Presentation is loading. Please wait.

Presentation is loading. Please wait.

Applying Translucid Contracts for Modular Reasoning about Aspect and Object Oriented Events Mehdi Bagherzadeh Gary T. Leavens Robert Dyer Foundations of.

Published byTyler Burns Modified over 9 years ago

Similar presentations

Presentation on theme: "Applying Translucid Contracts for Modular Reasoning about Aspect and Object Oriented Events Mehdi Bagherzadeh Gary T. Leavens Robert Dyer Foundations of."— Presentation transcript:

1 Applying Translucid Contracts for Modular Reasoning about Aspect and Object Oriented Events Mehdi Bagherzadeh Gary T. Leavens Robert Dyer Foundations of Apsect Oriented Languages 2011 Porto de Galinhas, Pernambuco, Brazil

2 Question How to reason about events and event handling code? Results: In Ptolemy: – Greybox specifications, “translucid contracts” [Main conference] In other languages – This talk Question for this talk: How to extend translucid contracts to other languages?

3 Background + Our Previous Works

4 Problems for Modular Reasoning About control (with Advice) 1.Pervasive join point shadows: mySquare.setX (9); 2.Black-box specifications can’t specify control effects of advice

5 Ptolemy Highlights Events: – Explicit Declaration – Explicit Announcement – Quantification for handlers Translucid Contracts

6 Ptolemy Example 1 class Fig {bool isFixed;} 2 class Point extends Fig{ 3 int x, y; 4 Fig setX(int x){ 5 announce Changed(this){ 6 this.x = x; this 7 } 8 } 9 } Event Announcement 10 Fig event Changed { 11 Fig fe; 12 13 14 15 16 17 18 19 20 } Event Declaration 21 class Enforce { 22 Enforce init(){ register(this)} 23 Fig enforce(thunk Fig rest,Fig fe){ 24 if(!fe.isFixed) 25 invoke(rest) 26 else refining 27 establishes fe==old(fe) { 28 fe } 29 } 30 when Changed do enforce; 31 } Quantification Registration Skip execution of setX() when isFixed is true. Event-driven-programming: – Subject Point announces event Changed when setX() is called. – Event handler enforce registers for Changed and runs when the event is announced. – Handler enforce implements the above requirement. SubjectEvent Type Observer (Handler)

7 Translucid Contracts Example 10 Fig event Changed { 11 Fig fe; 12 requires fe != null 13 assumes{ 14 if(!fe.isFixed) 15 invoke(next) 16 else 17 establishes fe==old(fe) 18 } 19 ensures fe != null 20 } Contract Limits the behavior of the handler – requires/ensures labels pre-/postconditions Greybox limits the handler’s code – assumes block with program/spec. expressions

8 10 Fig event Changed { 11 Fig fe; 12 requires fe != null 13 assumes{ 14 if(!fe.isFixed) 15 invoke(next) 16 else 17 establishes fe==old(fe) 18 } 19 ensures fe != null 20 } Assumes Block Assumes block is a mixture of – Specification exprs Hide implementation details – Program exprs Reveal code details Must be present in code

9 12 requires fe != null 13 assumes{ 14 if(!fe.isFixed) 15 invoke(next) 16 else 17 establishes fe==old(fe) 18 } 19 ensures fe != null TC Refinement A program expr. is refined by a textually matching prog. expr. A specification expr. is refined by a refining expression with the same specification. The pre-/postconditions are enforced using runtime assertion checks (RACs) Handler should structurally match the TC assumes block. 23Fig enforce(thunk Fig rest,Fig fe){ 24 if(!fe.isFixed) 25 invoke(rest) 26 else refining 26 establishes fe==old(fe){ 28 fe } 29 } Textual match Refines RAC

10 21 class Enforce { 22 … 23 Fig enforce(thunk Fig rest,Fig fe){ 24 if(!fe.isFixed) 25 invoke(rest) 26 else 27 refining establishes fe==old(fe){ 28 fe } 29 } 30 when Changed do enforce; 31 } Handler Name Event Name How Translucid Contracts rely on Ptolemy Handlers statically know about types of event they handle. So can find contract for the handler, … Allows modular checking of handler’s refinement.

11 Ptolemy and Modular Reasoning Reasoning about control effects of AO programs: 1.Pervasive join point shadows 1.Solution: Limit the application of advice: 1.Ptolemy’s explicit event announcement 2.Black-box specifications can’t handle control effects 1.Solution: Use grey-box spec to specify control effects: 1.Translucid contracts: 1.Limit the behavior of advice Ptolemy +Translucid contracts enables modular reasoning about control effects

12 Observation Greybox specifications are not Ptolemy-specific We show applicability to: – Several AO interfaces – OO language, C#

13 Key Problem Statically find what types of events a handler can handle So can find specification for event handler

14 Applicability of Translucid Contracts to other AO interfaces AO interfaces make join points explicit – Mitigates problem of pervasive join point shadows. Some AO interface proposals: – Crosscut programming interfaces (XPIs) – Aspect-aware interfaces (AAIs) – Open modules – Join point types – Explicit join points

15 Translucid Contracts for XPIs XPIs: a design-rule based interface; decouples the design of base and aspects XPI limits: – Exposure of join points – Behavior of base and aspect using black-box No mechanism provided to check the refinement

16 1 aspect Changed { 2 pointcut jp(Fig fe): 3 call(Fig Fig+.set*(..))&& target(fe); 4 requires fe != null 5 assumes{ 6 if(!fe.isFixed) 7 proceed(fe); 8 else 9 establishes fe == old(fe); 10 } 11 ensures fe != null 12 } XPI Pointcut Declaration Translucid Contracts for XPIs 13 aspect Enforce { 14 Fig around(Fig fe): Changed.jp(fe){ 15 if(!fe.isFixed) 16 proceed(fe); 17 else 18 refining establishes fe==old(fe){ 19 return fe; 20 } 21 } 22 } Unlike Ptolemy, TC in XPI is attached to the pointcut rather than the event type Only variables in pointcut, fe, could be used in translucid contracts Refinement rules are added to AO type system in Enforce where it is reusing the pointcut Changed.jp

17 1 class Point extends Fig { 2 int x, y; 3 Fig setX(int x): Enforce - 4 after returning Changed.jp(Fig fe) 5 requires fe != null 6 assumes{ 7 if(!fe.isFixed) 8 proceed(fe); 9 else 10 establishes fe == old(fe); 11 } 12 ensures fe != null 13 /* body of setX() */ 14 } Translucid Contracts for AAIs Syntax/refinement rules are similar to XPI. AAI Extracted AAI

18 Translucid Contracts for Open Modules Open modules allow explicit exposure of pointcut for behavioral modifications, similar to signaling events in Ptolemy

19 Translucid Contracts for Open modules Open module changed exposes a pointcut of class Fig to be advised by Enforce. Like XPIs and unlike Ptolemy, TCs are attached to pointcut decl. 13 aspect Enforce { 14 Fig around(Fig fe): XPI.jp(fe) 15 if(!fe.isFixed) 16 proceed(fe); 17 else 18 refining establishes fe==old(fe){ 19 return fe; 20 } 21 } 22 } Exposed Pointcut 5 aspect XPI { 6 pointcut jp(Fig fe): 7 call(Fig Fig+.set*(..))&& target(fe); 8 requires fe != null 9 assumes{ 10 if(!fe.isFixed) 11 proceed(fe); 12 else 13 establishes fe == old(fe); 14 } 15 ensures fe != null 16 } Open Module 1 module Changed{ 2 class Fig; 3 expose: XPI.jp(Fig) 4 } Exposed Join Point

20 Translucid Contracts for Join Point Types & Explicit Join Points Join point types and Explicit join points are similar to Ptolemy’s event types.

21 Applicability to OO languages For each handler, need to statically know about the type of events it can handle. C# has built-in: – events (EventType interface) – delegates (method pointers )

22 Problem Determining Handled Event Type of a Handler 1 class Point extends Fig{ 2 int x, y; 3 delegate Fig Changed(Fig fe); 4 Changed changed = 5 new Changed(Enforce.enforce) 6 Fig setX(int x){ 7 changed(); 8 this.x = x; 9 return this; 10 } 11 } 12 class Enforce { 13 … 14 Fig enforce(Fig fe){ … 19 } 20 } Event Announcement Event Handler Register Handler with Delegate Any method with the same signature as delegate Changed could be registered as its handler. Handler enforce has no way to tell which event it is handling.

23 Solution: A Simple Convention Every handler, takes as first argument an instance of the event type it handles

24 C# Library A C# library, emulating Ptolemy’s functionality, using C# events and delegates developed

25 C# 10 class Changed:EventType { 11 class Context{ 12 Fig fe; 13 Context (Fig fe){ this.fe = fe;} 14 Fig contract() { 15 Contract.Requires(fe != null); 16 Contract.Ensures(fe != null); 17 if (!fe.isFixed) 18 return new Changed().Invoke(); 19 else { 20 Contract.Assert(true); 21 Contract.Assert(fe==Contract.OldValue(fe)); 22 } 23 }}} Translucid Contract Translucid Contract Event Declaration Event Changed extends the built-in EventType with return type Fig and context variable fe. Translucid contract is attached to the event type Changed Method contract() documents the translucid contract. Pre/postconditions are written using Code Contracts Specification exprs are documented using assert exprs. Ptolemy 10 Fig event Changed { 11 Fig fe; 12 requires fe != null 13 assumes{ 14 if(!fe.isFixed) 15 invoke(next) 16 else 17 establishes fe==old(fe) 18 } 19 ensures fe != null 20 }

26 Event Announcement Event body is provided as an anonymous closure. Ptolemy 1 class Fig {int isFixed;} 2 class Point extends Fig{ 3 int x, y; 4 Fig setX(int x){ 5 announce Changed(this){ 6 this.x = x; this 7 } 8 } 9 } C# 1 class Fig { int isFixed; } 2 class Point:Fig { 3 int x, y; 4 void setX(int x) { 5 Changed.Announce( 6 new Changed.Context(this),()=>{ 7 this.x = x; 8 return this;}); 9 } 10 }

27 26 class Enforce { 27 Fig enforce(ChangedEvent next) { 28 if (!next.fe.isFixed) 29 return next.Invoke(); 30 else { 31 return next.fe; 32 } 33 } 34 } C# Refining Expression Quantification Event Handler Passing the event type to the handler, emulates Ptolemy’s quantification. Can statically determine which events a handler is handling. Then the event type contract could be pulled out and the handler refinement of the contract could be checked statically for structural refinement and dynamically by runtime assertion checking. 21 class Enforce { 22 Enforce init(){ register(this)} 23 Fig enforce(thunk Fig rest,Fig fe){ 24 if(!fe.isFixed) 25 invoke(rest) 26 else 27 refining establishes fe==old(fe){ 28 fe } 29 } 30 when Changed do enforce; 31 } Ptolemy

28 Conclusion Previous work: Translucid Contracts enable modular reasoning of control effects in AO programs. Implemented in Ptolemy This work: Translucid contracts are not Ptolemy-specific, can be used to reason about: – Other AO interfaces – OO languages such as C#

29 Questions

Download ppt "Applying Translucid Contracts for Modular Reasoning about Aspect and Object Oriented Events Mehdi Bagherzadeh Gary T. Leavens Robert Dyer Foundations of."

Similar presentations

Modular Verification of Higher-Order Methods in JML Gary T. Leavens, Steve Shaner, and David A. Naumann Support from US NSF grant CCF-0429567.

Modular Verification of Higher-Order Methods in JML Gary T. Leavens, Steve Shaner, and David A. Naumann Support from US NSF grant CCF
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Mohamed ElBendary and John Boyland University of Wisconsin-Milwaukee.

Mohamed ElBendary and John Boyland University of Wisconsin-Milwaukee.
OO Programming in Java Objectives for today: Overriding the toString() method Polymorphism & Dynamic Binding Interfaces Packages and Class Path.

OO Programming in Java Objectives for today: Overriding the toString() method Polymorphism & Dynamic Binding Interfaces Packages and Class Path.
Programming Languages and Paradigms The C Programming Language.

Programming Languages and Paradigms The C Programming Language.
Programming Paradigms Introduction. 6/15/2005 Copyright 2005, by the authors of these slides, and Ateneo de Manila University. All rights reserved. L1:

Programming Paradigms Introduction. 6/15/2005 Copyright 2005, by the authors of these slides, and Ateneo de Manila University. All rights reserved. L1:
A Brief Introduction to Aspect-Oriented Programming Zhenxiao Yang.

A Brief Introduction to Aspect-Oriented Programming Zhenxiao Yang.
Aspect Oriented Programming. AOP Contents 1 Overview 2 Terminology 3 The Problem 4 The Solution 4 Join point models 5 Implementation 6 Terminology Review.

Aspect Oriented Programming. AOP Contents 1 Overview 2 Terminology 3 The Problem 4 The Solution 4 Join point models 5 Implementation 6 Terminology Review.
1 JAC : Aspect Oriented Programming in Java An article review by Yuval Nir and Limor Lahiani.

1 JAC : Aspect Oriented Programming in Java An article review by Yuval Nir and Limor Lahiani.
1 An Aspect-Aware Outline Viewer Michihiro Horie and Shigeru Chiba Tokyo Institute of Technology, Japan.

1 An Aspect-Aware Outline Viewer Michihiro Horie and Shigeru Chiba Tokyo Institute of Technology, Japan.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University 1 Modularization.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University 1 Modularization.
Overview of AspectJ Aspect Oriented Software Development Seminar Technion presented by Oren Mishali.

Overview of AspectJ Aspect Oriented Software Development Seminar Technion presented by Oren Mishali.
More on AspectJ. aspect MoveTracking { private static boolean _flag = false; public static boolean testAndClear() { boolean result = _flag; _flag = false;

More on AspectJ. aspect MoveTracking { private static boolean _flag = false; public static boolean testAndClear() { boolean result = _flag; _flag = false;
. Memory Management. Memory Organization u During run time, variables can be stored in one of three “pools”  Stack  Static heap  Dynamic heap.

. Memory Management. Memory Organization u During run time, variables can be stored in one of three “pools”  Stack  Static heap  Dynamic heap.
C++ fundamentals.

C++ fundamentals.
Subclasses and Subtypes CMPS 2143. Subclasses and Subtypes A class is a subclass if it has been built using inheritance. ▫ It says nothing about the meaning.

Subclasses and Subtypes CMPS Subclasses and Subtypes A class is a subclass if it has been built using inheritance. ▫ It says nothing about the meaning.
A Formal Model of Modularity in Aspect-Oriented Programming Jonathan Aldrich 15-819: Objects and Aspects Carnegie Mellon University.

A Formal Model of Modularity in Aspect-Oriented Programming Jonathan Aldrich : Objects and Aspects Carnegie Mellon University.
Programming Languages and Paradigms Object-Oriented Programming.

Programming Languages and Paradigms Object-Oriented Programming.
Outline Introduction Problem Statement Object-Oriented Design Aspect-Oriented Design Conclusion Demo.

Outline Introduction Problem Statement Object-Oriented Design Aspect-Oriented Design Conclusion Demo.
REFACTORING Lecture 4. Definition Refactoring is a process of changing the internal structure of the program, not affecting its external behavior and.

REFACTORING Lecture 4. Definition Refactoring is a process of changing the internal structure of the program, not affecting its external behavior and.

Similar presentations

Ads by Google