Interface Safety in Multilingual Software
Most real software systems are multilingual;
that is, they consist of components developed in different programming
languages. Multilingual software systems are convenient in practice.
Developers can reuse existing code modules, and can also mix and match
strengths of different languages. As an example, imagine that a
developer intends to perform data compression in Java. Instead of
writing all the code for data compression from scratch, he can reuse
the existing ZLib C library and write a thin interface between Java and
C, via the Java Native Interface (JNI). In fact, this is exactly how
Sun’s JDK implements the classes under java.util.zip.
Although multilingual software systems are convenient for developers
and ubiquitous in practice, it is difficult to write safe and reliable
multilingual software. It usually requires programmers to
carefully take into account the discrepancies between languages on
issues such as language features, data layout, memory management,
safety/security assumptions, and many others. As an example, Java has
built-in support for exceptions and exception handling, while C does
not. Therefore, when developers write software that consists of both
Java and C code, the C code has to
check for exceptions in every possible place where they may occur, and
provides code to handle them. Failure to do so may result in silent
memory corruption. As one can imagine, this is an extremely error-prone
process.
To address the safety and reliability issues in multilingual software, this project aims to
- Perform inter-language analysis on existing multilingual software,
for identifying and removing safety-critical bugs, and
for performing inter-language optimization;
- Formalize semantics of language interoperation (in frameworks such as the JNI and .NET);
- Design mechanisms that facilitate the writing of reliable multilingual software.
Publications
- Li, S. and Tan, G. (2014b). Finding reference-counting errors in Python/C programs with
affine analysis. In European Conference on Object-Oriented Programming (ECOOP). [paper]
- Li, S. and Tan, G. (2014a). Exception analysis in the Java Native Interface. Science of Computer
Programming, 89, 273–297. [paper]
- Li, S., Liu, D. Y., and Tan, G. (2012). JATO: Native code atomicity for Java. In Asian
Symposium on Programming Languages and Systems (APLAS), pages 2–17. [paper]
- Li, S. and Tan, G. (2011). JET: Exception checking in the Java Native Interface. In ACM
Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA),
pages 345–358. [paper]
- Li, S. and Tan, G. (2009). Finding bugs in exceptional situations of JNI programs. In 16th
ACM Conference on Computer and Communications Security (CCS), pages 442–452. [paper]
- Tan, G. and Croft, J. (2008). An empirical security study of the native code in the JDK. In
17th Usenix Security Symposium, pages 365–377. [paper]. [slides]. [tech report]
- Tan, G. and Morrisett, G. (2007). ILEA: Inter-language analysis across Java and C. In ACM
Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA),
pages 39–56. [paper]. [slides]
- Tan, G., Appel, A., Chakradhar, S., Raghunathan, A., Ravi, S., and Wang, D. (2006b). Safe
Java Native Interface. In IEEE International Symposium on Secure Software Engineering, pages
97–106. [paper]. [slides]
Participants
View this
page in Romanian courtesy of azoft
Last updated: Jul. 2011