Dynamic Virtual Join Point Dispatch

Conceptually, join points are points in the execution of a program and advice is late-bound to them. We propose the notion of virtual join points that makes this concept explicit not only at a conceptual, but also at implementation level. In current implementations of aspect-oriented languages, binding is performed early, at deploy-time, and only a limited residual dispatch is executed. Current implementations fall in the categories of modifying the application code, modifying the meta-level of an application, or interacting with the application by means of events—the latter two already realizing virtual join points to some degree. We provide an implementation of an aspect-oriented execution environment that supports truly virtual join points and discuss how this approach also favors optimizations in the execution environment

A decision tree-based approach to dynamic pointcut evaluation

Constructs of dynamic nature, e.g., history-based pointcuts and control-flow based pointcuts, have received significant attention in recent aspect-oriented literature. A variety of compelling use cases are presented that motivate the need for efficiently supporting such constructs in language implementations. The key challenge in implementing dynamic constructs is to efficiently support runtime adaptation of the set of intercepted join points at a fine-grained level. This translates to two high-level requirements. First, since the set of intercepted join points may change, such implementations must provide an efficient method to determine this set membership, i.e., whether the currently executing join point needs to be intercepted. Second, the frequency with which such set membership needs to be determined must be minimized. In previous work, Dyer and Rajan proposed a dedicated caching mechanism to address the second requirement. In this work, we propose a mechanism to address the first requirement. This requirement translates to efficiently evaluating whether a join point is intercepted by a set of pointcut expressions. In the worst case, at every join point there may be the need to determine whether it is intercepted. Therefore, even modest savings in such mechanisms is likely to translate to significant savings in the long run

Contents

A trace monitor observes the sequence of actions in a software system, and when it detects that this sequence matches a given pattern, it executes some extra code of its own. Trace monitors are often specified declaratively using patterns based on regular expressions, context free grammars or logical formulae, and then the trace monitor implementation is generated from the specification. Trace monitors are particularly useful for runtime verification, and many variations have been proposed. Despite this intense interest, there have been hardly any systems that implement the idea in its full generality, because it is hard to generate e#cient code from a purely declarative statement of the pattern. This paper identifies and addresses the challenges faced in generating e#cient trace monitors from declarative pattern-based specifications

Modular Compilation Strategies for Aspect-Oriented Constructs

In our previous work, we presented an aspect-oriented intermediate language, named Nu, to preserve design modularity in object code. Nu is based on two primitives: bind and remove. We showed that maintaining modularity in object code significantly improved the incremental compilation time of aspect-oriented programs. The key contribution of this work is a set of compilation strategies to Nu for a number of AspectJ constructs such as control flow (cflow and cflowbelow), instantiation (perthis, pertarget, percflow, percflowbelow) and dynamic checks (if, this, target, args), as well as composition operators (&& and ||). The motivation was to determine if these high-level language constructs need to be supported in the intermediate language. Our compilation strategies are modular and textually local. To compile a construct in a module, only the information about that module\u27s implementation and the specification of other modules referenced in that module are needed. The generated intermediate code for a construct in a source module is confined to a single module in the object code. We show that our compilation strategies improve incremental compilation time of aspect-oriented programs. We also analyze our intermediate language with respect to constructs that are not directly supported

Collapsing towers of interpreters

Given a tower of interpreters, i.e., a sequence of multiple interpreters interpreting one another as input programs, we aim to collapse this tower into a compiler that removes all interpretive overhead and runs in a single pass. In the real world, a use case might be Python code executed by an x86 runtime, on a CPU emulated in a JavaScript VM, running on an ARM CPU. Collapsing such a tower can not only exponentially improve runtime performance, but also enable the use of base-language tools for interpreted programs, e.g., for analysis and verification. In this paper, we lay the foundations in an idealized but realistic setting. We present a multi-level lambda calculus that features staging constructs and stage polymorphism: based on runtime parameters, an evaluator either executes source code (thereby acting as an interpreter) or generates code (thereby acting as a compiler). We identify stage polymorphism, a programming model from the domain of high-performance program generators, as the key mechanism to make such interpreters compose in a collapsible way. We present Pink, a meta-circular Lisp-like evaluator on top of this calculus, and demonstrate that we can collapse arbitrarily many levels of self-interpretation, including levels with semantic modifications. We discuss several examples: compiling regular expressions through an interpreter to base code, building program transformers from modi ed interpreters, and others. We develop these ideas further to include reflection and reification, culminating in Purple, a reflective language inspired by Brown, Blond, and Black, which realizes a conceptually infinite tower, where every aspect of the semantics can change dynamically. Addressing an open challenge, we show how user programs can be compiled and recompiled under user-modified semantics.Parts of this research were supported by ERC grant 321217, NSF awards 1553471 and 1564207, and DOE award DE-SC0018050

Securing Verified IO Programs Against Unverified Code in F*

We introduce SCIO*, a formally secure compilation framework for statically verified partial programs performing input-output (IO). The source language is an F* subset in which a verified program interacts with its IO-performing context via a higher-order interface that includes refinement types as well as pre- and post-conditions about past IO events. The target language is a smaller F* subset in which the compiled program is linked with an adversarial context that has an interface without refinement types, pre-conditions, or concrete post-conditions. To bridge this interface gap and make compilation and linking secure we propose a formally verified combination of higher-order contracts and reference monitoring for recording and controlling IO operations. Compilation uses contracts to convert the logical assumptions the program makes about the context into dynamic checks on each context-program boundary crossing. These boundary checks can depend on information about past IO events stored in the state of the monitor. But these checks cannot stop the adversarial target context before it performs dangerous IO operations. Therefore linking in SCIO* additionally forces the context to perform all IO actions via a secure IO library, which uses reference monitoring to dynamically enforce an access control policy before each IO operation. We prove in F* that SCIO* soundly enforces a global trace property for the compiled verified program linked with the untrusted context. Moreover, we prove in F* that SCIO* satisfies by construction Robust Relational Hyperproperty Preservation, a very strong secure compilation criterion. Finally, we illustrate SCIO* at work on a simple web server example.Comment: POPL'24 camera-ready versio

Adapting virtual machine techniques for seamless aspect support

Current approaches to compiling aspect-oriented programs are inefficient. This inefficiency has negative effects on the productivity of the development process and is especially prohibitive for dynamic aspect deployment. In this work, we present how well-known virtual machine techniques can be used with only slight modifications to support fast aspect deployment while retaining runtime performance. Our implementation accelerates dynamic aspect deployment by several orders of magnitude relative to mainstream aspect-oriented environments. We also provide a detailed comparison of alternative implementations of execution environments with support for dynamic aspect deployment

An Expressive Stateful Aspect Language

Abstract Stateful aspects can react to a program execution; they support modular implementations of several crosscutting concerns like error detection, security, event handling, and debugging. However, most proposed stateful aspect languages have specifically been tailored to address a particular concern. Indeed, most of these languages differ in their pattern languages and semantics. As a consequence, developers need to tweak aspect definitions in contortive ways or create new specialized stateful aspect languages altogether if their specific needs are not supported. In this paper, we describe ESA, an expressive stateful aspect language, in which the pattern language is Turing-complete and patterns themselves are reusable, composable first-class values. In addition, the core semantic elements of every aspect in ESA is open to customization. We describe ESA in a typed functional language. We use this description to develop a concrete and practical implementation of ESA for JavaScript. With this implementation, we illustrate the expressiveness of ESA in action with examples of diverse scenarios and expressing semantics of existing stateful aspect languages