ABSTRACT
From Oracle JVM to Android Runtime, most Java runtime environments officially support Java Native Interface (JNI) for interaction between Java and C. Using JNI, developers can improve Java program performance or reuse existing libraries implemented in C. At the same time, differences between the languages can lead to various kinds of unexpected bugs when developers do not understand the differences or comprehensive interoperation semantics completely. Furthermore, existing program analysis techniques do not cover the interoperation, which can reduce the quality of JNI programs.
We propose a JNI program analysis technique that analyzes Java and C code of JNI programs using analyzers targeting each language respectively. The C analyzer generates a semantic summary for each C function callable from Java and the Java analyzer constructs call graphs using the semantic summaries and Java code. In addition to the call graph construction, we extend the analysis technique to detect four bug types that can occur in the interoperation between the languages. We believe that our approach would be able to detect genuine bugs as well as improve the quality of JNI programs.
- Shahid Alam, Zhengyang Qu, Ryan Riley, Yan Chen, and Vaibhav Rastogi. 2017. DroidNative: Automating and optimizing detection of Android native code malware variants. computers & security 65 (2017), 230–246. Google ScholarDigital Library
- Isil Dillig, Thomas Dillig, Alex Aiken, and Mooly Sagiv. 2011. Precise and compact modular procedure summaries for heap manipulating programs. In ACM SIGPLAN Notices, Vol. 46. ACM, 567–577. Google ScholarDigital Library
- Facebook. 2019. Infer. https://fbinfer.com.Google Scholar
- Google. 2016. Android NDK. https://developer.android.com/ndk?hl=en.Google Scholar
- Martin Hirzel, Daniel Von Dincklage, Amer Diwan, and Michael Hind. 2007. Fast online pointer analysis. ACM Transactions on Programming Languages and Systems (TOPLAS) 29, 2 (2007), 11. Google ScholarDigital Library
- Goh Kondoh and Tamiya Onodera. 2008. Finding bugs in Java native interface programs. In Proceedings of the 2008 international symposium on Software testing and analysis. ACM, 109–118. Google ScholarDigital Library
- Byeongcheol Lee, Ben Wiedermann, Martin Hirzel, Robert Grimm, and Kathryn S McKinley. 2010. Jinn: synthesizing dynamic bug detectors for foreign language interfaces. ACM Sigplan Notices 45, 6 (2010), 36–49. Google ScholarDigital Library
- Siliang Li and Gang Tan. 2009. Finding bugs in exceptional situations of JNI programs. In Proceedings of the 16th ACM conference on Computer and communications security. ACM, 442–452. Google ScholarDigital Library
- Oracle. 2018. Java Native Interface Specification. https://docs.oracle.com/javase/ 7/docs/technotes/guides/jni/spec/jniTOC.html.Google Scholar
- Nastaran Shafiei and Franck van Breugel. 2014. Automatic handling of native methods in Java PathFinder. In Proceedings of the 2014 International SPIN Symposium on Model Checking of Software. ACM, 97–100. Google ScholarDigital Library
- Michael Spreitzenbarth, Thomas Schreck, Florian Echtler, Daniel Arp, and Johannes Hoffmann. 2015. Mobile-Sandbox: combining static and dynamic analysis with machine-learning techniques. International Journal of Information Security 14, 2 (2015), 141–153. Google ScholarDigital Library
- Gang Tan and Greg Morrisett. 2007. ILEA: Inter-language analysis across Java and C. In ACM SIGPLAN Notices, Vol. 42. ACM, 39–56. Google ScholarDigital Library
- Fengguo Wei, Xingwei Lin, Xinming Ou, Ting Chen, and Xiaosong Zhang. 2018. JN-SAF: Precise and Efficient NDK/JNI-aware Inter-language Static Analysis Framework for Security Vetting of Android Applications with Native Code. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1137–1150. Google ScholarDigital Library
Index Terms
- JNI program analysis with automatically extracted C semantic summary
Recommendations
Broadening horizons of multilingual static analysis: semantic summary extraction from C code for JNI program analysis
ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software EngineeringMost programming languages support foreign language interoperation that allows developers to integrate multiple modules implemented in different languages into a single multilingual program. While utilizing various features from multiple languages ...
Evaluating the Java Native Interface JNI: Leveraging Existing Native Code, Libraries and Threads to a Running Java Virtual Machine
This article aims to explore JNI features and to discover fundamental operations of the Java programming language, such as arrays, objects, classes, threads and exception handling, and to illustrate these by using various algorithms and code samples. ...
Evaluating the Java Native Interface JNI: Data Types and Strings
This article describes how the java native interface JNI is a powerful feature of the java platform that started to draw attention in the latter years as an efficient programming framework for building and delivering innovative technological ...
Comments