WALA Everywhere




Julian Dolby

IBM Thomas J. Watson Research Center





SOAP, PLDI, Barcelona, June 2017

Dramatis personæ

  • Karim Ali
  • Stephen Fink
  • Jürgen Graf
  • Jim Laredo
  • Sungho Lee (이성호)
  • Martin Mohr
  • Brian Pfretzschner
  • Sukyoung Ryu (류석영)
  • Max Schaefer
  • Aleksander Slominski
  • Manu Sridharan
  • Noah Weninger
  • Eric Wittern
  • Annie Ying
  • Christofer Young
  • Yunhui Zheng

Analyze Everything

Analyze Everywhere

WALA Everywhere

  • Illustrate a small sample of being everywhere

    • hybrid apps

    • WALA on Web browsers

    • Swift

Hybrid Apps

Hybrid Apps

  • Promote portability of apps
    • “write once, run everywhere”
    • minimize cost of app across multiple platforms
  • Different semantics complicates programming
  • Static vs. dynamic types
    • cannot check all type errors syntactically
    • no overloading in JavaScript
  • Argument count flexible in JavaScript
    • try to pass wrong number of arguments to Java

Syntax Issues

HybridDroid

  • Soundy analysis framework for Android hybrid apps

    • support for most implicit inter-language flows (Backed by APIs and Dalvik VM source code)

    • support most type compatibility in browsers (backed by experiments with trials & errors)

  • Implementation on top of WALA

  • Uses generic WALA cross-language support

Syntax Checking Results

Why run WALA on the Client?

  • Integrate with Rich Client interfaces
    • simplify integration
    • avoid network round trips
    • use client compute resources
    • already in prototype application inside IBM
  • Client-side applications
    • analyze dynamically-loaded scripts
    • support IDE's like Eclipse Orion
  • Browsers are everywhere

How to Run WALA on the Client?

http://teavm.org
  • TeaVM compiles Java to JavaScript
    • compiles JVM bytecode to JavaScript
    • reachability analysis to choose code to compile
    • Java 8, including lambdas
  • Significant but limited library support
    • collections and key libraries implemented
    • I/O libraries very limited
    • little reflection support

WALA on TeaVM

  • Core of WALA compiles with TeaVM
    • avoid esoteric features like soft references
    • avoid the file system
    • avoid any use of reflection
  • Basic program analysis works
    • read JavaScript
    • call graphs
    • system dependence graphs
  • Enough for flow-sensitive taint analysis

WALA Client Demo

function Document_prototype_write(x) {

}

function id(x) {
    return x // line 6;
}

var document = { URL: "whatever" };
var url = id(document.URL); // line 10
Document_prototype_write(url); // line 11

var notUrl = id("not a url");
Document_prototype_write(notUrl);

WALA Client Demo

WALA for Swift

  • Apple a dominant mobile platform

    • likely most popular phone in the audience

    • Swift primary programming language

  • WALA meant to be flexible

    • analyzing new language Swift a test

    • support Apple-IBM alliance

  • Use WALA to analyze Swift

    • this work in early stage

Leverage Apple Infrastructure

  • Use open source Apple code

    • up-to-date with evolving language

    • written largely in C++, unlike WALA

  • Bridge C++ code to WALA

    • large code base, so explicit JNI tedious

    • generate wrappers with SWIG

  • Expose Apple Swift code to Java

SWIG

%module example     
int fact();      

public class example {

  public static int fact() {
    return exampleJNI.fact();   
  }

}

public class exampleJNI {
  static native int fact();
}

...Java_exampleJNI_fact(...) {
  jint jresult = 0 ;
  int result;
  
  (void)jenv;
  (void)jcls;
  result = (int)fact();
  jresult = (jint)result; 
  return jresult;
}
  • SWIG generates “normal” Java code around JNI

WALA using SWIG

 instance.performParseOnly();
 if (instance.getASTContext().hadError())
     System.out.println("Parse error");
 ModuleDecl module = instance.getMainModule();
 ASTWalker walker = new ASTWalker() {
     @Override
     public boolean walkToDeclPre(Decl s) {
         // visited a declaration
         return true;
     }
     // ...
 };
 module.walk(walker);
  • Java code calling Apple C++ code
    • resembles WALA JavaScript Rhino code
    • ugliness hidden by SWIG

Status

  • Beginnings of SWIG interface working

    • SWIG integrated into Apple build process

    • both AST and SIL partially wrapped

  • Interface not just for WALA

    • other Java tools could benefit

    • would love collaborators

WALA Everywhere

  • World getting less monolingual, not more

    • domains have favorites, e.g. Python for ML

    • new languages like Swift arise

  • Analysis frameworks must adapt

    • need to analyze code people use

    • WALA has proven flexible