資源描述:
《基于中間語言的 JNI內(nèi)存泄漏檢查-論文.pdf》由會員上傳分享,免費在線閱讀��,更多相關(guān)內(nèi)容在行業(yè)資料-天天文庫����。
1�����、計算機研究與發(fā)展DOI:10.7544ssn10OO~1239.2015.20131909JournalofComputerResearchandDevelopment52(4):898—906�����,2015基于中間語言的JNI內(nèi)存泄漏檢查蔣挺宇王鵬楊述褥震董淵王生原嵇智源(清華大學計算機科學與技術(shù)系北京100084)(科技部高技術(shù)研究發(fā)展中心北京100044)(Jiangty08@gmail.com)DetectionofJNIMemoryLeaksBasedonExtendedBytecodeJiangTingyu,WangPeng����,
2、YangShu�����,RuZhen�����,DongYuan�����,WangShengyuan�。andJiZhiyuan(DepartmentofComputerScienceandTechnology,TsinghuaUniversity����,Beijing100084)。(HighTechnologyResearchandDevelopmentCenter�,MinistryofScienceandTechnology。Beijing100044)AbstractTheJavanativeinterface(JNI)enablesJavacoderunni
3、nginaJavavirtualmachine(JVM)tobecalledbynativecode��,butthedifferenceofsecurityfeaturesbetweenlanguagesmakesitasecurityweakness�����,whichcannotbedetectedbyexistinganalysismethods.Commonlyuseddetectionmethodsaremainlybasedontheanalysisofintermediatelanguage���,whichisinvalidinthi
4�����、sJNIcase��,sincethelackofanintermediaterepresentationtobridgeJavaandC++.ThispaperanalyzesJNIfromaJava/C++cross—languageperspectiveandfocusesonmemoryleakswhichfrequentlyoccurinJNIcalls.Inordertoovercomelanguagebarriers�,thispaperproposesextendedBytecode(Bytecode)instruction
5�、sasinterpretationofC++semantics.Ourcontributionsaredescribedasfollows:1)DefineablockmemorymodelwhichiscompatiblewithbothJavaandC++;2)DesigntranslationrulesfromC++toextendedJavaBytecodebasedonLLVM/LLJVM�����;3)Constructamethodcallgraph�����,extractabstractanddetectmemory1eaksinJNI
6��、callsbyinterproceduralanalysis.ExperimentsontypicalJNIcodewithmemoryleakfeaturesshowthatouranalysisworkcandetectmemoryleaksinJava/C++accurately���,andisofimportantsignificanceincross—linguisticprogrammingandvulnerabilityanalysis.KeywordsJavanativeinterface(JNI)���;cross—lingu
7、isticanalysis����;semanticextension;Bytecode����;memoryleak摘要JNI技術(shù)支持Java與本地c/c++的相互調(diào)用,在Android等混合語言實現(xiàn)的系統(tǒng)中有著廣泛應用��,但語言之間的安全特性差異使其成為安全薄弱環(huán)節(jié)�,現(xiàn)有的分析方法難以處理多語言相互調(diào)用產(chǎn)生的安全缺陷.以JNI調(diào)用中易產(chǎn)生的內(nèi)存泄漏為例,開展Java/C++JNI跨語言分析的研究.采用擴展的JavaBytecode(Bytecode)指令作為C++語義的解釋來消除跨語言分析的障礙.圍繞JNI調(diào)用中內(nèi)存泄漏的問題����,做了以下3方面工作:
8、1)定義兼容Java/C++語言的分塊內(nèi)存模型�;2)基于LLVM/LLJVM,設計實現(xiàn)了C++到Bytecode的翻譯策略;3)建立方法調(diào)用圖���,提取方法摘要�,利用過程間分析方法檢測JNI調(diào)用中的內(nèi)存泄漏.針對具有典型內(nèi)存
