Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Bytecode Instrumentation with A...

Marcel Schnelle
September 15, 2023
Programming
0
170

Introduction to Bytecode Instrumentation with AGP 8

Talk given at DroidKaigi 2023.

Marcel Schnelle

September 15, 2023
Tweet

More Decks by Marcel Schnelle

See All by Marcel Schnelle
A New Era of Testing
mannodermaus
2
530
Exploring the Android Transform API
mannodermaus
1
960
Moving Forward with JUnit 5
mannodermaus
4
5.2k

Other Decks in Programming

See All in Programming
Perl 5 OOP機構30年史 - Perl 5's OOP Mechanism over the past 30 years
moznion
0
420
React + TextAliveでカッコいいLyric Applicatioinを作ろう!!
tosuri13
0
400
Pythonで改めて考える「クラス(class)」の使いどころ
os1ma
7
1.8k
Hermes: Better Performance with Bytecode Translation (React Universe 2024)
tmikov2023
0
110
From Idea to IDE: Developing Plugins for Android Studio
thisaay
1
230
Securify_エンジニア採用資料
3shake
0
110
XStateでReactに秩序を与えたい
gizm000
0
740
Modernisation Progressive d’Applications PHP
hhamon
0
120
The Shape of a Service Object
inem
0
530
Jakarta EE meets AI
ivargrimstad
1
550
エンジニア1年目で複雑なコードの改善に取り組んだ話
mtnmr
3
2k
事業フェーズの変化に対応する 開発生産性向上のゼロイチ
masaygggg
0
220

Featured

See All Featured
Automating Front-end Workflow
addyosmani
1365
200k
Unsuck your backbone
ammeep
667
57k
Making Projects Easy
brettharned
113
5.8k
The Cost Of JavaScript in 2023
addyosmani
42
5.7k
Rebuilding a faster, lazier Slack
samanthasiow
78
8.6k
How to Ace a Technical Interview
jacobian
274
23k
Being A Developer After 40
akosma
84
590k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
36
6.8k
The Brand Is Dead. Long Live the Brand.
mthomps
53
38k
Mobile First: as difficult as doing things right
swwweet
221
8.8k
Become a Pro
speakerdeck
PRO
22
4.9k
GraphQLとの向き合い方2022年版
quramy
43
13k

Transcript

  1. Marcel Schnelle @marcelschnelle Introduction to Bytecode Instrumentation with AGP 8

  2. // HelloWorld.kt fun main(args: Array<String>) { val name = args.firstOrNull()

    ?: "Guest" println("Hello $name!") }

  3. // ================HelloWorldKt.class ================= // class version 52.0 (52) // access

    flags 0x31 public final class HelloWorldKt { // access flags 0x19 public final static main([Ljava/lang/String;)V @Lorg/jetbrains/annotations/NotNull;() // invisible, parameter 0 L0 ALOAD 0 LDC "args" INVOKESTATIC kotlin/jvm/internal/Intrinsics.checkNotNullParameter (Ljava/lang/Object;Ljava/lang/String;)V L1 LINENUMBER 2 L1 ALOAD 0 INVOKESTATIC kotlin/collections/ArraysKt.firstOrNull ([Ljava/lang/Object;)Ljava/lang/Object; CHECKCAST java/lang/String DUP IFNONNULL L2 L3 LINENUMBER 2 L3 POP LDC “Guest" (…) // HelloWorld.kt fun main(args: Array<String>) { val name = args.firstOrNull() ?: "Guest" println("Hello $name!") }

  4. // ================HelloWorldKt.class ================= // class version 52.0 (52) // access

    flags 0x31 public final class HelloWorldKt { // access flags 0x19 public final static main([Ljava/lang/String;)V @Lorg/jetbrains/annotations/NotNull;() // invisible, parameter 0 L0 ALOAD 0 LDC "args" INVOKESTATIC kotlin/jvm/internal/Intrinsics.checkNotNullParameter (Ljava/lang/Object;Ljava/lang/String;)V L1 LINENUMBER 2 L1 ALOAD 0 INVOKESTATIC kotlin/collections/ArraysKt.firstOrNull ([Ljava/lang/Object;)Ljava/lang/Object; CHECKCAST java/lang/String DUP IFNONNULL L2 L3 LINENUMBER 2 L3 POP LDC “Guest" (…) // HelloWorld.kt fun main(args: Array<String>) { val name = args.firstOrNull() ?: "Guest" println("Hello $name!") } Source code

  5. // ================HelloWorldKt.class ================= // class version 52.0 (52) // access

    flags 0x31 public final class HelloWorldKt { // access flags 0x19 public final static main([Ljava/lang/String;)V @Lorg/jetbrains/annotations/NotNull;() // invisible, parameter 0 L0 ALOAD 0 LDC "args" INVOKESTATIC kotlin/jvm/internal/Intrinsics.checkNotNullParameter (Ljava/lang/Object;Ljava/lang/String;)V L1 LINENUMBER 2 L1 ALOAD 0 INVOKESTATIC kotlin/collections/ArraysKt.firstOrNull ([Ljava/lang/Object;)Ljava/lang/Object; CHECKCAST java/lang/String DUP IFNONNULL L2 L3 LINENUMBER 2 L3 POP LDC “Guest" (…) // HelloWorld.kt fun main(args: Array<String>) { val name = args.firstOrNull() ?: "Guest" println("Hello $name!") } Java Bytecode

  6. Bytecode Instrumentation?

  7. // ================HelloWorldKt.class ================= // class version 52.0 (52) // access

    flags 0x31 public final class HelloWorldKt { // access flags 0x19 public final static main([Ljava/lang/String;)V @Lorg/jetbrains/annotations/NotNull;() // invisible, parameter 0 L0 ALOAD 0 LDC "args" INVOKESTATIC kotlin/jvm/internal/Intrinsics.checkNotNullParameter (Ljava/lang/Object;Ljava/ lang/String;)V L1 LINENUMBER 2 L1 ALOAD 0 INVOKESTATIC kotlin/collections/ArraysKt.firstOrNull ([Ljava/lang/Object;)Ljava/lang/Object; CHECKCAST java/lang/String DUP IFNONNULL L2 L3 LINENUMBER 2 L3 POP LDC “Guest" (…)

  8. // ================HelloWorldKt.class ================= // class version 52.0 (52) // access

    flags 0x31 public final class HelloWorldKt { // access flags 0x19 public final static main([Ljava/lang/String;)V @Lorg/jetbrains/annotations/Nullable;() // invisible, parameter 0 L0 ALOAD 0 LDC "args" INVOKESTATIC kotlin/jvm/internal/Intrinsics.checkNotNullParameter (Ljava/lang/Object;Ljava/ lang/String;)V L1 LINENUMBER 2 L1 ALOAD 0 INVOKESTATIC kotlin/collections/ArraysKt.firstOrNull ([Ljava/lang/Object;)Ljava/lang/Object; CHECKCAST java/lang/String DUP IFNONNULL L2 L3 LINENUMBER 2 L3 POP LDC “Admin” (…)

  9. Why though? • Desugaring (Dx) • Code optimization & shrinking

    (ProGuard) • Library-specific features (Sentry, Realm)

  10. D8/R8 Instrumentation API Android compilation pipeline Source 
 (.kt) (simplified)

    Java bytecode 
 (.class) Dalvik executable 
 (.dex)
  11. None

  12. @Deprecated (kind of)

  13. • Introduced in AGP 7.0, “official” since AGP 8.0 •

    Bridge between AGP and ASM, a popular Java decomposition library • Analyze and modify Java bytecode with a low level API • Higher level abstractions exist, such as Javassist (→ DK’19 talk) New Bytecode Instrumentation API

  14. androidComponents.onVariants { variant -> variant.instrumentation.transformClassesWith( classVisitorFactoryImplClass = MyClassVisitorFactory::class.java, scope =

    InstrumentationScope.PROJECT, instrumentationParamsConfig = {}, ) } Entry point for bytecode instrumentation // build.gradle.kts Android Components

  15. androidComponents.onVariants { variant -> variant.instrumentation.transformClassesWith( classVisitorFactoryImplClass = MyClassVisitorFactory::class.java, scope =

    InstrumentationScope.PROJECT, instrumentationParamsConfig = {}, ) } • debug • release • build flavors // build.gradle.kts Android Components Entry point for bytecode instrumentation

  16. androidComponents.onVariants { variant -> variant.instrumentation.transformClassesWith( classVisitorFactoryImplClass = MyClassVisitorFactory::class.java, scope =

    InstrumentationScope.PROJECT, instrumentationParamsConfig = {}, ) } • Unrelated to UI tests • Hook for transforms // build.gradle.kts Android Components Entry point for bytecode instrumentation

  17. androidComponents.onVariants { variant -> variant.instrumentation.transformClassesWith( classVisitorFactoryImplClass = MyClassVisitorFactory::class.java, scope =

    InstrumentationScope.PROJECT, instrumentationParamsConfig = {}, ) } • Implementation of AsmClassVisitorFactory • Connection to ASM API // build.gradle.kts Android Components Entry point for bytecode instrumentation

  18. androidComponents.onVariants { variant -> variant.instrumentation.transformClassesWith( classVisitorFactoryImplClass = MyClassVisitorFactory::class.java, scope =

    InstrumentationScope.PROJECT, instrumentationParamsConfig = {}, ) } • Which classes should the transform deal with? • PROJECT or ALL // build.gradle.kts Android Components Entry point for bytecode instrumentation

  19. androidComponents.onVariants { variant -> variant.instrumentation.transformClassesWith( classVisitorFactoryImplClass = MyClassVisitorFactory::class.java, scope =

    InstrumentationScope.PROJECT, instrumentationParamsConfig = {}, ) } • Custom configuration settings • Provided via Gradle plugin • Optional // build.gradle.kts Android Components Entry point for bytecode instrumentation

  20. • val parameters: Property<T> • val instrumentationContext: InstrumentationContext • fun

    isInstrumentable(ClassData): Boolean • fun createClassVisitor(ClassContext, ClassVisitor): ClassVisitor AsmClassVisitorFactory<T> Android Gradle Plugin ObjectWeb ASM

  21. • AnnotationVisitor visitAnnotation(String, boolean) • void visitOuterClass(String, String, String) •

    void visitInnerClass(String, String, String, int) • FieldVisitor visitField(int, String, String, String, Object) • MethodVisitor visitMethod(int, String, String, String, String[]) • ... • void visitEnd() ClassVisitor Android Gradle Plugin ObjectWeb ASM

  22. ʮSensitive Data Redactorʯ An exemplary Transform implementation

  23. The idea data class User( val name: String, val age:

    Int, val password: String, val luckyNumber: Int, ) User(name=Hoge, age=33, password=droidsaregreat, luckyNumber=1337) User.toString()

  24. The idea data class User( val name: String, val age:

    Int, @Redacted val password: String, @Redacted val luckyNumber: Int, ) User(name=Hoge, age=33, password=********, luckyNumber=********) User.toString()

  25. public toString()Ljava/lang/String; @Lorg/jetbrains/annotations/NotNull;() // invisible NEW java/lang/StringBuilder DUP INVOKESPECIAL java/lang/StringBuilder.<init>

    ()V LDC "User(name=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 GETFIELD de/mannodermaus/dk23/models/User.name : Ljava/lang/String; INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB LDC ", age=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 GETFIELD de/mannodermaus/dk23/models/User.age : I INVOKEVIRTUAL java/lang/StringBuilder.append (I)Ljava/lang/StringBuilder; LDC ", password=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 GETFIELD de/mannodermaus/dk23/models/User.password : Ljava/lang/String; INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB LDC ", luckyNumber=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 GETFIELD de/mannodermaus/dk23/models/User.luckyNumber : I INVOKEVIRTUAL java/lang/StringBuilder.append (I)Ljava/lang/StringBuilder; LDC ")" The idea

  26. public toString()Ljava/lang/String; @Lorg/jetbrains/annotations/NotNull;() // invisible NEW java/lang/StringBuilder DUP INVOKESPECIAL java/lang/StringBuilder.<init>

    ()V LDC "User(name=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 GETFIELD de/mannodermaus/dk23/models/User.name : Ljava/lang/String; INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB LDC ", age=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 GETFIELD de/mannodermaus/dk23/models/User.age : I INVOKEVIRTUAL java/lang/StringBuilder.append (I)Ljava/lang/StringBuilder; LDC ", password=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 LDC “********” GETFIELD de/mannodermaus/dk23/models/User.password : Ljava/lang/String; INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB LDC ", luckyNumber=" INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB ALOAD 0 LDC “********” GETFIELD de/mannodermaus/dk23/models/User.luckyNumber : I INVOKEVIRTUAL java/lang/StringBuilder.append (Ljava/lang/String;)Ljava/lang/StringB LDC ")" The idea

  27. • Determine if it is a Kotlin data class •

    Collect constructor parameters annotated with @Redacted • Rewrite toString() bytecode to redact info about those parameters • Annotate the class with @RedactedMarker afterwards Proposed Workflow “For each class,…”

  28. Demonstration https://github.com/mannodermaus/dk23-bytecode

  29. Sources & Resources • https://java-decompiler.github.io • https://github.com/romainguy/kotlin-explorer • https://github.com/getsentry/sentry-android-gradle-plugin •

    https://jakewharton.com/digging-into-d8-and-r8 • Title image by Michel Didier Joomun 
 (https://unsplash.com/photos/TXZV_xE9ZZI)

  30. Marcel Schnelle @marcelschnelle Introduction to Bytecode Instrumentation with AGP 8