清华大学计算机学院褥震,基于中间语言的 JNI内存泄漏检查

摘要:

The Java native interface(JNI)enables Java code running in a Java virtual machine(JVM) to be called by native code, but the difference of security features between languages makes it a security weakness, which cannot be detected by existing analysis methods. Commonly used detection methods are mainly based on the analysis of intermediate language, which is invalid in this JNI case, since the lack of an intermediate representation to bridge Java and C++. This paper analyzes JNI from a Java/C++ cross-language perspective and focuses on memory leaks which frequently occur in JNI calls. In order to overcome language barriers, this paper proposes extended Bytecode (Bytecode*) instructions as interpretation of C++ semantics. Our contributions are described as follows: 1)Define a block memory model which is compatible with both Java and C++;2) Design translation rules from C++ to extended Java Bytecode based on LLVM/LLJVM;3)Construct a method call graph, extract abstract and detect memory leaks in JNI calls by interprocedural analysis. Experiments on typical JNI code with memory leak features show that our analysis work can detect memory leaks in Java/C++ accurately, and is of important significance in cross-linguistic programming and vulnerability analysis.

展开

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值