ABSTRACT
Java bug finders perform static analysis to find implementation mistakes that can lead to exploits and failures; Java compilers perform static analysis for optimization.allIf Java programs contain foreign function calls to C libraries, however, static analysis is forced to make either optimistic or pessimistic assumptions about the foreign function calls, since models of the C libraries are typically not available.
We propose ILEA (stands for Inter-LanguagE Analysis), which is a framework that enables existing Java analyses to understand the behavior of C code. Our framework includes: (1) a novel specification language, which extends the Java Virtual Machine Language (JVML) with a few primitives that approximate the effects that the C code might have; (2) an automatic specification extractor, which builds models of the C code. Comparing to other possible specification languages, our language is expressive, yet facilitates construction of automatic specification extractors. Furthermore, because the specification language is based on the JVML, existing Java analyses can be easily migrated to utilize specifications in the language. We also demonstrate the utility of the specifications generated, by modifying an existing non-null analysis to identify null-related bugs in Java applications that contain C libraries. Our preliminary experiments identified dozens of null-related bugs.
- M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system: An overview. In Post Proceedings of International Workshop on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices, pages 49--69, 2004.Google Scholar
- M. Blume. No-longer-foreign: Teaching an ML compiler to speak C ''natively''. Electronic Notes in Theoretical Computer Science, 59(1), 2001.Google Scholar
- M. Bubak, D. Kurzyniec, and P. Luszczek. Creating Java to native code interfaces with Janet extension. In First Worldwide SGI Users' Conference, pages 283--294, 2000.Google Scholar
- E. Clarke. Completeness and incompleteness theorems for Hoare-like axiom systems. PhD thesis, Cornell University, 1976. Google Scholar
Digital Library
- J. C. Corbett, M. B. Dwyer, J. Hatcliff, S. Laubach, C. S. Pasareanu, Robby, and H. Zheng. Bandera: extracting finite-state models from Java source code. In International Conference on Software engineering (ICSE), pages 439--448, 2000. Google Scholar
Digital Library
- Ecma International. Common Language Infrastructure (CLI), 4th edition, June 2006. Standard ECMA-335.Google Scholar
- M. Fähndrich and K. R. M. Leino. Declaring and checking non-null types in an object-oriented language. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 302--312, 2003. Google Scholar
Digital Library
- S. Finne, D. Leijen, E. Meijer, and S. P. Jones. Calling hell from heaven and heaven from hell. In ACM International Conference on Functional programming (ICFP), pages 114--125, 1999. Google Scholar
Digital Library
- K. Fisher, R. Pucella, and J. H. Reppy. A framework for interoperability. Electronic Notes in Theoretical Computer Science, 59(1), 2001.Google Scholar
- C. Flanagan and K. R. M. Leino. Houdini, an annotation assistant for ESC/Java. In FME 2001: Formal Methods for Increasing Software Productivity, pages 500--517, 2001. Google Scholar
Digital Library
- C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 234--245, 2002. Google Scholar
Digital Library
- Fortify. http://www.fortifysoftware.com/.Google Scholar
- S. N. Freund and J. C. Mitchell. A type system for the Java bytecode language and verifier. Journal of Automated Reasoning, 30(3--4):271--321, 2003. Google Scholar
Digital Library
- M. Furr and J. S. Foster. Checking type safety of foreign function calls. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 62--72, 2005. Google Scholar
Digital Library
- M. Furr and J. S. Foster. Polymorphic type inference for the JNI. In 15th European Symposium on Programming (ESOP), pages 309--324, 2006. Google Scholar
Digital Library
- K. E. Gray, R. B. Findler, and M. Flatt. Fine-grained interoperability through mirrors and contracts. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 231--245, 2005. Google Scholar
Digital Library
- S. Z. Guyer and C. Lin. An annotation language for optimizing software libraries. In Proceedings of the Second Conference on Domain-Specific Languages, pages 39--52, 1999. Google Scholar
Digital Library
- M. Hirzel and R. Grimm. Jeannie: Granting Java Native Interface developers their wishes. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2007. To appear. Google Scholar
Digital Library
- D. Hovemeyer and W. Pugh. Finding bugs is easy. In the Companion to the 19th ACM Conference on Object-Oriented. Programming, Systems, Languages, and Applications, pages 132--136, 2004. Google Scholar
Digital Library
- S. Johnson. Lint, a C program checker. Unix Documentation, 1977.Google Scholar
- K. Knizhnik and C. Artho. J. lint manual, 2002. http://artho.com/jlint/manual.html.Google Scholar
- A. Le, O. Lhoták, and L. Hendren. Using inter-procedural side-effect information in JIT optimizations. In International Conference on Compiler Construction (CC), pages 287--304, April 2005. Google Scholar
Digital Library
- X. Leroy. The Objective Caml system. http://caml.inria.fr/pub/docs/manual--ocaml/index.html.Google Scholar
- S. Liang. Java Native Interface: Programmer's Guide and Reference. Addison-Wesley Longman Publishing Co., Inc., 1999. Google Scholar
Digital Library
- J. Matthews and R. B. Findler. Operational semantics for multi-language programs. In 34th ACM Symposium on Principles of Programming Languages (POPL), pages 3--10, 2007. Google Scholar
Digital Library
- J. Meyer, D. Reynaud, and I. Kharon. Jasmin. http://jasmin.sourceforge.net/, 2004.Google Scholar
- G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to typed assembly language. In 25th ACM Symposium on Principles of Programming Languages (POPL), pages 85--97, 1998. Google Scholar
Digital Library
- G. C. Necula. Proof-carrying code. In 24th ACM Symposium on Principles of Programming Languages (POPL), pages 106--119, 1997. Google Scholar
Digital Library
- G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In International Conference on Compiler Construction (CC), pages 213--228, 2002. Google Scholar
Digital Library
- M. Norrish. Formalising C in HOL. PhD thesis, University of Cambridge, 1998.Google Scholar
- I. Pechtchanski and V. Sarkar. Dynamic optimistic interprocedural analysis: A framework and an application. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 195--210, 2001. Google Scholar
Digital Library
- I. Pechtchanski and V. Sarkar. Immutability specification and its applications. In Proceedings of the 2002 joint ACM--ISCOPE conference on Java Grande, pages 202--211, 2002. Google Scholar
Digital Library
- F. Qian and L. J. Hendren. Towards dynamic interprocedural analysis in JVMs. In Virtual Machine Research and Technology Symposium, pages 139--150, 2004. Google Scholar
Digital Library
- Splint. http://www.splint.org/.Google Scholar
- G. Tan, A. W. Appel, S. Chakradhar, A. Raghunathan, S. Ravi, and D. Wang. Safe Java Native Interface. In Proceedings of IEEE International Symposium on Secure Software Engineering, pages 97--106, 2006.Google Scholar
- V. Trifonov and Z. Shao. Safe and principled language interoperation. In 8th European Symposium on Programming (ESOP), pages 128--146, 1999. Google Scholar
Digital Library
Index Terms
Ilea: inter-language analysis across java and c
Recommendations
Ilea: inter-language analysis across java and c
Proceedings of the 2007 OOPSLA conferenceJava bug finders perform static analysis to find implementation mistakes that can lead to exploits and failures; Java compilers perform static analysis for optimization.allIf Java programs contain foreign function calls to C libraries, however, static ...
Evaluating the Java Native Interface JNI: Leveraging Existing Native Code, Libraries and Threads to a Running Java Virtual Machine
This article aims to explore JNI features and to discover fundamental operations of the Java programming language, such as arrays, objects, classes, threads and exception handling, and to illustrate these by using various algorithms and code samples. ...
Evaluating the Java Native Interface JNI: Data Types and Strings
This article describes how the java native interface JNI is a powerful feature of the java platform that started to draw attention in the latter years as an efficient programming framework for building and delivering innovative technological ...







Comments