skip to main content
10.1145/1297027.1297031acmconferencesArticle/Chapter ViewAbstractPublication PagessplashConference Proceedingsconference-collections
Article

Ilea: inter-language analysis across java and c

Published: 21 October 2007 Publication History

Abstract

Java bug finders perform static analysis to find implementation mistakes that can lead to exploits and failures; Java compilers perform static analysis for optimization.allIf Java programs contain foreign function calls to C libraries, however, static analysis is forced to make either optimistic or pessimistic assumptions about the foreign function calls, since models of the C libraries are typically not available.
We propose ILEA (stands for Inter-LanguagE Analysis), which is a framework that enables existing Java analyses to understand the behavior of C code. Our framework includes: (1) a novel specification language, which extends the Java Virtual Machine Language (JVML) with a few primitives that approximate the effects that the C code might have; (2) an automatic specification extractor, which builds models of the C code. Comparing to other possible specification languages, our language is expressive, yet facilitates construction of automatic specification extractors. Furthermore, because the specification language is based on the JVML, existing Java analyses can be easily migrated to utilize specifications in the language. We also demonstrate the utility of the specifications generated, by modifying an existing non-null analysis to identify null-related bugs in Java applications that contain C libraries. Our preliminary experiments identified dozens of null-related bugs.

References

[1]
M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system: An overview. In Post Proceedings of International Workshop on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices, pages 49--69, 2004.
[2]
M. Blume. No-longer-foreign: Teaching an ML compiler to speak C ''natively''. Electronic Notes in Theoretical Computer Science, 59(1), 2001.
[3]
M. Bubak, D. Kurzyniec, and P. Luszczek. Creating Java to native code interfaces with Janet extension. In First Worldwide SGI Users' Conference, pages 283--294, 2000.
[4]
E. Clarke. Completeness and incompleteness theorems for Hoare-like axiom systems. PhD thesis, Cornell University, 1976.
[5]
J. C. Corbett, M. B. Dwyer, J. Hatcliff, S. Laubach, C. S. Pasareanu, Robby, and H. Zheng. Bandera: extracting finite-state models from Java source code. In International Conference on Software engineering (ICSE), pages 439--448, 2000.
[6]
Ecma International. Common Language Infrastructure (CLI), 4th edition, June 2006. Standard ECMA-335.
[7]
M. Fähndrich and K. R. M. Leino. Declaring and checking non-null types in an object-oriented language. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 302--312, 2003.
[8]
S. Finne, D. Leijen, E. Meijer, and S. P. Jones. Calling hell from heaven and heaven from hell. In ACM International Conference on Functional programming (ICFP), pages 114--125, 1999.
[9]
K. Fisher, R. Pucella, and J. H. Reppy. A framework for interoperability. Electronic Notes in Theoretical Computer Science, 59(1), 2001.
[10]
C. Flanagan and K. R. M. Leino. Houdini, an annotation assistant for ESC/Java. In FME 2001: Formal Methods for Increasing Software Productivity, pages 500--517, 2001.
[11]
C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 234--245, 2002.
[12]
Fortify. http://www.fortifysoftware.com/.
[13]
S. N. Freund and J. C. Mitchell. A type system for the Java bytecode language and verifier. Journal of Automated Reasoning, 30(3--4):271--321, 2003.
[14]
M. Furr and J. S. Foster. Checking type safety of foreign function calls. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 62--72, 2005.
[15]
M. Furr and J. S. Foster. Polymorphic type inference for the JNI. In 15th European Symposium on Programming (ESOP), pages 309--324, 2006.
[16]
K. E. Gray, R. B. Findler, and M. Flatt. Fine-grained interoperability through mirrors and contracts. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 231--245, 2005.
[17]
S. Z. Guyer and C. Lin. An annotation language for optimizing software libraries. In Proceedings of the Second Conference on Domain-Specific Languages, pages 39--52, 1999.
[18]
M. Hirzel and R. Grimm. Jeannie: Granting Java Native Interface developers their wishes. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2007. To appear.
[19]
D. Hovemeyer and W. Pugh. Finding bugs is easy. In the Companion to the 19th ACM Conference on Object-Oriented. Programming, Systems, Languages, and Applications, pages 132--136, 2004.
[20]
S. Johnson. Lint, a C program checker. Unix Documentation, 1977.
[21]
K. Knizhnik and C. Artho. J. lint manual, 2002. http://artho.com/jlint/manual.html.
[22]
A. Le, O. Lhoták, and L. Hendren. Using inter-procedural side-effect information in JIT optimizations. In International Conference on Compiler Construction (CC), pages 287--304, April 2005.
[23]
X. Leroy. The Objective Caml system. http://caml.inria.fr/pub/docs/manual--ocaml/index.html.
[24]
S. Liang. Java Native Interface: Programmer's Guide and Reference. Addison-Wesley Longman Publishing Co., Inc., 1999.
[25]
J. Matthews and R. B. Findler. Operational semantics for multi-language programs. In 34th ACM Symposium on Principles of Programming Languages (POPL), pages 3--10, 2007.
[26]
J. Meyer, D. Reynaud, and I. Kharon. Jasmin. http://jasmin.sourceforge.net/, 2004.
[27]
G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to typed assembly language. In 25th ACM Symposium on Principles of Programming Languages (POPL), pages 85--97, 1998.
[28]
G. C. Necula. Proof-carrying code. In 24th ACM Symposium on Principles of Programming Languages (POPL), pages 106--119, 1997.
[29]
G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In International Conference on Compiler Construction (CC), pages 213--228, 2002.
[30]
M. Norrish. Formalising C in HOL. PhD thesis, University of Cambridge, 1998.
[31]
I. Pechtchanski and V. Sarkar. Dynamic optimistic interprocedural analysis: A framework and an application. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 195--210, 2001.
[32]
I. Pechtchanski and V. Sarkar. Immutability specification and its applications. In Proceedings of the 2002 joint ACM--ISCOPE conference on Java Grande, pages 202--211, 2002.
[33]
F. Qian and L. J. Hendren. Towards dynamic interprocedural analysis in JVMs. In Virtual Machine Research and Technology Symposium, pages 139--150, 2004.
[34]
Splint. http://www.splint.org/.
[35]
G. Tan, A. W. Appel, S. Chakradhar, A. Raghunathan, S. Ravi, and D. Wang. Safe Java Native Interface. In Proceedings of IEEE International Symposium on Secure Software Engineering, pages 97--106, 2006.
[36]
V. Trifonov and Z. Shao. Safe and principled language interoperation. In 8th European Symposium on Programming (ESOP), pages 128--146, 1999.

Cited By

View all
  • (2024)NativeSummary: Summarizing Native Binary Code for Inter-language Static Analysis of Android AppsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680335(971-982)Online publication date: 11-Sep-2024
  • (2024)Cross-Language Taint Analysis: Generating Caller-Sensitive Native Code Specification for JavaIEEE Transactions on Software Engineering10.1109/TSE.2024.339225450:6(1518-1533)Online publication date: 27-May-2024
  • (2023)Semantic Encapsulation using Linking TypesProceedings of the 8th ACM SIGPLAN International Workshop on Type-Driven Development10.1145/3609027.3609405(14-28)Online publication date: 30-Aug-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
OOPSLA '07: Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems, languages and applications
October 2007
728 pages
ISBN:9781595937865
DOI:10.1145/1297027
  • cover image ACM SIGPLAN Notices
    ACM SIGPLAN Notices  Volume 42, Issue 10
    Proceedings of the 2007 OOPSLA conference
    October 2007
    686 pages
    ISSN:0362-1340
    EISSN:1558-1160
    DOI:10.1145/1297105
    Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 October 2007

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. JNI
  2. JVML
  3. inter-language analysis
  4. java native interface
  5. specification extraction

Qualifiers

  • Article

Conference

OOPSLA07
Sponsor:

Acceptance Rates

OOPSLA '07 Paper Acceptance Rate 33 of 156 submissions, 21%;
Overall Acceptance Rate 268 of 1,244 submissions, 22%

Upcoming Conference

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)36
  • Downloads (Last 6 weeks)3
Reflects downloads up to 17 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)NativeSummary: Summarizing Native Binary Code for Inter-language Static Analysis of Android AppsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680335(971-982)Online publication date: 11-Sep-2024
  • (2024)Cross-Language Taint Analysis: Generating Caller-Sensitive Native Code Specification for JavaIEEE Transactions on Software Engineering10.1109/TSE.2024.339225450:6(1518-1533)Online publication date: 27-May-2024
  • (2023)Semantic Encapsulation using Linking TypesProceedings of the 8th ACM SIGPLAN International Workshop on Type-Driven Development10.1145/3609027.3609405(14-28)Online publication date: 30-Aug-2023
  • (2023)Static Analysis of JNI Programs via Binary DecompilationIEEE Transactions on Software Engineering10.1109/TSE.2023.324163949:5(3089-3105)Online publication date: 1-May-2023
  • (2023)LiSA: A Generic Framework for Multilanguage Static AnalysisChallenges of Software Verification10.1007/978-981-19-9601-6_2(19-42)Online publication date: 22-Jul-2023
  • (2023)Declarative static analysis for multilingual programs using CodeQLSoftware: Practice and Experience10.1002/spe.319953:7(1472-1495)Online publication date: 9-Mar-2023
  • (2022)On the vulnerability proneness of multilingual codeProceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3540250.3549173(847-859)Online publication date: 7-Nov-2022
  • (2022)CRUST: Towards a Unified Cross-Language Program Analysis Framework for Rust2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)10.1109/QRS57517.2022.00101(970-981)Online publication date: Dec-2022
  • (2022)On the Security of Python Virtual Machines: An Empirical Study2022 IEEE International Conference on Software Maintenance and Evolution (ICSME)10.1109/ICSME55016.2022.00028(223-234)Online publication date: Oct-2022
  • (2021)A Multilanguage Static Analysis of Python Programs with Native C ExtensionsStatic Analysis10.1007/978-3-030-88806-0_16(323-345)Online publication date: 13-Oct-2021
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media