Fri 30 Oct 2015 11:15 - 11:37 at Grand Station 2 - 10. Empirical Studies & Approximation Chair(s): John Field

Java is a safe language. Its runtime environment provides strong safety guarantees that any Java application can rely on. Or so we think. We show that the runtime actually does not provide these guarantees—for a large fraction of today's Java code. Unbeknownst to many application developers, the Java runtime includes a "backdoor" that allows expert library and framework developers to circumvent Java's safety guarantees. This backdoor is there by design, and is well known to experts, as it enables them to write high-performance "systems-level" code in Java. For much the same reasons that safe languages are preferred over unsafe languages, these powerful—but unsafe—capabilities in Java should be restricted. They should be made safe by changing the language, the runtime system, or the libraries. At the very least, their use should be restricted. This paper is a step in that direction. We analyzed 74 GB of compiled Java code, spread over 86,479 Java archives, to determine how Java's unsafe capabilities are used in real-world libraries and applications. We found that 25% of Java bytecode archives depend on unsafe third-party Java code, and thus Java's safety guarantees cannot be trusted. We identify 14 different usage patterns of Java's unsafe capabilities, and we provide supporting evidence for why real-world code needs these capabilities. Our long-term goal is to provide a foundation for the design of new language features to regain safety in Java.

Fri 30 Oct

Displayed time zone: Eastern Time (US & Canada) change

10:30 - 12:00
10. Empirical Studies & ApproximationOOPSLA at Grand Station 2
Chair(s): John Field Google
10:30
22m
Talk
Using C Language Extensions for Developing Embedded Software: A Case Study
OOPSLA
Markus Völter itemis, Germany, Arie van Deursen Delft University of Technology, Netherlands, Bernd Kolb itemis AG, Stephan Eberle itemis AG
DOI Pre-print Media Attached
10:52
22m
Talk
How Scale Affects Structure in Java ProgramsOOPSLA Artifact
OOPSLA
Crista Lopes University of California, Irvine, Joel Ossher University of California, Irvine
DOI Pre-print Media Attached File Attached
11:15
22m
Talk
Use at Your Own Risk: The Java Unsafe API in the WildOOPSLA Artifact
OOPSLA
Luis Mastrangelo University of Lugano, Switzerland, Luca Ponzanelli University of Lugano, Switzerland, Andrea Mocci University of Lugano, Switzerland, Michele Lanza University of Lugano, Switzerland, Matthias Hauswirth University of Lugano, Switzerland, Nate Nystrom University of Lugano, Switzerland
DOI Media Attached
11:37
22m
Talk
Approximate Computation with Outlier Detection in TopazOOPSLA Artifact
OOPSLA
Sara Achour Massachusetts Institute of Technology, USA, Martin C. Rinard Massachusetts Institute of Technology, USA
DOI Media Attached