Abstract
Foreign function interfaces (FFIs) allow components in different languages to communicate directly with each other. While FFIs are useful, they often require writing tricky low-level code and include little or no static safety checking, thus providing a rich source of hard-to-find programming errors. In this article, we study the problem of enforcing type safety across the OCaml-to-C FFI and the Java Native Interface (JNI). We present O-Saffire and J-Saffire, a pair of multilingual type inference systems that ensure C code that uses these FFIs accesses high-level data safely. Our inference systems use representational types to model C's low-level view of OCaml and Java values, and singleton types to track integers, strings, memory offsets, and type tags through C. J-Saffire, our Java system, uses a polymorphic flow-insensitive, unification-based analysis. Polymorphism is important because it allows us to precisely model user-defined wrapper functions and the more than 200 JNI functions. O-Saffire, our OCaml system, uses a monomorphic flow-sensitive analysis because, while polymorphism is much less important for the OCaml FFI flow-sensitivity is critical to track conditional branches, which are used when pattern matching OCaml data in C. O-Saffire also tracks garbage collection information to ensure that local C pointers to the OCaml heap are registered properly, which is not necessary for the JNI. We have applied O-Saffire and J-Saffire to a set of benchmarks and found many bugs and questionable coding practices. These results suggest that static checking of FFIs can be a valuable tool in writing correct multilingual software.
- Auerbach, J., Barton, C., Chu-Carroll, M., and Raghavachari, M. 1999. Mockingbird: Flexible stub compilation from paris of declarations. In Proceedings of the 19th International Conference on Distributed Computing Systems. Austin, TX.]] Google Scholar
Digital Library
- Barrett, D. J. 1998. Polylingual systems: An approach to seamless interoperability. Ph.D. thesis, University of Massachusetts, Amherst, MA.]] Google Scholar
Digital Library
- Beazley, D. M. 1996. SWIG: An easy to use tool for integrating scripting languages with C and C++. USENIX 4th Annual Tcl/Tk Workshop.]] Google Scholar
Digital Library
- Blume, M. 2001. No-longer-foreign: Teaching an ML compiler to speak C “natively”. In Proceedings of the 1st International Workshop on Multilanguage Infrastructure and Interoperability (BABEL'01). Firenze, Italy.]]Google Scholar
Cross Ref
- Bubba, J. F., Kaplan, A., and Wileden, J. C. 2001. The Exu approach to safe, transparent and lightweight interoperability. In Proceedings of the 25th International Computer Software and Applications Conference (COMPSAC'01). Chicago, IL.]] Google Scholar
Digital Library
- Cannasse, N. 2004. Ocaml javalib. http://team.motion-twin.com/ncannasse/javaLib/.]]Google Scholar
- Chandra, S. and Reps, T. W. 1999. Physical type checking for C. In Proceedings of the ACM SIGPLAN/SIGSOFT Workshop on Program Analysis for Software Tools and Engineering. Toulouse, France, 66--75.]] Google Scholar
Digital Library
- Christensen, A. S., Møller, A., and Schwartzbach, M. I. 2003. Precise analysis of string expressions. In Proceedings of the 10th International Symposium on Static Analysis. San Diego, CA.]] Google Scholar
Digital Library
- DeLine, R. and Fähndrich, M. 2004. The Fugue protocol checker: Is your software baroque? Tech. rep. MSR-TR-2004-07, Microsoft Research.]]Google Scholar
- Fähndrich, M., Rehof, J., and Das, M. 2000. Scalable context-sensitive flow analysis using instantiation constraints. In Proceedings of the ACM Conference on Programming Language Design and Implementation. Vancouver B.C., Canada.]] Google Scholar
Digital Library
- Felleisen, M. and Hieb, R. 1992. The revised report on the syntactic theories of sequential control and state. Theor. Comput. Sci. 103, 2, 235--271.]] Google Scholar
Digital Library
- Finne, S., Leijen, D., Meijer, E., and Jones, S. P. 1999. Calling hell from heaven and heaven from hell. In Proceedings of the 4th ACM SIGPLAN International Conference on Functional Programming. Paris, France, 114--125.]] Google Scholar
Digital Library
- Fisher, K., Pucella, R., and Reppy, J. 2001. A framework for interoperability. In Proceedings of the 1st International Workshop on Multilanguage Infrastructure and Interoperability (BABEL'01). Firenze, Italy.]]Google Scholar
- Furr, M. and Foster, J. S. 2005a. Checking type safety of foreign function calls. In Proceedings of the ACM Conference on Programming Language Design and Implementation. Chicago, IL. 62--72.]] Google Scholar
Digital Library
- Furr, M. and Foster, J. S. 2005b. Java SE 6 “Mustang” bug 6362203. http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6362203.]]Google Scholar
- Furr, M. and Foster, J. S. 2006a. Checking type safety of foreign function calls. Tech. rep. CS-TR-4845, Computer Science Department, University of Maryland.]]Google Scholar
- Furr, M. and Foster, J. S. 2006b. Polymorphic type inference for the JNI. In Proceedings of the 15th European Symposium on Programming. Vienna, Austria. To appear.]] Google Scholar
Digital Library
- Gould, C., Su, Z., and Devanbu, P. 2004. Static Checking of Dynamically Generated Queries in Database Applications. In Proceedings of the 26th International Conference on Software Engineering (ICSE'04). Edinburgh, 645--654.]] Google Scholar
Digital Library
- Gray, D. N., Hotchkiss, J., LaForge, S., Shalit, A., and Weinberg, T. 1998. Modern languages and Microsoft's component object model. Comm. ACM 41, 5, 55--65.]] Google Scholar
Digital Library
- Grechanik, M., Batory, D., and Perry, D. E. 2004. Design of large-scale polylingual systems. In Proceedings of the 26th International Conference on Software Engineering (ICSE'04). Scot and. 357--366.]] Google Scholar
Digital Library
- Hamilton, J. 1996. Interlanguage object sharing with SOM. In Proceedings of the Usenix Annual Technical Conference. San Diego, CA.]] Google Scholar
Digital Library
- Hamilton, J. 2003. Language integration in the common language runtime. ACM SIGPLAN Notices 38, 2, 19--28.]] Google Scholar
Digital Library
- Henglein, F. 1993. Type inference with polymorphic recursion. ACM Trans. Program. Lang. Syst. 15, 2, 253--289.]] Google Scholar
Digital Library
- Huelsbergen, L. 1996. A portable C interface for standard ML of New Jersey. http://www.smlnj.org//doc/SMLNJ-C/smlnj-c.ps.]]Google Scholar
- Java-Gnome Developers. 2005. Java bindings for the gnome and gtk libraries. http://java-gnome.sourceforge.net.]]Google Scholar
- Jones, S. P. 2001. Tackling the awkward squad: Monadic input/output, concurrency, exceptions, and foreign-language calls in Haskell. In Engineernig Theories of Software Construction, T. Hoare, M. Broy, and R. Steinbruggen, Eds. IOS Press, 47--96.]]Google Scholar
- Leroy, X. 2004. The Objective Caml system. Release 3.08, http://caml.inria.fr/distrib/ocaml-3.08/ocaml-3.08-refman.pdf.]]Google Scholar
- Liang, S. 1999. The Java Native Interface: Programmer's Guide and Specification. Addison-Wesley.]] Google Scholar
Digital Library
- Lindholm, T. and Yellin, F. 1997. The Java Virtual Machine Specification. Addison-Wesley.]] Google Scholar
Digital Library
- Matthews, J. and Findler, R. B. 2007. Operational semantics for multi-language programs. In Proceedings of the 34th Annual ACM Symposium on Principles of Programming Languages. Nice, France, 3--10.]] Google Scholar
Digital Library
- Meijer, E., Perry, N., and van Yzendoorn, A. 2001. Scripting .NET using Mondrian. In Proceedings of the 15th European Conference on Object-Oriented Programming (ECOOP'01). Budapest, Hungary.]] Google Scholar
Digital Library
- Necula, G., McPeak, S., Rahul, S. P., and Weimer, W. 2002. CIL: Intermediate language and tools for analysis and transformation of C programs. In Proceedings of the 11th International Conference on Computer Construction. Grenoble, France.]] Google Scholar
Digital Library
- Necula, G., McPeak, S., and Weimer, W. 2002. CCured: Type-safe retrofitting of legacy code. In Proceedings of the 29th Annual ACM Symposium on Principles of Programming Languages. Portland, OR. 128--139.]] Google Scholar
Digital Library
- Nishimura, S. 1998. Static typing for dynamic messages. In Proceedings of the 25th Annual ACM Symposium on Principles of Programming Languages. San Diego, CA.]] Google Scholar
Digital Library
- Object Management Group 2004. Common object request broker architecture: Core specification, Version 3.0.3. Object Management Group.]]Google Scholar
- Rémy, D. 1989. Typechecking records and variants in a natural extension of ML. In Proceedings of the 16th Annual ACM Symposium on Principles of Programming Languages. Austin, TX. 77--88.]] Google Scholar
Digital Library
- Tan, G., Appel, A. W., Chakradhar, S., Raghunathan, A., Ravi, S., and Wang, D. 2006. Safe java native interface. In Proceedings of the IEEE International Symposium on Secure Software Engineering. Arlington, VA.]]Google Scholar
- Thiemann, P. 2005. Grammar-based analysis of string expressions. In Proceedings of the ACM SIGPLAN International Workshop on Types in Language Design and Implementation. Long Beach, CA.]] Google Scholar
Digital Library
- Trifonov, V. and Shao, Z. 1999. Safe and principled language interoperation. In Proceedings of the 8th European Symposium on Programming. D. Swierstra, Ed. Lecture Notes in Computer Science, vol. 1576. Springer-Verlag, Berlin, Germany, 128--146.]] Google Scholar
Digital Library
- Wright, A. K. and Cartwright, R. 1994. A practical soft type system for scheme. In Proceedings of the Conference on Lisp and Functional Programming. 250--262.]] Google Scholar
Digital Library
Index Terms
Checking type safety of foreign function calls
Recommendations
Checking type safety of foreign function calls
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementationWe present a multi-lingual type inference system for checking type safety across a foreign function interface. The goal of our system is to prevent foreign function calls from introducing type and memory safety violations into an otherwise safe ...
Checking type safety of foreign function calls
PLDI '05: Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementationWe present a multi-lingual type inference system for checking type safety across a foreign function interface. The goal of our system is to prevent foreign function calls from introducing type and memory safety violations into an otherwise safe ...
Jeannie: granting java native interface developers their wishes
Proceedings of the 2007 OOPSLA conferenceHigher-level languages interface with lower-level languages such as C to access platform functionality, reuse legacy libraries, or improve performance. This raises the issue of how to best integrate different languages while also reconciling ...






Comments