research-article

CIL to Java-bytecode translation for static analysis leveraging

Authors:

Pietro Ferrara,

Agostino Cortesi, and

Fausto SpotoAuthors Info & Claims

FormaliSE '18: Proceedings of the 6th Conference on Formal Methods in Software Engineering

June 2018

Pages 40 - 49

https://doi.org/10.1145/3193992.3193994

Published: 02 June 2018 Publication History

Abstract

A formal translation of CIL (i.e., .Net) bytecode into Java bytecode is introduced and proved sound with respect to the language semantics. The resulting code is then analyzed with Julia, an industrial static analyzer of Java bytecode. The overall process of translation and analysis is fast, scales up to industrial programs, and introduces a negligible number of false alarms. The main result of this work is to leverage existing, mature, and sound analyzers for Java bytecode by applying them to the (translated) CIL bytecode.

References

[1]

Checkstyle. http://checkstyle.sourceforge.net. Accessed on March, 16th 2018.

[2]

Clr to jvm. http://www.xmlvm.org/clr2jvm/. Accessed on March, 16th 2018.

[3]

CodeSonar - Static Analysis SAST Software. https://www.grammatech.com/products/codesonar. Accessed on March, 16th 2018.

[4]

Findbugs<sup>TM</sup> - Find Bugs in Java Programs. http://findbugs.sourceforge.net/. Accessed on March, 16th 2018.

[5]

Ndepend. http://www.ndepend.com. Accessed on March, 16th 2018.

[6]

.Net Reflector Add-Ins. https://www.microsoft.com/en-us/research/project/spec.

[7]

PMD. https://pmd.github.io/. Accessed on March, 16th 2018.

[8]

WALA. http://wala.sourceforge.net/wiki/index.php/Main_Page. Accessed on March, 16th 2018.

[9]

M. Ameri and C. A. Furia. Why Just Boogie? Translating between Intermediate VÂćerification Languages. In Proceedings of IFM '16, LNCS. Springer, 2016.

Digital Library

[10]

R. Atkey and D. Sannella. ThreadSafe: Static Analysis for Java Concurrency. Electronic Comm. of the European Association of Software Science and Technology, 72, 2015.

[11]

G. Barbon, A. Cortesi, P. Ferrara, and E. Steffinlongo. DAPA: degradation-aware privacy analysis of android apps. In Proceedings of STM '16, pages 32--46, 2016.

[12]

M. Barnett, K. Leino, and W. Schulte. The Spec# Programming System: An Overview. In Proceedings of CASSIS '04, 2004.

Digital Library

[13]

M. Bebenita, F. Brandner, M. Fähndrich, F. Logozzo, W. Schulte, N. Tillmann, and H. Venter. SPUR: a Trace-based JIT Compiler for CIL. In W. R. Cook, S. Clarke, and M. C. Rinard, editors, Proceedings of OOPSLA '10. ACM, 2010.

Digital Library

[14]

G. Costantini, P. Ferrara, and A. Cortesi. A suite of abstract domains for static analysis of string values. Softw., Pract. Exper., 45(2):245--287, 2015.

Digital Library

[15]

P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of POPL '77. ACM Press, 1977.

Digital Library

[16]

P. Cousot and R. Cousot. Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In Proc. of Principles of Programming Languages (POPL'77), pages 238--252, 1977.

Digital Library

[17]

Coverity. Coverity Prevent<sup>TM</sup> . http://www.coverity.com/library/pdf/coverity_prevent.pdf. Accessed on March, 16th 2018.

[18]

ECMA. Standard ECMA-335: Common Language Infrastructure (CLI). 2012.

[19]

T. A. S. Foundation. Apache Commons BCEL. https://commons.apache.org/proper/commons-bcel. Accessed on March, 16th 2018.

[20]

JetBrains. Resharper. https://www.jetbrains.com/resharper.

[21]

T. Lindholm, F. Yellin, G. Bracha, and A. Buckley. The Java Virtual Machine Specification, Java SE 7 Edition. Addison-Wesley Professional, 1st edition, 2013.

Digital Library

[22]

F. Logozzo. Cibai: An Abstract Interpretation-Based Static Analyzer for Modular Analysis and Verification of Java Classes. In Proceedings of VMCAI '07, LNCS. Springer, 2007.

Digital Library

[23]

F. Logozzo and M. Fähndrich. Static Contract Checking with Abstract Interpretation. In Proceedings of FoVeOOS '10, LNCS. Springer, 2010.

[24]

Microsoft. FxCop. https://msdn.microsoft.com/en-us/library/bb429476(v=vs.80).aspx. Accessed on March, 16th 2018.

[25]

F. Spoto. The Julia Static Analyzer for Java. In Proceedings of SAS '16, LNCS. Springer, 2016.

[26]

Wikipedia. List of Tools for Static Code Analysis. https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis#Java. Accessed on March, 16th 2018.

Cited By

Negrini LFerrara PArceri VCortesi A(2023)LiSA: A Generic Framework for Multilanguage Static AnalysisChallenges of Software Verification10.1007/978-981-19-9601-6_2(19-42)Online publication date: 22-Jul-2023
https://doi.org/10.1007/978-981-19-9601-6_2
Ferrara PCortesi ASpoto F(2020)From CIL to Java bytecode: Semantics-based translation for static analysis leveragingScience of Computer Programming10.1016/j.scico.2020.102392(102392)Online publication date: Jan-2020
https://doi.org/10.1016/j.scico.2020.102392
Ferrara PNegrini L(2020)SARL: OO Framework Specification for Static AnalysisSoftware Verification10.1007/978-3-030-63618-0_1(3-20)Online publication date: 6-Dec-2020
https://doi.org/10.1007/978-3-030-63618-0_1

Recommendations

From CIL to Java bytecode: Semantics-based translation for static analysis leveraging
Highlights
- A formal translation of CIL (.Net) bytecode into Java bytecode is introduced and proved sound w.r.t. the language semantics
Abstract
A formal translation of CIL (i.e., .Net) bytecode into Java bytecode is introduced and proved sound with respect to the language semantics. The resulting code is then analyzed with Julia, an industrial static analyzer of Java bytecode. ...
Read More
Decompiling Java Bytecode: Problems, Traps and Pitfalls
CC '02: Proceedings of the 11th International Conference on Compiler Construction

Java virtual machines execute Java bytecode instructions. Since this bytecode is a higher level representation than traditional object code, it is possible to decompile it back to Java source. Many such decompilers have been developed and the ...
Read More
Java bytecode to native code translation: the caffeine prototype and preliminary results
MICRO 29: Proceedings of the 29th annual ACM/IEEE international symposium on Microarchitecture

The Java bytecode language is emerging as a software distribution standard. With major vendors committed to porting the Java run-time environment to their platforms, programs in Java bytecode are expected to run without modification on multiple ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

FormaliSE '18: Proceedings of the 6th Conference on Formal Methods in Software Engineering

June 2018

101 pages

ISBN:9781450357180

DOI:10.1145/3193992

General Chairs:
Stefania Gnesi
ISTI-CNR, Italy
,
Nico Plat
Thanos, The Netherlands
,
Program Chairs:
Paola Spoletini
Kennesaw State University
,
Patrizio Pelliccione
Chalmers | University of Gothenburg, Gothenburg, Sweden

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering
IEEE-CS: Computer Society

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 June 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

ICSE '18

Sponsor:

SIGSOFT
IEEE-CS

ICSE '18: 40th International Conference on Software Engineering

June 2, 2018

Gothenburg, Sweden

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
78
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

Negrini LFerrara PArceri VCortesi A(2023)LiSA: A Generic Framework for Multilanguage Static AnalysisChallenges of Software Verification10.1007/978-981-19-9601-6_2(19-42)Online publication date: 22-Jul-2023
https://doi.org/10.1007/978-981-19-9601-6_2
Ferrara PCortesi ASpoto F(2020)From CIL to Java bytecode: Semantics-based translation for static analysis leveragingScience of Computer Programming10.1016/j.scico.2020.102392(102392)Online publication date: Jan-2020
https://doi.org/10.1016/j.scico.2020.102392
Ferrara PNegrini L(2020)SARL: OO Framework Specification for Static AnalysisSoftware Verification10.1007/978-3-030-63618-0_1(3-20)Online publication date: 6-Dec-2020
https://doi.org/10.1007/978-3-030-63618-0_1

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents