java:53)
On the other hand if I use int tag instrumented JRE, instrumentation goes fine. But I need the obj tag one since I operate with objects in my app.
This error has been mentioned here but that was for instrumentation with API and I'm using automatic one.
I instrument my JRE (oracle 8) using these commands
java -Xmx6g -jar target/Phosphor-0.0.2-SNAPSHOT.jar -multiTaint -forceUnboxAcmpEq -withEnumsByValue $JAVA_HOME target/jre-inst-obj
chmod +x target/jre-inst-obj/bin/*
It finishes successfully without any errors.
The app I'm trying to run has the following code
import java.io.*;
public class BoxClient {
public static int getData() {
int record = 111;
return record;
}
public static void outputData() {
int record = getData();
String line = Integer.toString(record);
System.out.println(line);
//System.out.println(record);
try {
// create a new OutputStreamWriter
OutputStream os = new FileOutputStream("output.txt");
DataOutputStream dos = new DataOutputStream(os);
OutputStreamWriter writer = new OutputStreamWriter(os);
String recordText = record + "\n";
for(int index=0; index<recordText.length(); index++)
writer.write(recordText.charAt(index));
// flush the stream
writer.flush();
writer.close();
} catch (Exception ex) {
ex.printStackTrace();
}
}
public static void main(String args[]) {
try {
outputData();
} catch (Exception e) {
e.printStackTrace();
}
}
}
I'd really appreciate any advise or comment on this matter. Thanks
Serialization problem
If I use a serialization lib, such as xstream, to clone an array, I will have the following exception:
java.lang.NullPointerException at edu.columbia.cs.psl.phosphor.runtime.ArrayReflectionMasker.getInt$$PHOSPHORTAGGED(ArrayReflectionMasker.java:717) ~[?:?] at edu.columbia.cs.psl.phosphor.runtime.ArrayReflectionMasker.get$$PHOSPHORTAGGED(ArrayReflectionMasker.java:480) ~[?:?] at com.thoughtworks.xstream.converters.collections.ArrayConverter.marshal(ArrayConverter.java:44)
You can find my test file in the txt file (sorry, .java is not accepted). The error is from xstream.toXML.
SerializationTest.txt
Thanks.
Error "java.lang.IllegalArgumentException:" when in selective instrument mode
Hello,
When I am using selective instrument mode in one of my sample program, it shows error:
java.lang.IllegalArgumentException: Got Ledu/columbia/cs/psl/phosphor/struct/LazyCharArrayIntTags; but have {V=0, Ledu/columbia/cs/psl/phosphor/struct/TaintedIntWithIntTag;=1}
My program is as follow:
String a = "Hello";
a.toCharArray();
I find out that when the return type is array then this error will show up. I am wondering if there are any way to resolve this?
Thanks a lot!
Get array element by reflection
Now I confront an exception when I try to get an element from an array by reflection (idx can be any index for the array):
arr = MultiTainter.taintedIntArray(arr, "arrLabel")
Object o = (Object) arr
int val = Array.getInt(o, idx)
The error message is "Exception in thread "main" java.lang.ClassCastException: edu.columbia.cs.psl.phosphor.runtime.LazyArrayObjTags cannot be cast to edu.columbia.cs.psl.phosphor.runtime.Taint"
Did I do something wrong here? I am on the lazy-array branch. Thanks.
control flow tracking
Hi,
I ran Phosphor with controlTrack enabled on the following example, which outputed Taint [lbl=null deps = [z ]].
public class Test {
public static int test(int x, int y, int z) {
x = MultiTainter.taintedInt(x, "x");
y = MultiTainter.taintedInt(y, "y");
z = MultiTainter.taintedInt(z, "z");
int result = 0;
if (x > 0 || y > 0) {
result += 1; // result gets x's tag?
if (z > 0) {
result += 2; // result gets z's tag?
} else {
result += 4;
}
} else {
result += 8;
}
System.out.println(MultiTainter.getTaint(result));
return result;
}
public static void main(String[] args) {
test(1, 1, 1);
}
}From my understanding, result should get both x and z's tags.
Am I missing something here?
Thanks,
Bihuan
String concatenation wrapper method
Hi Jon,
Similarly to the previous issue #26 there is one more wrapper method Phosphor doesn't seem to track.
The taint tag is discarded when the tainted variable is concatenated to the string, i.e.
String str = tainted_int + "\n";
In this case if tainted_int variable would initially have a taint, an empty string str concatenated with the value of this variable would not have any taint and can be further used to reveal private data.
I'm sorry for reporting so many issues lately, but I'm using Phosphor for the project I'm working on as part of my PhD and it seems to be a perfect candidate for what I need. So now I just want to make sure it covers most of the possible ways of revealing user private data.
"Method code too large" when using controlTrack option to instrument JDK/DaCapo
Running Ubuntu 18.04 with OpenJDK 8 installed via apt (Runtime Environment: 1.8.0_181-8u181-b13-0Ubuntu0.18.04.1-b13).
Phosphor built via mvn package from commit 8d396ef (i.e. master branch of Programming-Systems-Lab/phosphor).
I believe the only change from that commit was modifying the taint-sources and taint-sinks files to use the lines which are currently commented (i.e. the sources and sinks in the standard java library) and updating the instrumentJRE.sh script to use the aforementioned files.
Running the instrumentJRE.sh script results in the "Method code too large" exception while generating target\jre-inst-implicit and processing class sun.security.tools.keytool.Main.
I understand what the exception means and why it's happening but do you have any solution for it? Perhaps some way of automatically splitting up methods that are too large after instrumentation?
This same issue is even more prevalent when continuing on to instrument the DaCapo benchmarks.
Is there any way to successfully instrumented the DaCapo benchmarks with the controlTrack flag?
Problem with deep and complex loops
Hello,
I was running Phosphor with controlTrack enabled on a benchmark program from the testing community (see below).
public class Fisher
{
public double exe(int m, int n, double x)
{
m = MultiTainter.taintedInt(m, 1);
n = MultiTainter.taintedInt(n, 2);
x = MultiTainter.taintedDouble(x, 4);
int a, b, i, j;
double w, y, z, zk, d, p;
a = 2*(m/2)-m+2;
b = 2*(n/2)-n+2;
w = (x*m)/n;
z = 1.0/(1.0+w);
if(a == 1)
{
if(b == 1)
{
p = Math.sqrt(w);
y = 0.3183098862;
d = y*z/p;
p = 2.0*y*Math.atan(p);
}
else
{
p = Math.sqrt(w*z);
d = 0.5*p*z/w;
}
} else {
if(b == 1)
{
p = Math.sqrt(z);
d = 0.5*z*p;
p = 1.0-p;
}
else
{
d = z*z;
p = w*z;
}
}
y = 2.0*w/z;
if(a == 1) {
for(j = b+2; j <= n; j += 2)
{
d *= (1.0+1.0/(j-2))*z;
p += d*y/(j-1);
}
} else
{
zk = Math.pow(z, (double)((n-1)/2));
d *= (zk*n)/b;
p = p*zk+w*z*(zk-1.0)/(z-1.0);
}
y = w*z;
z = 2.0/z;
b = n-2;
for(i = a+2; i <= m; i += 2)
{
j = i+b;
d *= (y*j)/(i-2);
p -= z*d/j;
}
if(p<0.0) {
return 0.0;
} else {
if(p>1.0) {
return 1.0;
} else {
return p;
}
}
}
public static void main(String[] args) {
new Fisher().exe(12266810, -484622, -5.0891305927853115E7);
}
}However, Phosphor ran for about 10 minutes and threw an OutOfMemoryError.
Exception in thread "main"
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread "main"It seems Phosphor was stuck at the second loop, which is deep and has complex computation. Is this behavior expected?
Tainting Boolean Array Using Reflection
Hi Jon,
While tainting a boolean array using reflection, an exception is thrown. Please look at the following code. The code works with un-instrumented JRE.
public static void main(String[] args) {
boolean[] b = {false};
if (b.getClass().isArray()) {
for (int i = 0; i < Array.getLength(b); i++) {
System.out.println(Array.get(b, i));
}
}
}
Exception in thread "main" java.lang.ArrayStoreException: Called getX, but don't have tainted X array!
at edu.columbia.cs.psl.phosphor.runtime.ArrayReflectionMasker.getBoolean$$PHOSPHORTAGGED(ArrayReflectionMasker.java:633)
at edu.columbia.cs.psl.phosphor.runtime.ArrayReflectionMasker.get$$PHOSPHORTAGGED(ArrayReflectionMasker.java:429)
at BooleanArray.main(BooleanArray.java:9)No taint is returned when calling equals on tainted string
Hello Professor,
I am not getting a taint in the following scenario:
String name = "Miguel"
if(TAINT) {
name = "Velez";
}
sink(name.equals("Miguel")); // Should return taint
Do you know why I am getting no taint at the sink?
Thanks.
The taint of Integer and int
In the following case, I assume that the taint for both Integer and int should be the same (idx can be any index in the list):
MultiTainter.taintedObject(list.get(idx), "collection");
int toAdd = MultiTainter.taintedInt(18, "int");
list.add(toAdd);
Integer obj = list.get(list.size() - 1);
int value = list.get(list.size() - 1);
Taint objTaint = MultiTainter.getTaint(obj);
Taint valTaint = MultiTainter.getTaint(value);
assertEquals(objTaint.lbl, valTaint.lbl);
assertEquals(objTaint.getDependencies(), valTaint.getDependencies());
Now objTaint is empty. Did I do something wrong? I am on the lazy-array branch.
Thanks.
The problem of "Can not do superclass..."
Hello,
I have a question about Phosphor.
My scenario is that I want to taint all methods' output in all classes by using Phosphor and ASM. Your tool works perfectly with my sample projects. However, when I try to work with a version of joda-time (extracted from Defects4J), I've found that there are some ClassNotFoundException issues. These issues occur when edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassWriter.getCommonSuperClass tries to get the common super class of 2 classes, but getClass (in edu.columbia.cs.psl.phosphor.PreMain$PCLoggingTransformer$HackyClassWriter) can not find at least one of them. A example: Can not do superclass for org/joda/time/DateTimeZone and org/joda/time/tz/FixedDateTimeZone
So, is that a bug? If so, is there any solution for that?
Incorrect leaks after loops with control tracking
Hello Professor,
I found that some sources are incorrectly being leaked into sinks after loops that are tainted by sources are executed. Here is a MWE:
public class Loops {
public static void main(String[] args) {
counterLoop();
}
private static void sink(boolean a) { }
private static void counterLoop() {
boolean A = Sources.A_0(true);
boolean x = false;
int i = 2;
sink(A); // Taint "A" is caught and the control stack is empty. Correct behavior.
if(A) {
i = 4;
}
while(i != 0) {
i--;
}
sink(x); // No taint is caught. However, the control stack's taint is "A" and it's previous taints are not empty. This behavior is incorrect.
if(x) {
System.out.println();
}
}
}
I modified the taint violation logic to instead print the taint and contents of the control stack. Here is the result of running the analysis
Taint: [A]
Control taint: null
Control prev: []
Taint: null
Control taint: [A] ---> The control stack should be empty
Control prev: [[A],[A],[A],[A],null,] ---> The control stack should be empty
I looked at the decompiled phosphor code and I believe the issue occurs due to how loops and the logic that follows them are instrumented. I see that everything is wrapped around a while(true) statement and the original condition is evaluated in an if statement. When that condition evaluates to false, the code following the original loop gets executed. However, nothing is popped from the control stack, which is why the incorrect leak is caught.
Have your seen this behavior before?
Thanks.
Object Tainting
Hi Jon
I am using Phosphor's dynamic taint analysis to find out whether loop variables in a java source code are tainted by user defined sources. As per my understanding, if an object is marked as tainted by the method, MultiTainter.TaintedObject(), does not taint the fields of the object. Is there a way to change this behavior to mark the object as well as all the fields (private and public) contained inside the object.
Thanks
Ajay D Chhokra
PS: I was able to taint the Non primitive type fields by reflection but not able to achieve the same for primitive types.
Concatenate string with int
If I concatenate a string, say "abc", with an int, say 98, what should be the taint of its concatenation "abc98"? Seem to be a tricky case. Currently, each char in "abc98" inherits the taint from int 98. Is it possible to make "abc" in "abc98" having the taint from "abc" string and "98" in "abc98" having the taint from 98? I attach my test case for your reference:
StringIntTest.txt
Thanks.
Constructor as a sink method
Hello!
I'm trying to track the transfer of tainted data to the constructor, but it does not work. For example:
package com.mycompany.app;
import java.io.File;
public class App {
public App() {}
public static void main(String[] args) {
App a = new App();
String z = a.source();
// ok
//a.sink(z);
// doesn't work
File file = new File(z);
}
public String source() {
return "test";
}
public void sink(String arg) {
}
}
source.txt:
com/mycompany/app/App.source()Ljava/lang/String;
sink.txt:
com/mycompany/app/App.sink(Ljava/lang/String;)V
java/io/File.<init>(Ljava/lang/String;)V
JAVA was instrumented with controlTrack argument:
java -jar Phosphor-0.0.4-SNAPSHOT.jar -controlTrack $JAVA_HOME java_inst
Thank you!
Incorrect tainting when using Integer objects
Hello Professor,
I believe that the results of running phosphor with control tracking on the following program are incorrect:
public class Run {
public static boolean MINALPHA;
public static boolean TIMEOUT;
public static void main(String[] args) {
MINALPHA = MultiTainter.taintedBoolean(true, "MINALPHA");
TIMEOUT = MultiTainter.taintedBoolean(true, "TIMEOUT");
Integer minAlpha;
Integer timeout;
if (MINALPHA) {
minAlpha = 1;
} else {
minAlpha = 50;
}
if (TIMEOUT) {
timeout = 0;
} else {
timeout = 1_000_000;
}
foo(timeout, minAlpha);
Taint taint = MultiTainter.getTaint(MINALPHA);
System.out.println("MINALPHA: " + taint);
taint = MultiTainter.getTaint(TIMEOUT);
System.out.println("TIMEOUT: " + taint);
taint = MultiTainter.getTaint(minAlpha);
System.out.println("minalpha: " + taint);
taint = MultiTainter.getTaint(timeout);
System.out.println("timeout: " + taint);
}
private static void foo(long timeout, int minAlpha) {
List<Integer> list = new ArrayList<>();
if (timeout > -1 && 5 > minAlpha) {
list.add(1);
}
}
}
Here is the out with the latest phosphor code at this time: 7c2d398
MINALPHA: Taint [lbl=MINALPHA deps = []]
TIMEOUT: Taint [lbl=TIMEOUT deps = []]
minalpha: Taint [lbl=null deps = [[4] MINALPHA
[15] TIMEOUT
]]
timeout: Taint [lbl=null deps = [[15] TIMEOUT
]]
As you can see, the variable mainAlpha gets tainted by TIMEOUT. However, I believe that is incorrect. Some weird behavior that I noticed is that if the then branch does not add anything to a collection, then the result is correct (e.g., print something). I also tried changing the order of the predicate (i.e., first minAlpha and then timeout), but I got the same result as above.
I did figure out how to obtain the correct taints. By changing Integer minAlpha to int minAlpha at the beginning of the program the correct taints are returned. My guess is that Integer.valueOf() is somehow tainting minAlpha. However, that does not explain why minAlpha gets tainted only when adding something to a collection nor how I obtained the same incorrect results even when I change the order of the variables in the predicate.
Could you please help me understand what is happening and if there is a bug in the tracking?
Thanks
Error Processing Annotations With Parameters
If one creates an annotation with the following definition and uses it you get an ArrayAccessException. If the annotation is not present in the class file this error goes away (i.e., a different retention policy).
@Retention(RUNTIME)
@Target({ TYPE, FIELD, METHOD, PARAMETER, CONSTRUCTOR, LOCAL_VARIABLE, ANNOTATION_TYPE, PACKAGE, TYPE_PARAMETER,
TYPE_USE })
public @interface MyAnnotation {
String[] value();
}java.lang.ArrayStoreException
at java.lang.Throwable.fillInStackTrace$$PHOSPHORTAGGED(Throwable.java)
at java.lang.Throwable.fillInStackTrace$$PHOSPHORTAGGED(Throwable.java:783)
at java.lang.Throwable.<init>(Throwable.java:250)
at java.lang.Exception.<init>(Exception.java:54)
at java.lang.RuntimeException.<init>(RuntimeException.java:51)
at java.lang.ArrayStoreException.<init>(ArrayStoreException.java:48)
at java.lang.ArrayStoreException.<init>(ArrayStoreException.java)
at java.lang.System.arraycopy(Native Method)
at edu.columbia.cs.psl.phosphor.TaintUtils.arraycopy(TaintUtils.java:526)
at java.util.ArrayList.toArray$$PHOSPHORTAGGED(ArrayList.java:408)
at java.util.ArrayList.toArray(ArrayList.java)
at edu.columbia.cs.psl.phosphor.instrumenter.TaintTrackingClassVisitor.visitAnnotations(TaintTrackingClassVisitor.java:1367)
at edu.columbia.cs.psl.phosphor.instrumenter.TaintTrackingClassVisitor.visitEnd(TaintTrackingClassVisitor.java:879)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassVisitor.visitEnd(Unknown Source)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.commons.SerialVersionUIDAdder.visitEnd(Unknown Source)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassReader.accept(Unknown Source)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassReader.accept(Unknown Source)
at edu.columbia.cs.psl.phosphor.PreMain$PCLoggingTransformer._transform(PreMain.java:310)
at edu.columbia.cs.psl.phosphor.PreMain$PCLoggingTransformer.transform(PreMain.java:162)
at edu.columbia.cs.psl.phosphor.PreMain$PCLoggingTransformer.transform$$PHOSPHORTAGGED(PreMain.java:138)
at sun.instrument.TransformerManager.transform$$PHOSPHORTAGGED(TransformerManager.java:188)
at sun.instrument.InstrumentationImpl.transform$$PHOSPHORTAGGED(InstrumentationImpl.java:428)
at sun.instrument.InstrumentationImpl.transform(InstrumentationImpl.java)
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass1$$PHOSPHORTAGGED(ClassLoader.java)
at java.lang.ClassLoader.defineClass$$PHOSPHORTAGGED(ClassLoader.java:760)
at java.security.SecureClassLoader.defineClass$$PHOSPHORTAGGED(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass$$PHOSPHORTAGGED(URLClassLoader.java:467)
at java.net.URLClassLoader.access$100$$PHOSPHORTAGGED(URLClassLoader.java:73)
at java.net.URLClassLoader$1.run$$PHOSPHORTAGGED(URLClassLoader.java:368)
at java.net.URLClassLoader$1.run$$PHOSPHORTAGGED(URLClassLoader.java:362)
at java.net.URLClassLoader$1.run(URLClassLoader.java)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivileged$$PHOSPHORTAGGED(AccessController.java)
at java.net.URLClassLoader.findClass$$PHOSPHORTAGGED(URLClassLoader.java:361)
at java.lang.ClassLoader.loadClass$$PHOSPHORTAGGED(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass$$PHOSPHORTAGGED(Launcher.java:331)
at java.lang.ClassLoader.loadClass$$PHOSPHORTAGGED(ClassLoader.java:357)
at sun.launcher.LauncherHelper.checkAndLoadMain$$PHOSPHORTAGGED(LauncherHelper.java:495)
at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java)
java.lang.ArrayStoreException
at java.lang.Throwable.fillInStackTrace$$PHOSPHORTAGGED(Throwable.java)
at java.lang.Throwable.fillInStackTrace$$PHOSPHORTAGGED(Throwable.java:783)
at java.lang.Throwable.<init>(Throwable.java:250)
at java.lang.Exception.<init>(Exception.java:54)
at java.lang.RuntimeException.<init>(RuntimeException.java:51)
at java.lang.ArrayStoreException.<init>(ArrayStoreException.java:48)
at java.lang.ArrayStoreException.<init>(ArrayStoreException.java)
at java.lang.System.arraycopy(Native Method)
at edu.columbia.cs.psl.phosphor.TaintUtils.arraycopy(TaintUtils.java:526)
at java.util.ArrayList.toArray$$PHOSPHORTAGGED(ArrayList.java:408)
at java.util.ArrayList.toArray(ArrayList.java)
at edu.columbia.cs.psl.phosphor.instrumenter.TaintTrackingClassVisitor.visitAnnotations(TaintTrackingClassVisitor.java:1367)
at edu.columbia.cs.psl.phosphor.instrumenter.TaintTrackingClassVisitor.visitEnd(TaintTrackingClassVisitor.java:879)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassVisitor.visitEnd(Unknown Source)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.commons.SerialVersionUIDAdder.visitEnd(Unknown Source)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassReader.accept(Unknown Source)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassReader.accept(Unknown Source)
at edu.columbia.cs.psl.phosphor.PreMain$PCLoggingTransformer._transform(PreMain.java:310)
at edu.columbia.cs.psl.phosphor.PreMain$PCLoggingTransformer.transform(PreMain.java:162)
at edu.columbia.cs.psl.phosphor.PreMain$PCLoggingTransformer.transform$$PHOSPHORTAGGED(PreMain.java:138)
at sun.instrument.TransformerManager.transform$$PHOSPHORTAGGED(TransformerManager.java:188)
at sun.instrument.InstrumentationImpl.transform$$PHOSPHORTAGGED(InstrumentationImpl.java:428)
at sun.instrument.InstrumentationImpl.transform(InstrumentationImpl.java)
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass1$$PHOSPHORTAGGED(ClassLoader.java)
at java.lang.ClassLoader.defineClass$$PHOSPHORTAGGED(ClassLoader.java:760)
at java.security.SecureClassLoader.defineClass$$PHOSPHORTAGGED(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass$$PHOSPHORTAGGED(URLClassLoader.java:467)
at java.net.URLClassLoader.access$100$$PHOSPHORTAGGED(URLClassLoader.java:73)
at java.net.URLClassLoader$1.run$$PHOSPHORTAGGED(URLClassLoader.java:368)
at java.net.URLClassLoader$1.run$$PHOSPHORTAGGED(URLClassLoader.java:362)
at java.net.URLClassLoader$1.run(URLClassLoader.java)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivileged$$PHOSPHORTAGGED(AccessController.java)
at java.net.URLClassLoader.findClass$$PHOSPHORTAGGED(URLClassLoader.java:361)
at java.lang.ClassLoader.loadClass$$PHOSPHORTAGGED(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass$$PHOSPHORTAGGED(Launcher.java:331)
at java.lang.ClassLoader.loadClass$$PHOSPHORTAGGED(ClassLoader.java:357)
at sun.launcher.LauncherHelper.checkAndLoadMain$$PHOSPHORTAGGED(LauncherHelper.java:495)
at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java)
NPE when running DaCapo instrumented with multiTaint
Phosphor built via mvn package from commit 8d396ef (i.e. master branch of Programming-Systems-Lab/phosphor).
Only change from that commit was modifying the taint-sources and taint-sinks files to use the lines which are currently commented (i.e. the sources and sinks in the standard java library) and updating the instrumentJRE.sh and runDacapo.sh scripts to use the aforementioned files.
When the runDacapo.sh script gets to the point of running the benchmarks instrumented using object tags, every benchmark gives the following exception:
Exception in thread "main" java.lang.NullPointerException
at edu.columbia.cs.psl.phosphor.runtime.TaintSourceWrapper.setTaints(TaintSourceWrapper.java:122)
at edu.columbia.cs.psl.phosphor.runtime.TaintSourceWrapper.autoTaint(TaintSourceWrapper.java:128)
at java.io.FileInputStream.read$$PHOSPHORTAGGED(FileInputStream.java)
at sun.misc.Resource.getBytes$$PHOSPHORTAGGED(Resource.java:124)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:462)
at java.net.URLClassLoader.access$100(URLClassLoader.java:73)
at java.net.URLClassLoader$1.run(URLClassLoader.java:368)
at java.net.URLClassLoader$1.run(URLClassLoader.java:362)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:361)
at java.lang.ClassLoader.loadClass$$PHOSPHORTAGGED(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass$$PHOSPHORTAGGED(Launcher.java:349)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at sun.launcher.LauncherHelper.checkAndLoadMain$$PHOSPHORTAGGED(LauncherHelper.java:495)
at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java)
In TaintSourceWrapper.setTaints(LazyArrayObjTags,String), some Taint reference from the LazyArrayObjTags.taints array is null.
If I understand correctly, the null Taint simply means that the
corresponding element from the data array is not tainted meaning this is a normal case that should be handled (maybe by simply replacing the null reference with retTaint?).
String contains fails to produce taint results.
Hi Jon,
I found phosphos can't handle string operations properly. Here is my code:
public static void testString(String x)
{
MultiTainter.taintedObject(x, new Taint("string x"));
boolean a = x.contains("a");
Taint t = MultiTainter.getTaint(a);
if(t != null)
System.out.println("taint for a is " + t.toString());
}
Phosphos fails on getTaint for a.
Environment:
I am using phosphor-0.0.3 on ubuntu 17.04.
Running instrumented code: taint detection
Hi,
I'm testing Phosphor now using a simple java code that reads from the text file (read.txt) and writes its content to the other file (write.txt).
package phosphorTest;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.ArrayList;
public class Phosphor {
public static ArrayList<Character> c = new ArrayList<Character>();
// Reader code
//
public static void readData() throws Exception {
InputStream is = null;
int i;
// char c;
try{
// new input stream created
is = new FileInputStream("read.txt");
System.out.println("Characters printed:");
// reads till the end of the stream
while((i=is.read())!=-1)
{
// converts integer to character
// c=(char)i;
c.add((char) i);
// prints character
System.out.print(c);
// Thread.sleep(1000);
}
}catch(Exception e){
// if any I/O error occurs
e.printStackTrace();
}finally{
// releases system resources associated with this stream
if(is!=null)
is.close();
}
}
// Writer code
//
public static void writeData() throws Exception {
OutputStream os = null;
try {
// create a new OutputStreamWriter
os = new FileOutputStream("write.txt");
//OutputStreamWriter writer = new OutputStreamWriter(os);
for (int i=0; i<c.size(); i++) {
os.write(c.get(i));
// flush the stream
os.flush();
}
}catch(Exception e){
// if any I/O error occurs
e.printStackTrace();
}finally{
// releases system resources associated with this stream
if(os!=null)
os.close();
}
}
public static void main (String[] args){
try {
readData();
writeData();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
I assume that the content of the read.txt file is sensitive and I want to be notified if the app tries to copy it. I assume that this code is written by 3rd party developer and I have no access to its content thus can't use Phosphor API to set and get the taints. I therefore use Phosphor's automatic instrumentation and taint tracking.
Following the instructions in README I start from instrumenting my Java JRE (currently jdk-oracle-8). It works fine. I then instrument the code I wrote specifying the -taintSources and -taintSinks options and it also works fine properly loading the sinks and sources.
Content of taint-sources file:
java/io/InputStream.read()
Content of taint-sinks file:
java/io/OutputStream.write()
Now when I try to run the instrumented code it's executed successfully and I don't see any notification or warning. Seems like I'm missing something. As I understand Phosphor should have detected the write method and either block it or at least throw the exception. I got none.
Can you please provide more information on how to control if untrusted code does use any of the sink methods with the tainted sources?
Thanks
java.lang.BootstrapMethodError: call site initialization exception
Hello,
I was trying to run the following program:
public class Main {
public static void main(String[] args) {
Runnable r = () -> {};
}
}
Phosphor (current HEAD, e96fe8a) threw the following exception on both OpenJDK 1.8.0_65 and Oracle Java 1.8.0_66:
Exception in thread "main" java.lang.BootstrapMethodError: call site initialization exception
at java.lang.invoke.CallSite.makeSite(CallSite.java:341)
at java.lang.invoke.MethodHandleNatives.linkCallSiteImpl(MethodHandleNatives.java:307)
at java.lang.invoke.MethodHandleNatives.linkCallSite(MethodHandleNatives.java:297)
at Main.main(Main.java:3)
Caused by: java.lang.AbstractMethodError: java.lang.invoke.BoundMethodHandle.fieldCount$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/struct/TaintedIntWithObjTag;)Ledu/columbia/cs/psl/phosphor/struct/TaintedIntWithObjTag;
at java.lang.invoke.BoundMethodHandle.tooComplex$$PHOSPHORTAGGED(BoundMethodHandle.java:125)
at java.lang.invoke.BoundMethodHandle.rebind(BoundMethodHandle.java:118)
at java.lang.invoke.MethodHandleImpl.makePairwiseConvertByEditor$$PHOSPHORTAGGED(MethodHandleImpl.java:232)
at java.lang.invoke.MethodHandleImpl.makePairwiseConvert$$PHOSPHORTAGGED(MethodHandleImpl.java:194)
at java.lang.invoke.MethodHandleImpl.makePairwiseConvert$$PHOSPHORTAGGED(MethodHandleImpl.java:380)
at java.lang.invoke.MethodHandle.asTypeUncached(MethodHandle.java:776)
at java.lang.invoke.MethodHandle.asType(MethodHandle.java:761)
at java.lang.invoke.Invokers.checkGenericType(Invokers.java:321)
at java.lang.invoke.CallSite.makeSite(CallSite.java:302)
... 3 more
Could you please take a look?
Missing Annotations
It appears that phosphor is causing issues with retrieving annotations during reflection.
Small example:
public class ScanningExample {
public static void main(String[] args) {
Method[] mz = MyClass.class.getMethods();
for(Method m : mz){
if(m.isAnnotationPresent(MyAnnotation.class)){
System.out.println("OK!");
}
}
}
}public class MyClass {
@MyAnnotation("test")
public static boolean method()
{
return true;
}
}At times this will result in a stack trace (DuplicateAnnotationError) and other times it will just have a empty set of annotations if one requests the annotations on the method.
Running this on a NON-Phophor JVM results in the above code printing "OK"
Incorrect number of parameters of lambda expressions
Hi,
The test cases are similar to the one in #75 . But I guess it is because of a different bug. So I decided to create a new issue.
import java.util.function.ObjDoubleConsumer;
public class ObjDoubleConsumerTest {
public static void main(String[] args) {
ObjDoubleConsumer<double[]> consumer = (ll, l) -> {
ll[0] += l;
};
consumer.accept(new double[1], 1.0);
}
}import java.util.function.BiConsumer;
public class BiConsumerTest {
public static void main(String[] args) {
BiConsumer<double[], double[]> consumer = (ll, rr) -> {
ll[0] += rr[0];
};
consumer.accept(new double[1], new double[1]);
}
}The output is also a bit different this time.
Exception in thread "main" java.lang.BootstrapMethodError: call site initialization exception
at java.lang.invoke.CallSite.makeSite(CallSite.java:341)
at java.lang.invoke.MethodHandleNatives.linkCallSiteImpl(MethodHandleNatives.java:307)
at java.lang.invoke.MethodHandleNatives.linkCallSite(MethodHandleNatives.java:297)
at ObjDoubleConsumerTest.main(ObjDoubleConsumerTest.java:5)
Caused by: java.lang.invoke.LambdaConversionException: Incorrect number of parameters for static method invokeStatic ObjDoubleConsumerTest.lambda$main$0$$PHOSPHORTAGGED:(LazyDoubleArrayIntTags,double[],int,double)void; 0 captured parameters, 3 functional interface method parameters, 4 implementation parameters
at java.lang.invoke.AbstractValidatingLambdaMetafactory.validateMetafactoryArgs(AbstractValidatingLambdaMetafactory.java:193)
at java.lang.invoke.LambdaMetafactory.metafactory(LambdaMetafactory.java:303)
at java.lang.invoke.CallSite.makeSite(CallSite.java:302)
... 3 more
The instrumented invokedynamic instruction for the first example is shown below.
INVOKEDYNAMIC accept()Ljava/util/function/ObjDoubleConsumer; [
// handle kind 0x6 : INVOKESTATIC
java/lang/invoke/LambdaMetafactory.metafactory(Ljava/lang/invoke/MethodHandles$Lookup;Ljava/lang/String;Ljava/lang/invoke/MethodType;Ljava/lang/invoke/MethodType;Ljava/lang/invoke/MethodHandle;Ljava/lang/invoke/MethodType;)Ljava/lang/invoke/CallSite;
// arguments:
(Ljava/lang/Object;ID)V,
// handle kind 0x6 : INVOKESTATIC
ObjDoubleConsumerTest.lambda$main$0$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/struct/LazyDoubleArrayIntTags;[DID)V,
(Ledu/columbia/cs/psl/phosphor/struct/LazyDoubleArrayIntTags;[DID)V
]
My guess is the first parameter of ObjDoubleConsumer.accept() is erased to java.lang.Object at compile time, while the first parameter of the lambda expression is still double[]. After instrumentation, The latter one is expanded into two parameters. However, the boxing/unboxing between java.lang.Object and arrays don't work here because no conversion actually takes place.
Please have a look at it.
Thanks,
Qiang
lambda expressions bootstrap method error
Hi,
I was trying the following test code but got errors while running the instrumented code or converting it to dalvik bytecode using d8.
import java.util.function.Supplier;
public class SupplierTest {
public static void main(String[] args) {
Supplier<double[]> supplier = () -> new double[3];
System.out.println(supplier.get());
}
}The output of java is pasted below.
$ JAVA_HOME=jre-inst jre-inst/bin/java -Xbootclasspath/a:Phosphor-0.0.4-SNAPSHOT.jar SupplierTest
Exception in thread "main" java.lang.BootstrapMethodError: java.lang.NoSuchMethodError: SupplierTest.lambda$main$0$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/struct/LazyDoubleArrayIntTags;)Ledu/columbia/cs/psl/phosphor/struct/LazyDoubleArrayIntTags;
at SupplierTest.main(SupplierTest.java:5)
Caused by: java.lang.NoSuchMethodError: SupplierTest.lambda$main$0$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/struct/LazyDoubleArrayIntTags;)Ledu/columbia/cs/psl/phosphor/struct/LazyDoubleArrayIntTags;
at java.lang.invoke.MethodHandleNatives.resolve(Native Method)
at java.lang.invoke.MemberName$Factory.resolve$$PHOSPHORTAGGED(MemberName.java:975)
at java.lang.invoke.MemberName$Factory.resolveOrFail$$PHOSPHORTAGGED(MemberName.java:1000)
at java.lang.invoke.MemberName$Factory.resolveOrFail(MemberName.java)
at java.lang.invoke.MethodHandles$Lookup.resolveOrFail(MethodHandles.java:1394)
at java.lang.invoke.MethodHandles$Lookup.linkMethodHandleConstant(MethodHandles.java:1750)
at java.lang.invoke.MethodHandleNatives.linkMethodHandleConstant(MethodHandleNatives.java:477)
... 1 more
The output of d8 is also here.
$ java -jar d8.jar --min-api 28 SupplierTest.class
Compilation failed with an internal error.
com.android.tools.r8.errors.Unreachable: Enforced and erased signatures are inconsistent in CallSite: { Name: get, Proto: Proto L java.util.function.Supplier , MethodHandle: {INVOKE_STATIC, java.lang.invoke.CallSite java.lang.invoke.LambdaMetafactory.metafactory(java.lang.invoke.MethodHandles$Lookup, java.lang.String, java.lang.invoke.MethodType, java.lang.invoke.MethodType, java.lang.invoke.MethodHandle, java.lang.invoke.MethodType)}, Args: Item 21 Proto L java.lang.Object , Item 22 MethodHandle: {INVOKE_STATIC, edu.columbia.cs.psl.phosphor.struct.LazyDoubleArrayIntTags SupplierTest.lambda$main$0$$PHOSPHORTAGGED(edu.columbia.cs.psl.phosphor.struct.LazyDoubleArrayIntTags)}, Item 21 Proto LL edu.columbia.cs.psl.phosphor.struct.LazyDoubleArrayIntTags edu.columbia.cs.psl.phosphor.struct.LazyDoubleArrayIntTags}
at com.android.tools.r8.ir.desugar.LambdaDescriptor.infer(LambdaDescriptor.java:268)
at com.android.tools.r8.ir.desugar.LambdaRewriter.inferLambdaDescriptor(LambdaRewriter.java:221)
at com.android.tools.r8.ir.desugar.LambdaRewriter.desugarLambdas(LambdaRewriter.java:117)
at com.android.tools.r8.ir.conversion.IRConverter.rewriteCode(IRConverter.java:834)
at com.android.tools.r8.ir.conversion.IRConverter.convertMethodToDex(IRConverter.java:450)
at com.android.tools.r8.ir.conversion.IRConverter.lambda$convertMethodsToDex$3(IRConverter.java:438)
at com.android.tools.r8.graph.DexClass.forEachMethod(DexClass.java:134)
at com.android.tools.r8.ir.conversion.IRConverter.convertMethodsToDex(IRConverter.java:436)
at com.android.tools.r8.ir.conversion.IRConverter.lambda$convertClassesToDex$2(IRConverter.java:423)
at java.util.concurrent.ForkJoinTask$AdaptedRunnableAction.exec(ForkJoinTask.java:1386)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157)
I am using OpenJDK 1.8.0_152 and d8 1.3.49.
I looked into the source code of Phosphor and found the third argument of the bootstrap method for the lambda expression causes the problem.
Before instrumentation, the invokedynamic instruction for the lambda expression looks like this:
INVOKEDYNAMIC get()Ljava/util/function/Supplier; [
// handle kind 0x6 : INVOKESTATIC
java/lang/invoke/LambdaMetafactory.metafactory(Ljava/lang/invoke/MethodHandles$Lookup;Ljava/lang/String;Ljava/lang/invoke/MethodType;Ljava/lang/invoke/MethodType;Ljava/lang/invoke/MethodHandle;Ljava/lang/invoke/MethodType;)Ljava/lang/invoke/CallSite;
// arguments:
()Ljava/lang/Object;,
// handle kind 0x6 : INVOKESTATIC
SupplierTest.lambda$main$0()[D,
()[D
]
That instruction is converted as below after instrumentation:
INVOKEDYNAMIC get()Ljava/util/function/Supplier; [
// handle kind 0x6 : INVOKESTATIC
java/lang/invoke/LambdaMetafactory.metafactory(Ljava/lang/invoke/MethodHandles$Lookup;Ljava/lang/String;Ljava/lang/invoke/MethodType;Ljava/lang/invoke/MethodType;Ljava/lang/invoke/MethodHandle;Ljava/lang/invoke/MethodType;)Ljava/lang/invoke/CallSite;
// arguments:
()Ljava/lang/Object;,
// handle kind 0x6 : INVOKESTATIC
SupplierTest.lambda$main$0$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/struct/LazyDoubleArrayIntTags;)Ledu/columbia/cs/psl/phosphor/struct/LazyDoubleArrayIntTags;,
(Ledu/columbia/cs/psl/phosphor/struct/LazyDoubleArrayIntTags;)Ledu/columbia/cs/psl/phosphor/struct/LazyDoubleArrayIntTags;
]
The extra parameter (type Ledu/columbia/cs/psl/phosphor/struct/LazyDoubleArrayIntTags) in the second line from bottom causes the signature inconsistency. That parameter is added in TaintUtils.java:799. But I am not sure why it is needed. Please have a look at it.
Thanks,
Qiang
Error during implicit instrumentation of JRE
Hello Professor,
I am getting the following errors when instrumenting the JRE:
java.lang.IllegalArgumentException: Error at instruction 91: Argument 1: expected R, but found I readStringNull$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/struct/LazyLongArrayObjTags;[JLedu/columbia/cs/psl/phosphor/runtime/Taint;ILedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ljava/lang/String;
00000 R R R R I R . . . . . . . . . . . . . . . . : : ACONST_NULL
00001 R R R R I R . . . . . . . . . . . . . . . . : R : ASTORE 6
00002 R R R R I R R . . . . . . . . . . . . . . . : : ACONST_NULL
00003 R R R R I R R . . . . . . . . . . . . . . . : R : ASTORE 7
00004 R R R R I R R R . . . . . . . . . . . . . . : : ACONST_NULL
00005 R R R R I R R R . . . . . . . . . . . . . . : R : ASTORE 8
00006 R R R R I R R R R . . . . . . . . . . . . . : : L0
00007 R R R R I R R R R . . . . . . . . . . . . . : : NEW edu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag
00008 R R R R I R R R R . . . . . . . . . . . . . : R : DUP
00009 R R R R I R R R R . . . . . . . . . . . . . : R R : INVOKESPECIAL edu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag.<init> ()V
00010 R R R R I R R R R . . . . . . . . . . . . . : R : DUP
00011 R R R R I R R R R . . . . . . . . . . . . . : R R : ALOAD 5
00012 R R R R I R R R R . . . . . . . . . . . . . : R R R : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTagsOnObject (Ljava/lang/Object;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V
00013 R R R R I R R R R . . . . . . . . . . . . . : R : ASTORE 9
00014 R R R R I R R R R R . . . . . . . . . . . . : : NEW edu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag
00015 R R R R I R R R R R . . . . . . . . . . . . : R : DUP
00016 R R R R I R R R R R . . . . . . . . . . . . : R R : INVOKESPECIAL edu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag.<init> ()V
00017 R R R R I R R R R R . . . . . . . . . . . . : R : DUP
00018 R R R R I R R R R R . . . . . . . . . . . . : R R : ALOAD 5
00019 R R R R I R R R R R . . . . . . . . . . . . : R R R : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTagsOnObject (Ljava/lang/Object;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V
00020 R R R R I R R R R R . . . . . . . . . . . . : R : ASTORE 10
00021 R R R R I R R R R R R . . . . . . . . . . . : : NEW edu/columbia/cs/psl/phosphor/struct/TaintedIntWithObjTag
00022 R R R R I R R R R R R . . . . . . . . . . . : R : DUP
00023 R R R R I R R R R R R . . . . . . . . . . . : R R : INVOKESPECIAL edu/columbia/cs/psl/phosphor/struct/TaintedIntWithObjTag.<init> ()V
00024 R R R R I R R R R R R . . . . . . . . . . . : R : DUP
00025 R R R R I R R R R R R . . . . . . . . . . . : R R : ALOAD 5
00026 R R R R I R R R R R R . . . . . . . . . . . : R R R : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTagsOnObject (Ljava/lang/Object;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V
00027 R R R R I R R R R R R . . . . . . . . . . . : R : ASTORE 11
00028 R R R R I R R R R R R R . . . . . . . . . . : : L1
00029 R R R R I R R R R R R R . . . . . . . . . . : : LINENUMBER 151 L1
00030 R R R R I R R R R R R R . . . . . . . . . . : : NEW java/lang/StringBuilder
00031 R R R R I R R R R R R R . . . . . . . . . . : R : DUP
00032 R R R R I R R R R R R R . . . . . . . . . . : R R : ALOAD 5
00033 R R R R I R R R R R R R . . . . . . . . . . : R R R : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.copyTag ()Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00034 R R R R I R R R R R R R . . . . . . . . . . : R R R : BIPUSH 20
00035 R R R R I R R R R R R R . . . . . . . . . . : R R R I : ALOAD 5
00036 R R R R I R R R R R R R . . . . . . . . . . : R R R I R : ACONST_NULL
00037 R R R R I R R R R R R R . . . . . . . . . . : R R R I R R : INVOKESPECIAL java/lang/StringBuilder.<init> (Ledu/columbia/cs/psl/phosphor/runtime/Taint;ILedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;Ledu/columbia/cs/psl/phosphor/runtime/TaintSentinel;)V
00038 R R R R I R R R R R R R . . . . . . . . . . : R : DUP
00039 R R R R I R R R R R R R . . . . . . . . . . : R R : ALOAD 5
00040 R R R R I R R R R R R R . . . . . . . . . . : R R R : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTagsOnObject (Ljava/lang/Object;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V
00041 R R R R I R R R R R R R . . . . . . . . . . : R : ASTORE 12
00042 R R R R I R R R R R R R R . . . . . . . . . : : L2
00043 R R R R I R R R R R R R R . . . . . . . . . : : LINENUMBER 152 L2
00044 R R R R I R R R R R R R R . . . . . . . . . : : ALOAD 0
00045 R R R R I R R R R R R R R . . . . . . . . . : R : ALOAD 1
00046 R R R R I R R R R R R R R . . . . . . . . . : R R : ALOAD 2
00047 R R R R I R R R R R R R R . . . . . . . . . : R R R : ALOAD 5
00048 R R R R I R R R R R R R R . . . . . . . . . : R R R R : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.copyTag ()Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00049 R R R R I R R R R R R R R . . . . . . . . . : R R R R : ICONST_0
00050 R R R R I R R R R R R R R . . . . . . . . . : R R R R I : ISTORE 13
00051 R R R R I R R R R R R R R I . . . . . . . . : R R R R : ASTORE 14
00052 R R R R I R R R R R R R R I R . . . . . . . : R R R : ASTORE 15
00053 R R R R I R R R R R R R R I R R . . . . . . : R R : ASTORE 16
00054 R R R R I R R R R R R R R I R R R . . . . . : R : ALOAD 16
00055 R R R R I R R R R R R R R I R R R . . . . . : R R : ALOAD 15
00056 R R R R I R R R R R R R R I R R R . . . . . : R R R : ALOAD 14
00057 R R R R I R R R R R R R R I R R R . . . . . : R R R R : ILOAD 13
00058 R R R R I R R R R R R R R I R R R . . . . . : R R R R I : ALOAD 16
00059 R R R R I R R R R R R R R I R R R . . . . . : R R R R I R : ALOAD 15
00060 R R R R I R R R R R R R R I R R R . . . . . : R R R R I R R : ILOAD 13
00061 R R R R I R R R R R R R R I R R R . . . . . : R R R R I R R I : ALOAD 9
00062 R R R R I R R R R R R R R I R R R . . . . . : R R R R I R R I R : ALOAD 5
00063 R R R R I R R R R R R R R I R R R . . . . . : R R R R I R R I R R : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/LazyLongArrayObjTags.get ([JILedu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ledu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag;
00064 R R R R I R R R R R R R R I R R R . . . . . : R R R R I R : DUP
00065 R R R R I R R R R R R R R I R R R . . . . . : R R R R I R R : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag.taint : Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00066 R R R R I R R R R R R R R I R R R . . . . . : R R R R I R R : SWAP
00067 R R R R I R R R R R R R R I R R R . . . . . : R R R R I R R : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag.val : J
00068 R R R R I R R R R R R R R I R R R . . . . . : R R R R I R J : LSTORE 17
00069 R R R R I R R R R R R R R I R R R J . . . . : R R R R I R : ASTORE 13
00070 R R R R I R R R R R R R R R R R R J . . . . : R R R R I : ISTORE 14
00071 R R R R I R R R R R R R R R I R R J . . . . : R R R R : ASTORE 15
00072 R R R R I R R R R R R R R R I R R J . . . . : R R R : ASTORE 16
00073 R R R R I R R R R R R R R R I R R J . . . . : R R : ASTORE 19
00074 R R R R I R R R R R R R R R I R R J . R . . : R : ALOAD 13
00075 R R R R I R R R R R R R R R I R R J . R . . : R R : LLOAD 17
00076 R R R R I R R R R R R R R R I R R J . R . . : R R J : ALOAD 19
00077 R R R R I R R R R R R R R R I R R J . R . . : R R J R : ALOAD 16
00078 R R R R I R R R R R R R R R I R R J . R . . : R R J R R : ALOAD 15
00079 R R R R I R R R R R R R R R I R R J . R . . : R R J R R R : ILOAD 14
00080 R R R R I R R R R R R R R R I R R J . R . . : R R J R R R I : LLOAD 17
00081 R R R R I R R R R R R R R R I R R J . R . . : R R J R R R I J : ALOAD 5
00082 R R R R I R R R R R R R R R I R R J . R . . : R R J R R R I J R : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.copyTag ()Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00083 R R R R I R R R R R R R R R I R R J . R . . : R R J R R R I J R : LCONST_1
00084 R R R R I R R R R R R R R R I R R J . R . . : R R J R R R I J R J : LSTORE 17
00085 R R R R I R R R R R R R R R I R R J . R . . : R R J R R R I J R : DUP_X2
00086 R R R R I R R R R R R R R R I R R J . R . . : R R J R R R I R J R : POP
00087 R R R R I R R R R R R R R R I R R J . R . . : R R J R R R I R J : LLOAD 17
00088 R R R R I R R R R R R R R R I R R J . R . . : R R J R R R I R J J : LADD
00089 R R R R I R R R R R R R R R I R R J . R . . : R R J R R R I R J : DUP2_X2
00090 R R R R I R R R R R R R R R I R R J . R . . : R R J R R R J I R J : POP2
00091 R R R R I R R R R R R R R R I R R J . R . . : R R J R R R J I R : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTags (Ledu/columbia/cs/psl/phosphor/runtime/Taint;Ledu/columbia/cs/psl/phosphor/runtime/Taint;)Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00092 ? : DUP_X2
00093 ? : POP
00094 ? : ALOAD 5
00095 ? : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/LazyLongArrayObjTags.set ([JILedu/columbia/cs/psl/phosphor/runtime/Taint;JLedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V
00096 ? : ALOAD 5
00097 ? : ALOAD 10
00098 ? : INVOKEVIRTUAL org/netbeans/lib/profiler/heap/HprofByteBuffer.get$$PHOSPHORTAGGED (Ledu/columbia/cs/psl/phosphor/runtime/Taint;JLedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;Ledu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag;)Ledu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag;
00099 ? : DUP
00100 ? : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag.taint : Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00101 ? : SWAP
00102 ? : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag.val : B
00103 ? : SWAP
00104 ? : ALOAD 5
00105 ? : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTags (Ledu/columbia/cs/psl/phosphor/runtime/Taint;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00106 ? : SWAP
00107 ? : ISTORE 20
00108 ? : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.copyTaint (Ledu/columbia/cs/psl/phosphor/runtime/Taint;)Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00109 ? : ASTORE 21
00110 ? : L3
00111 ? : LINENUMBER 154 L3
00112 ? : ALOAD 21
00113 ? : ILOAD 20
00114 ? : SWAP
00115 ? : ALOAD 5
00116 ? : SWAP
00117 ? : ALOAD 6
00118 ? : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.push (Ledu/columbia/cs/psl/phosphor/runtime/Taint;Ledu/columbia/cs/psl/phosphor/struct/EnqueuedTaint;)Ledu/columbia/cs/psl/phosphor/struct/EnqueuedTaint;
00119 ? : ASTORE 6
00120 ? : ALOAD 21
00121 ? : ALOAD 5
00122 ? : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTags (Ledu/columbia/cs/psl/phosphor/runtime/Taint;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00123 ? : ASTORE 21
00124 ? : IFLE L4
00125 ? : ALOAD 12
00126 ? : ALOAD 5
00127 ? : ALOAD 11
00128 ? : INVOKEVIRTUAL java/lang/StringBuilder.length$$PHOSPHORTAGGED (Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;Ledu/columbia/cs/psl/phosphor/struct/TaintedIntWithObjTag;)Ledu/columbia/cs/psl/phosphor/struct/TaintedIntWithObjTag;
00129 ? : DUP
00130 ? : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedIntWithObjTag.taint : Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00131 ? : SWAP
00132 ? : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedIntWithObjTag.val : I
00133 ? : ALOAD 3
00134 ? : ILOAD 4
00135 ? : SWAP
00136 ? : ASTORE 13
00137 ? : DUP2_X1
00138 ? : POP2
00139 ? : ALOAD 5
00140 ? : SWAP
00141 ? : ALOAD 5
00142 ? : ALOAD 13
00143 ? : ALOAD 7
00144 ? : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.push (Ledu/columbia/cs/psl/phosphor/runtime/Taint;Ledu/columbia/cs/psl/phosphor/struct/EnqueuedTaint;)Ledu/columbia/cs/psl/phosphor/struct/EnqueuedTaint;
00145 ? : ASTORE 7
00146 ? : ALOAD 8
00147 ? : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.push (Ledu/columbia/cs/psl/phosphor/runtime/Taint;Ledu/columbia/cs/psl/phosphor/struct/EnqueuedTaint;)Ledu/columbia/cs/psl/phosphor/struct/EnqueuedTaint;
00148 ? : ASTORE 8
00149 ? : ALOAD 21
00150 ? : ALOAD 5
00151 ? : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTags (Ledu/columbia/cs/psl/phosphor/runtime/Taint;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00152 ? : ASTORE 21
00153 ? : IF_ICMPGE L4
00154 ? : L5
00155 ? : LINENUMBER 155 L5
00156 ? : ALOAD 12
00157 ? : ALOAD 21
00158 ? : ILOAD 20
00159 ? : I2C
00160 ? : ALOAD 5
00161 ? : INVOKEVIRTUAL java/lang/StringBuilder.append$$PHOSPHORTAGGED (Ledu/columbia/cs/psl/phosphor/runtime/Taint;CLedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ljava/lang/StringBuilder;
00162 ? : POP
00163 ? : L6
00164 ? : LINENUMBER 154 L6
00165 ? : ALOAD 0
00166 ? : ALOAD 1
00167 ? : ALOAD 2
00168 ? : ALOAD 5
00169 ? : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.copyTag ()Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00170 ? : ICONST_0
00171 ? : ISTORE 13
00172 ? : ASTORE 14
00173 ? : ASTORE 15
00174 ? : ASTORE 16
00175 ? : ALOAD 16
00176 ? : ALOAD 15
00177 ? : ALOAD 14
00178 ? : ILOAD 13
00179 ? : ALOAD 16
00180 ? : ALOAD 15
00181 ? : ILOAD 13
00182 ? : ALOAD 9
00183 ? : ALOAD 5
00184 ? : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/LazyLongArrayObjTags.get ([JILedu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ledu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag;
00185 ? : DUP
00186 ? : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag.taint : Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00187 ? : SWAP
00188 ? : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag.val : J
00189 ? : LSTORE 17
00190 ? : ASTORE 13
00191 ? : ISTORE 14
00192 ? : ASTORE 15
00193 ? : ASTORE 16
00194 ? : ASTORE 19
00195 ? : ALOAD 13
00196 ? : LLOAD 17
00197 ? : ALOAD 19
00198 ? : ALOAD 16
00199 ? : ALOAD 15
00200 ? : ILOAD 14
00201 ? : LLOAD 17
00202 ? : ALOAD 5
00203 ? : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.copyTag ()Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00204 ? : LCONST_1
00205 ? : LSTORE 17
00206 ? : DUP_X2
00207 ? : POP
00208 ? : LLOAD 17
00209 ? : LADD
00210 ? : DUP2_X2
00211 ? : POP2
00212 ? : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTags (Ledu/columbia/cs/psl/phosphor/runtime/Taint;Ledu/columbia/cs/psl/phosphor/runtime/Taint;)Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00213 ? : DUP_X2
00214 ? : POP
00215 ? : ALOAD 5
00216 ? : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/LazyLongArrayObjTags.set ([JILedu/columbia/cs/psl/phosphor/runtime/Taint;JLedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V
00217 ? : ALOAD 5
00218 ? : ALOAD 10
00219 ? : INVOKEVIRTUAL org/netbeans/lib/profiler/heap/HprofByteBuffer.get$$PHOSPHORTAGGED (Ledu/columbia/cs/psl/phosphor/runtime/Taint;JLedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;Ledu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag;)Ledu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag;
00220 ? : DUP
00221 ? : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag.taint : Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00222 ? : SWAP
00223 ? : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag.val : B
00224 ? : SWAP
00225 ? : ALOAD 5
00226 ? : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTags (Ledu/columbia/cs/psl/phosphor/runtime/Taint;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00227 ? : SWAP
00228 ? : ISTORE 20
00229 ? : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.copyTaint (Ledu/columbia/cs/psl/phosphor/runtime/Taint;)Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00230 ? : ASTORE 21
00231 ? : GOTO L3
00232 ? : L4
00233 ? : LINENUMBER 158 L4
00234 ? : ALOAD 12
00235 ? : ALOAD 5
00236 ? : INVOKEVIRTUAL java/lang/StringBuilder.toString$$PHOSPHORTAGGED (Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ljava/lang/String;
00237 ? : ALOAD 5
00238 ? : ALOAD 7
00239 ? : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.pop (Ledu/columbia/cs/psl/phosphor/struct/EnqueuedTaint;)V
00240 ? : ALOAD 5
00241 ? : ALOAD 8
00242 ? : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.pop (Ledu/columbia/cs/psl/phosphor/struct/EnqueuedTaint;)V
00243 ? : ALOAD 5
00244 ? : ALOAD 6
00245 ? : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.pop (Ledu/columbia/cs/psl/phosphor/struct/EnqueuedTaint;)V
00246 ? : DUP
00247 ? : ALOAD 5
00248 ? : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTagsOnObject (Ljava/lang/Object;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V
00249 ? : ARETURN
00250 R R R R I R R R R . . . . . . . . . . . . . : R : L7
00251 R R R R I R R R R . . . . . . . . . . . . . : R : ALOAD 5
00252 R R R R I R R R R . . . . . . . . . . . . . : R R : ALOAD 6
00253 R R R R I R R R R . . . . . . . . . . . . . : R R R : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.pop (Ledu/columbia/cs/psl/phosphor/struct/EnqueuedTaint;)V
00254 R R R R I R R R R . . . . . . . . . . . . . : R : ALOAD 5
00255 R R R R I R R R R . . . . . . . . . . . . . : R R : ALOAD 7
00256 R R R R I R R R R . . . . . . . . . . . . . : R R R : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.pop (Ledu/columbia/cs/psl/phosphor/struct/EnqueuedTaint;)V
00257 R R R R I R R R R . . . . . . . . . . . . . : R : ALOAD 5
00258 R R R R I R R R R . . . . . . . . . . . . . : R R : ALOAD 8
00259 R R R R I R R R R . . . . . . . . . . . . . : R R R : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.pop (Ledu/columbia/cs/psl/phosphor/struct/EnqueuedTaint;)V
00260 R R R R I R R R R . . . . . . . . . . . . . : R : ATHROW
TRYCATCHBLOCK L0 L7 L7 null
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.util.CheckMethodAdapter$1.throwError(CheckMethodAdapter.java:467)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.util.CheckMethodAdapter$1.visitEnd(CheckMethodAdapter.java:457)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.MethodVisitor.visitEnd(MethodVisitor.java:772)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.util.CheckMethodAdapter.visitEnd(CheckMethodAdapter.java:1052)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassReader.readMethod(ClassReader.java:1242)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassReader.accept(ClassReader.java:631)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassReader.accept(ClassReader.java:355)
at edu.columbia.cs.psl.phosphor.PreMain$PCLoggingTransformer._transform(PreMain.java:334)
at edu.columbia.cs.psl.phosphor.PreMain$PCLoggingTransformer.transform(PreMain.java:170)
at edu.columbia.cs.psl.phosphor.Instrumenter.instrumentClass(Instrumenter.java:204)
at edu.columbia.cs.psl.phosphor.Instrumenter$4.call(Instrumenter.java:702)
at edu.columbia.cs.psl.phosphor.Instrumenter$4.call(Instrumenter.java:697)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.AnalyzerException: Error at instruction 91: Argument 1: expected R, but found I
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.Analyzer.analyze(Analyzer.java:285)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.util.CheckMethodAdapter$1.visitEnd(CheckMethodAdapter.java:449)
... 14 more
Caused by: edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.AnalyzerException: Argument 1: expected R, but found I
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.BasicVerifier.naryOperation(BasicVerifier.java:402)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.BasicVerifier.naryOperation(BasicVerifier.java:44)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.Frame.execute(Frame.java:582)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.Analyzer.analyze(Analyzer.java:188)
... 15 more
java.lang.IllegalArgumentException: Error at instruction 65: Argument 1: expected R, but found I readValue$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/struct/LazyLongArrayObjTags;[JLedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;Ledu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag;)Ledu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag;
00000 R R R R R . . . . . . . . . . . : : L0
00001 R R R R R . . . . . . . . . . . : : NEW edu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag
00002 R R R R R . . . . . . . . . . . : R : DUP
00003 R R R R R . . . . . . . . . . . : R R : INVOKESPECIAL edu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag.<init> ()V
00004 R R R R R . . . . . . . . . . . : R : DUP
00005 R R R R R . . . . . . . . . . . : R R : ALOAD 3
00006 R R R R R . . . . . . . . . . . : R R R : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTagsOnObject (Ljava/lang/Object;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V
00007 R R R R R . . . . . . . . . . . : R : ASTORE 5
00008 R R R R R R . . . . . . . . . . : : NEW edu/columbia/cs/psl/phosphor/struct/TaintedIntWithObjTag
00009 R R R R R R . . . . . . . . . . : R : DUP
00010 R R R R R R . . . . . . . . . . : R R : INVOKESPECIAL edu/columbia/cs/psl/phosphor/struct/TaintedIntWithObjTag.<init> ()V
00011 R R R R R R . . . . . . . . . . : R : DUP
00012 R R R R R R . . . . . . . . . . : R R : ALOAD 3
00013 R R R R R R . . . . . . . . . . : R R R : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTagsOnObject (Ljava/lang/Object;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V
00014 R R R R R R . . . . . . . . . . : R : ASTORE 6
00015 R R R R R R R . . . . . . . . . : : L1
00016 R R R R R R R . . . . . . . . . : : LINENUMBER 1093 L1
00017 R R R R R R R . . . . . . . . . : : ALOAD 0
00018 R R R R R R R . . . . . . . . . : R : GETFIELD org/netbeans/lib/profiler/heap/HprofHeap.dumpBuffer : Lorg/netbeans/lib/profiler/heap/HprofByteBuffer;
00019 R R R R R R R . . . . . . . . . : R : ALOAD 1
00020 R R R R R R R . . . . . . . . . : R R : ALOAD 2
00021 R R R R R R R . . . . . . . . . : R R R : ALOAD 3
00022 R R R R R R R . . . . . . . . . : R R R R : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.copyTag ()Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00023 R R R R R R R . . . . . . . . . : R R R R : ICONST_0
00024 R R R R R R R . . . . . . . . . : R R R R I : ISTORE 7
00025 R R R R R R R I . . . . . . . . : R R R R : ASTORE 8
00026 R R R R R R R I R . . . . . . . : R R R : ASTORE 9
00027 R R R R R R R I R R . . . . . . : R R : ASTORE 10
00028 R R R R R R R I R R R . . . . . : R : ALOAD 10
00029 R R R R R R R I R R R . . . . . : R R : ALOAD 9
00030 R R R R R R R I R R R . . . . . : R R R : ALOAD 8
00031 R R R R R R R I R R R . . . . . : R R R R : ILOAD 7
00032 R R R R R R R I R R R . . . . . : R R R R I : ALOAD 10
00033 R R R R R R R I R R R . . . . . : R R R R I R : ALOAD 9
00034 R R R R R R R I R R R . . . . . : R R R R I R R : ILOAD 7
00035 R R R R R R R I R R R . . . . . : R R R R I R R I : ALOAD 5
00036 R R R R R R R I R R R . . . . . : R R R R I R R I R : ALOAD 3
00037 R R R R R R R I R R R . . . . . : R R R R I R R I R R : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/LazyLongArrayObjTags.get ([JILedu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ledu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag;
00038 R R R R R R R I R R R . . . . . : R R R R I R : DUP
00039 R R R R R R R I R R R . . . . . : R R R R I R R : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag.taint : Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00040 R R R R R R R I R R R . . . . . : R R R R I R R : SWAP
00041 R R R R R R R I R R R . . . . . : R R R R I R R : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag.val : J
00042 R R R R R R R I R R R . . . . . : R R R R I R J : LSTORE 11
00043 R R R R R R R I R R R J . . . . : R R R R I R : ASTORE 7
00044 R R R R R R R R R R R J . . . . : R R R R I : ISTORE 8
00045 R R R R R R R R I R R J . . . . : R R R R : ASTORE 9
00046 R R R R R R R R I R R J . . . . : R R R : ASTORE 10
00047 R R R R R R R R I R R J . . . . : R R : ASTORE 13
00048 R R R R R R R R I R R J . R . . : R : ALOAD 7
00049 R R R R R R R R I R R J . R . . : R R : LLOAD 11
00050 R R R R R R R R I R R J . R . . : R R J : ALOAD 13
00051 R R R R R R R R I R R J . R . . : R R J R : ALOAD 10
00052 R R R R R R R R I R R J . R . . : R R J R R : ALOAD 9
00053 R R R R R R R R I R R J . R . . : R R J R R R : ILOAD 8
00054 R R R R R R R R I R R J . R . . : R R J R R R I : LLOAD 11
00055 R R R R R R R R I R R J . R . . : R R J R R R I J : ALOAD 3
00056 R R R R R R R R I R R J . R . . : R R J R R R I J R : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.copyTag ()Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00057 R R R R R R R R I R R J . R . . : R R J R R R I J R : LCONST_1
00058 R R R R R R R R I R R J . R . . : R R J R R R I J R J : LSTORE 11
00059 R R R R R R R R I R R J . R . . : R R J R R R I J R : DUP_X2
00060 R R R R R R R R I R R J . R . . : R R J R R R I R J R : POP
00061 R R R R R R R R I R R J . R . . : R R J R R R I R J : LLOAD 11
00062 R R R R R R R R I R R J . R . . : R R J R R R I R J J : LADD
00063 R R R R R R R R I R R J . R . . : R R J R R R I R J : DUP2_X2
00064 R R R R R R R R I R R J . R . . : R R J R R R J I R J : POP2
00065 R R R R R R R R I R R J . R . . : R R J R R R J I R : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTags (Ledu/columbia/cs/psl/phosphor/runtime/Taint;Ledu/columbia/cs/psl/phosphor/runtime/Taint;)Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00066 ? : DUP_X2
00067 ? : POP
00068 ? : ALOAD 3
00069 ? : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/LazyLongArrayObjTags.set ([JILedu/columbia/cs/psl/phosphor/runtime/Taint;JLedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V
00070 ? : ALOAD 3
00071 ? : ALOAD 4
00072 ? : INVOKEVIRTUAL org/netbeans/lib/profiler/heap/HprofByteBuffer.get$$PHOSPHORTAGGED (Ledu/columbia/cs/psl/phosphor/runtime/Taint;JLedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;Ledu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag;)Ledu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag;
00073 ? : DUP
00074 ? : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag.taint : Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00075 ? : SWAP
00076 ? : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag.val : B
00077 ? : SWAP
00078 ? : ALOAD 3
00079 ? : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTags (Ledu/columbia/cs/psl/phosphor/runtime/Taint;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00080 ? : SWAP
00081 ? : ISTORE 14
00082 ? : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.copyTaint (Ledu/columbia/cs/psl/phosphor/runtime/Taint;)Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00083 ? : ASTORE 15
00084 ? : L2
00085 ? : LINENUMBER 1094 L2
00086 ? : ALOAD 1
00087 ? : ALOAD 2
00088 ? : ALOAD 3
00089 ? : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack.copyTag ()Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00090 ? : ICONST_0
00091 ? : ISTORE 7
00092 ? : ASTORE 8
00093 ? : ASTORE 9
00094 ? : ASTORE 10
00095 ? : ALOAD 10
00096 ? : ALOAD 9
00097 ? : ALOAD 8
00098 ? : ILOAD 7
00099 ? : ALOAD 10
00100 ? : ALOAD 9
00101 ? : ILOAD 7
00102 ? : ALOAD 5
00103 ? : ALOAD 3
00104 ? : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/LazyLongArrayObjTags.get ([JILedu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag;Ledu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)Ledu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag;
00105 ? : DUP
00106 ? : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag.taint : Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00107 ? : SWAP
00108 ? : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedLongWithObjTag.val : J
00109 ? : ALOAD 0
00110 ? : ALOAD 15
00111 ? : ILOAD 14
00112 ? : ALOAD 3
00113 ? : ALOAD 6
00114 ? : INVOKEVIRTUAL org/netbeans/lib/profiler/heap/HprofHeap.getValueSize$$PHOSPHORTAGGED (Ledu/columbia/cs/psl/phosphor/runtime/Taint;BLedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;Ledu/columbia/cs/psl/phosphor/struct/TaintedIntWithObjTag;)Ledu/columbia/cs/psl/phosphor/struct/TaintedIntWithObjTag;
00115 ? : DUP
00116 ? : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedIntWithObjTag.taint : Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00117 ? : SWAP
00118 ? : GETFIELD edu/columbia/cs/psl/phosphor/struct/TaintedIntWithObjTag.val : I
00119 ? : I2L
00120 ? : LSTORE 11
00121 ? : DUP_X2
00122 ? : POP
00123 ? : LLOAD 11
00124 ? : LADD
00125 ? : DUP2_X2
00126 ? : POP2
00127 ? : INVOKESTATIC edu/columbia/cs/psl/phosphor/runtime/Taint.combineTags (Ledu/columbia/cs/psl/phosphor/runtime/Taint;Ledu/columbia/cs/psl/phosphor/runtime/Taint;)Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00128 ? : DUP_X2
00129 ? : POP
00130 ? : ALOAD 3
00131 ? : INVOKEVIRTUAL edu/columbia/cs/psl/phosphor/struct/LazyLongArrayObjTags.set ([JLedu/columbia/cs/psl/phosphor/runtime/Taint;ILedu/columbia/cs/psl/phosphor/runtime/Taint;JLedu/columbia/cs/psl/phosphor/struct/ControlTaintTagStack;)V
00132 ? : L3
00133 ? : LINENUMBER 1096 L3
00134 ? : ALOAD 15
00135 ? : ILOAD 14
00136 ? : ALOAD 4
00137 ? : SWAP
00138 ? : PUTFIELD edu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag.val : B
00139 ? : ALOAD 4
00140 ? : SWAP
00141 ? : PUTFIELD edu/columbia/cs/psl/phosphor/struct/TaintedByteWithObjTag.taint : Ledu/columbia/cs/psl/phosphor/runtime/Taint;
00142 ? : ALOAD 4
00143 ? : ARETURN
00144 R R R R R . . . . . . . . . . . : R : L4
00145 R R R R R . . . . . . . . . . . : R : ATHROW
TRYCATCHBLOCK L0 L4 L4 null
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.util.CheckMethodAdapter$1.throwError(CheckMethodAdapter.java:467)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.util.CheckMethodAdapter$1.visitEnd(CheckMethodAdapter.java:457)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.MethodVisitor.visitEnd(MethodVisitor.java:772)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.util.CheckMethodAdapter.visitEnd(CheckMethodAdapter.java:1052)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassReader.readMethod(ClassReader.java:1242)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassReader.accept(ClassReader.java:631)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.ClassReader.accept(ClassReader.java:355)
at edu.columbia.cs.psl.phosphor.PreMain$PCLoggingTransformer._transform(PreMain.java:334)
at edu.columbia.cs.psl.phosphor.PreMain$PCLoggingTransformer.transform(PreMain.java:170)
at edu.columbia.cs.psl.phosphor.Instrumenter.instrumentClass(Instrumenter.java:204)
at edu.columbia.cs.psl.phosphor.Instrumenter$4.call(Instrumenter.java:702)
at edu.columbia.cs.psl.phosphor.Instrumenter$4.call(Instrumenter.java:697)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.AnalyzerException: Error at instruction 65: Argument 1: expected R, but found I
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.Analyzer.analyze(Analyzer.java:285)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.util.CheckMethodAdapter$1.visitEnd(CheckMethodAdapter.java:449)
... 14 more
Caused by: edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.AnalyzerException: Argument 1: expected R, but found I
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.BasicVerifier.naryOperation(BasicVerifier.java:402)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.BasicVerifier.naryOperation(BasicVerifier.java:44)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.Frame.execute(Frame.java:582)
at edu.columbia.cs.psl.phosphor.org.objectweb.asm.tree.analysis.Analyzer.analyze(Analyzer.java:188)
... 15 more
These errors are not the method too large errors. I am using the latest version of phosphor with the default options in the instrumentJRE.sh file. Do you see these errors as well?
Thanks.
Wrong taint results for relational and conditional operators
It seems Phosphor produces wrong taint results for relational (e.g. >) and conditional (e.g., &&) operators.
Here is an example I used to test Phosphor.
public class Test {
public static void test(int x, int y, boolean b) {
int e = x + 1;
int f = y + 2;
System.out.println("e = " + e + " -> " + MultiTainter.getTaint(e));
System.out.println("f = " + f + " -> " + MultiTainter.getTaint(f));
boolean b1 = e > 0;
boolean b2 = f > -1;
boolean b3 = e > -1 && b;
System.out.println("b1 = " + b1 + " -> " + MultiTainter.getTaint(b1));
System.out.println("b2 = " + b2 + " -> " + MultiTainter.getTaint(b2));
System.out.println("b3 = " + b3 + " -> " + MultiTainter.getTaint(b3));
}
public static void main(String[] args) {
int x = -1;
int y = -1;
boolean b = true;
int xt = MultiTainter.taintedInt(x, "x");
int yt = MultiTainter.taintedInt(y, "y");
boolean bt = MultiTainter.taintedBoolean(b, "b");
test(xt, yt, bt);
}
}The outputs are:
e = 0 -> Taint [lbl=x deps = []]
f = 1 -> Taint [lbl=y deps = []]
b1 = false -> Taint [lbl=null deps = [y ]]
b2 = true -> Taint [lbl=null deps = [x b ]]
b3 = true -> Taint [lbl=null deps = []]
Based on my understanding, the outputs should be:
e = 0 -> Taint [lbl=x deps = []]
f = 1 -> Taint [lbl=y deps = []]
b1 = false -> Taint [lbl=null deps = [x ]]
b2 = true -> Taint [lbl=null deps = [y ]]
b3 = true -> Taint [lbl=null deps = [x b ]]
Please help to confirm the problem.
Thanks.
How to get the taint tag of an object?
As said in README, "to get or set the taint tag of an object, developers first cast that object to the interface TaintedWithIntTag or TaintedWithObjTag (Phosphor changes all classes to implement this interface), and use the get and set methods."
It is not clear whether to use ((TaintedWithIntTag)object).getPHOSPHOR_TAG() or Tainter.getTaint((TaintedWithIntTag)object). So I tried both.
public class TestVariables {
public static void test(int x, int y) {
Pair p = new Pair(x, y);
int tag1 = ((TaintedWithIntTag)p).getPHOSPHOR_TAG();
//int tag2 = Tainter.getTaint((TaintedWithIntTag)p);
System.out.println((tag1 & 1) + " " + (tag1 & 2));
//System.out.println((tag2 & 1) + " " + (tag2 & 2));
}
public static void main(String[] args) {
int x = Tainter.taintedInt(1, 1);
int y = Tainter.taintedInt(1, 2);
test(x, y);
}
}
class Pair {
private int h;
private int w;
public Pair(int h, int w) {
this.h = h;
this.w = w;
}
public int getH() {
return h;
}
public void setH(int h) {
this.h = h;
}
public int getW() {
return w;
}
public void setW(int w) {
this.w = w;
}
}When using ((TaintedWithIntTag)object).getPHOSPHOR_TAG(), java.lang.ArrayIndexOutOfBoundsException is thrown during the instrumentation of this example.
When using Tainter.getTaint((TaintedWithIntTag)object), the output is: 0 0. However, my expected output should be: 1 2.
I also tried to find some examples in the given test cases, but failed. Am I interacting with Phosphor in the wrong way to get the taint tag of an object? Please help to give some examples. Thanks.
Learning to use Phosphor
Hello,
I am currently trying to use Phosphor in the HelloWorld Rest API Java example. If you see the link in https://www.javacodegeeks.com/2013/09/restlet-framework-hello-world-example.html, I want to instrument the json input in the file HelloWorldResource.java. The file is below:
package com.restlet.demo.resource;
import java.util.Map;
import com.restlet.demo.core.ResponseParseFactory;
public class HelloWorldResource extends BaseResource {
public String processRequest(Map json, String method) {
String returnString = "" ;
returnString = new ResponseParseFactory().getSuccessJsonString("Hello " + json.get("user"));
return returnString;
}
}
I am trying to use Phosphor's auto-tainting feature. So, how can I call the method processRequest, so that I can instrument the json argument? The main challenge is that the file has a complex project directory. The project directory is shown in the link https://www.javacodegeeks.com/2013/09/restlet-framework-hello-world-example.html.
Also do you recommend that using the Phosphor API (set and get methods) to do tainting in this case will be easier? If yes, how can I do that?
Any help will be appreciated. Thanks!
Control tainting when throwing exception
Hello Professor,
I wanted to check if the tainting that I am seeing in the following example is correct. I am using control-flow tracking, but not the controlTrackExceptions options:
boolean a = MultiTainter.taintedBoolean(false, "a");
if (A) {
throw new RuntimeException();
}
boolean b = false // a's taint gets propagated into b
If I check the taint of b, it is has "a". That seems correct since the assignment depends on whether the program throws the exception depending on A. Is this tainting correct? If so, what does the option controlTrackExceptions do? Based on the description "Enable taint tracking through exceptional control flow", I would guess that if I do not enable the option, b should not be tainted.
Thanks.
The taint for pure primitive and the primitive from an array
Give a primitive like
int i = MultiTaint.taintedInt(5, "test1");
Taint t = MultiTaint.getTaint(i)
the label of its taint is null, but "test1" is listed in the deps of its taint.
For a primitive from an array, the taint is correct:
int[] arr = {1, 2, 3};
arr = MultiTaint.taintedIntArray(arr, "test2");
Taint t = MultiTaint.getTaint(arr[0]);
its label is "test2", and its deps is empty.
Did I do something wrong?
Thanks.
Error in Adding taint to Object de-serialized from file
Hello,
I came across a error when adding taint to a object de-serialized from file. The code is
class TestClass implements Serializable {
int[] a = new int[3];
}
public class Hello {
static public void main(String[] args) {
TestClass c = new TestClass();
ObjectOutputStream s = null;
try {
s = new ObjectOutputStream(new FileOutputStream("a.out"));
s.writeObject(c);
s.close();
} catch (IOException e) {
}
try {
TestClass k = (TestClass) new ObjectInputStream(new FileInputStream("a.out")).readObject();
System.out.println(k.a);
Tainter.taintedIntArray(k.a, 3);
} catch (IOException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
}
}
The code return a NullPointerException, and I found out that it is likely that the taint of the object(The LazyIntArrayIntTags of filed a in object TestClass is not properly initialized). The problem exists for object with array fields. I am wondering if you have the idea of how to resolve this?
Thanks in advance.
[Minor] Exception if there is an empty line in sinks or sources file
Phosphor's automatic instrumenter doesn't seem to handle an empty line in the taint-sources or taint-sinks file. If there is any it throws java.lang.ArrayIndexOutOfBoundsException: 1.
It should probably ignore empty lines
Imprecision about implicit tracking
Hi,
I ran Phosphor with control flow tracking enabled on the following program.
It seems strange to me that result1 got both a 's and b's tags.
public static int test2(int a, int b) {
a = MultiTainter.taintedInt(a, 1);
b = MultiTainter.taintedInt(b, 2);
int result1 = 0;
int result2 = 0;
for (int i = 0; i < a; i++) {
result1 += 1;
for (int j = 0; j < b; j++) {
result2 += 1;
}
}
System.out.println(MultiTainter.getTaint(result1));
System.out.println(MultiTainter.getTaint(result2));
return result1 + result2;
}Is this the expected behavior which is caused by the known imprecision problem of implicit tracking?
Some of the native Java methods are not tagged
Hi
I'm using automatic taint analysis with the following taint-sinks file's content:
java/io/DataOutputStream.incCount(I)V
java/io/DataOutputStream.writeFloat(F)V
java/io/DataOutputStream.writeBoolean(Z)V
java/io/DataOutputStream.writeByte(I)V
java/io/DataOutputStream.writeShort(I)V
java/io/DataOutputStream.writeLong(J)V
java/io/DataOutputStream.writeDouble(D)V
java/io/DataOutputStream.writeChars(Ljava/lang/String;)V
java/io/DataOutputStream.size()I
java/io/DataOutputStream.write([BII)V
java/io/DataOutputStream.write(I)V
java/io/DataOutputStream.flush()V
java/io/DataOutputStream.writeInt(I)V
java/io/DataOutputStream.writeChar(I)V
java/io/DataOutputStream.writeBytes(Ljava/lang/String;)V
java/io/DataOutputStream.writeUTF(Ljava/lang/String;)V
java/io/DataOutputStream.writeUTF(Ljava/lang/String;Ljava/io/DataOutput;)I
When I instrument the JRE using this file Phosphor tags most of the mentioned methods but for some reason leaves others untagged.
Here is the output I get while instrumenting JRE (Oracle JVM 8) with Phosphor and -multiTaint enabled
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.writeObjectOverride(Ljava/lang/Object;)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.annotateClass(Ljava/lang/Class;)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.close()V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.drain()V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.flush()V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.replaceObject(Ljava/lang/Object;)Ljava/lang/Object;
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.reset()V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.write$$PHOSPHORTAGGED([Ledu/columbia/cs/psl/phosphor/runtime/Taint;[B)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.write$$PHOSPHORTAGGED([Ledu/columbia/cs/psl/phosphor/runtime/Taint;[BLedu/columbia/cs/psl/phosphor/runtime/Taint;ILedu/columbia/cs/psl/phosphor/runtime/Taint;I)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.write$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/runtime/Taint;I)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.writeBoolean$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/runtime/Taint;Z)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.writeByte$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/runtime/Taint;I)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.writeBytes(Ljava/lang/String;)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.writeChar$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/runtime/Taint;I)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.writeChars(Ljava/lang/String;)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.writeDouble$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/runtime/Taint;D)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.writeFloat$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/runtime/Taint;F)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.writeInt$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/runtime/Taint;I)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.writeLong$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/runtime/Taint;J)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.writeShort$$PHOSPHORTAGGED(Ledu/columbia/cs/psl/phosphor/runtime/Taint;I)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.writeStreamHeader()V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.writeUTF(Ljava/lang/String;)V
Methods like
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.writeBytes(Ljava/lang/String;)V
Sink: com/sun/corba/se/impl/io/IIOPOutputStream.writeChars(Ljava/lang/String;)V
were not tagged as well as other 'close' 'drain' or 'flush' methods.
I wonder what is the reason of that and if I can somehow force Phosphor to tag the specific sink.
Thanks
launch phosphor from a java program
Hello,
I was trying to use phosphor from a java program to get the collected taint results.
Since phosphor needs to run with an instrumented jre, I ran phosphor via ProcessBuilder to setup a new JVM. However, this results in 20X performance overhead.
I am wondering if there is more efficient way to launch phosphor from a java program.
Thanks.
Problem building the project
Hey Jon,
I'm running on a vagrant machine and have installed
Apache Maven 3.3.9
Maven home: /usr/share/maven
Java version: 1.8.0_181, vendor: Oracle Corporation
Java home: /usr/lib/jvm/java-8-oracle/jre
When i try to build the project by running mvn verify in the Phosphor directory i get the error
[INFO] --- exec-maven-plugin:1.6.0:exec (exe) @ Phosphor ---
gcc -o phosphor.o -I/usr/lib/jvm/java-8-oracle/include -c -fPIC -fpermissive -g -O0 -I/usr/lib/jvm/java-8-oracle/include/linux -o target/phosphor.o JVMTIAgent/phosphor.cpp
Makefile:13: recipe for target 'libphosphor.so' failed
gcc: error trying to exec 'cc1plus': execvp: No such file or directory
make: *** [libphosphor.so] Error 1
[ERROR] Command execution failed.
org.apache.commons.exec.ExecuteException: Process exited with an error: 2 (Exit value: 2)
at org.apache.commons.exec.DefaultExecutor.executeInternal(DefaultExecutor.java:404)
at org.apache.commons.exec.DefaultExecutor.execute(DefaultExecutor.java:166)
at org.codehaus.mojo.exec.ExecMojo.executeCommandLine(ExecMojo.java:804)
at org.codehaus.mojo.exec.ExecMojo.executeCommandLine(ExecMojo.java:751)
at org.codehaus.mojo.exec.ExecMojo.execute(ExecMojo.java:313)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Best Regards
Ben
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.