Article

Checking type safety of foreign function calls

Authors:

Jeffrey S. FosterAuthors Info & Claims

PLDI '05: Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation

Pages 62 - 72

https://doi.org/10.1145/1065010.1065019

Published: 12 June 2005 Publication History

Abstract

We present a multi-lingual type inference system for checking type safety across a foreign function interface. The goal of our system is to prevent foreign function calls from introducing type and memory safety violations into an otherwise safe language. Our system targets OCaml's FFI to C, which is relatively lightweight and illustrates some interesting challenges in multi-lingual type inference. The type language in our system embeds OCaml types in C types and vice-versa, which allows us to track type information accurately even through the foreign language, where the original types are lost. Our system uses representational types that can model multiple OCaml types, because C programs can observe that many OCaml types have the same physical representation. Furthermore, because C has a low-level view of OCaml data, our inference system includes a dataflow analysis to track memory offsets and tag information. Finally, our type system includes garbage collection information to ensure that pointers from the FFI to the OCaml heap are tracked properly. We have implemented our inference system and applied it to a small set of benchmarks. Our results show that programmers do misuse these interfaces, and our implementation has found several bugs and questionable coding practices in our benchmarks.

References

[1]

ANSI. Programming languages -- C, 1999. ISO/IEC 9899:1999.]]

[2]

D. M. Beazley. SWIG: An easy to use tool for integrating scripting languages with C and C++,.]]

[3]

N. Benton and A. Kennedy, editors. BABEL'01: First International Workshop on Multi-Language Infrastructure and Interoperability, volume 59 of Electronic Notes in Theoretical Computer Science, Firenze, Italy, Sept. 2001. http://www.elsevier.nl/locate/entcs/volume59.html.]]

[4]

M. Blume. No-Longer-Foreign: Teaching an ML compiler to speak C "natively". In Benton and Kennedy babel01. http://www.elsevier.nl/locate/entcs/volume59.html.]]

[5]

S. Chandra and T. W. Reps. Physical Type Checking for C. In Proceedings of the ACM SIGPLAN/SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, pages 66--75, Toulouse, France, Sept. 1999.]]

Digital Library

[6]

A. S. Christensen, A. Møller, and M. I. Schwartzbach. Precise Analysis of String Expressions. In R. Cousot, editor, Static Analysis, 10th International Symposium, volume 2694 of Lecture Notes in Computer Science, pages 1--18, San Diego, CA, USA, June 2003. Springer-Verlag.]]

Digital Library

[7]

R. DeLine and M. Fähndrich. The Fugue Protocol Checker: Is your software Baroque? Technical Report MSR-TR-2004-07, Microsoft Research, Jan. 2004.]]

[8]

S. Finne, D. Leijen, E. Meijer, and S. P. Jones. Calling hell from heaven and heaven from hell. In Proceedings of the fourth ACM SIGPLAN International Conference on Functional Programming, pages 114--125, Paris, France, Sept. 1999.]]

Digital Library

[9]

K. Fisher, R. Pucella, and J. Reppy. A framework for interoperability. In Benton and Kennedy {3}. http://www.elsevier.nl/locate/entcs/volume59.html.]]

[10]

M. Furr and J. S. Foster. Checking Type Safety of Foreign Function Calls. Technical Report CS-TR-4627, University of Maryland, Computer Science Department, Nov. 2004.]]

[11]

C. Gould, Z. Su, and P. Devanbu. Static Checking of Dynamically Generated Queries in Database Applications. In Proceedings of the 26th International Conference on Software Engineering, pages 645--654, Edinburgh, Scotland, UK, May 2004.]]

Digital Library

[12]

D. N. Gray, J. Hotchkiss, S. LaForge, A. Shalit, and T. Weinberg. Modern Languages and Microsoft's Component Object Model. Communications of the ACM, 41(5):55--65, May 1998.]]

Digital Library

[13]

J. Hamilton. Interlanguage Object Sharing with SOM. In Proceedings of the Usenix 1996 Annual Technical Conference, San Diego, California, Jan. 1996.]]

Digital Library

[14]

J. Hamilton. Language Integration in the Common Language Runtime. ACM SIGPLAN Notices, 38(2):19--28, Feb. 2003.]]

Digital Library

[15]

L. Huelsbergen. A Portable C Interface for Standard ML of New Jersey. http://www.smlnj.org//doc/SMLNJ-C/smlnj-c.ps, 1996.]]

[16]

X. Leroy. The Objective Caml system, Aug. 2004. Release 3.08, http://caml.inria.fr/distrib/ocaml-3.08/ocaml-3.08-refman.pdf.]]

[17]

S. Liang. The Java Native Interface: Programmer's Guide and Specification. Addison-Wesley, 1999.]]

Digital Library

[18]

E. Meijer, N. Perry, and A. van Yzendoorn. Scripting .NET using Mondrian. In J. L. Knudsen, editor, ECOOP 2001 - Object-Oriented Programming, 15th European Conference, volume 2072 of Lecture Notes in Computer Science, pages 150--164, Budapest, Hungary, June 2001. Springer-Verlag.]]

Digital Library

[19]

G. Necula, S. McPeak, and W. Weimer. CCured: Type-Safe Retrofitting of Legacy Code. In Proceedings of the 29th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 128--139, Portland, Oregon, Jan. 2002.]]

Digital Library

[20]

G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. In R. N. Horspool, editor, Compiler Construction, 11th International Conference, volume 2304 of Lecture Notes in Computer Science, pages 213--228, Grenoble, France, Apr. 2002. Springer-Verlag.]]

Digital Library

[21]

D. Rémy. Typechecking records and variants in a natural extension of ML. In Proceedings of the 16th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 77--88, Austin, Texas, Jan. 1989.]]

Digital Library

[22]

V. Trifonov and Z. Shao. Safe and Principled Language Interoperation. In D. Swierstra, editor, 8th European Symposium on Programming, volume 1576 of Lecture Notes in Computer Science, pages 128--146, Amsterdam, The Netherlands, Mar. 1999. Springer-Verlag.]]

Digital Library

Cited By

Korkut JStark KAppel A(2025)A Verified Foreign Function Interface between Coq and CProceedings of the ACM on Programming Languages10.1145/37048609:POPL(687-717)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704860
Kan SGao YZhong ZSui Y(2024)Cross-Language Taint Analysis: Generating Caller-Sensitive Native Code Specification for JavaIEEE Transactions on Software Engineering10.1109/TSE.2024.339225450:6(1518-1533)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1109/TSE.2024.3392254
Guéneau AHostert JSpies SSammler MBirkedal LDreyer D(2023)Melocoton: A Program Logic for Verified Interoperability Between OCaml and CProceedings of the ACM on Programming Languages10.1145/36228237:OOPSLA2(716-744)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622823
Show More Cited By

Index Terms

Checking type safety of foreign function calls

Recommendations

A Foreign Function Interface for Pallene
SBLP '22: Proceedings of the XXVI Brazilian Symposium on Programming Languages

Pallene is a statically typed subset of the Lua programming language, designed to act as a system-language counterpart to Lua’s scripting, and used to write lower-level libraries and extension modules for Lua. In this sense, Pallene is a companion ...
Checking type safety of foreign function calls

Foreign function interfaces (FFIs) allow components in different languages to communicate directly with each other. While FFIs are useful, they often require writing tricky low-level code and include little or no static safety checking, thus providing a ...
Checking type safety of foreign function calls
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation

We present a multi-lingual type inference system for checking type safety across a foreign function interface. The goal of our system is to prevent foreign function calls from introducing type and memory safety violations into an otherwise safe ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PLDI '05: Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation

June 2005

338 pages

ISBN:1595930566

DOI:10.1145/1065010

General Chair:
Vivek Sarkar
IBM Research
,
Program Chair:
Mary Hall
USC/ISI

ACM SIGPLAN Notices Volume 40, Issue 6
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
June 2005
325 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1064978
Issue’s Table of Contents

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 June 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

PLDI05

Sponsor:

PLDI05: ACM SIGPLAN Conference on Programming Language Design and Implementation 2005

June 12 - 15, 2005

IL, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

70
Total Citations
View Citations
744
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)1

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Korkut JStark KAppel A(2025)A Verified Foreign Function Interface between Coq and CProceedings of the ACM on Programming Languages10.1145/37048609:POPL(687-717)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704860
Kan SGao YZhong ZSui Y(2024)Cross-Language Taint Analysis: Generating Caller-Sensitive Native Code Specification for JavaIEEE Transactions on Software Engineering10.1109/TSE.2024.339225450:6(1518-1533)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1109/TSE.2024.3392254
Guéneau AHostert JSpies SSammler MBirkedal LDreyer D(2023)Melocoton: A Program Logic for Verified Interoperability Between OCaml and CProceedings of the ACM on Programming Languages10.1145/36228237:OOPSLA2(716-744)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622823
Johnson ELaufer EZhao ZGohman DNarayan SSavage SStefan DBrown F(2023)WaVe: a verifiably secure WebAssembly sandboxing runtime2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179357(2940-2955)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179357
Hu MZhao QZhang YXiong Y(2023)Cross-Language Call Graph Construction Supporting Different Host Languages2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER56733.2023.00024(155-166)Online publication date: Mar-2023
https://doi.org/10.1109/SANER56733.2023.00024
Samhi JGao JDaoudi NGraux PHoyez HSun XAllix KBissyandé TKlein JDwyer MDamian DZeller A(2022)JuCifyProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3512766(1232-1244)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510003.3512766
Jiang CHua BOuyang WFan QPan Z(2021)PyGuard: Finding and Understanding Vulnerabilities in Python Virtual Machines2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE52982.2021.00055(468-475)Online publication date: Oct-2021
https://doi.org/10.1109/ISSRE52982.2021.00055
Hu MZhang YHuang WXiong Y(2021)Static Type Inference for Foreign Functions of Python2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE52982.2021.00051(423-433)Online publication date: Oct-2021
https://doi.org/10.1109/ISSRE52982.2021.00051
Monat ROuadjaout AMiné A(2021)A Multilanguage Static Analysis of Python Programs with Native C ExtensionsStatic Analysis10.1007/978-3-030-88806-0_16(323-345)Online publication date: 13-Oct-2021
https://doi.org/10.1007/978-3-030-88806-0_16
Abidi MKhomh F(2020)Towards the Definition of Patterns and Code Smells for Multi-language SystemsProceedings of the European Conference on Pattern Languages of Programs 202010.1145/3424771.3424792(1-13)Online publication date: 1-Jul-2020
https://dl.acm.org/doi/10.1145/3424771.3424792
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten