ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2015, Vol. 52 ›› Issue (4): 898-906.doi: 10.7544/issn1000-1239.2015.20131909

• 软件技术 • 上一篇    下一篇

基于中间语言的JNI内存泄漏检查

蒋挺宇1, 王鹏1, 杨述1, 褥震1, 董渊1, 王生原1, 嵇智源2   

  1. 1(清华大学计算机科学与技术系 北京 100084); 2(科技部高技术研究发展中心 北京 100044) (Jiangty08@gmail.com)
  • 出版日期: 2015-04-01
  • 基金资助: 
    基金项目:国家自然科学基金项目(61272086);“核高基”国家科技重大专项基金项目(2012ZX01039-004-08)

Detection of JNI Memory Leaks Based on Extended Bytecode

Jiang Tingyu1,Wang Peng1,Yang Shu1,Ru Zhen1,Dong Yuan1,Wang Shengyuan1,Ji Zhiyuan2   

  1. 1(Department of Computer Science and Technology, Tsinghua University, Beijing 100084); 2(High Technology Research and Development Center, Ministry of Science and Technology, Beijing 100044)
  • Online: 2015-04-01

摘要: JNI技术支持Java与本地C/C++的相互调用,在Android等混合语言实现的系统中有着广泛应用,但语言之间的安全特性差异使其成为安全薄弱环节,现有的分析方法难以处理多语言相互调用产生的安全缺陷.以JNI调用中易产生的内存泄漏为例,开展Java/C++JNI跨语言分析的研究.采用扩展的Java Bytecode(Bytecode*)指令作为C++语义的解释来消除跨语言分析的障碍.围绕JNI调用中内存泄漏的问题,做了以下3方面工作:1)定义兼容Java/C++语言的分块内存模型;2)基于LLVM/LLJVM,设计实现了C++到Bytecode*的翻译策略;3)建立方法调用图,提取方法摘要,利用过程间分析方法检测JNI调用中的内存泄漏.针对具有典型内存泄漏特征的JNI实例翻译检测表明,该工作能够准确检测出Java/C++混合语言中的内存泄漏,对于JNI混合语言编程的理解和漏洞分析具有重要价值.

关键词: Java本地调用, 跨语言分析, 语义扩展, 字节码, 内存泄漏

Abstract: The Java native interface(JNI)enables Java code running in a Java virtual machine(JVM) to be called by native code, but the difference of security features between languages makes it a security weakness, which cannot be detected by existing analysis methods. Commonly used detection methods are mainly based on the analysis of intermediate language, which is invalid in this JNI case, since the lack of an intermediate representation to bridge Java and C++. This paper analyzes JNI from a Java/C++ cross-language perspective and focuses on memory leaks which frequently occur in JNI calls. In order to overcome language barriers, this paper proposes extended Bytecode (Bytecode*) instructions as interpretation of C++ semantics. Our contributions are described as follows: 1)Define a block memory model which is compatible with both Java and C++;2) Design translation rules from C++ to extended Java Bytecode based on LLVM/LLJVM;3)Construct a method call graph, extract abstract and detect memory leaks in JNI calls by interprocedural analysis. Experiments on typical JNI code with memory leak features show that our analysis work can detect memory leaks in Java/C++ accurately, and is of important significance in cross-linguistic programming and vulnerability analysis.

Key words: Java native interface (JNI), cross-linguistic analysis, semantic extension, Bytecode, memory leak

中图分类号: