Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Bytecode Instrumentation with A...

Marcel Schnelle
September 15, 2023
Programming
0
170

Introduction to Bytecode Instrumentation with AGP 8

Talk given at DroidKaigi 2023.

Marcel Schnelle

September 15, 2023
Tweet

More Decks by Marcel Schnelle

See All by Marcel Schnelle
A New Era of Testing
mannodermaus
2
500
Exploring the Android Transform API
mannodermaus
1
960
Moving Forward with JUnit 5
mannodermaus
4
5.2k

Other Decks in Programming

See All in Programming
unique パッケージから学ぶ interning と weak reference @ Asakusa.go#3
karamaru
2
810
ドメイン駆動設計を実践するために必要なもの
bikisuke
4
330
What you can do with Ruby on WebAssembly
kateinoigakukun
0
170
How to Break into Reading Open Source
kaspth
2
210
AndroidアプリのUIバリエーションをあの手この手で確認する / Check UI variations of Android apps by various means
tkmnzm
1
170
Prompt Cachingは本当に効果的なのか検証してみた.pdf
ttnyt8701
0
530
Scala アプリケーションのビルドを改善してデプロイ時間を 1/4 にした話 | How I improved the build of my Scala application and reduced deployment time by 4x
nomadblacky
1
180
Jakarta EE meets AI
ivargrimstad
1
490
エラーレスポンス設計から考える、0→1開発におけるGraphQLへの向き合い方
bicstone
5
1.5k
Go1.23で入った errorsパッケージの小さなアプデ
kuro_kurorrr
2
390
watsonx.ai Dojo #2 生成AIを使ったアプリ開発入門編
oniak3ibm
PRO
0
120
Kotlin 2.0が与えるAndroid開発の進化
masayukisuda
1
390

Featured

See All Featured
Robots, Beer and Maslow
schacon
PRO
157
8.2k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
103
48k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
326
21k
Agile that works and the tools we love
rasmusluckow
327
20k
What's new in Ruby 2.0
geeforr
340
31k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
663
120k
How GitHub (no longer) Works
holman
310
140k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
1
48
The Art of Programming - Codeland 2020
erikaheidi
48
13k
Fashionably flexible responsive web design (full day workshop)
malarkey
401
65k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
502
140k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2k

Transcript

  1. Marcel Schnelle @marcelschnelle Introduction to Bytecode Instrumentation with AGP 8

  2. // HelloWorld.kt fun main(args: Array<String>) { val name = args.firstOrNull()

    ?: "Guest" println("Hello $name!") }

  3. // ================HelloWorldKt.class ================= // class version 52.0 (52) // access

    flags 0x31 public final class HelloWorldKt { // access flags 0x19 public final static main([Ljava/lang/String;)V @Lorg/jetbrains/annotations/NotNull;() // invisible, parameter 0 L0 ALOAD 0 LDC "args" INVOKESTATIC kotlin/jvm/internal/Intrinsics.checkNotNullParameter (Ljava/lang/Object;Ljava/lang/String;)V L1 LINENUMBER 2 L1 ALOAD 0 INVOKESTATIC kotlin/collections/ArraysKt.firstOrNull ([Ljava/lang/Object;)Ljava/lang/Object; CHECKCAST java/lang/String DUP IFNONNULL L2 L3 LINENUMBER 2 L3 POP LDC “Guest" (…) // HelloWorld.kt fun main(args: Array<String>) { val name = args.firstOrNull() ?: "Guest" println("Hello $name!") }

  4. // ================HelloWorldKt.class ================= // class version 52.0 (52) // access

    flags 0x31 public final class HelloWorldKt { // access flags 0x19 public final static main([Ljava/lang/String;)V @Lorg/jetbrains/annotations/NotNull;() // invisible, parameter 0 L0 ALOAD 0 LDC "args" INVOKESTATIC kotlin/jvm/internal/Intrinsics.checkNotNullParameter (Ljava/lang/Object;Ljava/lang/String;)V L1 LINENUMBER 2 L1 ALOAD 0 INVOKESTATIC kotlin/collections/ArraysKt.firstOrNull ([Ljava/lang/Object;)Ljava/lang/Object; CHECKCAST java/lang/String DUP IFNONNULL L2 L3 LINENUMBER 2 L3 POP LDC “Guest" (…) // HelloWorld.kt fun main(args: Array<String>) { val name = args.firstOrNull() ?: "Guest" println("Hello $name!") } Source code

  5. // ================HelloWorldKt.class ================= // class version 52.0 (52) // access

    flags 0x31 public final class HelloWorldKt { // access flags 0x19 public final static main([Ljava/lang/String;)V @Lorg/jetbrains/annotations/NotNull;() // invisible, parameter 0 L0 ALOAD 0 LDC "args" INVOKESTATIC kotlin/jvm/internal/Intrinsics.checkNotNullParameter (Ljava/lang/Object;Ljava/lang/String;)V L1 LINENUMBER 2 L1 ALOAD 0 INVOKESTATIC kotlin/collections/ArraysKt.firstOrNull ([Ljava/lang/Object;)Ljava/lang/Object; CHECKCAST java/lang/String DUP IFNONNULL L2 L3 LINENUMBER 2 L3 POP LDC “Guest" (…) // HelloWorld.kt fun main(args: Array<String>) { val name = args.firstOrNull() ?: "Guest" println("Hello $name!") } Java Bytecode

  6. Bytecode Instrumentation?

  7. // ================HelloWorldKt.class ================= // class version 52.0 (52) // access

    flags 0x31 public final class HelloWorldKt { // access flags 0x19 public final static main([Ljava/lang/String;)V @Lorg/jetbrains/annotations/NotNull;() // invisible, parameter 0 L0 ALOAD 0 LDC "args" INVOKESTATIC kotlin/jvm/internal/Intrinsics.checkNotNullParameter (Ljava/lang/Object;Ljava/ lang/String;)V L1 LINENUMBER 2 L1 ALOAD 0 INVOKESTATIC kotlin/collections/ArraysKt.firstOrNull ([Ljava/lang/Object;)Ljava/lang/Object; CHECKCAST java/lang/String DUP IFNONNULL L2 L3 LINENUMBER 2 L3 POP LDC “Guest" (…)

  8. // ================HelloWorldKt.class ================= // class version 52.0 (52) // access

    flags 0x31 public final class HelloWorldKt { // access flags 0x19 public final static main([Ljava/lang/String;)V @Lorg/jetbrains/annotations/Nullable;() // invisible, parameter 0 L0 ALOAD 0 LDC "args" INVOKESTATIC kotlin/jvm/internal/Intrinsics.checkNotNullParameter (Ljava/lang/Object;Ljava/ lang/String;)V L1 LINENUMBER 2 L1 ALOAD 0 INVOKESTATIC kotlin/collections/ArraysKt.firstOrNull ([Ljava/lang/Object;)Ljava/lang/Object; CHECKCAST java/lang/String DUP IFNONNULL L2 L3 LINENUMBER 2 L3 POP LDC “Admin” (…)

  9. Why though? • Desugaring (Dx) • Code optimization & shrinking

    (ProGuard) • Library-specific features (Sentry, Realm)

  10. D8/R8 Instrumentation API Android compilation pipeline Source 
 (.kt) (simplified)

    Java bytecode 
 (.class) Dalvik executable 
 (.dex)
  11. None

  12. @Deprecated (kind of)

  13. • Introduced in AGP 7.0, “official” since AGP 8.0 •

    Bridge between AGP and ASM, a popular Java decomposition library • Analyze and modify Java bytecode with a low level API • Higher level abstractions exist, such as Javassist (→ DK’19 talk) New Bytecode Instrumentation API

  14. androidComponents.onVariants { variant -> variant.instrumentation.transformClassesWith( classVisitorFactoryImplClass = MyClassVisitorFactory::class.java, scope =

    InstrumentationScope.PROJECT, instrumentationParamsConfig = {}, ) } Entry point for bytecode instrumentation // build.gradle.kts Android Components

  15. androidComponents.onVariants { variant -> variant.instrumentation.transformClassesWith( classVisitorFactoryImplClass = MyClassVisitorFactory::class.java, scope =

    InstrumentationScope.PROJECT, instrumentationParamsConfig = {}, ) } • debug • release • build flavors // build.gradle.kts Android Components Entry point for bytecode instrumentation

  16. androidComponents.onVariants { variant -> variant.instrumentation.transformClassesWith( classVisitorFactoryImplClass = MyClassVisitorFactory::class.java, scope =

    InstrumentationScope.PROJECT, instrumentationParamsConfig = {}, ) } • Unrelated to UI tests • Hook for transforms // build.gradle.kts Android Components Entry point for bytecode instrumentation

  17. androidComponents.onVariants { variant -> variant.instrumentation.transformClassesWith( classVisitorFactoryImplClass = MyClassVisitorFactory::class.java, scope =

    InstrumentationScope.PROJECT, instrumentationParamsConfig = {}, ) } • Implementation of AsmClassVisitorFactory • Connection to ASM API // build.gradle.kts Android Components Entry point for bytecode instrumentation

  18. androidComponents.onVariants { variant -> variant.instrumentation.transformClassesWith( classVisitorFactoryImplClass = MyClassVisitorFactory::class.java, scope =

    InstrumentationScope.PROJECT, instrumentationParamsConfig = {}, ) } • Which classes should the transform deal with? • PROJECT or ALL // build.gradle.kts Android Components Entry point for bytecode instrumentation

  19. androidComponents.onVariants { variant -> variant.instrumentation.transformClassesWith( classVisitorFactoryImplClass = MyClassVisitorFactory::class.java, scope =

    InstrumentationScope.PROJECT, instrumentationParamsConfig = {}, ) } • Custom configuration settings • Provided via Gradle plugin • Optional // build.gradle.kts Android Components Entry point for bytecode instrumentation

  20. • val parameters: Property<T> • val instrumentationContext: InstrumentationContext • fun

    isInstrumentable(ClassData): Boolean • fun createClassVisitor(ClassContext, ClassVisitor): ClassVisitor AsmClassVisitorFactory<T> Android Gradle Plugin ObjectWeb ASM

  21. • AnnotationVisitor visitAnnotation(String, boolean) • void visitOuterClass(String, String, String) •

    void visitInnerClass(String, String, String, int) • FieldVisitor visitField(int, String, String, String, Object) • MethodVisitor visitMethod(int, String, String, String, String[]) • ... • void visitEnd() ClassVisitor Android Gradle Plugin ObjectWeb ASM

  22. ʮSensitive Data Redactorʯ An exemplary Transform implementation

  23. The idea data class User( val name: String, val age:

    Int, val password: String, val luckyNumber: Int, ) User(name=Hoge, age=33, password=droidsaregreat, luckyNumber=1337) User.toString()

  24. The idea data class User( val name: String, val age:

    Int, @Redacted val password: String, @Redacted val luckyNumber: Int, ) User(name=Hoge, age=33, password=********, luckyNumber=********) User.toString()

  25. public toString()Ljava/lang/String; @Lorg/jetbrains/annotations/NotNull;() // invisible NEW java/lang/StringBuilder DUP INVOKESPECIAL java/lang/StringBuilder.<init>

    ()V LDC "User(name=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 GETFIELD de/mannodermaus/dk23/models/User.name : Ljava/lang/String; INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB LDC ", age=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 GETFIELD de/mannodermaus/dk23/models/User.age : I INVOKEVIRTUAL java/lang/StringBuilder.append (I)Ljava/lang/StringBuilder; LDC ", password=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 GETFIELD de/mannodermaus/dk23/models/User.password : Ljava/lang/String; INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB LDC ", luckyNumber=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 GETFIELD de/mannodermaus/dk23/models/User.luckyNumber : I INVOKEVIRTUAL java/lang/StringBuilder.append (I)Ljava/lang/StringBuilder; LDC ")" The idea

  26. public toString()Ljava/lang/String; @Lorg/jetbrains/annotations/NotNull;() // invisible NEW java/lang/StringBuilder DUP INVOKESPECIAL java/lang/StringBuilder.<init>

    ()V LDC "User(name=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 GETFIELD de/mannodermaus/dk23/models/User.name : Ljava/lang/String; INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB LDC ", age=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 GETFIELD de/mannodermaus/dk23/models/User.age : I INVOKEVIRTUAL java/lang/StringBuilder.append (I)Ljava/lang/StringBuilder; LDC ", password=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 LDC “********” GETFIELD de/mannodermaus/dk23/models/User.password : Ljava/lang/String; INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB LDC ", luckyNumber=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 LDC “********” GETFIELD de/mannodermaus/dk23/models/User.luckyNumber : I INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB LDC ")" The idea

  27. • Determine if it is a Kotlin data class •

    Collect constructor parameters annotated with @Redacted • Rewrite toString() bytecode to redact info about those parameters • Annotate the class with @RedactedMarker afterwards Proposed Workflow “For each class,…”

  28. Demonstration https://github.com/mannodermaus/dk23-bytecode

  29. Sources & Resources • https://java-decompiler.github.io • https://github.com/romainguy/kotlin-explorer • https://github.com/getsentry/sentry-android-gradle-plugin •

    https://jakewharton.com/digging-into-d8-and-r8 • Title image by Michel Didier Joomun 
 (https://unsplash.com/photos/TXZV_xE9ZZI)

  30. Marcel Schnelle @marcelschnelle Introduction to Bytecode Instrumentation with AGP 8