blob: c6ad454042ceb9c28077ded77dc7dc4a640a324c [file] [log] [blame]
* Copyright (C) 2017 The Android Open Source Project
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* See the License for the specific language governing permissions and
* limitations under the License.
#pragma once
#include "code_ir.h"
#include "common.h"
#include "dex_ir.h"
#include "dex_ir_builder.h"
#include <memory>
#include <vector>
#include <utility>
#include <set>
namespace slicer {
// Interface for a single transformation operation
class Transformation {
virtual ~Transformation() = default;
virtual bool Apply(lir::CodeIr* code_ir) = 0;
// Insert a call to the "entry hook" at the start of the instrumented method:
// The "entry hook" will be forwarded the original incoming arguments plus
// an explicit "this" argument for non-static methods.
class EntryHook : public Transformation {
explicit EntryHook(
const ir::MethodId& hook_method_id,
bool use_object_type_for_this_argument = false)
: hook_method_id_(hook_method_id),
use_object_type_for_this_argument_(use_object_type_for_this_argument) {
// hook method signature is generated automatically
SLICER_CHECK(hook_method_id_.signature == nullptr);
virtual bool Apply(lir::CodeIr* code_ir) override;
ir::MethodId hook_method_id_;
// If true, "this" argument of non-static methods is forwarded as Object type.
// For example "this" argument of OkHttpClient type is forwared as Object and
// is used to get OkHttp class loader.
bool use_object_type_for_this_argument_;
// Insert a call to the "exit hook" method before every return
// in the instrumented method. The "exit hook" will be passed the
// original return value and it may return a new return value.
class ExitHook : public Transformation {
explicit ExitHook(const ir::MethodId& hook_method_id) : hook_method_id_(hook_method_id) {
// hook method signature is generated automatically
SLICER_CHECK(hook_method_id_.signature == nullptr);
virtual bool Apply(lir::CodeIr* code_ir) override;
ir::MethodId hook_method_id_;
// Base class for detour hooks. Replace every occurrence of specific opcode with
// something else. The detour is a static method which takes the same arguments
// as the original method plus an explicit "this" argument and returns the same
// type as the original method. Derived classes must implement GetNewOpcode.
class DetourHook : public Transformation {
DetourHook(const ir::MethodId& orig_method_id,
const ir::MethodId& detour_method_id)
: orig_method_id_(orig_method_id), detour_method_id_(detour_method_id) {
// detour method signature is automatically created
// to match the original method and must not be explicitly specified
SLICER_CHECK(detour_method_id_.signature == nullptr);
virtual bool Apply(lir::CodeIr* code_ir) override;
ir::MethodId orig_method_id_;
ir::MethodId detour_method_id_;
// Returns a new opcode to replace the desired opcode or OP_NOP otherwise.
virtual dex::Opcode GetNewOpcode(dex::Opcode opcode) = 0;
// Replace every invoke-virtual[/range] to the a specified method with
// a invoke-static[/range] to the detour method.
class DetourVirtualInvoke : public DetourHook {
DetourVirtualInvoke(const ir::MethodId& orig_method_id,
const ir::MethodId& detour_method_id)
: DetourHook(orig_method_id, detour_method_id) {}
virtual dex::Opcode GetNewOpcode(dex::Opcode opcode) override;
// Replace every invoke-interface[/range] to the a specified method with
// a invoke-static[/range] to the detour method.
class DetourInterfaceInvoke : public DetourHook {
DetourInterfaceInvoke(const ir::MethodId& orig_method_id,
const ir::MethodId& detour_method_id)
: DetourHook(orig_method_id, detour_method_id) {}
virtual dex::Opcode GetNewOpcode(dex::Opcode opcode) override;
// Allocates scratch registers without doing a full register allocation
class AllocateScratchRegs : public Transformation {
explicit AllocateScratchRegs(int allocate_count, bool allow_renumbering = true)
: allocate_count_(allocate_count), allow_renumbering_(allow_renumbering) {
SLICER_CHECK(allocate_count > 0);
virtual bool Apply(lir::CodeIr* code_ir) override;
const std::set<dex::u4>& ScratchRegs() const {
SLICER_CHECK(scratch_regs_.size() == static_cast<size_t>(allocate_count_));
return scratch_regs_;
void RegsRenumbering(lir::CodeIr* code_ir);
void ShiftParams(lir::CodeIr* code_ir);
void Allocate(lir::CodeIr* code_ir, dex::u4 first_reg, int count);
const int allocate_count_;
const bool allow_renumbering_;
int left_to_allocate_ = 0;
std::set<dex::u4> scratch_regs_;
// A friendly helper for instrumenting existing methods: it allows batching
// a set of transformations to be applied to method (the batching allow it
// to build and encode the code IR once per method regardless of how many
// transformation are applied)
// For example, if we want to add both entry and exit hooks to a
// Hello.Test(int) method, the code would look like this:
// ...
// slicer::MethodInstrumenter mi(dex_ir);
// mi.AddTransformation<slicer::EntryHook>(ir::MethodId("LTracer;", "OnEntry"));
// mi.AddTransformation<slicer::ExitHook>(ir::MethodId("LTracer;", "OnExit"));
// SLICER_CHECK(mi.InstrumentMethod(ir::MethodId("LHello;", "Test", "(I)I")));
// ...
class MethodInstrumenter {
explicit MethodInstrumenter(std::shared_ptr<ir::DexFile> dex_ir) : dex_ir_(dex_ir) {}
// No copy/move semantics
MethodInstrumenter(const MethodInstrumenter&) = delete;
MethodInstrumenter& operator=(const MethodInstrumenter&) = delete;
// Queue a transformation
// (T is a class derived from Transformation)
template<class T, class... Args>
T* AddTransformation(Args&&... args) {
T* transformation = new T(std::forward<Args>(args)...);
return transformation;
// Apply all the queued transformations to the specified method
bool InstrumentMethod(ir::EncodedMethod* ir_method);
bool InstrumentMethod(const ir::MethodId& method_id);
std::shared_ptr<ir::DexFile> dex_ir_;
std::vector<std::unique_ptr<Transformation>> transformations_;
} // namespace slicer