skip to main content
10.1145/1806596.1806601acmconferencesArticle/Chapter ViewAbstractPublication PagespldiConference Proceedingsconference-collections
research-article

Jinn: synthesizing dynamic bug detectors for foreign language interfaces

Published: 05 June 2010 Publication History

Abstract

Programming language specifications mandate static and dynamic analyses to preclude syntactic and semantic errors. Although individual languages are usually well-specified, composing languages is not, and this poor specification is a source of many errors in multilingual programs. For example, virtually all Java programs compose Java and C using the Java Native Interface (JNI). Since JNI is informally specified, developers have difficulty using it correctly, and current Java compilers and virtual machines (VMs) inconsistently check only a subset of JNI constraints.
This paper's most significant contribution is to show how to synthesize dynamic analyses from state machines to detect foreign function interface (FFI) violations. We identify three classes of FFI constraints encoded by eleven state machines that capture thousands of JNI and Python/C FFI rules. We use a mapping function to specify which state machines, transitions, and program entities (threads, objects, references) to check at each FFI call and return. From this function, we synthesize a context-specific dynamic analysis to find FFI bugs. We build bug detection tools for JNI and Python/C using this approach. For JNI, we dynamically and transparently interpose the analysis on Java and C language transitions through the JVM tools interface. The resulting tool, called Jinn, is compiler and virtual machine independent. It detects and diagnoses a wide variety of FFI bugs that other tools miss. This approach greatly reduces the annotation burden by exploiting common FFI constraints: whereas the generated Jinn code is 22,000+ lines, we wrote only 1,400 lines of state machine and mapping code. Overall, this paper lays the foundation for a more principled approach to developing correct multilingual software and a more concise and automated approach to FFI specification.

References

[1]
Python/C API reference manual. Python Software Foundation, http: //docs.python.org/c-api, Nov. 2009.
[2]
C. Allan, P. Avgustinov, A. S. Christensen, L. Hendren, S. Kuzins, O. Lhoták, O. de Moor, D. Sereni, G. Sittampalam, and J. Tibble. Adding trace matching with free variables to AspectJ. In ACM Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), pages 345--364, 2005.
[3]
M. Arnold, M. Vechev, and E. Yahav. QVM: An efficient runtime for detecting defects in deployed systems. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 143--162, 2008.
[4]
T. Ball and S. K. Rajamani. SLIC: a specifcation language for interface checking (of C). Technical Report MSR-TR-2001-21, Microsoft Research, Jan. 2002.
[5]
D. M. Beazley. SWIG: An easy to use tool for integrating scripting languages with C and C++. In USENIX Tcl/Tk Workshop (TCLTK), pages 129--139, 1996.
[6]
S. M. Blackburn, R. Garner, C. Hoffmann, A. M. Khang, K. S. McKinley, R. Bentzur, A. Diwan, D. Feinberg, D. Frampton, S. Z. Guyer, M. Hirzel, A. Hosking, M. Jump, H. Lee, J. E. B. Moss, B. Moss, A. Phansalkar, D. Stefanović, T. VanDrunen, D. von Dincklage, and B. Wiedermann. The DaCapo benchmarks: Java benchmarking development and analysis. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 169--190, 2006.
[7]
F. Chen and G. Rosu. MOP: An efficient and generic runtime verification framework. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 569--588, 2007.
[8]
M. B. Dwyer, G. S. Avrunin, and J. C. Corbett. Patterns in property specifications for finite-state verification. In ACM International Conference on Software Engineering (ICSE), pages 411--420, 1999.
[9]
D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 1--16, Oct. 2000.!
[10]
M. Furr and J. S. Foster. Checking type safety of foreign function calls. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 62--72, 2005.
[11]
M. Furr and J. S. Foster. Polymorphic type inference for the JNI. In European Symposium on Programming (ESOP), pages 309--324, 2006.
[12]
J. Gosling, B. Joy, G. Steele, and G. Bracha. The Java Language Specification. Addison-Wesley, third edition, June 2005.
[13]
M. Hirzel and R. Grimm. Jeannie: Granting Java native interface developers their wishes. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 19--38, 2007.
[14]
A. Kaplan, J. Bubba, and J. C. Wileden. The Exu approach to safe, transparent and lightweight interoperability. In IEEE International Computer Software and Applications Conference (COMPSAC), page 393, 2001.
[15]
B. W. Kernighan and D. M. Ritchie. The C Programming Language. Prentice Hall, second edition, Apr. 1988.
[16]
G. Kondoh and T. Onodera. Finding bugs in Java native interface programs. In ACM International Symposium on Software Testing and Analysis (ISSTA), pages 109--118, 2008.
[17]
B. Lee, M. Hirzel, R. Grimm, and K. S. McKinley. Debug all your code: Portable mixed-environment debugging. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 207--226, 2009.
[18]
S. Li and G. Tan. Finding bugs in exceptional situations of JNI programs. In ACM Conference on Computer and Communications Security (CCS), pages 442--452, 2009.
[19]
S. Liang. The Java Native Interface: Programmers Guide and Specification. Addison-Wesley, 1999.
[20]
NaturalBridge. BulletTrain JNI Checking Examples. http://web.archive.org/web/*/http:///www.naturalbridge.com/jnichecking.html, Jan. 2001.
[21]
G. C. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. In ACM Symposium on Principles of Programming Languages (POPL), pages 128--139, 2002.
[22]
T. Ravitch, S. Jackson, E. Aderhold, and B. Liblit. Automatic generation of library bindings using static analysis. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 352--362, 2009.
[23]
Standard Performance Evaluation Corporation. SPECjvm98 Documentation, release 1.03 edition, March 1999.
[24]
B. Stroustrup. The C++ Programming Language. Addison-Wesley, special edition, Feb. 2000.
[25]
G. Tan, A. W. Appel, S. Chakradhar, A. Raghunathan, S. Ravi, and D. Wang. Safe Java native interface. In IEEE International Symposium on Secure Software Engineering (ISSSE), pages 97--106, 2006.
[26]
G. Tan and J. Croft. An empirical security study of the native code in the JDK. In Usenix Security Symposium (SS), pages 365--377, 2008.
[27]
G. Tan and G. Morrisett. ILEA: Inter-language analysis across Java and C. In ACM Conference on Object-Oriented Programming Systems and Applications (OOPSLA), pages 39--56, 2007.
[28]
Z. Tatlock, C. Tucker, D. Shuffelton, R. Jhala, and S. Lerner. Deep typechecking and refactoring. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 37--52, 2008.
[29]
The GNOME Project. GNOME bug tracking system. Bug 576111 was opened 2009-03-20. http://bugzilla.gnome.org.
[30]
C. Zilles. Accordion arrays: Selective compression of unicode arrays in Java. In ACM International Symposium on Memory Management (ISMM), pages 55--66, 2007.

Cited By

View all
  • (2024)Revealing the Unseen: AI Chain on LLMs for Predicting Implicit Dataflows to Generate Dataflow Graphs in Dynamically Typed CodeACM Transactions on Software Engineering and Methodology10.1145/367245833:7(1-29)Online publication date: 12-Jun-2024
  • (2023)Semantic Encapsulation using Linking TypesProceedings of the 8th ACM SIGPLAN International Workshop on Type-Driven Development10.1145/3609027.3609405(14-28)Online publication date: 30-Aug-2023
  • (2018)Analysis and Classification of Shape-Changing Interfaces for Design and Application-based ResearchACM Computing Surveys10.1145/314355951:1(1-32)Online publication date: 4-Jan-2018
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
PLDI '10: Proceedings of the 31st ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2010
514 pages
ISBN:9781450300193
DOI:10.1145/1806596
  • cover image ACM SIGPLAN Notices
    ACM SIGPLAN Notices  Volume 45, Issue 6
    PLDI '10
    June 2010
    496 pages
    ISSN:0362-1340
    EISSN:1558-1160
    DOI:10.1145/1809028
    Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 June 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. dynamic analysis
  2. ffi bugs
  3. foreign function interfaces (FFI)
  4. java native interface (jni)
  5. multilingual programs
  6. python/C
  7. specification
  8. specification generation

Qualifiers

  • Research-article

Conference

PLDI '10
Sponsor:

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)18
  • Downloads (Last 6 weeks)1
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Revealing the Unseen: AI Chain on LLMs for Predicting Implicit Dataflows to Generate Dataflow Graphs in Dynamically Typed CodeACM Transactions on Software Engineering and Methodology10.1145/367245833:7(1-29)Online publication date: 12-Jun-2024
  • (2023)Semantic Encapsulation using Linking TypesProceedings of the 8th ACM SIGPLAN International Workshop on Type-Driven Development10.1145/3609027.3609405(14-28)Online publication date: 30-Aug-2023
  • (2018)Analysis and Classification of Shape-Changing Interfaces for Design and Application-based ResearchACM Computing Surveys10.1145/314355951:1(1-32)Online publication date: 4-Jan-2018
  • (2016)SuperGlue: IDL-Based, System-Level Fault Tolerance for Embedded Systems2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN.2016.29(227-238)Online publication date: Jun-2016
  • (2016)NaClDroid: Native Code Isolation for Android ApplicationsComputer Security – ESORICS 201610.1007/978-3-319-45744-4_21(422-439)Online publication date: 15-Sep-2016
  • (2015)Combining type-analysis with points-to analysis for analyzing Java library source-codeProceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis10.1145/2771284.2771287(13-18)Online publication date: 14-Jun-2015
  • (2015)Mutation-based fault localization for real-world multilingual programsProceedings of the 30th IEEE/ACM International Conference on Automated Software Engineering10.1109/ASE.2015.14(464-475)Online publication date: 9-Nov-2015
  • (2014)NativeGuardProceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks10.1145/2627393.2627396(165-176)Online publication date: 23-Jul-2014
  • (2014)On Tracking Information Flows through JNI in Android ApplicationsProceedings of the 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks10.1109/DSN.2014.30(180-191)Online publication date: 23-Jun-2014
  • (2014)JNI light: an operational model for the core JNIMathematical Structures in Computer Science10.1017/S096012951300004225:04(805-840)Online publication date: 10-Nov-2014
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media