{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,5]],"date-time":"2026-02-05T06:53:41Z","timestamp":1770274421535,"version":"3.49.0"},"reference-count":39,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2008,7,1]],"date-time":"2008-07-01T00:00:00Z","timestamp":1214870400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000143","name":"Division of Computing and Communication Foundations","doi-asserted-by":"publisher","award":["CCF-0346982CCF-0430118"],"award-info":[{"award-number":["CCF-0346982CCF-0430118"]}],"id":[{"id":"10.13039\/100000143","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Program. Lang. Syst."],"published-print":{"date-parts":[[2008,7]]},"abstract":"<jats:p>Foreign function interfaces (FFIs) allow components in different languages to communicate directly with each other. While FFIs are useful, they often require writing tricky low-level code and include little or no static safety checking, thus providing a rich source of hard-to-find programming errors. In this article, we study the problem of enforcing type safety across the OCaml-to-C FFI and the Java Native Interface (JNI). We present O-Saffire and J-Saffire, a pair of multilingual type inference systems that ensure C code that uses these FFIs accesses high-level data safely. Our inference systems use<jats:italic>representational types<\/jats:italic>to model C's low-level view of OCaml and Java values, and singleton types to track integers, strings, memory offsets, and type tags through C. J-Saffire, our Java system, uses a polymorphic flow-insensitive, unification-based analysis. Polymorphism is important because it allows us to precisely model user-defined wrapper functions and the more than 200 JNI functions. O-Saffire, our OCaml system, uses a monomorphic flow-sensitive analysis because, while polymorphism is much less important for the OCaml FFI flow-sensitivity is critical to track conditional branches, which are used when pattern matching OCaml data in C. O-Saffire also tracks garbage collection information to ensure that local C pointers to the OCaml heap are registered properly, which is not necessary for the JNI. We have applied O-Saffire and J-Saffire to a set of benchmarks and found many bugs and questionable coding practices. These results suggest that static checking of FFIs can be a valuable tool in writing correct multilingual software.<\/jats:p>","DOI":"10.1145\/1377492.1377493","type":"journal-article","created":{"date-parts":[[2008,8,5]],"date-time":"2008-08-05T13:35:10Z","timestamp":1217943310000},"page":"1-63","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":23,"title":["Checking type safety of foreign function calls"],"prefix":"10.1145","volume":"30","author":[{"given":"Michael","family":"Furr","sequence":"first","affiliation":[{"name":"University of Maryland, College Park, MD"}]},{"given":"Jeffrey S.","family":"Foster","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD"}]}],"member":"320","published-online":{"date-parts":[[2008,8]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Proceedings of the 19th International Conference on Distributed Computing Systems","author":"Auerbach J.","unstructured":"Auerbach , J. , Barton , C. , Chu-Carroll , M. , and Raghavachari , M . 1999. Mockingbird: Flexible stub compilation from paris of declarations . In Proceedings of the 19th International Conference on Distributed Computing Systems . Austin, TX.]] Auerbach, J., Barton, C., Chu-Carroll, M., and Raghavachari, M. 1999. Mockingbird: Flexible stub compilation from paris of declarations. In Proceedings of the 19th International Conference on Distributed Computing Systems. Austin, TX.]]"},{"key":"e_1_2_1_3_1","volume-title":"USENIX 4th Annual Tcl\/Tk Workshop.]]","author":"Beazley D. M.","year":"1996","unstructured":"Beazley , D. M. 1996 . SWIG: An easy to use tool for integrating scripting languages with C and C++ . USENIX 4th Annual Tcl\/Tk Workshop.]] Beazley, D. M. 1996. SWIG: An easy to use tool for integrating scripting languages with C and C++. USENIX 4th Annual Tcl\/Tk Workshop.]]"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1571-0661(05)80452-9"},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the 25th International Computer Software and Applications Conference (COMPSAC'01)","author":"Bubba J. F.","unstructured":"Bubba , J. F. , Kaplan , A. , and Wileden , J. C . 2001. The Exu approach to safe, transparent and lightweight interoperability . In Proceedings of the 25th International Computer Software and Applications Conference (COMPSAC'01) . Chicago, IL.]] Bubba, J. F., Kaplan, A., and Wileden, J. C. 2001. The Exu approach to safe, transparent and lightweight interoperability. In Proceedings of the 25th International Computer Software and Applications Conference (COMPSAC'01). Chicago, IL.]]"},{"key":"e_1_2_1_6_1","unstructured":"Cannasse N. 2004. Ocaml javalib. http:\/\/team.motion-twin.com\/ncannasse\/javaLib\/.]] Cannasse N. 2004. Ocaml javalib. http:\/\/team.motion-twin.com\/ncannasse\/javaLib\/.]]"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/316158.316183"},{"key":"e_1_2_1_8_1","volume-title":"Proceedings of the 10th International Symposium on Static Analysis","author":"Christensen A. S.","unstructured":"Christensen , A. S. , M\u00f8ller , A. , and Schwartzbach , M. I . 2003. Precise analysis of string expressions . In Proceedings of the 10th International Symposium on Static Analysis . San Diego, CA.]] Christensen, A. S., M\u00f8ller, A., and Schwartzbach, M. I. 2003. Precise analysis of string expressions. In Proceedings of the 10th International Symposium on Static Analysis. San Diego, CA.]]"},{"key":"e_1_2_1_9_1","unstructured":"DeLine R. and F\u00e4hndrich M. 2004. The Fugue protocol checker: Is your software baroque&quest; Tech. rep. MSR-TR-2004-07 Microsoft Research.]] DeLine R. and F\u00e4hndrich M. 2004. The Fugue protocol checker: Is your software baroque&quest; Tech. rep. MSR-TR-2004-07 Microsoft Research.]]"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/349299.349332"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/0304-3975(92)90014-7"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/317636.317790"},{"key":"e_1_2_1_13_1","volume-title":"Proceedings of the 1st International Workshop on Multilanguage Infrastructure and Interoperability (BABEL'01)","author":"Fisher K.","unstructured":"Fisher , K. , Pucella , R. , and Reppy , J . 2001. A framework for interoperability . In Proceedings of the 1st International Workshop on Multilanguage Infrastructure and Interoperability (BABEL'01) . Firenze, Italy.]] Fisher, K., Pucella, R., and Reppy, J. 2001. A framework for interoperability. In Proceedings of the 1st International Workshop on Multilanguage Infrastructure and Interoperability (BABEL'01). Firenze, Italy.]]"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065019"},{"key":"e_1_2_1_15_1","unstructured":"Furr M. and Foster J. S. 2005b. Java SE 6 \u201cMustang\u201d bug 6362203. http:\/\/bugs.sun.com\/bugdatabase\/view_bug.do?bug_id=6362203.]] Furr M. and Foster J. S. 2005b. Java SE 6 \u201cMustang\u201d bug 6362203. http:\/\/bugs.sun.com\/bugdatabase\/view_bug.do?bug_id=6362203.]]"},{"key":"e_1_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Furr M. and Foster J. S. 2006a. Checking type safety of foreign function calls. Tech. rep. CS-TR-4845 Computer Science Department University of Maryland.]] Furr M. and Foster J. S. 2006a. Checking type safety of foreign function calls. Tech. rep. CS-TR-4845 Computer Science Department University of Maryland.]]","DOI":"10.1145\/1065010.1065019"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/11693024_21"},{"key":"e_1_2_1_18_1","volume-title":"Proceedings of the 26th International Conference on Software Engineering (ICSE'04)","author":"Gould C.","unstructured":"Gould , C. , Su , Z. , and Devanbu , P . 2004. Static Checking of Dynamically Generated Queries in Database Applications . In Proceedings of the 26th International Conference on Software Engineering (ICSE'04) . Edinburgh, 645--654.]] Gould, C., Su, Z., and Devanbu, P. 2004. Static Checking of Dynamically Generated Queries in Database Applications. In Proceedings of the 26th International Conference on Software Engineering (ICSE'04). Edinburgh, 645--654.]]"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/274946.274957"},{"key":"e_1_2_1_20_1","volume-title":"Proceedings of the 26th International Conference on Software Engineering (ICSE'04)","author":"Grechanik M.","unstructured":"Grechanik , M. , Batory , D. , and Perry , D. E . 2004. Design of large-scale polylingual systems . In Proceedings of the 26th International Conference on Software Engineering (ICSE'04) . Scot and. 357--366.]] Grechanik, M., Batory, D., and Perry, D. E. 2004. Design of large-scale polylingual systems. In Proceedings of the 26th International Conference on Software Engineering (ICSE'04). Scot and. 357--366.]]"},{"key":"e_1_2_1_21_1","volume-title":"Proceedings of the Usenix Annual Technical Conference","author":"Hamilton J.","year":"1996","unstructured":"Hamilton , J. 1996 . Interlanguage object sharing with SOM . In Proceedings of the Usenix Annual Technical Conference . San Diego, CA.]] Hamilton, J. 1996. Interlanguage object sharing with SOM. In Proceedings of the Usenix Annual Technical Conference. San Diego, CA.]]"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/772970.772973"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/169701.169692"},{"key":"e_1_2_1_24_1","unstructured":"Huelsbergen L. 1996. A portable C interface for standard ML of New Jersey. http:\/\/www.smlnj.org\/\/doc\/SMLNJ-C\/smlnj-c.ps.]] Huelsbergen L. 1996. A portable C interface for standard ML of New Jersey. http:\/\/www.smlnj.org\/\/doc\/SMLNJ-C\/smlnj-c.ps.]]"},{"key":"e_1_2_1_25_1","unstructured":"Java-Gnome Developers. 2005. Java bindings for the gnome and gtk libraries. http:\/\/java-gnome.sourceforge.net.]] Java-Gnome Developers. 2005. Java bindings for the gnome and gtk libraries. http:\/\/java-gnome.sourceforge.net.]]"},{"key":"e_1_2_1_26_1","volume-title":"Engineernig Theories of Software Construction","author":"Jones S. P.","unstructured":"Jones , S. P. 2001. Tackling the awkward squad: Monadic input\/output, concurrency, exceptions, and foreign-language calls in Haskell . In Engineernig Theories of Software Construction , T. Hoare, M. Broy, and R. Steinbruggen, Eds. IOS Press , 47--96.]] Jones, S. P. 2001. Tackling the awkward squad: Monadic input\/output, concurrency, exceptions, and foreign-language calls in Haskell. In Engineernig Theories of Software Construction, T. Hoare, M. Broy, and R. Steinbruggen, Eds. IOS Press, 47--96.]]"},{"key":"e_1_2_1_27_1","unstructured":"Leroy X. 2004. The Objective Caml system. Release 3.08 http:\/\/caml.inria.fr\/distrib\/ocaml-3.08\/ocaml-3.08-refman.pdf.]] Leroy X. 2004. The Objective Caml system. Release 3.08 http:\/\/caml.inria.fr\/distrib\/ocaml-3.08\/ocaml-3.08-refman.pdf.]]"},{"key":"e_1_2_1_28_1","volume-title":"The Java Native Interface: Programmer's Guide and Specification","author":"Liang S.","unstructured":"Liang , S. 1999. The Java Native Interface: Programmer's Guide and Specification . Addison-Wesley .]] Liang, S. 1999. The Java Native Interface: Programmer's Guide and Specification. Addison-Wesley.]]"},{"key":"e_1_2_1_29_1","unstructured":"Lindholm T. and Yellin F. 1997. The Java Virtual Machine Specification. Addison-Wesley.]] Lindholm T. and Yellin F. 1997. The Java Virtual Machine Specification. Addison-Wesley.]]"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1190216.1190220"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/646158.680011"},{"key":"e_1_2_1_32_1","volume-title":"Proceedings of the 11th International Conference on Computer Construction","author":"Necula G.","unstructured":"Necula , G. , McPeak , S. , Rahul , S. P. , and Weimer , W . 2002. CIL: Intermediate language and tools for analysis and transformation of C programs . In Proceedings of the 11th International Conference on Computer Construction . Grenoble, France.]] Necula, G., McPeak, S., Rahul, S. P., and Weimer, W. 2002. CIL: Intermediate language and tools for analysis and transformation of C programs. In Proceedings of the 11th International Conference on Computer Construction. Grenoble, France.]]"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/503272.503286"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/268946.268968"},{"issue":"0","key":"e_1_2_1_35_1","first-page":"3","article-title":"Common object request broker architecture: Core specification","volume":"3","author":"Object Management Group","year":"2004","unstructured":"Object Management Group 2004 . Common object request broker architecture: Core specification , Version 3 . 0 . 3 . Object Management Group.]] Object Management Group 2004. Common object request broker architecture: Core specification, Version 3.0.3. Object Management Group.]]","journal-title":"Version"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/75277.75284"},{"key":"e_1_2_1_37_1","volume-title":"Proceedings of the IEEE International Symposium on Secure Software Engineering","author":"Tan G.","unstructured":"Tan , G. , Appel , A. W. , Chakradhar , S. , Raghunathan , A. , Ravi , S. , and Wang , D . 2006. Safe java native interface . In Proceedings of the IEEE International Symposium on Secure Software Engineering . Arlington, VA.]] Tan, G., Appel, A. W., Chakradhar, S., Raghunathan, A., Ravi, S., and Wang, D. 2006. Safe java native interface. In Proceedings of the IEEE International Symposium on Secure Software Engineering. Arlington, VA.]]"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1040294.1040300"},{"key":"e_1_2_1_39_1","volume-title":"Proceedings of the 8th European Symposium on Programming. D. Swierstra, Ed. Lecture Notes in Computer Science","volume":"1576","author":"Trifonov V.","unstructured":"Trifonov , V. and Shao , Z . 1999. Safe and principled language interoperation . In Proceedings of the 8th European Symposium on Programming. D. Swierstra, Ed. Lecture Notes in Computer Science , vol. 1576 . Springer-Verlag, Berlin, Germany, 128--146.]] Trifonov, V. and Shao, Z. 1999. Safe and principled language interoperation. In Proceedings of the 8th European Symposium on Programming. D. Swierstra, Ed. Lecture Notes in Computer Science, vol. 1576. Springer-Verlag, Berlin, Germany, 128--146.]]"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/182409.182485"}],"container-title":["ACM Transactions on Programming Languages and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1377492.1377493","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1377492.1377493","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:57:55Z","timestamp":1750255075000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1377492.1377493"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,7]]},"references-count":39,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2008,7]]}},"alternative-id":["10.1145\/1377492.1377493"],"URL":"https:\/\/doi.org\/10.1145\/1377492.1377493","relation":{},"ISSN":["0164-0925","1558-4593"],"issn-type":[{"value":"0164-0925","type":"print"},{"value":"1558-4593","type":"electronic"}],"subject":[],"published":{"date-parts":[[2008,7]]},"assertion":[{"value":"2006-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2007-07-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-08-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}