skip to main content
10.1145/1297027.1297031acmconferencesArticle/Chapter ViewAbstractPublication PagessplashConference Proceedingsconference-collections
Article

Ilea: inter-language analysis across java and c

Published:21 October 2007Publication History

ABSTRACT

Java bug finders perform static analysis to find implementation mistakes that can lead to exploits and failures; Java compilers perform static analysis for optimization.allIf Java programs contain foreign function calls to C libraries, however, static analysis is forced to make either optimistic or pessimistic assumptions about the foreign function calls, since models of the C libraries are typically not available.

We propose ILEA (stands for Inter-LanguagE Analysis), which is a framework that enables existing Java analyses to understand the behavior of C code. Our framework includes: (1) a novel specification language, which extends the Java Virtual Machine Language (JVML) with a few primitives that approximate the effects that the C code might have; (2) an automatic specification extractor, which builds models of the C code. Comparing to other possible specification languages, our language is expressive, yet facilitates construction of automatic specification extractors. Furthermore, because the specification language is based on the JVML, existing Java analyses can be easily migrated to utilize specifications in the language. We also demonstrate the utility of the specifications generated, by modifying an existing non-null analysis to identify null-related bugs in Java applications that contain C libraries. Our preliminary experiments identified dozens of null-related bugs.

References

  1. M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system: An overview. In Post Proceedings of International Workshop on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices, pages 49--69, 2004.Google ScholarGoogle Scholar
  2. M. Blume. No-longer-foreign: Teaching an ML compiler to speak C ''natively''. Electronic Notes in Theoretical Computer Science, 59(1), 2001.Google ScholarGoogle Scholar
  3. M. Bubak, D. Kurzyniec, and P. Luszczek. Creating Java to native code interfaces with Janet extension. In First Worldwide SGI Users' Conference, pages 283--294, 2000.Google ScholarGoogle Scholar
  4. E. Clarke. Completeness and incompleteness theorems for Hoare-like axiom systems. PhD thesis, Cornell University, 1976. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. J. C. Corbett, M. B. Dwyer, J. Hatcliff, S. Laubach, C. S. Pasareanu, Robby, and H. Zheng. Bandera: extracting finite-state models from Java source code. In International Conference on Software engineering (ICSE), pages 439--448, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Ecma International. Common Language Infrastructure (CLI), 4th edition, June 2006. Standard ECMA-335.Google ScholarGoogle Scholar
  7. M. Fähndrich and K. R. M. Leino. Declaring and checking non-null types in an object-oriented language. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 302--312, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. S. Finne, D. Leijen, E. Meijer, and S. P. Jones. Calling hell from heaven and heaven from hell. In ACM International Conference on Functional programming (ICFP), pages 114--125, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. K. Fisher, R. Pucella, and J. H. Reppy. A framework for interoperability. Electronic Notes in Theoretical Computer Science, 59(1), 2001.Google ScholarGoogle Scholar
  10. C. Flanagan and K. R. M. Leino. Houdini, an annotation assistant for ESC/Java. In FME 2001: Formal Methods for Increasing Software Productivity, pages 500--517, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 234--245, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Fortify. http://www.fortifysoftware.com/.Google ScholarGoogle Scholar
  13. S. N. Freund and J. C. Mitchell. A type system for the Java bytecode language and verifier. Journal of Automated Reasoning, 30(3--4):271--321, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. M. Furr and J. S. Foster. Checking type safety of foreign function calls. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 62--72, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. M. Furr and J. S. Foster. Polymorphic type inference for the JNI. In 15th European Symposium on Programming (ESOP), pages 309--324, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. K. E. Gray, R. B. Findler, and M. Flatt. Fine-grained interoperability through mirrors and contracts. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 231--245, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. S. Z. Guyer and C. Lin. An annotation language for optimizing software libraries. In Proceedings of the Second Conference on Domain-Specific Languages, pages 39--52, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. M. Hirzel and R. Grimm. Jeannie: Granting Java Native Interface developers their wishes. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2007. To appear. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. D. Hovemeyer and W. Pugh. Finding bugs is easy. In the Companion to the 19th ACM Conference on Object-Oriented. Programming, Systems, Languages, and Applications, pages 132--136, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. S. Johnson. Lint, a C program checker. Unix Documentation, 1977.Google ScholarGoogle Scholar
  21. K. Knizhnik and C. Artho. J. lint manual, 2002. http://artho.com/jlint/manual.html.Google ScholarGoogle Scholar
  22. A. Le, O. Lhoták, and L. Hendren. Using inter-procedural side-effect information in JIT optimizations. In International Conference on Compiler Construction (CC), pages 287--304, April 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. X. Leroy. The Objective Caml system. http://caml.inria.fr/pub/docs/manual--ocaml/index.html.Google ScholarGoogle Scholar
  24. S. Liang. Java Native Interface: Programmer's Guide and Reference. Addison-Wesley Longman Publishing Co., Inc., 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. J. Matthews and R. B. Findler. Operational semantics for multi-language programs. In 34th ACM Symposium on Principles of Programming Languages (POPL), pages 3--10, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. J. Meyer, D. Reynaud, and I. Kharon. Jasmin. http://jasmin.sourceforge.net/, 2004.Google ScholarGoogle Scholar
  27. G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to typed assembly language. In 25th ACM Symposium on Principles of Programming Languages (POPL), pages 85--97, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. G. C. Necula. Proof-carrying code. In 24th ACM Symposium on Principles of Programming Languages (POPL), pages 106--119, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In International Conference on Compiler Construction (CC), pages 213--228, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. M. Norrish. Formalising C in HOL. PhD thesis, University of Cambridge, 1998.Google ScholarGoogle Scholar
  31. I. Pechtchanski and V. Sarkar. Dynamic optimistic interprocedural analysis: A framework and an application. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 195--210, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. I. Pechtchanski and V. Sarkar. Immutability specification and its applications. In Proceedings of the 2002 joint ACM--ISCOPE conference on Java Grande, pages 202--211, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. F. Qian and L. J. Hendren. Towards dynamic interprocedural analysis in JVMs. In Virtual Machine Research and Technology Symposium, pages 139--150, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Splint. http://www.splint.org/.Google ScholarGoogle Scholar
  35. G. Tan, A. W. Appel, S. Chakradhar, A. Raghunathan, S. Ravi, and D. Wang. Safe Java Native Interface. In Proceedings of IEEE International Symposium on Secure Software Engineering, pages 97--106, 2006.Google ScholarGoogle Scholar
  36. V. Trifonov and Z. Shao. Safe and principled language interoperation. In 8th European Symposium on Programming (ESOP), pages 128--146, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Ilea: inter-language analysis across java and c

                Recommendations

                Comments

                Login options

                Check if you have access through your login credentials or your institution to get full access on this article.

                Sign in

                PDF Format

                View or Download as a PDF file.

                PDF

                eReader

                View online with eReader.

                eReader
                About Cookies On This Site

                We use cookies to ensure that we give you the best experience on our website.

                Learn more

                Got it!