WALA Everywhere




Julian Dolby

IBM Thomas J. Watson Research Center





IMDEA, Madrid, June 2017

Dramatis personæ

  • Karim Ali
  • Devin Coughlin
  • Stephen Fink
  • Jürgen Graf
  • Sungho Lee (이성호)
  • Martin Mohr
  • Brian Pfretzschner
  • Sukyoung Ryu (류석영)
  • Max Schaefer
  • Aleksander Slominski
  • Manu Sridharan
  • Noah Weninger
  • Eric Wittern
  • Annie Ying
  • Christofer Young
  • Yunhui Zheng

WALA

  • Java libraries for static and dynamic analysis
    • With some JavaScript libraries
  • Started at IBM Thomas J. Watson Research Center
    • Open source in 2006 under Eclipse Public License
    • https://github.com/wala/WALA
    • Key design goals
      • Robustness
      • Efficiency
      • Extensibility

Analyze Everything

Analyze Everywhere

WALA Everywhere

  • Illustrate a small sample of being everywhere

    • hybrid apps

    • WALA on Web browsers

    • Swift

Hybrid Apps

Hybrid Apps

  • JavaScript and native code together
  • Promote portability of apps
    • “write once, run everywhere”
    • minimize cost of app across multiple platforms
  • Different semantics complicates programming
  • Static vs. dynamic types
    • cannot check all type errors syntactically
    • no overloading in JavaScript
  • Argument count flexible in JavaScript
    • try to pass wrong number of arguments to Java

Semantics Issues

HybridDroid

  • Soundy analysis framework for Android hybrid apps

    • support for most implicit inter-language flows (Backed by APIs and Dalvik VM source code)

    • support most type compatibility in browsers (backed by experiments with trials & errors)

  • Implementation on top of WALA

  • Uses generic WALA cross-language support

Semantics Checking Results

Why run WALA on the Client?

  • Integrate with Rich Client interfaces
    • simplify integration
    • avoid network round trips
    • use client compute resources
    • already in prototype application inside IBM
  • Client-side applications
    • analyze dynamically-loaded scripts
    • support IDE's like Eclipse Orion
  • Browsers are everywhere

How to Run WALA on the Client?

http://teavm.org
  • TeaVM compiles Java to JavaScript
    • compiles JVM bytecode to JavaScript
    • reachability analysis to choose code to compile
    • Java 8, including lambdas
  • Significant but limited library support
    • collections and key libraries implemented
    • I/O libraries very limited
    • little reflection support

WALA on TeaVM

  • Core of WALA compiles with TeaVM
    • avoid esoteric features like soft references
    • avoid the file system
    • avoid any use of reflection
  • Basic program analysis works
    • read JavaScript
    • call graphs
    • system dependence graphs
  • Enough for flow-sensitive taint analysis

WALA Client Demo

function Document_prototype_write(x) {

}

function id(x) {
    return x // line 6;
}

var document = { URL: "whatever" };
var url = id(document.URL); // line 10
Document_prototype_write(url); // line 11

var notUrl = id("not a url");
Document_prototype_write(notUrl);

WALA Client Demo

WALA for Swift

  • Apple a dominant mobile platform

    • likely most popular phone in the audience

    • Swift primary programming language

  • WALA meant to be flexible

    • analyzing new language Swift a test

    • support Apple-IBM alliance

  • Use WALA to analyze Swift

    • this work in early stage

Leverage Apple Infrastructure

  • Use open source Apple code

    • up-to-date with evolving language

    • written largely in C++, unlike WALA

  • Bridge C++ code to WALA

    • large code base, so JNI to Swift tedious

    • exploit JNI interface to WALA

  • Expose WALA to Apple Swift code

WALA JNI

interface CAstNode {
  ...
  /** 
   * What kind of node is this...
  int getKind();
  ...
}

this->_getKind = env->GetMethodID(CAstNode, "getKind", "()I");
THROW_ANY_EXCEPTION(java_ex);

int CAstWrapper::getKind(jobject castNode) {
  jint result = env->CallIntMethod(castNode, _getKind);
  THROW_ANY_EXCEPTION(java_ex);
  return result;
}
  • C++ interface close as possible to WALA Java code

New WALA JNI

JNIEnv *launch() {
  ...
  // Create the JVM
  JNIEnv *jniEnv;
  long flag = JNI_CreateJavaVM(&javaVM, (void**)
    &jniEnv, &vmArgs);
  ...
}

void run() {
  JNIEnv *java_env = launch();
  TRY(exp, java_env)
  
  CAstWrapper CAst(java_env, exp, NULL);
  THROW_ANY_EXCEPTION(exp);

  CATCH()
}
  • Create JVM to launch WALA from Swift compiler

Status

  • WALA-Swift JNI interface working

    • integrated into Apple build process

    • initial steps working as of WALA Hack-a-thon

  • Interface not just for WALA

    • other Java tools could benefit

    • would love collaborators

WALA Everywhere

  • World getting less monolingual, not more

    • domains have favorites, e.g. Python for ML

    • new languages like Swift arise

  • Analysis frameworks must adapt

    • need to analyze code people use

    • WALA has proven flexible