Concerto: a framework for combined concrete and abstract interpretation
Abstract interpretation promises sound but computable static summarization of program behavior. However, modern software engineering practices pose significant challenges to this vision, specifically the extensive use of frameworks and complex libraries. Frameworks heavily use reflection, metaprogra...
Gespeichert in:
| Veröffentlicht in: | Proceedings of ACM on programming languages 2019-01, Vol.3 (POPL), p.1-29 |
|---|---|
| Hauptverfasser: | , |
| Format: | Artikel |
| Sprache: | eng |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 29 |
|---|---|
| container_issue | POPL |
| container_start_page | 1 |
| container_title | Proceedings of ACM on programming languages |
| container_volume | 3 |
| creator | Toman, John Grossman, Dan |
| description | Abstract interpretation promises sound but computable static summarization of program behavior. However, modern software engineering practices pose significant challenges to this vision, specifically the extensive use of frameworks and complex libraries. Frameworks heavily use reflection, metaprogramming, and multiple layers of abstraction, all of which confound even state-of-the-art abstract interpreters. Sound but conservative analysis of frameworks is impractically imprecise, and unsoundly ignoring reflection and metaprogramming is untenable given the prevalence of these features. Manually modeling framework behaviors offers excellent precision, at the cost of immense effort by the tool designer.
To overcome the above difficulties, we present Concerto, a system for analyzing framework-based applications by soundly combining concrete and abstract interpretation. Concerto analyzes framework implementations using concrete interpretation, and application code using abstract interpretation. This technique is possible in practice as framework implementations typically follow a single path of execution when provided a concrete, application-specific configuration file which is often available at analysis time. Concerto exploits this configuration information to precisely resolve reflection and other metaprogramming idioms during concrete execution. In contrast, application code may have infinitely many paths of execution, so Concerto switches to abstract interpretation to analyze application code. Concerto is an analysis framework, and can be instantiated with any abstract interpretation that satisfies a small set of preconditions. In addition, unlike manual modeling, Concerto is not specialized to any specific framework implementation. We have formalized our approach and proved several important properties including soundness and termination. In addition, we have implemented an initial proof of concept prototype of Concerto for a subset of Java, and found that our combined interpretation significantly improves analysis precision and performance. |
| doi_str_mv | 10.1145/3290356 |
| format | Article |
| fullrecord | <record><control><sourceid>crossref</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3290356</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>10_1145_3290356</sourcerecordid><originalsourceid>FETCH-LOGICAL-c258t-f064eebce21dde06206259b783b9d5cf3ab079cc444d875c64551a921c014a483</originalsourceid><addsrcrecordid>eNpNkE1LAzEYhINYsNTiX8jN02o-dzfeZNFWKHix5yV58wZW3aQkAfHfu2IPwsA8zGEYhpAbzu44V_peCsOkbi_IWqhON1wJfvmPr8i2lHfGGDdS9dKsyW5IETDX9EAtDdnO-JXyBw0pU0izmyL6BSJkrEht9NS6UrOFSqdYMZ-W3NYpxWuyCvaz4PbsG3J8fnob9s3hdfcyPB4aELqvTWCtQnSAgnuPrBWLtHFdL53xGoK0jnUGQCnl-05Dq7Tm1ggOjCu7TN6Q279eyKmUjGE85Wm2-XvkbPy9YDxfIH8AVU5NWw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Concerto: a framework for combined concrete and abstract interpretation</title><source>ACM Digital Library Complete</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Toman, John ; Grossman, Dan</creator><creatorcontrib>Toman, John ; Grossman, Dan</creatorcontrib><description>Abstract interpretation promises sound but computable static summarization of program behavior. However, modern software engineering practices pose significant challenges to this vision, specifically the extensive use of frameworks and complex libraries. Frameworks heavily use reflection, metaprogramming, and multiple layers of abstraction, all of which confound even state-of-the-art abstract interpreters. Sound but conservative analysis of frameworks is impractically imprecise, and unsoundly ignoring reflection and metaprogramming is untenable given the prevalence of these features. Manually modeling framework behaviors offers excellent precision, at the cost of immense effort by the tool designer.
To overcome the above difficulties, we present Concerto, a system for analyzing framework-based applications by soundly combining concrete and abstract interpretation. Concerto analyzes framework implementations using concrete interpretation, and application code using abstract interpretation. This technique is possible in practice as framework implementations typically follow a single path of execution when provided a concrete, application-specific configuration file which is often available at analysis time. Concerto exploits this configuration information to precisely resolve reflection and other metaprogramming idioms during concrete execution. In contrast, application code may have infinitely many paths of execution, so Concerto switches to abstract interpretation to analyze application code. Concerto is an analysis framework, and can be instantiated with any abstract interpretation that satisfies a small set of preconditions. In addition, unlike manual modeling, Concerto is not specialized to any specific framework implementation. We have formalized our approach and proved several important properties including soundness and termination. In addition, we have implemented an initial proof of concept prototype of Concerto for a subset of Java, and found that our combined interpretation significantly improves analysis precision and performance.</description><identifier>ISSN: 2475-1421</identifier><identifier>EISSN: 2475-1421</identifier><identifier>DOI: 10.1145/3290356</identifier><language>eng</language><ispartof>Proceedings of ACM on programming languages, 2019-01, Vol.3 (POPL), p.1-29</ispartof><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c258t-f064eebce21dde06206259b783b9d5cf3ab079cc444d875c64551a921c014a483</citedby><cites>FETCH-LOGICAL-c258t-f064eebce21dde06206259b783b9d5cf3ab079cc444d875c64551a921c014a483</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids></links><search><creatorcontrib>Toman, John</creatorcontrib><creatorcontrib>Grossman, Dan</creatorcontrib><title>Concerto: a framework for combined concrete and abstract interpretation</title><title>Proceedings of ACM on programming languages</title><description>Abstract interpretation promises sound but computable static summarization of program behavior. However, modern software engineering practices pose significant challenges to this vision, specifically the extensive use of frameworks and complex libraries. Frameworks heavily use reflection, metaprogramming, and multiple layers of abstraction, all of which confound even state-of-the-art abstract interpreters. Sound but conservative analysis of frameworks is impractically imprecise, and unsoundly ignoring reflection and metaprogramming is untenable given the prevalence of these features. Manually modeling framework behaviors offers excellent precision, at the cost of immense effort by the tool designer.
To overcome the above difficulties, we present Concerto, a system for analyzing framework-based applications by soundly combining concrete and abstract interpretation. Concerto analyzes framework implementations using concrete interpretation, and application code using abstract interpretation. This technique is possible in practice as framework implementations typically follow a single path of execution when provided a concrete, application-specific configuration file which is often available at analysis time. Concerto exploits this configuration information to precisely resolve reflection and other metaprogramming idioms during concrete execution. In contrast, application code may have infinitely many paths of execution, so Concerto switches to abstract interpretation to analyze application code. Concerto is an analysis framework, and can be instantiated with any abstract interpretation that satisfies a small set of preconditions. In addition, unlike manual modeling, Concerto is not specialized to any specific framework implementation. We have formalized our approach and proved several important properties including soundness and termination. In addition, we have implemented an initial proof of concept prototype of Concerto for a subset of Java, and found that our combined interpretation significantly improves analysis precision and performance.</description><issn>2475-1421</issn><issn>2475-1421</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><recordid>eNpNkE1LAzEYhINYsNTiX8jN02o-dzfeZNFWKHix5yV58wZW3aQkAfHfu2IPwsA8zGEYhpAbzu44V_peCsOkbi_IWqhON1wJfvmPr8i2lHfGGDdS9dKsyW5IETDX9EAtDdnO-JXyBw0pU0izmyL6BSJkrEht9NS6UrOFSqdYMZ-W3NYpxWuyCvaz4PbsG3J8fnob9s3hdfcyPB4aELqvTWCtQnSAgnuPrBWLtHFdL53xGoK0jnUGQCnl-05Dq7Tm1ggOjCu7TN6Q279eyKmUjGE85Wm2-XvkbPy9YDxfIH8AVU5NWw</recordid><startdate>20190101</startdate><enddate>20190101</enddate><creator>Toman, John</creator><creator>Grossman, Dan</creator><scope>AAYXX</scope><scope>CITATION</scope></search><sort><creationdate>20190101</creationdate><title>Concerto: a framework for combined concrete and abstract interpretation</title><author>Toman, John ; Grossman, Dan</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c258t-f064eebce21dde06206259b783b9d5cf3ab079cc444d875c64551a921c014a483</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Toman, John</creatorcontrib><creatorcontrib>Grossman, Dan</creatorcontrib><collection>CrossRef</collection><jtitle>Proceedings of ACM on programming languages</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Toman, John</au><au>Grossman, Dan</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Concerto: a framework for combined concrete and abstract interpretation</atitle><jtitle>Proceedings of ACM on programming languages</jtitle><date>2019-01-01</date><risdate>2019</risdate><volume>3</volume><issue>POPL</issue><spage>1</spage><epage>29</epage><pages>1-29</pages><issn>2475-1421</issn><eissn>2475-1421</eissn><abstract>Abstract interpretation promises sound but computable static summarization of program behavior. However, modern software engineering practices pose significant challenges to this vision, specifically the extensive use of frameworks and complex libraries. Frameworks heavily use reflection, metaprogramming, and multiple layers of abstraction, all of which confound even state-of-the-art abstract interpreters. Sound but conservative analysis of frameworks is impractically imprecise, and unsoundly ignoring reflection and metaprogramming is untenable given the prevalence of these features. Manually modeling framework behaviors offers excellent precision, at the cost of immense effort by the tool designer.
To overcome the above difficulties, we present Concerto, a system for analyzing framework-based applications by soundly combining concrete and abstract interpretation. Concerto analyzes framework implementations using concrete interpretation, and application code using abstract interpretation. This technique is possible in practice as framework implementations typically follow a single path of execution when provided a concrete, application-specific configuration file which is often available at analysis time. Concerto exploits this configuration information to precisely resolve reflection and other metaprogramming idioms during concrete execution. In contrast, application code may have infinitely many paths of execution, so Concerto switches to abstract interpretation to analyze application code. Concerto is an analysis framework, and can be instantiated with any abstract interpretation that satisfies a small set of preconditions. In addition, unlike manual modeling, Concerto is not specialized to any specific framework implementation. We have formalized our approach and proved several important properties including soundness and termination. In addition, we have implemented an initial proof of concept prototype of Concerto for a subset of Java, and found that our combined interpretation significantly improves analysis precision and performance.</abstract><doi>10.1145/3290356</doi><tpages>29</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2475-1421 |
| ispartof | Proceedings of ACM on programming languages, 2019-01, Vol.3 (POPL), p.1-29 |
| issn | 2475-1421 2475-1421 |
| language | eng |
| recordid | cdi_crossref_primary_10_1145_3290356 |
| source | ACM Digital Library Complete; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals |
| title | Concerto: a framework for combined concrete and abstract interpretation |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-18T22%3A44%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-crossref&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Concerto:%20a%20framework%20for%20combined%20concrete%20and%20abstract%20interpretation&rft.jtitle=Proceedings%20of%20ACM%20on%20programming%20languages&rft.au=Toman,%20John&rft.date=2019-01-01&rft.volume=3&rft.issue=POPL&rft.spage=1&rft.epage=29&rft.pages=1-29&rft.issn=2475-1421&rft.eissn=2475-1421&rft_id=info:doi/10.1145/3290356&rft_dat=%3Ccrossref%3E10_1145_3290356%3C/crossref%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |