Current Java static analyzers, operating either on the source or byte-code level, exhibit unsoundness for programs that contain native code. We show that the Java Native Interface (JNI) specification, which is used by Java programs to interoperate with Java code, is principled enough to permit static reasoning about the effects of native code on program execution when it comes to call-backs. Our approach consists of disassembling native binaries, recovering static symbol information that corresponds to Java method signatures, and producing a model for statically exercising these native call-backs with appropriate mock objects. The approach manages to recover virtually all Java calls in native code, for both Android and Java desktop applications—(a) achieving 100% native-to-application call-graph recall on large Android applications (Chrome, Instagram) and (b) capturing the full native call-back behavior of the XCorpus suite programs.
Wed 22 Jul Times are displayed in time zone: (GMT-07:00) Tijuana, Baja California change
|10:50 - 11:10|
Yifei Xu, Zhengzi Xu, Bihuan ChenFudan University, Fu Song, Yang LiuNanyang Technological University, Singapore, Ting LiuXi'an Jiaotong UniversityDOI Media Attached
|11:10 - 11:30|
George FourtounisUniversity of Athens, Leonidas TriantafyllouUniversity of Athens, Yannis SmaragdakisUniversity of Athens, GreeceDOI Media Attached
|11:30 - 11:50|
Muhui Jiang, Yajin ZhouZhejiang University, Xiapu LuoThe Hong Kong Polytechnic University, Ruoyu Wang, Yang LiuNanyang Technological University, Singapore, Kui RenDOI