Concerto: a framework for combined concrete and abstract interpretation

Toman, John; Grossman, Dan

doi:10.1145/3290356

Cited by 8 publications

(4 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The program-analysis literature provides countless examples of powerful analysis combinations. To name a few, dynamic symbolic execution [29,10] and hybrid fuzzing [45,58,69] combine random testing and symbolic execution, numerous tools broadly combine static and dynamic analysis [6,20,21,49,30,13,14,22,61], and many tools combine different types of static analysis [7,1,34]. In contrast to neuro-aware program analysis, almost all these tools target homogeneous, instead of heterogeneous, systems.…”

Section: Related Workmentioning

confidence: 99%

“…In contrast to neuro-aware program analysis, almost all these tools target homogeneous, instead of heterogeneous, systems. Concerto [61] is a notable exception that targets applications using frameworks such as Spring and Struts. It combines abstract and concrete interpretation, where, on a high level, concrete interpretation is used to analyze framework code, whereas abstract interpretation is used for application code.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Automated Safety Verification of Programs Invoking Neural Networks

Christakis

Enişer

Hermanns

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

State-of-the-art program-analysis techniques are not yet able to effectively verify safety properties of heterogeneous systems, that is, systems with components implemented using diverse technologies. This shortcoming is pinpointed by programs invoking neural networks despite their acclaimed role as innovation drivers across many application areas. In this paper, we embark on the verification of system-level properties for systems characterized by interaction between programs and neural networks. Our technique provides a tight two-way integration of a program and a neural-network analysis and is formalized in a general framework based on abstract interpretation. We evaluate its effectiveness on 26 variants of a widely used, restricted autonomous-driving benchmark.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Automated Safety Verification of Programs Invoking Neural Networks

Christakis

Enişer

Hermanns

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Combined Analysis. The most related previous work is combined analysis that utilizes dynamic analysis during Java static analysis introduced by Toman and Grossman [42]. They proved that their combined analysis is sound and showed that it could significantly improve the precision and performance of Java static analysis by evaluating their tool, Concerto.…”

Section: Related Workmentioning

confidence: 99%

Accelerating JavaScript static analysis via dynamic shortcuts

Park

Youn

et al. 2021

Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Softw

View full text Add to dashboard Cite

JavaScript has become one of the most widely used programming languages for web development, server-side programming, and even micro-controllers for IoT. However, its extremely functional and dynamic features degrade the performance and precision of static analysis. Moreover, the variety of built-in functions and host environments requires excessive manual modeling of their behaviors. To alleviate these problems, researchers have proposed various ways to leverage dynamic analysis during JavaScript static analysis. However, they do not fully utilize the high performance of dynamic analysis and often sacrifice the soundness of static analysis.In this paper, we present dynamic shortcuts, a new technique to flexibly switch between abstract and concrete execution during JavaScript static analysis in a sound way. It can significantly improve the analysis performance and precision by using highlyoptimized commercial JavaScript engines and lessen the modeling efforts for opaque code. We actualize the technique via SAFE DS , an extended combination of SAFE and Jalangi, a static analyzer and a dynamic analyzer, respectively. We evaluated SAFE DS using 269 official tests of Lodash 4 library. Our experiment shows that SAFE DS is 7.81x faster than the baseline static analyzer, and it improves the precision to reduce failed assertions by 12.31% on average for 22 opaque functions. CCS CONCEPTS• Software and its engineering → Software testing and debugging.

show abstract

“…Park et al [176] describe an approach which uses dynamic analysis as a shortcut to speed up static analysis of JavaScript. Toman and Grossman [212] combine concrete and abstract interpretation to analyze programs that make extensive use of third party libraries and otherwise inaccessible code. Godefroid et al [99] present DART, a fully automated testing framework that combines static analysis to determine the API of an application with dynamic analysis of generated random tests to analyze the behavior of the application.…”

Section: Combining Static and Dynamic Analysismentioning

confidence: 99%

Optimizing asynchronous JavaScript applications

Turcotte

View full text Add to dashboard Cite

Frank: thank you for your support and encouragement, for being an exemplary mentor, and for your guidance in navigating the research community. Looking forward to many more years of working together.Jan: thanks for sharing your enthusiasm for cool research and sound science, and for knowing what questions to ask and teaching me to ask the right questions. It was (and will continue to be!) a pleasure working with you.Committee: thanks to Jon for your enthusiastic support, Arjun for your zany energy, and Ali and Andreas for the interesting discussion (and getting up super early / working late to attend my proposal and defence!). Amber, Alexander, Phraea, Craig: thanks for all the late night dungeon delving. Remember, every adventure have skeleton.

show abstract

Concerto: a framework for combined concrete and abstract interpretation

Cited by 8 publications

References 51 publications

Automated Safety Verification of Programs Invoking Neural Networks

Automated Safety Verification of Programs Invoking Neural Networks

Accelerating JavaScript static analysis via dynamic shortcuts

Optimizing asynchronous JavaScript applications

Contact Info

Product

Resources

About