Fri 30 Oct 2015 11:15 - 11:37 at Grand Station 2 - 10. Empirical Studies & Approximation Chair(s): John Field

Java is a safe language. Its runtime environment provides strong safety guarantees that any Java application can rely on. Or so we think. We show that the runtime actually does not provide these guarantees—for a large fraction of today's Java code. Unbeknownst to many application developers, the Java runtime includes a "backdoor" that allows expert library and framework developers to circumvent Java's safety guarantees. This backdoor is there by design, and is well known to experts, as it enables them to write high-performance "systems-level" code in Java. For much the same reasons that safe languages are preferred over unsafe languages, these powerful—but unsafe—capabilities in Java should be restricted. They should be made safe by changing the language, the runtime system, or the libraries. At the very least, their use should be restricted. This paper is a step in that direction. We analyzed 74 GB of compiled Java code, spread over 86,479 Java archives, to determine how Java's unsafe capabilities are used in real-world libraries and applications. We found that 25% of Java bytecode archives depend on unsafe third-party Java code, and thus Java's safety guarantees cannot be trusted. We identify 14 different usage patterns of Java's unsafe capabilities, and we provide supporting evidence for why real-world code needs these capabilities. Our long-term goal is to provide a foundation for the design of new language features to regain safety in Java.

Fri 30 Oct

10:30 - 12:00: OOPSLA - 10. Empirical Studies & Approximation at Grand Station 2
Chair(s): John FieldGoogle
oopsla2015144619740000010:30 - 10:52
Markus Völteritemis, Germany, Arie van DeursenDelft University of Technology, Netherlands, Bernd Kolbitemis AG, Stephan Eberleitemis AG
DOI Pre-print Media Attached
oopsla2015144619875000010:52 - 11:15
Crista LopesUniversity of California, Irvine, Joel OssherUniversity of California, Irvine
DOI Pre-print Media Attached File Attached
oopsla2015144620010000011:15 - 11:37
Luis MastrangeloUniversity of Lugano, Switzerland, Luca PonzanelliUniversity of Lugano, Switzerland, Andrea MocciUniversity of Lugano, Switzerland, Michele LanzaUniversity of Lugano, Switzerland, Matthias HauswirthUniversity of Lugano, Switzerland, Nate NystromUniversity of Lugano, Switzerland
DOI Media Attached
oopsla2015144620145000011:37 - 12:00
Sara AchourMassachusetts Institute of Technology, USA, Martin RinardMassachusetts Institute of Technology, USA
DOI Media Attached