skip to main content
research-article

Jinn: synthesizing dynamic bug detectors for foreign language interfaces

Published:05 June 2010Publication History
Skip Abstract Section

Abstract

Programming language specifications mandate static and dynamic analyses to preclude syntactic and semantic errors. Although individual languages are usually well-specified, composing languages is not, and this poor specification is a source of many errors in multilingual programs. For example, virtually all Java programs compose Java and C using the Java Native Interface (JNI). Since JNI is informally specified, developers have difficulty using it correctly, and current Java compilers and virtual machines (VMs) inconsistently check only a subset of JNI constraints.

This paper's most significant contribution is to show how to synthesize dynamic analyses from state machines to detect foreign function interface (FFI) violations. We identify three classes of FFI constraints encoded by eleven state machines that capture thousands of JNI and Python/C FFI rules. We use a mapping function to specify which state machines, transitions, and program entities (threads, objects, references) to check at each FFI call and return. From this function, we synthesize a context-specific dynamic analysis to find FFI bugs. We build bug detection tools for JNI and Python/C using this approach. For JNI, we dynamically and transparently interpose the analysis on Java and C language transitions through the JVM tools interface. The resulting tool, called Jinn, is compiler and virtual machine independent. It detects and diagnoses a wide variety of FFI bugs that other tools miss. This approach greatly reduces the annotation burden by exploiting common FFI constraints: whereas the generated Jinn code is 22,000+ lines, we wrote only 1,400 lines of state machine and mapping code. Overall, this paper lays the foundation for a more principled approach to developing correct multilingual software and a more concise and automated approach to FFI specification.

References

  1. Python/C API reference manual. Python Software Foundation, http: //docs.python.org/c-api, Nov. 2009.Google ScholarGoogle Scholar
  2. C. Allan, P. Avgustinov, A. S. Christensen, L. Hendren, S. Kuzins, O. Lhoták, O. de Moor, D. Sereni, G. Sittampalam, and J. Tibble. Adding trace matching with free variables to AspectJ. In ACM Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), pages 345--364, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. M. Arnold, M. Vechev, and E. Yahav. QVM: An efficient runtime for detecting defects in deployed systems. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 143--162, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. T. Ball and S. K. Rajamani. SLIC: a specifcation language for interface checking (of C). Technical Report MSR-TR-2001-21, Microsoft Research, Jan. 2002.Google ScholarGoogle Scholar
  5. D. M. Beazley. SWIG: An easy to use tool for integrating scripting languages with C and C++. In USENIX Tcl/Tk Workshop (TCLTK), pages 129--139, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. S. M. Blackburn, R. Garner, C. Hoffmann, A. M. Khang, K. S. McKinley, R. Bentzur, A. Diwan, D. Feinberg, D. Frampton, S. Z. Guyer, M. Hirzel, A. Hosking, M. Jump, H. Lee, J. E. B. Moss, B. Moss, A. Phansalkar, D. Stefanović, T. VanDrunen, D. von Dincklage, and B. Wiedermann. The DaCapo benchmarks: Java benchmarking development and analysis. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 169--190, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. F. Chen and G. Rosu. MOP: An efficient and generic runtime verification framework. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 569--588, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. M. B. Dwyer, G. S. Avrunin, and J. C. Corbett. Patterns in property specifications for finite-state verification. In ACM International Conference on Software Engineering (ICSE), pages 411--420, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 1--16, Oct. 2000.! Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. M. Furr and J. S. Foster. Checking type safety of foreign function calls. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 62--72, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. M. Furr and J. S. Foster. Polymorphic type inference for the JNI. In European Symposium on Programming (ESOP), pages 309--324, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. J. Gosling, B. Joy, G. Steele, and G. Bracha. The Java Language Specification. Addison-Wesley, third edition, June 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. M. Hirzel and R. Grimm. Jeannie: Granting Java native interface developers their wishes. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 19--38, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. A. Kaplan, J. Bubba, and J. C. Wileden. The Exu approach to safe, transparent and lightweight interoperability. In IEEE International Computer Software and Applications Conference (COMPSAC), page 393, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. B. W. Kernighan and D. M. Ritchie. The C Programming Language. Prentice Hall, second edition, Apr. 1988. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. G. Kondoh and T. Onodera. Finding bugs in Java native interface programs. In ACM International Symposium on Software Testing and Analysis (ISSTA), pages 109--118, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. B. Lee, M. Hirzel, R. Grimm, and K. S. McKinley. Debug all your code: Portable mixed-environment debugging. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 207--226, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. S. Li and G. Tan. Finding bugs in exceptional situations of JNI programs. In ACM Conference on Computer and Communications Security (CCS), pages 442--452, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. S. Liang. The Java Native Interface: Programmers Guide and Specification. Addison-Wesley, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. NaturalBridge. BulletTrain JNI Checking Examples. http://web.archive.org/web/*/http:///www.naturalbridge.com/jnichecking.html, Jan. 2001.Google ScholarGoogle Scholar
  21. G. C. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. In ACM Symposium on Principles of Programming Languages (POPL), pages 128--139, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. T. Ravitch, S. Jackson, E. Aderhold, and B. Liblit. Automatic generation of library bindings using static analysis. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 352--362, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Standard Performance Evaluation Corporation. SPECjvm98 Documentation, release 1.03 edition, March 1999.Google ScholarGoogle Scholar
  24. B. Stroustrup. The C++ Programming Language. Addison-Wesley, special edition, Feb. 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. G. Tan, A. W. Appel, S. Chakradhar, A. Raghunathan, S. Ravi, and D. Wang. Safe Java native interface. In IEEE International Symposium on Secure Software Engineering (ISSSE), pages 97--106, 2006.Google ScholarGoogle Scholar
  26. G. Tan and J. Croft. An empirical security study of the native code in the JDK. In Usenix Security Symposium (SS), pages 365--377, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. G. Tan and G. Morrisett. ILEA: Inter-language analysis across Java and C. In ACM Conference on Object-Oriented Programming Systems and Applications (OOPSLA), pages 39--56, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Z. Tatlock, C. Tucker, D. Shuffelton, R. Jhala, and S. Lerner. Deep typechecking and refactoring. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 37--52, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. The GNOME Project. GNOME bug tracking system. Bug 576111 was opened 2009-03-20. http://bugzilla.gnome.org.Google ScholarGoogle Scholar
  30. C. Zilles. Accordion arrays: Selective compression of unicode arrays in Java. In ACM International Symposium on Memory Management (ISMM), pages 55--66, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Jinn: synthesizing dynamic bug detectors for foreign language interfaces

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!