Native bytecode interception working end-to-end with Vitruvius

Use DUP+void-record approach instead of replacing comparison instructions:
- DUP2 before IF_ICMP* to duplicate operands
- DUP + ICONST_0 before IFEQ/IFLT/etc. for single-operand comparisons
- Call recordIcmp(int,int,String)V to observe without changing behavior
- Original comparison instruction executes unchanged

This preserves the exact stack layout, so stack map frames remain valid
and no frame recomputation (COMPUTE_FRAMES/getCommonSuperClass) is needed.

Results: 5 paths explored with native interception enabled. 256-273 raw
constraints collected per iteration. Constraint filtering needs tuning
(too many framework comparisons captured alongside the target threshold
comparisons).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: AnneKoziolek

galette-agent/src/main/java/edu/neu/ccs/prl/galette/interception/InterceptionPathUtils.java

@@ -16,9 +16,7 @@ public final class InterceptionPathUtils {
     private static volatile boolean enabled =
             "true".equals(System.getProperty("galette.concolic.interception.enabled"));
 
-    static {
-        System.out.println("[InterceptionPathUtils] loaded, enabled=" + enabled);
-    }
+    // No static initializer side effects — must be jlink-safe
 
     private static final ThreadLocal<List<Constraint>> PATH_CONDITIONS = ThreadLocal.withInitial(ArrayList::new);
 
@@ -106,9 +104,48 @@ public static int instrumentedDcmpg(double v1, double v2) {
         }
     }
 
+    /**
+     * Record an integer comparison without affecting the result.
+     * Called via DUP2 before the original IF_ICMP* instruction,
+     * so the stack layout is preserved exactly.
+     */
+    public static void recordIcmp(int v1, int v2, String op) {
+        if (!enabled) return;
+        enterMethod();
+        try {
+            if (isEnabled()) {
+                // Compute the result based on the operation
+                int result;
+                switch (op) {
+                    case "EQ":
+                        result = (v1 == v2) ? 1 : 0;
+                        break;
+                    case "NE":
+                        result = (v1 != v2) ? 1 : 0;
+                        break;
+                    case "LT":
+                        result = (v1 < v2) ? 1 : 0;
+                        break;
+                    case "GE":
+                        result = (v1 >= v2) ? 1 : 0;
+                        break;
+                    case "GT":
+                        result = (v1 > v2) ? 1 : 0;
+                        break;
+                    case "LE":
+                        result = (v1 <= v2) ? 1 : 0;
+                        break;
+                    default:
+                        result = 0;
+                }
+                PATH_CONDITIONS.get().add(new Constraint(v1, v2, op, result));
+            }
+        } finally {
+            exitMethod();
+        }
+    }
+
     public static boolean instrumentedIcmpJump(int v1, int v2, String op) {
-        System.out.println("[InterceptionPathUtils] instrumentedIcmpJump called: " + v1 + " " + op + " " + v2
-                + " enabled=" + enabled);
         enterMethod();
         try {
             boolean result;

galette-agent/src/main/java/edu/neu/ccs/prl/galette/internal/agent/GaletteAgent.java

@@ -93,24 +93,13 @@ public byte[] transform(
                 ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain pd, byte[] buf) {
             if (classBeingRedefined != null || className == null || isExcluded(className)) return null;
             try {
+                // DUP+void-record preserves stack layout, so frames stay valid.
+                // COMPUTE_MAXS recalculates max stack for the extra DUP2+LDC slots.
                 ClassReader cr = new ClassReader(buf);
-                // Use COMPUTE_MAXS to fix max stack/locals. Pass 0 to accept()
-                // to preserve existing stack map frames from the first pass.
-                ClassWriter cw = new ClassWriter(cr, ClassWriter.COMPUTE_MAXS) {
-                    @Override
-                    protected String getCommonSuperClass(String type1, String type2) {
-                        return "java/lang/Object";
-                    }
-                };
+                ClassWriter cw = new ClassWriter(cr, ClassWriter.COMPUTE_MAXS);
                 cr.accept(new InterceptionClassVisitor(cw), 0);
-                byte[] result = cw.toByteArray();
-                if (result.length != buf.length) {
-                    System.out.println("[Interception2ndPass] Modified: " + className + " (" + buf.length + " -> "
-                            + result.length + ")");
-                }
-                return result;
+                return cw.toByteArray();
             } catch (Throwable t) {
-                System.err.println("[Interception2ndPass] ERROR: " + className + ": " + t);
                 return null;
             }
         }
@@ -138,33 +127,20 @@ public MethodVisitor visitMethod(int access, String name, String desc, String si
             }
         }
 
-        /** Inlined MethodVisitor that replaces comparison instructions with PathUtils calls. */
+        /**
+         * Observes comparison instructions by duplicating operands and recording them
+         * via a void method BEFORE the original instruction executes unchanged.
+         * This preserves the exact stack layout — no frame invalidation.
+         */
         private static final class InterceptionMethodVisitor extends MethodVisitor {
             InterceptionMethodVisitor(MethodVisitor mv) {
                 super(Opcodes.ASM9, mv);
             }
 
             @Override
-            public void visitInsn(int opcode) {
-                switch (opcode) {
-                    case Opcodes.LCMP:
-                        mv.visitMethodInsn(Opcodes.INVOKESTATIC, PATH_UTILS, "instrumentedLcmp", "(JJ)I", false);
-                        break;
-                    case Opcodes.FCMPL:
-                        mv.visitMethodInsn(Opcodes.INVOKESTATIC, PATH_UTILS, "instrumentedFcmpl", "(FF)I", false);
-                        break;
-                    case Opcodes.FCMPG:
-                        mv.visitMethodInsn(Opcodes.INVOKESTATIC, PATH_UTILS, "instrumentedFcmpg", "(FF)I", false);
-                        break;
-                    case Opcodes.DCMPL:
-                        mv.visitMethodInsn(Opcodes.INVOKESTATIC, PATH_UTILS, "instrumentedDcmpl", "(DD)I", false);
-                        break;
-                    case Opcodes.DCMPG:
-                        mv.visitMethodInsn(Opcodes.INVOKESTATIC, PATH_UTILS, "instrumentedDcmpg", "(DD)I", false);
-                        break;
-                    default:
-                        super.visitInsn(opcode);
-                }
+            public void visitMaxs(int maxStack, int maxLocals) {
+                // DUP2 + LDC adds 3 extra stack slots temporarily
+                super.visitMaxs(maxStack + 3, maxLocals);
             }
 
             @Override
@@ -176,23 +152,36 @@ public void visitJumpInsn(int opcode, Label label) {
                     case Opcodes.IF_ICMPGE:
                     case Opcodes.IF_ICMPGT:
                     case Opcodes.IF_ICMPLE:
+                        // Two-operand: Stack [v1, v2] → DUP2 → record → original
+                        mv.visitInsn(Opcodes.DUP2);
                         mv.visitLdcInsn(opToString(opcode));
                         mv.visitMethodInsn(
-                                Opcodes.INVOKESTATIC,
-                                PATH_UTILS,
-                                "instrumentedIcmpJump",
-                                "(IILjava/lang/String;)Z",
-                                false);
-                        mv.visitJumpInsn(Opcodes.IFNE, label);
+                                Opcodes.INVOKESTATIC, PATH_UTILS, "recordIcmp", "(IILjava/lang/String;)V", false);
+                        super.visitJumpInsn(opcode, label);
+                        break;
+                    case Opcodes.IFEQ:
+                    case Opcodes.IFNE:
+                    case Opcodes.IFLT:
+                    case Opcodes.IFGE:
+                    case Opcodes.IFGT:
+                    case Opcodes.IFLE:
+                        // Single-operand: Stack [v] → DUP, ICONST_0, LDC → record(v,0,op) → original
+                        mv.visitInsn(Opcodes.DUP);
+                        mv.visitInsn(Opcodes.ICONST_0);
+                        mv.visitLdcInsn(opToString(opcode));
+                        mv.visitMethodInsn(
+                                Opcodes.INVOKESTATIC, PATH_UTILS, "recordIcmp", "(IILjava/lang/String;)V", false);
+                        super.visitJumpInsn(opcode, label);
                         break;
-                        // Single-operand jumps (IFEQ/IFNE/IFLT/IFGE/IFGT/IFLE) are NOT
-                        // intercepted: they are ubiquitous in bytecode (boolean checks,
-                        // null checks, loop counters) and produce massive constraint noise.
                     default:
                         super.visitJumpInsn(opcode, label);
                 }
             }
 
+            // LCMP/DCMPL etc. could be observed similarly with DUP2/DUP2_X2,
+            // but for now we focus on IF_ICMP* which covers the integer comparisons
+            // in the brake reactions.
+
             private static String opToString(int opcode) {
                 switch (opcode) {
                     case Opcodes.IF_ICMPEQ: