Abstract
Programming language specifications mandate static and dynamic analyses to preclude syntactic and semantic errors. Although individual languages are usually well-specified, composing languages is not, and this poor specification is a source of many errors in multilingual programs. For example, virtually all Java programs compose Java and C using the Java Native Interface (JNI). Since JNI is informally specified, developers have difficulty using it correctly, and current Java compilers and virtual machines (VMs) inconsistently check only a subset of JNI constraints.
This paper's most significant contribution is to show how to synthesize dynamic analyses from state machines to detect foreign function interface (FFI) violations. We identify three classes of FFI constraints encoded by eleven state machines that capture thousands of JNI and Python/C FFI rules. We use a mapping function to specify which state machines, transitions, and program entities (threads, objects, references) to check at each FFI call and return. From this function, we synthesize a context-specific dynamic analysis to find FFI bugs. We build bug detection tools for JNI and Python/C using this approach. For JNI, we dynamically and transparently interpose the analysis on Java and C language transitions through the JVM tools interface. The resulting tool, called Jinn, is compiler and virtual machine independent. It detects and diagnoses a wide variety of FFI bugs that other tools miss. This approach greatly reduces the annotation burden by exploiting common FFI constraints: whereas the generated Jinn code is 22,000+ lines, we wrote only 1,400 lines of state machine and mapping code. Overall, this paper lays the foundation for a more principled approach to developing correct multilingual software and a more concise and automated approach to FFI specification.
- Python/C API reference manual. Python Software Foundation, http: //docs.python.org/c-api, Nov. 2009.Google Scholar
- C. Allan, P. Avgustinov, A. S. Christensen, L. Hendren, S. Kuzins, O. Lhoták, O. de Moor, D. Sereni, G. Sittampalam, and J. Tibble. Adding trace matching with free variables to AspectJ. In ACM Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), pages 345--364, 2005. Google Scholar
Digital Library
- M. Arnold, M. Vechev, and E. Yahav. QVM: An efficient runtime for detecting defects in deployed systems. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 143--162, 2008. Google Scholar
Digital Library
- T. Ball and S. K. Rajamani. SLIC: a specifcation language for interface checking (of C). Technical Report MSR-TR-2001-21, Microsoft Research, Jan. 2002.Google Scholar
- D. M. Beazley. SWIG: An easy to use tool for integrating scripting languages with C and C++. In USENIX Tcl/Tk Workshop (TCLTK), pages 129--139, 1996. Google Scholar
Digital Library
- S. M. Blackburn, R. Garner, C. Hoffmann, A. M. Khang, K. S. McKinley, R. Bentzur, A. Diwan, D. Feinberg, D. Frampton, S. Z. Guyer, M. Hirzel, A. Hosking, M. Jump, H. Lee, J. E. B. Moss, B. Moss, A. Phansalkar, D. Stefanović, T. VanDrunen, D. von Dincklage, and B. Wiedermann. The DaCapo benchmarks: Java benchmarking development and analysis. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 169--190, 2006. Google Scholar
Digital Library
- F. Chen and G. Rosu. MOP: An efficient and generic runtime verification framework. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 569--588, 2007. Google Scholar
Digital Library
- M. B. Dwyer, G. S. Avrunin, and J. C. Corbett. Patterns in property specifications for finite-state verification. In ACM International Conference on Software Engineering (ICSE), pages 411--420, 1999. Google Scholar
Digital Library
- D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 1--16, Oct. 2000.! Google Scholar
Digital Library
- M. Furr and J. S. Foster. Checking type safety of foreign function calls. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 62--72, 2005. Google Scholar
Digital Library
- M. Furr and J. S. Foster. Polymorphic type inference for the JNI. In European Symposium on Programming (ESOP), pages 309--324, 2006. Google Scholar
Digital Library
- J. Gosling, B. Joy, G. Steele, and G. Bracha. The Java Language Specification. Addison-Wesley, third edition, June 2005. Google Scholar
Digital Library
- M. Hirzel and R. Grimm. Jeannie: Granting Java native interface developers their wishes. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 19--38, 2007. Google Scholar
Digital Library
- A. Kaplan, J. Bubba, and J. C. Wileden. The Exu approach to safe, transparent and lightweight interoperability. In IEEE International Computer Software and Applications Conference (COMPSAC), page 393, 2001. Google Scholar
Digital Library
- B. W. Kernighan and D. M. Ritchie. The C Programming Language. Prentice Hall, second edition, Apr. 1988. Google Scholar
Digital Library
- G. Kondoh and T. Onodera. Finding bugs in Java native interface programs. In ACM International Symposium on Software Testing and Analysis (ISSTA), pages 109--118, 2008. Google Scholar
Digital Library
- B. Lee, M. Hirzel, R. Grimm, and K. S. McKinley. Debug all your code: Portable mixed-environment debugging. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 207--226, 2009. Google Scholar
Digital Library
- S. Li and G. Tan. Finding bugs in exceptional situations of JNI programs. In ACM Conference on Computer and Communications Security (CCS), pages 442--452, 2009. Google Scholar
Digital Library
- S. Liang. The Java Native Interface: Programmers Guide and Specification. Addison-Wesley, 1999. Google Scholar
Digital Library
- NaturalBridge. BulletTrain JNI Checking Examples. http://web.archive.org/web/*/http:///www.naturalbridge.com/jnichecking.html, Jan. 2001.Google Scholar
- G. C. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. In ACM Symposium on Principles of Programming Languages (POPL), pages 128--139, 2002. Google Scholar
Digital Library
- T. Ravitch, S. Jackson, E. Aderhold, and B. Liblit. Automatic generation of library bindings using static analysis. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 352--362, 2009. Google Scholar
Digital Library
- Standard Performance Evaluation Corporation. SPECjvm98 Documentation, release 1.03 edition, March 1999.Google Scholar
- B. Stroustrup. The C++ Programming Language. Addison-Wesley, special edition, Feb. 2000. Google Scholar
Digital Library
- G. Tan, A. W. Appel, S. Chakradhar, A. Raghunathan, S. Ravi, and D. Wang. Safe Java native interface. In IEEE International Symposium on Secure Software Engineering (ISSSE), pages 97--106, 2006.Google Scholar
- G. Tan and J. Croft. An empirical security study of the native code in the JDK. In Usenix Security Symposium (SS), pages 365--377, 2008. Google Scholar
Digital Library
- G. Tan and G. Morrisett. ILEA: Inter-language analysis across Java and C. In ACM Conference on Object-Oriented Programming Systems and Applications (OOPSLA), pages 39--56, 2007. Google Scholar
Digital Library
- Z. Tatlock, C. Tucker, D. Shuffelton, R. Jhala, and S. Lerner. Deep typechecking and refactoring. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 37--52, 2008. Google Scholar
Digital Library
- The GNOME Project. GNOME bug tracking system. Bug 576111 was opened 2009-03-20. http://bugzilla.gnome.org.Google Scholar
- C. Zilles. Accordion arrays: Selective compression of unicode arrays in Java. In ACM International Symposium on Memory Management (ISMM), pages 55--66, 2007. Google Scholar
Digital Library
Index Terms
Jinn: synthesizing dynamic bug detectors for foreign language interfaces
Recommendations
Jinn: synthesizing dynamic bug detectors for foreign language interfaces
PLDI '10: Proceedings of the 31st ACM SIGPLAN Conference on Programming Language Design and ImplementationProgramming language specifications mandate static and dynamic analyses to preclude syntactic and semantic errors. Although individual languages are usually well-specified, composing languages is not, and this poor specification is a source of many ...
OpenJML: JML for Java 7 by extending OpenJDK
NFM'11: Proceedings of the Third international conference on NASA Formal methodsThe Java Modeling Language is a widely used specification language for Java. However, the tool support has not kept pace with advances in the Java language. This paper describes OpenJML, an implementation of JML tools built by extending the OpenJDK Java ...
Specifying java iterators with JML and Esc/Java2
SAVCBS '06: Proceedings of the 2006 conference on Specification and verification of component-based systemsThe 2006 SAVCBS Workshop has posed a Challenge Problem on the topic of specifying iterators. This note provides a specification in the Java Modeling Language (JML) [1, 2] for the Java interfaces Iterator and Iterable that captures the interactions ...







Comments