SafeCheck: Safety Enhancement of Java Unsafe APITechnical Track
Java is a safe programming language by providing bytecode verification and enforcing memory protection. For instance, programmers cannot directly access the memory but have to use object references. Yet, the Java runtime provides an Unsafe API as a backdoor for the developers to access the low-level system code. Whereas the Unsafe API is designed to only be used by the Java core library, a growing community of third-party libraries uses it to achieve high performance. The Unsafe API is powerful, but dangerous, which can lead to data corruption, resource leaks, and difficult-to-diagnose JVM crash if used improperly.
In this work, we study the Unsafe crash patterns and propose a memory checker to enforce the memory safety, thus avoiding the JVM crash caused by the misuse of the Unsafe API at the bytecode level. We evaluate our technique on real crash cases from the open JDK bug system and real-world applications from the JVM team of Alibaba. Our tool reduces the efforts from several days to a few minutes for the developers to diagnose the Unsafe related crashes. We also evaluate the runtime overhead of our tool on projects using intensive Unsafe operations, and the result shows that our tool causes a negligible perturbation to the execution of the applications.
Fri 31 MayDisplayed time zone: Eastern Time (US & Canada) change
14:00 - 15:30 | API AnalysisTechnical Track / Demonstrations / Papers at Duluth Chair(s): Sam Malek University of California, Irvine | ||
14:00 20mTalk | Exposing Library API Misuses via Mutation AnalysisTechnical Track Technical Track Ming Wen The Hong Kong University of Science and Technology, Yepang Liu Southern University of Science and Technology, Rongxin Wu Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Xuan Xie School of Data and Computer Science, Sun Yat-sen University, Guangzhou, China, Shing-Chi Cheung Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Zhendong Su ETH Zurich | ||
14:20 20mDemonstration | Vetting API Usages in C Programs with IMCheckerDemos Demonstrations Zuxing Gu School of Software, Tsinghua University, Jiecheng Wu Tsinghua University, Li Chi Tsinghua University, Min Zhou Tsinghua University, Yu Jiang , Ming Gu Tsinghua University, Jiaguang Sun Pre-print | ||
14:40 20mTalk | PIVOT: Learning API-Device Correlations to Facilitate Android Compatibility Issue DetectionTechnical Track Technical Track Lili Wei The Hong Kong University of Science and Technology, Yepang Liu Southern University of Science and Technology, Shing-Chi Cheung Department of Computer Science and Engineering, The Hong Kong University of Science and Technology Pre-print | ||
15:00 20mTalk | SafeCheck: Safety Enhancement of Java Unsafe APITechnical Track Technical Track Shiyou Huang Texas A&M University, Jianmei Guo Alibaba Group, Sanhong Li Alibaba Inc., Xiang Li Alibaba, Yumin Qi Alibaba, Kingsum Chow , Jeff Huang Texas A&M University | ||
15:20 10mTalk | Discussion Period Papers |