Michael Furr
Jeffrey S. Foster
Abstract
We present a multi-lingual type inference system for checking type safety across a foreign function interface. The goal of our system is to prevent foreign function calls from introducing type and memory safety violations into an otherwise safe language. Our system targets OCaml's FFI to C, which is relatively lightweight and illustrates some interesting challenges in multi-lingual type inference. The type language in our system embeds OCaml types in C types and vice-versa, which allows us to track type information accurately even through the foreign language, where the original types are lost. Our system uses representational types that can model multiple OCaml types, because C programs can observe that many OCaml types have the same physical representation. Furthermore, because C has a low-level view of OCaml data, our inference system includes a dataflow analysis to track memory offsets and tag information. Finally, our type system includes garbage collection information to ensure that pointers from the FFI to the OCaml heap are tracked properly. We have implemented our inference system and applied it to a small set of benchmarks. Our results show that programmers do misuse these interfaces, and our implementation has found several bugs and questionable coding practices in our benchmarks.
- ANSI. Programming languages -- C, 1999. ISO/IEC 9899:1999.]]Google Scholar
- D. M. Beazley. SWIG: An easy to use tool for integrating scripting languages with C and C++,.]]Google Scholar
- N. Benton and A. Kennedy, editors. BABEL'01: First International Workshop on Multi-Language Infrastructure and Interoperability, volume 59 of Electronic Notes in Theoretical Computer Science, Firenze, Italy, Sept. 2001. http://www.elsevier.nl/locate/entcs/volume59.html.]]Google Scholar
- M. Blume. No-Longer-Foreign: Teaching an ML compiler to speak C "natively". In Benton and Kennedy babel01. http://www.elsevier.nl/locate/entcs/volume59.html.]]Google Scholar
- S. Chandra and T. W. Reps. Physical Type Checking for C. In Proceedings of the ACM SIGPLAN/SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, pages 66--75, Toulouse, France, Sept. 1999.]] Google ScholarDigital Library
- A. S. Christensen, A. Møller, and M. I. Schwartzbach. Precise Analysis of String Expressions. In R. Cousot, editor, Static Analysis, 10th International Symposium, volume 2694 of Lecture Notes in Computer Science, pages 1--18, San Diego, CA, USA, June 2003. Springer-Verlag.]] Google ScholarDigital Library
- R. DeLine and M. Fähndrich. The Fugue Protocol Checker: Is your software Baroque? Technical Report MSR-TR-2004-07, Microsoft Research, Jan. 2004.]]Google Scholar
- S. Finne, D. Leijen, E. Meijer, and S. P. Jones. Calling hell from heaven and heaven from hell. In Proceedings of the fourth ACM SIGPLAN International Conference on Functional Programming, pages 114--125, Paris, France, Sept. 1999.]] Google ScholarDigital Library
- K. Fisher, R. Pucella, and J. Reppy. A framework for interoperability. In Benton and Kennedy {3}. http://www.elsevier.nl/locate/entcs/volume59.html.]]Google Scholar
- M. Furr and J. S. Foster. Checking Type Safety of Foreign Function Calls. Technical Report CS-TR-4627, University of Maryland, Computer Science Department, Nov. 2004.]]Google Scholar
- C. Gould, Z. Su, and P. Devanbu. Static Checking of Dynamically Generated Queries in Database Applications. In Proceedings of the 26th International Conference on Software Engineering, pages 645--654, Edinburgh, Scotland, UK, May 2004.]] Google ScholarDigital Library
- D. N. Gray, J. Hotchkiss, S. LaForge, A. Shalit, and T. Weinberg. Modern Languages and Microsoft's Component Object Model. Communications of the ACM, 41(5):55--65, May 1998.]] Google ScholarDigital Library
- J. Hamilton. Interlanguage Object Sharing with SOM. In Proceedings of the Usenix 1996 Annual Technical Conference, San Diego, California, Jan. 1996.]] Google ScholarDigital Library
- J. Hamilton. Language Integration in the Common Language Runtime. ACM SIGPLAN Notices, 38(2):19--28, Feb. 2003.]] Google ScholarDigital Library
- L. Huelsbergen. A Portable C Interface for Standard ML of New Jersey. http://www.smlnj.org//doc/SMLNJ-C/smlnj-c.ps, 1996.]]Google Scholar
- X. Leroy. The Objective Caml system, Aug. 2004. Release 3.08, http://caml.inria.fr/distrib/ocaml-3.08/ocaml-3.08-refman.pdf.]]Google Scholar
- S. Liang. The Java Native Interface: Programmer's Guide and Specification. Addison-Wesley, 1999.]] Google ScholarDigital Library
- E. Meijer, N. Perry, and A. van Yzendoorn. Scripting .NET using Mondrian. In J. L. Knudsen, editor, ECOOP 2001 - Object-Oriented Programming, 15th European Conference, volume 2072 of Lecture Notes in Computer Science, pages 150--164, Budapest, Hungary, June 2001. Springer-Verlag.]] Google ScholarDigital Library
- G. Necula, S. McPeak, and W. Weimer. CCured: Type-Safe Retrofitting of Legacy Code. In Proceedings of the 29th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 128--139, Portland, Oregon, Jan. 2002.]] Google ScholarDigital Library
- G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. In R. N. Horspool, editor, Compiler Construction, 11th International Conference, volume 2304 of Lecture Notes in Computer Science, pages 213--228, Grenoble, France, Apr. 2002. Springer-Verlag.]] Google ScholarDigital Library
- D. Rémy. Typechecking records and variants in a natural extension of ML. In Proceedings of the 16th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 77--88, Austin, Texas, Jan. 1989.]] Google ScholarDigital Library
- V. Trifonov and Z. Shao. Safe and Principled Language Interoperation. In D. Swierstra, editor, 8th European Symposium on Programming, volume 1576 of Lecture Notes in Computer Science, pages 128--146, Amsterdam, The Netherlands, Mar. 1999. Springer-Verlag.]] Google ScholarDigital Library
Index Terms
- Checking type safety of foreign function calls
Recommendations
Checking type safety of foreign function calls
Foreign function interfaces (FFIs) allow components in different languages to communicate directly with each other. While FFIs are useful, they often require writing tricky low-level code and include little or no static safety checking, thus providing a ...
Checking type safety of foreign function calls
PLDI '05: Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementationWe present a multi-lingual type inference system for checking type safety across a foreign function interface. The goal of our system is to prevent foreign function calls from introducing type and memory safety violations into an otherwise safe ...
A Foreign Function Interface for Pallene
SBLP '22: Proceedings of the XXVI Brazilian Symposium on Programming LanguagesPallene is a statically typed subset of the Lua programming language, designed to act as a system-language counterpart to Lua’s scripting, and used to write lower-level libraries and extension modules for Lua. In this sense, Pallene is a companion ...
Comments