Siliang Li
Abstract
Java's type system enforces exception-checking rules that stipulate a checked exception thrown by a method must be declared in the throws clause of the method. Software written in Java often invokes native methods through the use of the Java Native Interface (JNI). Java's type system, however, cannot enforce the same exception-checking rules on Java exceptions raised in native methods. This gap makes Java software potentially buggy and often difficult to debug when an exception is raised in native code. In this paper, we propose a complete static-analysis framework called JET to extend exception-checking rules even on native code. The framework has a two-stage design where the first stage throws away a large portion of irrelevant code so that the second stage, a fine-grained analysis, can concentrate on a small set of code for accurate bug finding. This design achieves both high efficiency and accuracy. We have applied JET on a set of benchmark programs with a total over 227K lines of source code and identified 12 inconsistent native-method exception declarations.
- M. Blume. No-longer-foreign: Teaching an ML compiler to speak C "natively". Electronic Notes in Theoretical Computer Science, 59 (1), 2001.Google Scholar
- E. M. Chakravarty. The Haskell 98 foreign function interface 1.0: An addendum to the Haskell 98 report. http://www.cse.unsw.edu.au/ chak/haskell/ffi/, 2005.Google Scholar
- B.-M. Chang, J.-W. Jo, K. Yi, and K.-M. Choe. Interprocedural exception analysis for Java. In SAC '01: Proceedings of the 2001 ACM symposium on Applied computing, pages 620--625, New York, NY, USA, 2001. ACM. Google ScholarDigital Library
- M. Das, S. Lerner, and M. Seigle. ESP: path-sensitive program verification in polynomial time. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 57--68, 2002. Google ScholarDigital Library
- C. Elford. Integrated debugger for Java/JNI environments. http://software.intel.com/en-us/articles/integrated-debugger-for-javajn%i-environments/, Oct. 2010.Google Scholar
- K. Fisher, R. Pucella, and J. H. Reppy. A framework for interoperability. Electronic Notes in Theoretical Computer Science, 59 (1), 2001.Google Scholar
- M. Furr and J. S. Foster. Checking type safety of foreign function calls. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 62--72, 2005. Google ScholarDigital Library
- M. Furr and J. S. Foster. Polymorphic type inference for the JNI. In 15th European Symposium on Programming (ESOP), pages 309--324, 2006. Google ScholarDigital Library
- M. Hirzel and R. Grimm. Jeannie: Granting Java Native Interface developers their wishes. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 19--38, 2007. Google ScholarDigital Library
- JavaLib. JavaLib. http://javalib.gforge.inria.fr/.Google Scholar
- G. Kondoh and T. Onodera. Finding bugs in Java Native Interface programs. In ISSTA '08: Proceedings of the 2008 International Symposium on Software Testing and Analysis, pages 109--118, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- B. Lee, M. Hirzel, R. Grimm, and K. McKinley. Debug all your code: A portable mixed-environment debugger for Java and C. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 207--226, 2009. Google ScholarDigital Library
- B. Lee, M. Hirzel, R. Grimm, B. Wiedermann, and K. S. McKinley. Jinn: Synthesizing a dynamic bug detector for foreign language interfaces. In ACM Conference on Programming Language Design and Implementation (PLDI), 2010. To appear. Google ScholarDigital Library
- X. Leroy. The Objective Caml system, 2008. http://caml.inria.fr/pub/docs/manual-ocaml/index.html.Google Scholar
- S. Li and G. Tan. Finding bugs in exceptional situations of JNI programs. In Proceedings of the 16th ACM conference on Computer and communications security (CCS), pages 442--452, 2009. Google ScholarDigital Library
- S. Liang. Java Native Interface: Programmer's Guide and Reference. Addison-Wesley Longman Publishing Co., Inc., 1999. ISBN 0201325772. Google ScholarDigital Library
- D. Malayeri and J. Aldrich. Practical exception specifications. In Advanced Topics in Exception Handling Techniques, volume 4119 of Lecture Notes in Computer Science, pages 200--220. Springer, 2006. Google ScholarDigital Library
- G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In International Conference on Compiler Construction (CC), pages 213--228, 2002. Google ScholarDigital Library
- Python/C FFI. Python/C API reference manual. http://docs.python.org/c-api/index.html, Apr. 2009.Google Scholar
- T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In 22nd ACM Symposium on Principles of Programming Languages (POPL), pages 49--61, 1995. Google ScholarDigital Library
- M. P. Robillard and G. C. Murphy. Static analysis to support the evolution of exception structure in object-oriented systems. ACM Transactions on Programming Languages and Systems, 12 (2): 191--221, 2003. ISSN 1049--331X. Google ScholarDigital Library
- M. Sharir and A. Pnueli. Two approaches to inter-procedural dataflow analysis. In S. S. Muchnick and N. D. Jones, editors, Program Flow Analysis: Theory and Applications. Prentice-Hall Inc., 1981.Google Scholar
- J. Siefers, G. Tan, and G. Morrisett. Robusta: Taming the native beast of the JVM. In Proceedings of the 17th ACM conference on Computer and communications security (CCS), pages 201--211, 2010. Google ScholarDigital Library
- G. Tan and G. Morrisett. ILEA: Inter-language analysis across Java and C. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 39--56, 2007. Google ScholarDigital Library
- G. Tan, A. W. Appel, S. Chakradhar, A. Raghunathan, S. Ravi, and D. Wang. Safe Java Native Interface. In Proceedings of IEEE International Symposium on Secure Software Engineering, pages 97--106, 2006.Google Scholar
- M. N. Wegman and F. K. Zadeck. Constant propagation with conditional branches. ACM Transactions on Programming Languages and Systems, 13 (2): 181--210, April 1991. Google ScholarDigital Library
Index Terms
- JET: exception checking in the Java native interface
Recommendations
JNI program analysis with automatically extracted C semantic summary
ISSTA 2019: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and AnalysisFrom Oracle JVM to Android Runtime, most Java runtime environments officially support Java Native Interface (JNI) for interaction between Java and C. Using JNI, developers can improve Java program performance or reuse existing libraries implemented in ...
Finding bugs in exceptional situations of JNI programs
CCS '09: Proceedings of the 16th ACM conference on Computer and communications securitySoftware flaws in native methods may defeat Java's guarantees of safety and security. One common kind of flaws in native methods results from the discrepancy on how exceptions are handled in Java and in native methods. Unlike exceptions in Java, ...
Finding bugs in java native interface programs
ISSTA '08: Proceedings of the 2008 international symposium on Software testing and analysisIn this paper, we describe static analysis techniques for finding bugs in programs using the Java Native Interface (JNI). The JNI is both tedious and error-prone because there are many JNI-specific mistakes that are not caught by a native compiler. This ...
Comments