An Extensible Contract Verifier for AspectJ

Slides:



Advertisements
Similar presentations
©NIIT Inheritance and Interfaces Lesson 1A / Slide 1 of 23 Programming in Java Objectives In this lesson, you will learn to: Implement the concept of inheritance.
Advertisements

Overview of AspectJ Aspect Oriented Software Development Seminar Technion presented by Oren Mishali.
1 Introduction to CS Agenda Syllabus Schedule Lecture: the management of complexity.
Program Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
Aspect-Oriented Software Development (AOSD) Tutorial #3 AspectJ - continued.
Subclasses and Subtypes CMPS Subclasses and Subtypes A class is a subclass if it has been built using inheritance. ▫ It says nothing about the meaning.
A Formal Model of Modularity in Aspect-Oriented Programming Jonathan Aldrich : Objects and Aspects Carnegie Mellon University.
OOPs Object oriented programming. Based on ADT principles  Representation of type and operations in a single unit  Available for other units to create.
Introduction to Aspect Oriented Programming Presented By: Kotaiah Choudary. Ravipati M.Tech IInd Year. School of Info. Tech.
1 Abstraction  Identify important aspects and ignore the details  Permeates software development programming languages are abstractions built on hardware.
Aspect Oriented Programming Razieh Asadi University of Science & Technology Mazandran Babol Aspect Component Based Software Engineering (ACBSE)
VERIFICATION OF ASPECT ORIENTED MODELS BY DON MARTIN JAYASHREE VENKIPURAM PATHANGI PIYUSH SRIVASTAVA REFERENCES F. Mostefaoui and J. Vachon,” Design level.
1 Metamodel Access Protocols for Extensible Aspect-Oriented Modeling Naoyasu Ubayashi(Kyushu Institute of Technology, Japan) Shinji Sano(Kyushu Institute.
1 An Aspect-oriented Weaving Mechanism Based on Component-and-Connector Architecture Naoyasu Ubayashi (Kyushu Institute of Technology) February 12, 2008.
1 Model Compiler Construction Based on Aspect-oriented Mechanisms Naoyasu Ubayashi (Kyushu Institute of Technology) Tetsuo Tamai (University of Tokyo)
POSL (Principles of Software Languages) Gr. Kyushu Institute of Technology, Japan An Extensible Aspect-Oriented Modeling.
POSL (Principles of Software Languages) Gr. Kyushu Institute of Technology, Japan Pointcut-based Architectural Interface.
111 Protocols CS 4311 Wirfs Brock et al., Designing Object-Oriented Software, Prentice Hall, (Chapter 8) Meyer, B., Applying design by contract,
What does a computer program look like: a general overview.
AOSD1 Aspect-Oriented Software Design Karl Lieberherr Theo Skotiniotis.
1 Proving aspect-oriented programming laws Leonardo Cole Paulo Borba Alexandre Mota Informatics Center Federal University of.
Aspect-Oriented Programming and Modular Reasoning G. KiczalesM. Mezini Presented by Alex Berendeyev.
Architectural Point Mapping for Design Traceability Naoyasu Ubayashi and Yasutaka Kamei Kyushu University, Japan March 26, 2012 FOAL 2012 (AOSD Workshop)
IDENTIFYING SEMANTIC DIFFERENCES IN ASPECTJ PROGRAMS Martin Görg and Jianjun Zhao Computer Science Department, Shanghai Jiao Tong University.
Chapter 6 Introduction to Defining Classes. Objectives: Design and implement a simple class from user requirements. Organize a program in terms of a view.
Inter-Type Declarations in AspectJ Awais Rashid Steffen Zschaler © Awais Rashid, Steffen Zschaler 2009.
1 Contract-based Verification for Aspect-oriented Refactoring Naoyasu Ubayashi(Kyushu Institute of Technology) Jinji Piao(Kyushu Institute of Technology)
Alloy-based Lightweight Verification for Aspect-oriented Architecture Naoyasu Ubayashi(Kyushu Institute of Technology) Yuki Sato(Kyushu Institute of Technology)
Protocols Software Engineering II Wirfs Brock et al, Designing Object-Oriented Software, Prentice Hall, Mitchell, R., and McKim, Design by Contract,
POSL (Principles of Software Languages) Gr. Kyushu Institute of Technology, Japan 1 A Verification Mechanism for Weaving.
Inheritance and Polymorphism. Superclass and Subclass Inheritance defines a relationship between objects that share characteristics. It is a mechanism.
PROGRAMMING PRE- AND POSTCONDITIONS, INVARIANTS AND METHOD CONTRACTS B MODULE 2: SOFTWARE SYSTEMS 13 NOVEMBER 2013.
AOSD'04, Lancaster, UK 1 Remote Pointcut - A Language Construct for Distributed AOP Muga Nishizawa (Tokyo Tech) Shigeru Chiba (Tokyo Tech) Michiaki Tatsubori.
Quick Review of OOP Constructs Classes:  Data types for structured data and behavior  fields and methods Objects:  Variables whose data type is a class.
R R R A Brief Introduction to Aspect-Oriented Programming.
AspectScope: An Outline Viewer for AspectJ Programs Michihiro Horie, Shigeru Chiba Tokyo Institute of Technology, Japan.
Object orientation and Packaging in Java Object Orientation and Packaging Introduction: After completing this chapter, you will be able to identify.
AOP with AspectJ Awais Rashid, Steffen Zschaler © Awais Rashid, Steffen Zschaler 2009.
1 An AOP Implementation Framework for Extending Join Point Models Naoyasu Ubayashi(Kyushu Institute of Technology, Japan) Hidehiko Masuhara(University.
1 Aspectual Caml an Aspect-Oriented Functional Language Hideaki Tatsuzawa Hidehiko Masuhara Akinori Yonezawa University of Tokyo.
 Description of Inheritance  Base Class Object  Subclass, Subtype, and Substitutability  Forms of Inheritance  Modifiers and Inheritance  The Benefits.
Features of AOP languages AOP languages have the following main elements: –a join point model (JPM) wrt base PL –a specification language for expressing.
Principles of Programming & Software Engineering
Modern Programming Tools And Techniques-I
An Interface Mechanism for Encapsulating Weaving in Class-based AOP
Modular Software Development for Dealing with Uncertainty
Lecture 12 Inheritance.
MACS 2005 First International Workshop on the Modeling and Analysis of Concerns in Software Concern Management for Constructing Model Compilers -- Towards.
Inheritance and Polymorphism
Chapter 11 Object-Oriented Design
Aspect-Oriented Programming with the Eclipse AspectJ plug-in
Chapter 3: Using Methods, Classes, and Objects
Review Session.
Generics, Lambdas, Reflections
PRINCIPALES OF OBJECT ORIENTED PROGRAMMING
Introduction interface in Java is a blueprint of a class. It has static constants and abstract methods only. An interface is a way to describe what classes.
A Brief Introduction to Aspect-Oriented Programming
CS18000: Problem Solving and Object-Oriented Programming
Generics.
Inheritance Cse 3rd year.
Java Programming, Second Edition
Protocols CS 4311 Wirfs Brock et al., Designing Object-Oriented Software, Prentice Hall, (Chapter 8) Meyer, B., Applying design by contract, Computer,
Inheritance.
Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.
Chapter 11 Inheritance and Polymorphism Part 1
Chapter 11 Inheritance and Encapsulation and Polymorphism
Programming Languages 2nd edition Tucker and Noonan
CSG2H3 Object Oriented Programming
Generics, Lambdas and Reflection
INTERFACES Explained By: Sarbjit Kaur. Lecturer, Department of Computer Application, PGG.C.G., Sector: 42, Chandigarh.
Presentation transcript:

An Extensible Contract Verifier for AspectJ 2nd Asian Workshop on Aspect-Oriented Software Development (AOAsia2) An Extensible Contract Verifier for AspectJ Suguru Shinotsuka (Kyushu Institute of Technology) Naoyasu Ubayashi (Kyushu Institute of Technology) Hideaki Shinomi (IBM Japan Ltd.) Tetsuo Tamai (University of Tokyo) September 19, 2006

Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp> Introduction Aspect-Oriented Programming (AOP) Class A Class A method method weaving Aspect advice Class B Class B method method weaving Object-Oriented Programming Aspect-Oriented Programming Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp>

Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp> Introduction Problem in weaving method method We cannot know method behavior only by looking method body. behavior to be known in implementation behavior after weaving easygoing program revision unexpected errors by weaving Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp>

Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp> Introduction Our approach We can specify how program behavior should be changed during weaving. Contract for weaving method method its verification method It is effective to verify the correctness of weaving. weaving However… The predicates are not always enough for every verification cases. COW (COntract Writing language) A solution of the problem behavior change Behavior has no red part. Behavior has a red part. specification in predicate logic an extensible contract verifier of COW Primitive predicates are provided. e.g., call (statement, method) Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp>

Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp> Reminder Outline Problem in Weaving COW Contract Verifier Related Work & Future Work Conclusion Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp>

Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp> Problem in Weaving Problem Example class Line { Point p1, p2; void moveBy(int dx, int dy) { p1.x += dx; p1.y += dy; p2.x += dx; p2.y += dy; Display.redrawLine(this); } class Line { Point p1, p2; void moveBy(int dx, int dy) { p1.x += dx; p1.y += dy; p2.x += dx; p2.y += dy; } class Line { Point p1, p2; void moveBy(int dx, int dy) { p1.moveBy(dx, dy); p2.moveBy(dx, dy); Display.redrawLine(this); } class Line { Point p1, p2; void moveBy(int dx, int dy) { p1.moveBy(dx, dy); p2.moveBy(dx, dy); } Redrawing the p1 and the p2 points ⇒ Method behavior is changed by the revision. ⇒ incorrect weaving Line - p1, p2: Point weaving weaving Point - x, y: int aspect LineObserver { after(Line l): execution(* Line.moveBy(..)) && target (l) { Display.redrawLine(l); } redraw Display redraw class Point { int x, y; void moveBy(int dx, int dy) { x += dx; y += dy; Display.redrawPoint(this); } class Point { int x, y; void moveBy(int dx, int dy) { x += dx; y += dy; } aspect PointObserver { after(Point p): execution(* Point.moveBy(..)) && target (p) { Display.redrawPoint(p); } weaving Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp>

Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp> COW COW is a method for verifying the correctness of weaving. We specify a property of control and data flow before and after weaving. - by using predicate logic. - Primitive predicates are provided. We can verify whether this specification is satisfied. We call these specifications:   - Pre-condition (requires)   - Post-condition (ensures) - Invariant (invariant) Contract between class and aspects. weaving = mechanism for changing method behavior correctness of weaving = correctness of method behavior before and after weaving method behavior ≒ property of control and data flow how behavior changes = behavior before and after weaving Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp>

COW COW (COntract Writing language) language for describing contracts contract LineContract restricts Line { define redrawingPoint() { target(t) && entry(t, e) && controlFlow(t, s, e) && call(s, void Display.redrawPoint(Point)) } define redrawingLine() { && call(s, void Display.redrawLine(Line)) define redrawingNothing() { ! redrawingPoint() && ! redrawingLine() define redrawingLineOnly () { redrawingLine() && ! redrawingPoint() void moveBy(int, int) { requires(redrawingNothing()); ensures(redrawingLineOnly()); language for describing contracts before weave(pre-condition): redrawing nothing after weave(post-condition): redrawing line only Line.moveBy() call of Display.redrawPoint Line.moveBy() call of Display.redrawLine Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp>

Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp> COW Primitive Predicates Predicate Meanings owner (x, t) x is an actuator, a field, an inner class of type t. target (a) An actuator a is a target of constraint. source (a) An advice a is woven to the target actuator. method (a) Actuator a is a method. constructor (a) Actuator a is a constructor. beforeAdvice (a) Actuator a is a before-advice. afterAdvice (a) Actuator a is an after-advice. aroundAdvice (a) Actuator a is an around-advice. field (v) Symbol v is a class field. enumerator (v) Symbol v is an enumerator. parameter (v) Symbol v is an actuator’s formal parameter. Predicate Meanings variable (v) Symbol v is a local variable. entry (a, s) The entry statement of an actuator a is s. call (s, a) Statement s calls an actuator a. return (s) s is a returning statement. write (s, v) Statement s writes to a symbol v. read (s, v) Statement s reads a symbol v. defuse (s, dv, sv) At statement s, symbol dv is written using symbol sv. controlFlow (a, g, s) In control flow under an actuator a, statement g can be reached from a statement s. dataFlow (a, d, dv, s, sv) In data flow under an actuator a, s symbol dv in a statement d can be reached from a symbol sv in a statement s. equal (x, y) x equals y. Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp>

Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp> COW Towards Contract Extension However… It is useful to extend the verification facility of COW. COW’s verification facility is not always enough. COW ⇒ We can verify whether a change of program behavior is correct. But a developer wants to verify the correctness of weaving in every case. e.g., - Can we verify whether program structure is correctly changed by intertype weaving? - Can we specify program behavior completely? By extending the primitive predicates, the facility can be extended. We developed an extensible contract verifier that enables a developer to extend the primitive predicates. Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp>

Contract Verifier Implementation Outline control flow graph in a program analysis result Strategy - Executing program analysis for Java / AspectJ source code. - Verifying whether contract conditions in COW satisfies the information from the program analysis. contract conditions Prolog facts Prolog questions primitive predicate definition e.g., the controlFlow primitive predicate contract LineContract restricts Line { define redrawingPoint() { target(t) && entry(t, e) && controlFlow(t, s, e) && call(s, void Display.redrawPoint(Point)) } define redrawingLine() { && call(s, void Display.redrawLine(Line)) define redrawingNothing() { ! redrawingPoint() && ! redrawingLine() define redrawingLineOnly () { redrawingLine() && ! redrawingPoint() void moveBy(int, int) { requires(redrawingNothing()); ensures(redrawingLineOnly()); redrawingPoint :- target(T), entry(T, E), controlFlow(T, S, E), call(S, ‘void Display.redrawPoint(Point)’). S1: Point.moveBy() entry(Point.moveBy(), S1) next(S1, S2) Prolog rules redrawingLine :- target(T), entry(T, E), controlFlow(T, S, E), call(S, ‘void Display.redrawLine(Line)’). S2: x += dx def(Point.x), use(dx) controlFlow(Scope, Goal, Start) :- traverse(Scope, Goal, Start, []). traverse(Scope, Goal, Start, Visited) :- next(Start, Next, ScopeList), member(Scope, ScopeList), \+member(Next, Visited), Next = Goal. traverse(Scope, Goal, Next, [Next | Visited]). next(S2, S3) redrawingNothing :- \+ redrawingPoint, \+ redrawingLine. S3: y += dy def(Point.y), use(dy) next(S3, S4) By using Prolog interpreter, this verification is realized. - Translating the program analysis results to Prolog facts. - Translating the contract conditions to Prolog questions. - Giving primitive predicate definitions as Prolog rules. redrawingLineOnly :- redrawingLine, \+ redrawingPoint. S4: Display.redrawPoint(this) call(S4, void Display.redrawPoint(Point)) | ?- redrawingNothing. | ?- redrawingLineOnly. Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp>

Contract Verifier Extension Mechanism To verify whether a primitive predicate is satisfied, the follows are needed: AA-lib extension part - Prolog facts used for verifying whether the primitive predicate is satisfied Primitive predicate factory + toFacts (r: ProgramAnalysisResult): PrologFacts + toRule (): PrologRule - Prolog rules for verifying whether the primitive predicate is satisfied by the Prolog facts Java AspectJ structure structure S1: Point.moveBy() next(S1, S2) factory class object controlFlow(Scope, Goal, Start) :- traverse(Scope, Goal, Start, []). traverse(Scope, Goal, Start, Visited) :- next(Start, Next, ScopeList), member(Scope, ScopeList), \+member(Next, Visited), Next = Goal. traverse(Scope, Goal, Next, [Next | Visited]). S2: x += dx Program analysis result next(S2, S3) We developed the contract verifier that enables such the extension. flow graph flow graph Prolog rule and facts S3: y += dy before weave after weave CAVE COW If a developer can add implementation for generating these facts and rules to the contract verifier, the developer can extend primitive predicates. next(S3, S4) Primitive predicate database GNU Prolog Prolog questions S4: Display.redrawPoint(this) verification result Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp>

Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp> Contract Verifier Primitive Predicate Extension How to extend primitive predicates by using the primitive predicate factory: Explanation example: adding new primitive predicate for describing class inheritance relation PrologFacts toFacts(ProgramAnalysisResult r) { PrologFacts facts = new PrologFacts(); for (ClassInheritance i: r.getStructure().getInheritances()) { PrologConstant superClass = Translation.toPrologConstant(i.getSuperClass()); PrologConstant subClass = Translation.toPrologConstant(i.getSubClass()); PrologFact fact = new PrologFact(“directExtends”, subClass, superClass); facts.add(fact); } return facts; public static void main(String[] args) { CowCompiler c = new CowCompiler(args); PrimitivePredicateSet predicates = c.getPrimitivePredicateSet(); predicates.add(new ExtendsPredicateFactory()); c.setPrimitivePredicateSet(predicates); c.start(); } PrologRule toRule() { PrologRule rule = Translation.toPrologRule( “extends(Subclass, Superclass) :-” + “ directExtends(Subclass, Superclass).” + “ directExtends(Subclass0, Superclass),” + “ extends(Subclass, Subclass0).”); return rule; } A We implement the predicate factory class to: C directly extends A ⇒ extends (C, A) step1, map the part of program analysis result to the directExtends facts (by the toFacts method). Facts and rules in Prolog for verifying the extends predicate are: B C extends(Subclass, SuperClass) :- directExtends(Subclass, Superclass). extends(Subclass, Superclass) :- directExtends(Subclass0, Superclass), extends(Subclass, Subclass0). -step2, generate the Prolog rules of the extends predicate (by the toRule method). directExtends(‘B’, ‘A’). directExtends(‘C’, ‘A’). directExtends(‘D’, ‘C’). D indirectly extends A ⇒ extends (D, A) D factory class that we implemented -step3, adding factory object to the verifier Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp>

Related Work & Future Work Testing and verification approaches based on contracts: AspectJ can be extended by using abc, an extensible AspectJ compiler. At present time, we cannot determine which approach is better. - Information Hiding Interfaces for Aspect-Oriented Design [K. Sullivan, FSE 2005] - Cona: aspects for contracts and contracts for aspects [T. Skotiniotis, OOPSLA 2004] COW: - verification method using a language for verification - based on predicate logic Verification language based on predicate logic can be extended by using the contract verifier that we proposed. -- a method for specifying rules for designing classes and aspects -- a method for testing whether method behavior is correct -- The rules can be described by using pointcut language of AspectJ. -- inserting testing code based on DbC by using aspects verification method using AspectJ - based on pointcut language In the future, we will try to extend both AspectJ and COW and examine the effectiveness of these approaches. Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp>

Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp> Conclusion We have proposed COW as a method for verifying the correctness of weaving and we proposed an extensible implementation of the COW compiler. A developer can extend the verification facility of COW. We believe that the extensibility is useful for verifying the correctness of weaving in various cases. Suguru SHINOTSUKA <sinotuka@minnie.ai.kyutech.ac.jp>

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.