cargo run read panics due to constant of type 11

[esheri3]

Running against the "HammerHead.class" (WEB-INF/classes/org/owasp/webgoat/HammerHead.class) file from the "OWASP WebGoat" project (https://github.com/WebGoat/WebGoat) panics as follows.

Is this still actively maintained? If so - can you replicate? Happy to help diagnose as best I can. Incredible amount of work & capability in place for only being a 0.0.1 release. Nice work.

$ cargo run read webgoat-container-7.0.1/WEB-INF/classes/org/owasp/webgoat/controller/Welcome.class Running target/debug/jvm-assembler read webgoat-container-7.0.1/WEB-INF/classes/org/owasp/webgoat/controller/Welcome.class thread '

' panicked at 'Don't know how to deserialize Constant of type: 11', src/serialization.rs:330

[esheri3]

Just got an opportunity to look at your code. Still digesting. Looks like you define all Constant types via the "Constant" enum, yet the enum only seems to cover 1, 7, 8, 9, 10, 12. Constant tags range from 1-18 (https://en.wikipedia.org/wiki/Java_class_file, see "The constant pool"). Is there any particular reason these constants were excluded? Or are they covered elsewhere? If I wanted to try and fix this bug, would adding the constants to this "Constant" enum & updating the serializer / deserializer to support be the best way to approach the problem?

[kenpratt]

Hi @esheri3! Thanks for checking out the project. There's not a great explanation as to which features are implemented, other than that's how for I got before I ran out of time for this project (at which point I got busy and haven't picked it up again).

I think adding the constants for the basic types should be relatively easy, as you suggested it would involve adding cases to the serializer and deserializer in impl Serializable for Constant in serialization.rs, and support for them in classfile.rs, and helper functions to class_builder.rs to. Long and Double might be a bit trickier since they take two slots in the constant pool table, that might require some other code changes, but probably not too hard. Not sure on Method handle/type. And InvokeDynamic is likely a whole project on its own :)

As far as I remember, the big features missing from this project are interfaces, static methods, and exceptions, as well as InvokeDymanic (but that is optional, as I believe most programs don't use it other than recent dynamic JVM languages). And then besides those features, the main thing is adding more instructions -- I only implemented 33, and there around 200 (https://en.wikipedia.org/wiki/Java_bytecode_instruction_listings). And once all that is done, it would be nice to support multiple versions of the JVM.

So, it's a bit of a work in progress, but if you're interested in making improvements, I'd be happy to give pointers and review pull requests! It's probably quite a bit of work to get it to point where it can read and write arbitrary classfiles, though. My goal this project was not necessarily to support 100% of the JVM spec and instructions (and in particular different JVM versions), but rather to use it for a Scheme compiler that compiled to JVM class files. (Based on a Scheme interpreter I wrote in Rust here: https://github.com/kenpratt/rusty_scheme).