Modern software projects are of large scale, often involving years of development, tens of thousands of days of work effort, and millions of lines of code. This complexity is aggravated by the fact that development is often distributed over several geographic locations, as dictated by cost considerations, the availability of domain specialists, legal requirements, and other factors. Despite advances in development tools and techniques, software initiatives have lagged behind in utilizing novel software engineering methods and techniques effectively to reduce the complexity of large-scale software. The results can be seen in Corporate and Government IT budgets - based on Accenture and Industry research, IT cost overruns are still commonplace, and the cost to "keep the lights on" for fragile legacy applications typically consumes up to 60% IT budgets.

Increased adoption of advanced software engineering techniques holds great promise for solving these key business challenges. For example, modularization holds a promise in reducing complexity of software design by hiding low-level implementations in well-defined units of deployment. Specifically, vendors build platforms that allow architects to design large-scale systems that can be composed out of services on the fly. For example, JBoss built a platform that allows architects to seamlessly integrate Service-Oriented Architecture (SOA) with application and business-process management (BPM) in enterprise distributions. According to research with Accenture's CIO Council, at least 58% of global organizations are implementing or piloting SOA.

Proper separation of concerns is a key to effective modularization. While separation of concerns is more of art than science in the work of software architects, novel technologies that enable effective separation of concerns are gaining traction. Most recently Accenture used AOP on a government project to do audit tracking. It was very successful and the techniques are currently being incorporated in Accenture Delivery Architecture (ADA), which is a standards-based architecture used for very large scale software development. A large focus of our efforts is in making advanced software engineering techniques more "consumable" by across our network of developers - this is done through standardized architectures, reference applications, and training.

The talk will focus on progress that has been made, and challenges ahead in driving further business value through use of these types of techniques. In addition to the areas mentioned, we will focus on related issues such as: requirements traceability, automated software quality assurance, role of DSLs andMDA, and Agile techniques.

Many aspects for runtime monitoring are history-based: they contain pieces of advice that execute conditionally, based on the observed execution history. History-based aspects are notorious for causing high runtime overhead. Compilers can apply powerful optimizations to history-based aspects using domain knowledge. Unfortunately, current aspect languages like AspectJ impede optimizations, as they provide no means to express this domain knowledge.

In this paper we present dependent advice, a novel AspectJ language extension. A dependent advice contains dependency annotations that preserve crucial domain knowledge: a dependent advice needs to execute only when its dependencies are fulfilled. Optimizations can exploit this knowledge: we present a whole-program analysis that removes advice-dispatch code from program locations at which an advice's dependencies cannot be fulfilled.

Programmers often opt to have history-based aspects generated automatically, from formal specifications from model-driven development or runtime monitoring. As we show using code-generation tools for two runtime-monitoring approaches, tracematches and JavaMOP, such tools can use knowledge contained in the specification to automatically generate dependency annotations as well.

Our extensive evaluation using the DaCapo benchmark suite shows that the use of dependent advice can significantly lower, sometimes even completely eliminate, the runtime overhead caused by history-based aspects, independently of the specification formalism.

Some security concerns are sensitive to flow of information in a program execution. The dataflow pointcut has been proposed by Masuhara and Kawauchi in order to easily implement such security concerns in aspect-oriented programming (AOP) languages. The pointcut identifies join points based on the origins of values. This paper presents a formal framework for this pointcut based on the λ_calculus. Dataflow tags are propagated statically to track data dependencies between expressions. We introduce a static semantics for tag propagation and prove that it is consistent with respect to the dynamic semantics of the propagation. We instrument the static effect-based type system to propagate tags, match and inject advices. This static approach can be used to minimize the cost of dataflow pointcuts by reducing the runtime overhead since much of the dataflow information would be available statically and at the same time it can be used for verification. The proposed semantics for advice weaving is in the spirit of AspectJ where advices are injected before, after, or around the join points that are matched by their respective pointcuts. Inspired from the formal framework, the AspectJ compiler ajc is extended with the dataflow pointcut that tracks data dependencies inside methods.

Dynamic deployment of aspects brings greater flexibility and reuse potential, but requires proper means for scoping aspects. Scoping issues are particularly crucial in a distributed context: adequate treatment of distributed scoping is necessary to enable the propagation of aspect instances across host boundaries and to avoid inconsistencies due to unintentional spreading of data and computations in a distributed system.

We motivate the need for expressive scoping of dynamically-deployed distributed aspects by an analysis of the deficiencies of current approaches for distributed aspects. Extending recent work on deployment strategies for non-distributed aspects, we then introduce a set of high-level strategies for specifying locality of aspect propagation and activation, and illustrate the corresponding gain in expressiveness. We present the operational semantics of our proposal using Scheme interpreters, first introducing a model of distributed aspects that covers the range of current proposals, and then extending it with dynamic aspect deployment. This work shows that, given some extensions to their original execution model, deployment strategies are directly applicable to the expressive scoping of distributed aspects.

Aspects that in isolation behave correctly, may interact when being combined. When interaction changes an aspect's behaviour or disables an aspect, we call this interference. One particular type of interference occurs when aspects are applied to shared join points, since then the ordering of the aspects can also influence the behaviour of the composition. We present an approach to detect aspect interference at shared join points. Aspect compositions are modelled by using a graph production system for modelling aspect-language semantics. A graph-based model of a join point is generated from the source-code of the system. This graph is transformed into a runtime-state representation. Combined with the production system (and the correct tooling) the execution of the aspects is simulated. This simulation results in a labelled transition system that can be used to analyse and verify different properties of the system at the join point. Simulation of the entire system can be computationally expensive. In our approach, we decide to abstract base system execution into non-deterministic valuation and carefully choosing advice semantics, such that simulation of the entire system can be avoided.

Alternative semantics for aspect-oriented abstractions can be defined by language designers using extensible aspect compiler frameworks. However, application developers are prevented from tailoring the language semantics in an application-specific manner. To address this problem, we propose an architecture for aspect-oriented languages with an explicit meta-interface to language semantics. We demonstrate the benefits of such an architecture by presenting several scenarios in which aspect-oriented programs use the meta-interface of the language to tailor its semantics to a particular application execution context.

Aspect-oriented programming (AOP) eases the development of profilers, debuggers, and reverse engineering tools. Such tools frequently rely on calling context information. However, current AOP technology, such as AspectJ, does not offer dedicated support for accessing complete calling context within aspects. In this paper, we introduce a novel approach to calling context reification that reconciles flexibility, efficiency, accuracy, and portability. It relies on a generic bytecode instrumentation framework ensuring complete bytecode coverage, including the standard Java class library. We compose our program transformations for calling context reification with the AspectJ weaver, providing the aspect developer an efficient mechanism to manipulate a customizable representation of the complete calling context. To highlight the benefits of our approach, we present ReCrash as an aspect using a stack-based calling context representation; ReCrash is an existing tool that generates unit tests to reproduce program failures. In comparison with the original ReCrash tool, our aspect resolves several limitations, is extensible, covers also the standard Java class library, and causes less overhead.

The benefits of defining explicit pointcut interfaces in aspect-oriented applications have been advocated by many. A pointcut interface exposes a set of crosscutting abstract behaviours (as named pointcut signatures) that multiple aspects in the application can use. In accordance with the dependency inversion and stable dependencies principles, a pointcut interface should expose only stable abstractions in order to maximally promote its reuse across a family of applications.

In this paper, we propose a domain-driven architecture method for designing such stable pointcut interfaces. The method employs systematic reengineering of use case models to discover stable abstractions that are anchored in the domain model of the application. During architecture design, these stable domain abstractions are mapped to pointcut interfaces. As part of this mapping activity, the architecture is constrained to ensure that the pointcut interfaces can be implemented correctly.

We have applied this method in two applications, where we validate that pointcut interfaces can be reused for implementing the composition logic of different aspects without requiring modification to their pointcut signatures. Moreover, the method consistently yields pointcut interface hierarchies.

Multi-view modeling allows a developer to describe a software system from multiple points of view, e.g. structural and behavioral, using different modeling notations. Aspect-oriented modeling techniques have been proposed to address the scalability problem within individual modeling notations. This paper presents RAM, an aspect-oriented modeling approach that provides scalable multi-view modeling. RAM allows the modeler to define stand-alone reusable aspect models using 3 modeling notations. The aspect models support the modeling of structure (using UML class diagrams) and behavior (using UML state and sequence diagrams). RAM supports aspect dependency chains, which allows an aspect providing complex functionality to reuse the functionality provided by other aspects. The RAM weaver can create woven views of the composed model for debugging, simulation or code generation purpose, as well as perform consistency checks during the weaving and on the woven model to detect inconsistencies of the composition.

Execution traces are naturally represented at the design level with UML sequence diagrams. During a system execution, trace-based aspects can be used to monitor behavioral patterns and protocols and may e.g. provide mitigation strategies for unwanted behavior. Trace-based and stateful aspects have evolved to handle such reoccurring interaction patterns at the implementation level. We define a STAIRS-inspired semantics for trace-based Java aspects, and a sequence diagram aspect notation with a mapping to a trace-based Java implementation. We use this to show that aspect composition is semantics preserving with respect to refinement under the given semantics.

The lack of architecturally-significant mechanisms for aspectual composition might artificially hinder the specification of stable and reusable design aspects. Current aspect-oriented approaches at the architecture-level tend to mimic programming language join point models while overlooking mainstream architectural concepts such as styles and their semantics. Syntax-based pointcuts are typically used to select join points based on the names of architectural elements, exposing architecture descriptions to pointcut fragility and reusability problems. This paper presents style-based composition, a new flavor of aspect composition at the architectural level based on architectural styles. We propose style-based join point models and provide a pointcut language that supports the selection of join points based on style-constrained architectural models. Stability and reusability assessments of the proposed style-based composition model were carried out through three case studies involving different styles. The interplay of style-based pointcuts and some style composition techniques is also discussed.

As discussed in a recent report for which I was a co-author, "as computers and communication bandwidth become faster and cheaper, computing and communication capabilities will be embedded in all types of objects and structures in the physical environment. Applications with enormous societal impact and economic benefit will be created by harnessing these capabilities in time and across space. We refer to systems that bridge the cyber-world of computing and communications with the physical world as cyber-physical systems (CPS). The internet transformed how humans interact and communicate with one another, revolutionized how and where information is accessed, and even changed how people buy and sell in the marketplace. Similarly, CPS will transform how humans interact with and control the physical world around us. Examples of CPS include medical devices and systems, aerospace systems, transportation vehicles and intelligent highways, defense systems, robotic systems, process control, factory automation, building and environmental control and smart spaces. However, the confluence of recent key technologies is fundamentally altering how these types of systems will operate. For example, the level of uncertainty in which these systems operate is growing (hence the need for greater robustness), and pervasive wireless access is opening these systems to unprecedented dynamic and non-deterministic influences." This talk will describe this new and emerging field called CPS. The talk will focus on what is new and why we need fundamentally new approaches to face robustness and openness challenges. Aspect oriented programming will be proposed as a possible basis for key work in CPS.

Variability management is a common challenge for Software Product Line (SPL) adoption, since developers need suitable mechanisms for specifying and implementing variability that occurs at different SPL artifacts (requirements, design, implementation, and test). In this paper, we present a novel approach for use case scenario variability management, enabling a better separation of concerns between languages used to manage variabilities and languages used to specify use case scenarios. The result is that both representations can be understood and evolved in a separate way. We achieve such a goal by modeling variability management as a crosscutting phenomenon, for the reason that artifacts such as feature models, product configurations, and configuration knowledge crosscut each other with respect to each specific SPL member. After applying our approach to different case studies, we achieved a better feature modularity and scenario cohesion.

Traditional methods characterize a software product line's requirements using either functional or quality criteria. This appears to be inadequate to assess modularity, detect interferences, and analyze trade-offs. We take advantage of both symmetric and asymmetric views of aspects, and perform formal concept analysis to examine the functional and quality requirements of an evolving product line. The resulting concept lattice provides a rich notion which allows remarkable insights into the modularity and interactions of requirements. We formulate a number of problems that aspect-oriented product line requirements engineering should address, and present our solutions according to the concept lattice. We describe a case study applying our approach to analyze a mobile game product line's requirements, and review lessons learned.

Most current aspect composition mechanisms rely on syntactic references to the base modules or wildcard mechanisms quantifying over such syntactic references in pointcut expressions. This leads to the well-known problem of pointcut fragility. Semantics-based composition mechanisms aim to alleviate such fragility by focusing on the meaning and intention of the composition hence avoiding strong syntactic dependencies on the base modules. However, to date, there are no empirical studies validating whether semantics based composition mechanisms are indeed more expressive and less fragile compared to their syntax-based counterparts. In this paper we present a first study comparing semantics- and syntax-based composition mechanisms in aspect-oriented requirements engineering (AORE). In our empirical study the semantics-based compositions examined were found to be indeed more expressive and less fragile. The semantics-based compositions in the study also required one to reason about composition interdependencies early on hence potentially reducing the overhead of revisions arising from later trade-off analysis and stakeholder negotiations. However, this added to the overhead of specifying the compositions themselves. Furthermore, since the semantics-based compositions considered in the study were based on natural language analysis, they required initial effort investment into lexicon building as well as strongly depended on advanced tool support to expose the natural language semantics.

Cyber-physical systems increasingly rely on dynamically adaptive programs to respond to changes in their physical environment; examples include ecosystem monitoring and disaster relief systems. These systems are considered high-assurance since errors during execution could result in injury, loss of life, environmental impact, and/or financial loss. In order to facilitate the development and verification of dynamically adaptive systems, we separate functional concerns from adaptive concerns. Specifically, we model a dynamically adaptive program as a collection of (non-adaptive) steady-state programs and a set of adaptations that realize transitions among steady state programs in response to environmental changes. We use Linear Temporal Logic (LTL) to specify properties of the non-adaptive portions of the system, and we use A-LTL (an adapt-operator extension toLTL) to concisely specify properties that hold during the adaptation process. Model checking offers an attractive approach to automatically analyzing models for adherence to formal properties and thus providing assurance. However, currently, model checkers are unable to verify properties specified using A-LTL. Moreover, as the number of steady-state programs and adaptations increase, the verification costs (in terms of space and time) potentially become unwieldy. To address these issues, we propose a modular model checking approach to verifying that a formal model of an adaptive program satisfies its requirements specified in LTL and A-LTL, respectively.

In this paper we present a generic, mirror-based debugging architecture that supports runtime visibility and traceability of aspect oriented (AO) software systems. Runtime visibility supports inspection of an executing AO-system in terms of AO programming abstractions and code artifacts such as (dynamic) aspects, advices, pointcuts, aspect instances and advice applications. Runtime traceability supports inspection of the stack to identify advices that could have been executed, that are being executed, or that may be executed later. Additionally, traceability supports identification and inspection of the pointcut that causes a specific advice.

We have created a mirror based architecture that offers introspection support including an aspect-aware breakpoint model for AOP-related runtime events. We introduce the concept of hook frames to trace joinpoints and their advices on the stack.

We validate the genericity of our architecture in two instantiations -- JBoss AOP and AspectJ/ABC -- and evaluate both instantiations by applying concrete debugging scenarios.

Despite the upsurge of interest in the Aspect-Oriented Programming (AOP) paradigm, there remain few results on test data generation techniques for AOP. Furthermore, there is no work on search-based optimization for test data generation, an approach that has been shown to be successful in other programming paradigms.

In this paper, we introduce a search-based optimization approach to automated test data generation for structural coverage of AOP systems. We present the results of an empirical study that demonstrates the effectiveness of the approach. We also introduce a domain reduction approach for AOP testing and show that this approach not only reduces test effort, but also increases test effectiveness. This finding is significant, because similar studies for non-AOP programming paradigms show no such improvement in effectiveness, merely a reduction in effort. We also present the results of an empirical study of the reduction in test effort achieved by focusing specifically on branches inside aspects.

Aspect oriented programming (AOP) has started to achieve industry adoption for custom programs and some adoption in frameworks such as the Spring framework. Aspect oriented programming provides many benefits -- it can increase the scope of concerns that can be captured cleanly, it has explicit language support, and the separation provided by AOP provides an elegant mechanism for custom solutions.

In this paper we present a model for AOP testing. This includes a model for risk assessment, an associated fault model and AOP testing patterns. We also propose further opportunities for research in the area for automated AOP risk assessment and testing.

At ApTSi™ (Applied Technology Solutions, Inc.) we have been applying AOP in the creation of our SOASense™ framework, and in our consulting engagements. We are seeing adoption typically in classical AOP areas such as Logging, Error Handling, Audit events, etc. In these scenarios, having a reliable AOP implementation is critical. For example, having an Audit event not occur for a service call due to a faulty join-point definition can have severe legal implications. We need a solution that provides reliability, is repeatable and enables us to assess risk.

e is an aspect-oriented hardware verification language that is widely used to verify the design of electronic circuits through the development and execution of testbenches. In recent years, the continued growth of the testbenches developed at Infineon Technologies has resulted in their becoming difficult to understand, maintain and extend. Consequently, a decision was taken to document the testbenches at a higher level of abstraction. Accordingly, we attempted to model our legacy test suites with an existing aspect-oriented modelling approach. In this paper we describe our experience of applying Theme/UML, an aspect-oriented modelling approach, to the representation of aspect-oriented testbenches implemented in e. It emerged that the common aspect-oriented concepts supported by Theme/UML were not sufficient to adequately represent the e language, primarily due to e's dynamic, temporal nature. Based on this experience we propose a number of requirements that must be addressed before aspect-oriented modelling approaches such as Theme/UML are capable of representing aspect-oriented systems implemented in e.

Aspect-orientation (AO) is a recent technology for handling crosscutting concerns in a structured and modular manner. In spite of being considered useful, researchers often complain that industry is not widely adopting AO concepts and technologies in commercial projects.

This paper reports on real usage of aspect-orientation in an industrial project, which means that AO, in particular the AspectJ language, is part of a real software product. AO is basically used to overcome several critical problems. Those problems are well motivated and discussed in detail. Some of them are hard to solve with conventional programming techniques whereas the application of an appropriate AO-based solution is very straightforward. Since some of the reported problems are not really of crosscutting nature, the solutions might be questionable. This leads to a discussion about the "political correctness" of this approach. Furthermore, the paper also explains why and how the project management could be convinced to use AspectJ.

The goal of this research is to formulate a framework to determine whether the usage of an application in production environments is consistent with the test cases used to verify it before the application was released. Aspect-Oriented Programming (AOP) techniques are used to apply the instrumentation required for the measuring process so that the program is oblivious to the instrumentation and Hidden Markov Models (HMMs) are used to create signatures of the program. This paper presents the preliminary findings on the use of such mathematical models to measure the completeness of use cases driving the quality assurance testing.

To demonstrate the technique, the Web Service API of a commercial product is used. SOAP calls executed through different client applications are used to create test data for the experiments. The HMMs signatures created from collecting method calls can be used to determine whether the application is used according to the uses cases that have been verified. If the likelihood that the stochastic model obtained during testing can generate the sequences of calls collected from the production environment (via AOP techniques) is low, then it suggests that the program is being used in a way that has not been formally tested. These experiments will show that observable differences of the measurements using log likelihood graphs can detect such anomalies.

Everyday, programmers perform software evolution tasks that require accessing information from, and often making changes to, multiple modules comprising the target software system. For some of these tasks, aspect-oriented programming languages provide a means of improving the modularization of the target system, making it easier to perform desired evolutionary changes. For other tasks, it can be either too difficult or considered too costly to use a language to describe the modularization associated with a task. In many of these cases, we have found it effective to infer a task-specific form of modularity based on how programmers interact with the source comprising the system. This approach is the basis of the Eclipse Mylyn tools and frameworks, which are being used daily by hundreds of thousands of programmers to reduce information overload, enable recall of modularity associated with tasks and improve programming productivity.

Everyday, information workers also perform tasks that require accessing information from, and often making changes to, documents spread across their computer desktops, their organization and the world. How do the tasks of these information workers compare to those of programmers? Could these workers benefit from expressing modularity across information using ideas from aspect-oriented languages? Could these workers benefit from task-specific modularity based on how they access documents and related artifacts?

This talk will consider how ideas from the aspect-oriented community can extend beyond the software domain to improve the interaction of information workers with digital information.

Currently, it is possible to use Aspect-Oriented languages to attach behavior to code based on semantic or syntactic properties of that code. There is no language, however, that allows developers to attach behavior based on static metaproperties of code. Here, we demonstrate a technique for applying AOP methods to metaproperties of source code. We use advice to coherently define runtime behavior for subsets of code that need not share semantic or syntactic properties. To illustrate the approach, we use Java as a base language, and define a family of pointcuts based on the edit time of the source lines, then build a simple debugging application that applies runtime tracing to only the most recently changed code. Using this technique, the tracing code is neatly modularized and need not depend on any semantic properties of the base code. We believe that this approach has powerful applications for debugging as well as for software engineering researchers looking to explore the runtime effects of extra-linguistic features.

Systems software uses conditional compilation to manage crosscutting concerns in a very fine-grained and efficient way, but at the expense of tangled and scattered conditional code. Refactoring of conditional compilation into aspects gets rid of these issues, but it is not clear yet for which patterns of conditional compilation aspects make sense and whether or not current aspect technology is able to express these patterns. To investigate these two problems, this paper presents a graphical ``preprocessor blueprint'' model which offers a queryable representation of the syntactical interaction of conditional compilation and the source code. A case study on the Parrot VM shows that preprocessor blueprints are able to express and query for the four commonly known patterns of conditional compilation usage, and that they allow to discover seven additional important patterns. By correlating each pattern's potential for refactoring into advice and each pattern's evolution of the number of occurrences, we show that refactoring into advice in the Parrot VM is a good alternative for three of the eleven patterns, whereas for the other patterns trade-offs have to be considered between robustness and fine-grainedness of the advice.

Desktop client applications interact with both local and remote resources. This is both a benefit in terms of the rich features desktop clients can provide, but also a security risk. Due to their high connectivity, desktop clients can leave a user's machine vulnerable to viruses, malicious plug-ins, and scripts. Aspect-Oriented Software Development can be used to address security concerns in software in a modular fashion. However, most existing research focuses on the protection of server-side resources. In this paper we introduce an aspect-oriented mechanism, Authority Aspects, to enforce the Principle of Least Privilege on desktop clients. This helps to ensure that legitimate resource access is allowed and illegitimate access is blocked. We present a case study applying our approach on two desktop applications: an RSS feed aggregator and a Web browser.