JNI(Java Native Interface)支持Java和C/C++之间互相调用，在Android系统中得到广泛应用，JNI调用直接使用C/C++内存操作，很容易突破Android的保护机制造成重大安全问题。目前缺乏有效分析Java/C++接口安全缺陷的手段，本申请针对这一问题开展研究，工作具有重要的理论价值和现实意义。项目关注存储安全缺陷，以内存泄漏为突破口，将Java/C++编译到特定的中间语言，在中间语言上建立跨语言分析架构，给出上述问题的可行方案：1）建立Java/C++ JNI接口模型，扩展Bytecode以支持C++语义；2）给出C++到Bytecode扩展的简洁翻译方案及其证明；3）建立Bytecode层面的安全缺陷模式，实现分析工具原型；4）形成可扩展的缺陷分析平台。将有助于深入理解多语言接口编程，并为日益泛滥的Android恶意软件防范提供有力的方法和工具支持。

JNI (Java Native Interface) that supports function calls between Java and C/C++ and is widely used in Android. By directly manipulating memory through C/C++ function, JNI is capable of escaping the protection mechanism of Android and leading to serious security problems..Currently there lacks effective methods to analyze security bugs of the Java/C++ JNI interface. We therefore propose research on this topic, which will have significance in both theory and practice. Focusing on storage security bugs and taking memory leak as a breakthrough, this proposal translates Java/C++ to a specific intermediate language, upon which a cross-language analysis framework can be established, and provides a feasible resolution to address the interesting and challenging problem. Our solutions to this problem include: 1) Model the Java/C++ interface, and extend Java bytecode to support C++ semantics; 2) Provide and prove a concise translation pattern from C++ to bytecode; 3) Establish a security bug model on bytecode level, and implement a prototype analyzing tool; 4) Form a extensible platform for bug analysis..This work not only provides a solid theoretical foundation for understanding and reasoning about of multilingual programming interface, but also gains insight into building valuable tools for countermeasures against growing malware on Android mobile system.