References
[1] AddressSanitizer. Chromium. https://www.chromium.org/
developers/testing/addresssanitizer, 2016.
[2] A. Barth. The web origin concept. Technical report, IETF, 2011. URL https:
//tools.ietf.org/html/rfc6454.
[3] A. Bessey, K. Block, B. Chelf, A. Chou, B. Fulton, S. Hallem, C. Henri-Gros,
A. Kamsky, S. McPeak, and D. Engler. A few billion lines of code later: Using
static analysis to find bugs in the real world. Commun. ACM, 53(2), 2010.
[4] F. Brown, A. N
¨
otzli, and D. Engler. How to build static checking systems using
orders of magnitude less code. In ASPLOS. ACM, 2016.
[5] M. Bubak, D. Kurzyniec, and P. Luszczek. Creating Java to native code interfaces
with Janet extension. In Worldwide SGI Users Conference, 2000.
[6] C. Cadar, D. Dunbar, and D. R. Engler. KLEE: Unassisted and automatic generation
of high-coverage tests for complex systems programs. In OSDI, 2008.
[7] Chromium. Stable channel update for chrome os: Friday, march 14,
2014. http://googlechromereleases.blogspot.com/2014/03/
stable-channel-update-for-chrome-os_14.html, 2016.
[8] Chromium. IDL compiler. https://www.chromium.org/developers/
design-documents/idl-compiler, 2016.
[9] Chromium. Issue 18639 and CVE-2009-2935. https://bugs.chromium.
org/p/chromium/issues/detail?id=18639, 2016.
[10] Chromium. Issue 352374. https://bugs.chromium.org/p/chromium/
issues/detail?id=352374, 2016.
[11] Chromium. Side by side diff for issue 196343011. https://codereview.
chromium.org/196343011/diff/20001/Source/bindings/
templates/attributes.cpp, 2016.
[12] Chromium. Issue 395411 and CVE-2014-3199. https://bugs.chromium.
org/p/chromium/issues/detail?id=395411, 2016.
[13] Chromium. Side by side diff for issue 424813007. https://codereview.
chromium.org/424813007/diff/40001/Source/bindings/core/
v8/custom/V8EventCustom.cpp, 2016.
[14] Chromium. Issue 456192 and CVE-2015-1217. https://bugs.chromium.
org/p/chromium/issues/detail?id=456192, 2016.
[15] Chromium. Side by side diff for issue 906193002. https://codereview.
chromium.org/906193002/diff/20001/Source/bindings/core/
v8/V8LazyEventListener.cpp, 2016.
[16] Chromium. Issue 449610 and CVE-2015-1230. https://bugs.chromium.
org/p/chromium/issues/detail?id=449610, 2016.
[17] Chromium. Issue 554946 and CVE-2015-6764. https://bugs.chromium.
org/p/chromium/issues/detail?id=554946, 2016.
[18] Chromium. Side by side diff for issue 1440223002. https://codereview.
chromium.org/1440223002/diff/1/src/json-stringifier.h,
2016.
[19] Chromium. Issue 534923 and CVE-2015-6769. https://bugs.chromium.
org/p/chromium/issues/detail?id=534923, 2016.
[20] Chromium. Issue 529012 and CVE-2015-6775. https://bugs.chromium.
org/p/chromium/issues/detail?id=529012, 2016.
[21] Chromium. Issue 497632 and CVE-2016-1612. https://bugs.chromium.
org/p/chromium/issues/detail?id=497632, 2016.
[22] Chromium. Issue 594574 and CVE-2016-1646. https://bugs.chromium.
org/p/chromium/issues/detail?id=594574, 2016.
[23] Chromium. Issues 606390 and CVE-2016-1679. https://bugs.chromium.
org/p/chromium/issues/detail?id=606390, 2016.
[24] Chromium. Out-of-process iframes. http://www.chromium.org/
developers/design-documents/oop-iframes, 2016.
[25] C. Details. Google Chrome: CVE security vulnerabilities, versions and
detailed reports. https://www.cvedetails.com/product/15031/
Google-Chrome.html?vendor_id=1224.
[26] B. English. ≤v4: process.hrtime() segfaults on arrays with error-throwing accessors.
https://github.com/nodejs/node/issues/7902.
[27] M. Furr and J. S. Foster. Checking type safety of foreign function calls. In PLDI.
ACM, 2005.
[28] M. Furr and J. S. Foster. Polymorphic type inference for the JNI. In ESOP. Springer,
2006.
[29] M. Hablich. API changes upcoming to make writing exception safe code more
easy. https://groups.google.com/forum/#!topic/v8-users/
gQVpp1HmbqM.
[30] K. Hara. A generational GC for DOM nodes.
https://docs.google.com/presentation/d/
1uifwVYGNYTZDoGLyCb7sXa7g49mWNMW2gaWvMN5NLk8.
[31] K. Hara. Oilpan: GC for Blink. https://docs.google.com/
presentation/d/1YtfurcyKFS0hxPOnC3U6JJroM8aRP49Yf0QWznZ9jrk,
2016.
[32] M. Hirzel and R. Grimm. Jeannie: Granting Java native interface developers their
wishes. In ACM SIGPLAN Notices, volume 42. ACM, 2007.
[33] B. Holley. Typed arrays supported in XPConnect.
https://bholley.wordpress.com/2011/12/13/
typed-arrays-supported-in-xpconnect/.
[34] D. Jang, Z. Tatlock, and S. Lerner. Establishing browser security guarantees through
formal shim verification. In USENIX Security, 2012.
[35] P. Klinkoff, E. Kirda, C. Kruegel, and G. Vigna. Extending .NET security to
unmanaged code. Journal of Information Security, 6(6), 2007.
[36] G. Kondoh and T. Onodera. Finding bugs in Java native interface programs. In
Symposium on Software Testing and Analysis. ACM, 2008.
[37] A. Larmuseau and D. Clarke. Formalizing a secure foreign function interface. In
SEFM. Springer, 2015.
[38] C. Lattner and V. Adve. LLVM: A compilation framework for lifelong program
analysis & transformation. In CGO. IEEE, 2004.
[39] B. Lee, B. Wiedermann, M. Hirzel, R. Grimm, and K. S. McKinley. Jinn: synthe-
sizing dynamic bug detectors for foreign language interfaces. In ACM SIGPLAN
Notices, volume 45. ACM, 2016.
[40] S. Li and G. Tan. Finding bugs in exceptional situations of JNI programs. In CCS.
ACM, 2009.
[41] S. Li and G. Tan. Finding reference-counting errors in Python/C programs with
affine analysis. In ECOOP. Springer, 2014.
[42] P. Linos, W. Lucas, S. Myers, and E. Maier. A metrics tool for multi-language
software. In SEA, 2007.
[43] J. Matthews and R. B. Findler. Operational semantics for multi-language programs.
TOPLAS, 31(3), 2009.
[44] C. McCormack. Web IDL. World Wide Web Consortium, 2012.
[45] G. C. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy
code. In ACM SIGPLAN Notices, volume 37. ACM, 2002.
[46] M. D. Network. Split object. https://developer.mozilla.org/en-US/
docs/Mozilla/Projects/SpiderMonkey/Split_object.
[47] B. O’Sullivan, J. Goerzen, and D. B. Stewart. Real world Haskell: Code you can
believe in. ” O’Reilly Media, Inc.”, 2008.
[48] J. G. Politz, M. J. Carroll, B. S. Lerner, J. Pombrio, and S. Krishnamurthi. A tested
semantics for getters, setters, and eval in javascript. ACM SIGPLAN Notices, 48(2):
1–16, 2013.
[49] A. Ranganathan, J. Sicking, and M. Kruisselbrink. File API. World Wide Web
Consortium, 2015.
[50] G. A. Security. Chrome rewards. https://www.google.com/about/
appsecurity/chrome-rewards/index.html.
[51] J. Siefers, G. Tan, and G. Morrisett. Robusta: Taming the native beast of the JVM.
In CCS. ACM, 2010.
[52] G. Tan. Jni light: An operational model for the core JNI. In ASPLAS. Springer, 2010.
[53] G. Tan and J. Croft. An empirical security study of the native code in the JDK. In
Usenix Security, 2008.
[54] G. Tan and G. Morrisett. ILEA: Inter-language analysis across Java and C. In ACM
SIGPLAN Notices, volume 42. ACM, 2007.
[55] G. Tan, A. W. Appel, S. Chakradhar, A. Raghunathan, S. Ravi, and D. Wang. Safe
Java native interface. In Secure Software Engineering, volume 97, 2006.
[56] S. Tang, H. Mai, and S. T. King. Trust and protection in the illinois browser operating
system. In OSDI, 2010.
[57] V. Trifonov and Z. Shao. Safe and principled language interoperation. In ESOP.
Springer, 1999.
[58] L. Tung. Android bugs made up 10 percent of Google’s $2m bounty payouts - in
just five months. http://www.zdnet.com/article/android-bugs-made-up-10-percent-
of-googles-2m-bounty-payouts-in-just-five-months/, January 2016.
[59] v8-users maling list. What is the difference between Arguments::Holder() and
Arguments::This()? https://groups.google.com/forum/#!topic/
v8-users/Axf4hF_RfZo.
[60] H. J. Wang, C. Grier, A. Moshchuk, S. T. King, P. Choudhury, and H. Venter. The
multi-principal OS construction of the Gazelle Web Browser. In USENIX security,
2009.
[61] B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula,
and N. Fullagar. Native Client: A sandbox for portable, untrusted x86 native code.
In Security and Privacy. IEEE, 2009.