[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/3324884.3416558acmconferencesArticle/Chapter ViewAbstractPublication PagesaseConference Proceedingsconference-collections
research-article

Broadening horizons of multilingual static analysis: semantic summary extraction from C code for JNI program analysis

Published: 27 January 2021 Publication History

Abstract

Most programming languages support foreign language interoperation that allows developers to integrate multiple modules implemented in different languages into a single multilingual program. While utilizing various features from multiple languages expands expressivity, differences in language semantics require developers to understand the semantics of multiple languages and their inter-operation. Because current compilers do not support compile-time checking for interoperation, they do not help developers avoid interoperation bugs. Similarly, active research on static analysis and bug detection has been focusing on programs written in a single language.
In this paper, we propose a novel approach to analyze multilingual programs statically. Unlike existing approaches that extend a static analyzer for a host language to support analysis of foreign function calls, our approach extracts semantic summaries from programs written in guest languages using a modular analysis technique, and performs a whole-program analysis with the extracted semantic summaries. To show practicality of our approach, we design and implement a static analyzer for multilingual programs, which analyzes JNI interoperation between Java and C. Our empirical evaluation shows that the analyzer is scalable in that it can construct call graphs for large programs that use JNI interoperation, and useful in that it found 74 genuine interoperation bugs in real-world Android JNI applications.

References

[1]
Shahid Alam, Zhengyang Qu, Ryan Riley, Yan Chen, and Vaibhav Rastogi. 2017. DroidNative: Automating and optimizing detection of Android native code malware variants. computers & security 65 (2017), 230--246.
[2]
arguslab. 2019. NativeFlowBench. https://github.com/arguslab/NativeFlowBench.
[3]
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In Acm Sigplan Notices, Vol. 49. ACM, 259--269.
[4]
Sora Bae, Sungho Lee, and Sukyoung Ryu. 2019. Towards understanding and reasoning about Android interoperations. In Proceedings of the 41st International Conference on Software Engineering. IEEE Press, 223--233.
[5]
Android Developers Blog. 2011. JNI Local Reference Changes in ICS. https://android-developers.googleblog.com/2011/11/jni-local-reference-changes-in-ics.html.
[6]
Achim D Brucker and Michael Herzberg. 2016. On the static analysis of hybrid mobile apps. In International Symposium on Engineering Secure Software and Systems. Springer, 72--88.
[7]
Patrick Cousot and Radhia Cousot. 1977. Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages.
[8]
Google Developers. 2019. JNI tips: Native libraries. https://developer.android.com/training/articles/perf-jni#native-libraries.
[9]
Isil Dillig, Thomas Dillig, Alex Aiken, and Mooly Sagiv. 2011. Precise and compact modular procedure summaries for heap manipulating programs. In ACM SIGPLAN Notices, Vol. 46. ACM, 567--577.
[10]
Go Documentation. 2019. Command Cgo. https://golang.org/cmd/cgo/.
[11]
Java SE Documentation. 2019. Java Native Interface Specification. https://docs.oracle.com/javase/7/docs/technotes/guides/jni/spec/jniTOC.html.
[12]
Node.js Documentation. 2019. C++ Addons. https://nodejs.org/dist/latest-v10.x/docs/api/addons.html.
[13]
Python Documentation. 2019. Extending and Embedding the Python Interpreter. https://docs.python.org/3/extending/extending.html.
[14]
Rust Documentation. 2019. Foreign Function Interface. https://doc.rust-lang.org/1.9.0/book/ffi.html.
[15]
F-Droid. 2019. F-Droid - Free and Open Source Android App Repository. https://f-droid.org.
[16]
Facebook. 2019. Infer. https://fbinfer.com.
[17]
Martin Hirzel, Daniel Von Dincklage, Amer Diwan, and Michael Hind. 2007. Fast online pointer analysis. ACM Transactions on Programming Languages and Systems (TOPLAS) 29, 2 (2007), 11.
[18]
IBM. 2006. T.J. Watson Libraries for Analysis. http://wala.sourceforge.net/wiki/index.php/Main_Page.
[19]
Sungho Lee, Julian Dolby, and Sukyoung Ryu. 2016. HybriDroid: static analysis framework for Android hybrid applications. In 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 250--261.
[20]
Siliang Li and Gang Tan. 2014. Exception analysis in the java native interface. Science of Computer Programming 89 (2014), 273--297.
[21]
Julia Manual. 2019. Calling C and Fortran Code. https://docs.julialang.org/en/v1/manual/calling-c-and-fortran-code/index.html.
[22]
Soot. 2016. Legacy-Free Soot. https://github.com/Sable/soot/issues/654.
[23]
Bjarne Steensgaard. 1996. Points-to analysis in almost linear time. In Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM, 32--41.
[24]
Gang Tan and Greg Morrisett. 2007. ILEA: Inter-language analysis across Java and C. In ACM SIGPLAN Notices, Vol. 42. ACM, 39--56.
[25]
Fengguo Wei, Xingwei Lin, Xinming Ou, Ting Chen, and Xiaosong Zhang. 2018. JN-SAF: Precise and Efficient NDK/JNI-aware Inter-language Static Analysis Framework for Security Vetting of Android Applications with Native Code. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1137--1150.

Cited By

View all
  • (2024)AXA: Cross-Language Analysis through Integration of Single-Language AnalysesProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3696193(1195-1205)Online publication date: 27-Oct-2024
  • (2024)Learning to Detect and Localize Multilingual BugsProceedings of the ACM on Software Engineering10.1145/36608041:FSE(2190-2213)Online publication date: 12-Jul-2024
  • (2024)NativeSummary: Summarizing Native Binary Code for Inter-language Static Analysis of Android AppsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680335(971-982)Online publication date: 11-Sep-2024
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering
December 2020
1449 pages
ISBN:9781450367684
DOI:10.1145/3324884
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

  • IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 January 2021

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Java native interface
  2. language interoperability
  3. multilingual program analysis

Qualifiers

  • Research-article

Funding Sources

  • National Research Foundation of Korea (NRF)

Conference

ASE '20
Sponsor:

Acceptance Rates

Overall Acceptance Rate 82 of 337 submissions, 24%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)120
  • Downloads (Last 6 weeks)15
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)AXA: Cross-Language Analysis through Integration of Single-Language AnalysesProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3696193(1195-1205)Online publication date: 27-Oct-2024
  • (2024)Learning to Detect and Localize Multilingual BugsProceedings of the ACM on Software Engineering10.1145/36608041:FSE(2190-2213)Online publication date: 12-Jul-2024
  • (2024)NativeSummary: Summarizing Native Binary Code for Inter-language Static Analysis of Android AppsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680335(971-982)Online publication date: 11-Sep-2024
  • (2024)How Are Multilingual Systems Constructed: Characterizing Language Use and Selection in Open-Source Multilingual SoftwareACM Transactions on Software Engineering and Methodology10.1145/363196733:3(1-46)Online publication date: 14-Mar-2024
  • (2024)Cross-Language Taint Analysis: Generating Caller-Sensitive Native Code Specification for JavaIEEE Transactions on Software Engineering10.1109/TSE.2024.339225450:6(1518-1533)Online publication date: 27-May-2024
  • (2024)An Empirical Study of JVMs’ Behaviors on Erroneous JNI InteroperationsIEEE Transactions on Software Engineering10.1109/TSE.2024.337323950:4(979-994)Online publication date: 5-Mar-2024
  • (2024)Challenges of Multilingual Program Specification and AnalysisLeveraging Applications of Formal Methods, Verification and Validation. Specification and Verification10.1007/978-3-031-75380-0_8(124-143)Online publication date: 30-Oct-2024
  • (2024)Artificial Intelligence Model Based Security Protection Method for IoT ApplicationsQuality, Reliability, Security and Robustness in Heterogeneous Systems10.1007/978-3-031-65126-7_15(143-157)Online publication date: 20-Aug-2024
  • (2023)The metamorphoses in the exposition of certain isiXhosa wordsSouthern African Linguistics and Applied Language Studies10.2989/16073614.2023.218823342:1(49-58)Online publication date: 21-Jul-2023
  • (2023)Reusing Single-Language Analyses for Static Analysis of Multi-language ProgramsCompanion Proceedings of the 2023 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity10.1145/3618305.3623590(16-18)Online publication date: 22-Oct-2023
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media