implementing java modeling language contracts …cin.ufpe.br › ~hemr › talks ›...
TRANSCRIPT
![Page 1: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/1.jpg)
Department of Computing and Systems p p g yUniversity of Pernambuco
Recife, Brazil
Implementing Java Modeling Implementing Java Modeling Language Contracts with AspectJ
Henrique Rebêlo Ricardo Lima
Márcio CornélioSérgio Soares
Leopoldo Ferreira
1
p(hemr,ricardo,marcio,sergio,[email protected])
![Page 2: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/2.jpg)
Java Modeling Language
Formal specification language for Java• behavioral specification of Java modulesAdopts design by contract and Hoare-Adopts design by contract and Hoarestyle with assertions
p p stc nditi ns nd in i nts• pre-, postconditions and invariants
Main goal Improve functional software correctness of Java programs
2
software correctness of Java programs
![Page 3: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/3.jpg)
Java Modeling Language
Assertions are added as comments in .java files• between /*@ … @*/, or //@between / @ … @ /, or //@
3
![Page 4: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/4.jpg)
Meaning of Postconditions
normal(return)
exceptional(throw)
ensuresQ;
signals (…)R;
4
![Page 5: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/5.jpg)
JML compiler: compilation passesRuntime checks
MultiJava Front-end Compiler
5
Code Generation
![Page 6: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/6.jpg)
Problem
JML limitation• The JML compiler does not work properly when
applied to other Java platformspp p• Example: Java ME platform
— Data structures (e g HashSet) Data structures (e.g. HashSet) — Java reflection mechanism
6
![Page 7: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/7.jpg)
Our ApproachVerify Java ME/SE programs with JML
A tJ AOP t i t J• AspectJ – AOP extension to Java
We use the AspectJ tot l t JML t t i t t- translate JML contracts into aspects
- generate bytecodes compliant with Java ME/SEif if b t d t th JML- verify if bytecode respects the JML
contracts during runtime
7
![Page 8: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/8.jpg)
Aspect Oriented Aspect Oriented Programming with AspectJProgramm ng w th AspectJ
AspectJp• Crosscutting concern modularization
— persistencepersistence— distribution— ...
“[...] there are many other concerns that, in specific system, have crosscutting structure. Aspects can be used to i t i i t l i t v l th d f maintain internal consistency among several methods of a
class. They are well suited to enforcing a Design by Contract style programming.”
G Ki l
8
Gregor Kiczales
http://www.theserverside.com/talks/videos/GregorKiczalesText/interview.tss
![Page 9: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/9.jpg)
Aspect Oriented Aspect Oriented Programming with AspectJProgramm ng w th AspectJ
Dynamic crosscutting• Define additional code that should be executed
—before—after—around
Static crosscutting•• ...• Add new members to types
9
• …
![Page 10: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/10.jpg)
Contributions
A novel JML compiler compliant withp p• Java ME/SE applications
The use of AspectJ to implement JML JML contracts• Mapping JML contracts into AspectJ aspects• Checking the contracts during runtime
10
![Page 11: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/11.jpg)
Outline
Implementation Strategyp gySubset of JML: pre, post, invariantM i C t t i t A tMapping Contracts into AspectsComparative Studyp yConclusionF t W kFuture Work
11
![Page 12: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/12.jpg)
Implementation StrategyRuntime checks
AspectJ Front-end
pCompiler
12
Aspect Code Generation
![Page 13: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/13.jpg)
Subset of JML: pre, post, invariant
Preconditions (requires keyword)Properties that must hold before method calls.
Normal Postconditions (ensures keyword)Properties that must hold after method calls.
Invariants (invariant keyword)
13Properties that must be maintained by all methods.
![Page 14: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/14.jpg)
Subset of JML: pre, post, invariant
Inheritance of JML specificationsL ’ d fi iti• Leavens’ definition
preconditions are combined by disjunctionnormal postconditions are combined by conjunction
14
normal postconditions are combined by conjunctioninvariants * are combined by conjunction
![Page 15: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/15.jpg)
Mapping contracts into aspects
Assume the following generic JML Assume the following generic JML specification
class S inherits JML ifi tiJML specifications from class T
15
![Page 16: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/16.jpg)
Mapping contracts into aspects
AspectJ mapping for precondition
Inter Type declaration: checkPre$m()Inter Type declaration: checkPre$m()
AspectJ advice: before
16
![Page 17: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/17.jpg)
Mapping contracts into aspects
AspectJ mapping for normal postcondition
Inter Type declaration: checkPost$m$C()
translation of the JML implication\old(pre) > postAspectJ advice: around \old(pre)==> post
17
![Page 18: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/18.jpg)
Mapping contracts into aspects
AspectJ mapping for invariant
Inter Type declaration: checkInv$Instance ()
AspectJ advice: before, after returningafter throwingg
18
![Page 19: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/19.jpg)
Comparative study
An open source Java ME floating point p g pcalculator in three different ways:• Using our approach with AOP (our Using our approach with AOP (our
compiler) – CalcAspSol• Using the original approach (jmlc compiler) • Using the original approach (jmlc compiler)
– CalcJmlSolU i ( ith b t d • Using a pure one (with no bytecode instrumentation) – CalcPureSol
19
(→) The open source calculator is available athttps://meapplicationdevelopers.dev.java.net/demo box.html
![Page 20: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/20.jpg)
Comparative studyMetrics
MiDl t l i The calculator was executed• MiDlet class size• Bytecode size (JAR)
The calculator was executedin a real mobile phone!.
• Library API sizeAnnotations used: pre postconditions and Annotations used: pre, postconditions, and invariant E f d tiEnforced properties• The calculator yields only positive results
20
y y p• The calculator prevents division by zero
![Page 21: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/21.jpg)
Comparative study
Our analysis were extracted from the yfollowing results: -95.8%
-98.3%
Such results provide indication that our compiler generates a bytecode that requires less memory
21
generates a bytecode that requires less memory space than one generated by the JML compiler (jmlc).
![Page 22: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/22.jpg)
ConclusionA novel JML compiler
J ME/SE li ti• Java ME/SE applicationsThe use of AspectJ to implement contracts
JMLwritten in JMLA comparative studyp y• Our compiler produces smaller code than the jmlc
LimitationLimitation• Subset of JML constructs
22
![Page 23: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/23.jpg)
Future Work
To extend our compiler to treat other JML pconstructs
Optimization techniques for AspectJ advices
Case studies
Formalization of the JML/AspecJ mapping
23
Formalization of the JML/AspecJ mapping
![Page 24: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/24.jpg)
Department of Computing and Systems p p g yUniversity of Pernambuco
Recife, Brazil
Implementing Java Modeling Implementing Java Modeling Language Contracts with AspectJ
Henrique Rebêlo Ricardo Lima
Márcio CornélioSérgio Soares
Leopoldo Ferreira
24
p(hemr,ricardo,marcio,sergio,[email protected])
![Page 25: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/25.jpg)
Example: pre and post
requires pre
T ensures post
S
requires pre’
ensures post’
25
![Page 26: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/26.jpg)
Example: pre and post
T
AspectJ for T
S
AspectJ for S
Precondition Checking Precondition CheckingPrecondition Checking
‘
Precondition Checking
122
26
S s = new S();s.m();
![Page 27: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/27.jpg)
Example: pre and post
T
AspectJ for T
S
AspectJ for S
N-Postcondition Checking N-Postcondition CheckingN Postcondition Checking N Postcondition Checking
‘ ‘1 21 2
27
S s = new S();s.m();
![Page 28: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/28.jpg)
Complete invariant mapping
28
![Page 29: Implementing Java Modeling Language Contracts …cin.ufpe.br › ~hemr › talks › SAC2008_Rebelo_Lima_Talk.pdfImplementing Java Modeling Language Contracts with AspectJ Henrique](https://reader033.vdocuments.us/reader033/viewer/2022060315/5f0bddc17e708231d43299a4/html5/thumbnails/29.jpg)
Example: old constructT
//@ ensures y == \old(y + 10);
public int y;
void m() {}
29