Feature models (FMs) are a popular formalism for describing the commonality and variability of software product lines (SPLs) in terms of features. SPL development increasingly involves manipulating many large FMs, and thus scalable modular techniques that support compositional development of complex SPLs are required. In this paper, we describe how a set of complementary operators (aggregate, merge, slice) provides practical support for separation of concerns in feature modeling. We show how the combination of these operators can assist in tedious and error prone tasks such as automated correction of FM anomalies, update and extraction of FM views, reconciliation of FMs and reasoning about properties of FMs. For each task, we report on practical applications in different domains. We also present a technique that can efficiently decompose FMs with thousands of features and report our experimental results.

Software product lines (SPLs) are commonly developed using annotative approaches such as conditional compilation that come with an inherent risk of constructing erroneous products. For this reason, it is essential to be able to analyze SPLs. However, as dataflow analysis techniques are not able to deal with SPLs, developers must generate and analyze all valid methods individually, which is expensive for non-trivial SPLs. In this paper, we demonstrate how to take any standard intraprocedural dataflow analysis and automatically turn it into a feature-sensitive dataflow analysis in three different ways. All are capable of analyzing all valid methods of an SPL without having to generate all of them explicitly. We have implemented all analyses as extensions of SOOT's intraprocedural dataflow analysis framework and experimentally evaluated their performance and memory characteristics on four qualitatively different SPLs. The results indicate that the feature-sensitive analyses are on average 5.6 times faster than the brute force approach on our SPLs, and that they have different time and space tradeoffs.

The prevalence of threats and attacks in modern systems demands programming techniques that help developers maintain security and privacy. In particular, frameworks for composing components written by multiple parties must enable the authors of each component to erect safeguards against intrusion by other components. Object-capability systems have been particularly prominent for enabling encapsulation in such contexts.

We describe the program structures dictated by object capabilities and compare these against those that ensue from feature-oriented programming. We argue that the scalability offered by the latter appears to clash with the precision of authority designation demanded by the former. In addition to presenting this position from first principles, we illustrate it with a case study. We then offer a vision of how this conflict might be reconciled, and discuss some of the issues that need to be considered in bridging this mismatch. Our findings suggest a significant avenue for research at the intersection of software engineering and security.

Tracing program actions back to the concerns that have caused them and blaming specific code artifacts for concern interference are known challenges of AOP and related advanced modularity paradigms. In this work we address these challenges in the context of AspectLTL, a temporal-logic based language for the specification and implementation of crosscutting concerns, which has a composition and synthesis-based weaving process whose output is a correct-by-construction executable artifact. When a specification is realizable, we provide two-way traceability information that links each allowed or forbidden transition in the generated program with the aspects that have justified its presence or elimination. When a specification is unrealizable, we provide an interactive game proof that demonstrates conflicts that should be fixed. The techniques are implemented and demonstrated using running examples.

Research in the area of multi-DSAL development has been mainly devoted to enabling the interoperability of multiple aspect mechanisms. Less attention has been given to making programming with multiple aspect languages practical. For domain specific aspect languages (DSALs) to be used in practice, there is a need for tools that make multi-DSAL development effective. This paper focuses on one such tool: a debugger. We define a multi-DSAL debug interface (MDDI) for inspecting the composition specification and the runtime state and behavior of applications written in multiple DSALs. To implement the interface, a multi-DSAL debug agent and special debug attributes are introduced into the weaving process. A concrete implementation of MDDI over the Awesome aspect composition framework is presented. For validation we demonstrate a simple command-line AwesomeDebugger that uses the debug interface.

To increase modularity, aspect-oriented programming provides a mechanism based on implicit invocation: An aspect can influence runtime behavior of other modules without the need that these modules refer to the aspect. Recent studies show that a significant part of reported bugs in aspect-oriented programs are caused exactly by this implicitness. These bugs are difficult to detect because aspect-oriented source code elements and their locations are transformed or even lost after compilation. We investigate four dedicated fault models and identify ten tasks that a debugger should be able to perform for detecting aspect-orientation-specific faults. We show that existing debuggers are not powerful enough to support all identified tasks because the aspect-oriented abstractions are lost after compilation. This paper describes the design and implementation of a debugger for aspect-oriented languages using a dedicated intermediate representation preserving the abstraction level of aspect-oriented source code. We define a debugging model which is aware of aspect-oriented concepts. Based on the model, we implement a user interface with functionalities supporting the identified tasks, like visualizing pointcut evaluation and program composition.

Aspect-Oriented Programming (AOP) started fifteen years ago with the remark that modularization of so-called crosscutting functionalities is a fundamental problem for the engineering of large-scale applications. Originating at Xerox PARC, this observation has sparked the development of a new style of programming features that is gradually gaining traction. However, theoretical foundations of AOP have been much less studied than its applicability. This paper proposes to put a bridge between AOP and the notion of 2-category to enhance the conceptual understanding of AOP. Starting from the connection between the λ-calculus and the theory of categories, we provide an internal language for 2-categories and show how it can be used to define the first categorical semantics for a realistic functional AOP language, called MinAML. We then take advantage of this new categorical framework to introduce the notion of computational 2-monads for AOP. We illustrate their conceptual power by defining a 2-monad for Éric Tanter's execution levels---which constitutes the first algebraic semantics for execution levels---and then introducing the first exception monad transformer specific to AOP that gives rise to a non-flat semantics for exceptions by taking levels into account.

The aim of this work is to provide better support for adaption and refinement of generic code. This type of flexibility is desirable in order to fully reap the potential of generic programming. Our proposal for an improved mechanism is an extension to the previously published Package Templates (PT) mechanism, which is designed for development of reusable modules that can be adapted to their specific purpose when used in a program. The PT mechanism relies on compile-time specialization, and supports separate type checking and type-safe composition of modules. The extension to PT presented here is called required types, and can be seen as an enhanced form of type parameters, allowing them the same flexibility as other elements of the PT mechanism. We implement a subset of the Boost Graph Library in order to exemplify, validate, and compare our approach to other options.

For every new language construct (or abstraction), we have been always developing new syntax. Is this a right approach? In this paper, we propose that, if we develop a new language construct for advanced modularity, we should consider the use of dynamic text for designing the construct. We mention that language constructs designed with only syntactic extensions (i.e. static text) are not satisfactory in aspect oriented programming. Then we present our two prototype systems to demonstrate language constructs designed with dynamic text. One is synchronous copy and paste and the other is a virtual-file editor named Kide. We show how they enable aspect-oriented programming in plain Java.

In this work we consider specification and compositional verification for interference detection when several aspects are woven together under joint-weaving semantics without recursion. In this semantics, whenever a joinpoint of an aspect is reached, the corresponding advice is begun even if the joinpoint is inside the advice of other aspects. This captures most of the possible aspect interference cases in AspectJ. Moreover, the given technique is used to capture cooperation among aspects, which enhances modularity. The extended specification and proof obligations should provide insight to the possible interactions among aspects in a reusable library.

This paper presents a modeling language to modularize the features of a system using orthogonal regions and to man-age the interactions between these features. Orthogonal regions are a language construct to structure a state ma-chine into a set of semi-independent behaviors. We intro-duce two concepts to manage the interactions between regions. First, we present a notion of interface between re-gions which captures the essence of their interactions. Second, we introduce a transactional composition operator to synchronize the regions and check the interaction for non-determinism and termination. The approach is eva-luated by comparing a monolithic legacy implementation of a telecommunication component to two refactored implementations. Our results show that transactional region composition can achieves independence between the im-plementations of the features of the system and that it improves the cohesion of the regions, compared to classic regions.

A class extension, also known as open classes, allows programmers to modify existing classes and thus it is supported by several programming languages. However, class extensions imply a risk that they supply different definitions for the same method and those definitions conflict with each other. Several module systems have been proposed to address these conflicts. One approach lexically restricts the scope of class extensions but they do not allow us to change the behavior of methods called indirectly. Another approach is to make only class extensions explicitly imported effective while preserving the local rebinding property, which allows us to change the behavior of indirectly called methods. However, this approach causes conflicts if potentially conflicting class extensions are imported together. To address this problem, we propose a new module system named method shelters. A method shelter confines a scope of class extensions while preserving the local rebinding property. Hidden class extensions in a method shelter are not visible from the outside. We implemented a prototype of the proposed module system in Ruby. This paper illustrates several examples of the use of method shelters and also shows the results of benchmarks on our prototype.

A variety of language features to modularize crosscutting concerns have recently been discussed, e.g. open modules, annotation-based pointcuts, explicit join points, and quantified-typed events. All of these ideas are essentially a form of aspect-oriented interface between object-oriented and crosscutting modules, but the representation of this interface differs. While previous works have studied maintenance of AO programs versus OO programs, an empirical comparison of different AO interfaces to each other to investigate their benefits has not been performed. The main contribution of this work is a rigorous empirical study that evaluates the effectiveness of these proposals for AO interfaces towards software maintenance by applying them to 35 different releases of a software product line called MobileMedia and 50 different releases of a web application called Health Watcher. Our comparative analysis using quantitative metrics proposed by Chidamber and Kemerer shows the strengths and weaknesses of these AO interface proposals. Our change impact analysis shows the design stability provided by each of these recent proposals for AO interfaces.

Aspect Oriented Modeling (AOM) aims to provide enhanced separation of concerns during the design phase and proclaims many benefits (e.g., easier model evolution, reduced modeling effort, and reduced modeling errors) over traditional modeling paradigms such as object-oriented modeling. However, empirical evaluations of these benefits is severely lacking in the AOM community. In this paper, we empirically evaluate one of the AOM profiles: AspectSM, via a controlled experiment to assess if it can help in reducing modeling errors (referred as conformance errors in this paper), which is one of the benefits offered by AOM. AspectSM is a UML profile, which is developed to support automated state-based robustness testing. With AspectSM, crosscutting behaviors are modeled as aspect state machines using the stereotypes defined in AspectSM. We evaluate the conformance error rates of applying AspectSM from various perspectives by conducting four activities: 1) identifying modeling defects, 2) comprehending state machines, 3) modeling state machines, and 4) weaving aspect state machines into base state machines. For most of these activities, experimental results show that the error rates while performing these four activities using AspectSM are significantly lower than standard UML state machine modeling approaches.

As software systems are maintained, their architecture modularity often degrades through architectural erosion and drift. More directly, however, the modularity of software implementations degrades through the introduction of code anomalies, informally known as code smells. A number of strategies have been developed for supporting the automatic identification of implementation anomalies when only the source code is available. However, it is still unknown how reliable these strategies are when revealing code anomalies related to erosion and drift processes. In this paper, we present an exploratory analysis that investigates to what extent the automatically-detected code anomalies are related to problems that occur with an evolving system's architecture. We analyzed code anomaly occurrences in 38 versions of 5 applications using existing detection strategies. The outcome of our evaluation suggests that many of the code anomalies detected by the employed strategies were not related to architectural problems. Even worse, over 50% of the anomalies not observed by the employed techniques (false negatives) were found to be correlated with architectural problems.

The development of applications for high-performance embedded systems is typically a long and error-prone process. In addition to the required functions, developers must consider various and often conflicting non-functional application requirements such as performance and energy efficiency. The complexity of this process is exacerbated by the multitude of target architectures and the associated retargetable mapping tools. This paper introduces an As-pect-Oriented Programming (AOP) approach that conveys domain knowledge and non-functional requirements to optimizers and mapping tools. We describe a novel AOP language, LARA, which allows the specification of compi-lation strategies to enable efficient generation of software code and hardware cores for alternative target architectures. We illustrate the use of LARA for code instrumentation and analysis, and for guiding the application of compiler and hardware synthesis optimizations. An important LARA feature is its capability to deal with different join points, action models, and attributes, and to generate an aspect intermediate representation. We present examples of our aspect-oriented hardware/software design flow for mapping real-life application codes to embedded platforms based on Field Programmable Gate Array (FPGA) technology.

Self-adapting systems are becoming widespread in emerging fields such as autonomic, mobile and ubiquitous computing. Context-oriented programming (COP) is a promising language-level solution for the implementation of context-aware, self-adaptive software. However, current COP approaches struggle to effectively manage the asynchronous nature of context provisioning. We argue that, to solve these issues, COP features should be designed to fit nicely in the concurrency model supported by the language. This work presents the design rationale of ContextErlang, which introduces COP in the Actor Model. We provide evidence that ContextErlang constitutes a viable solution to implement context-aware software in a highly concurrent and distributed setting. We discuss a case study and an evaluation of run-time performance.

Modularity is a key concept for large and complex applications and an important enabler for collaborative research. In comparison, virtual machines (VMs) are still mostly monolithic pieces of software. Our goal is to significantly reduce to the cost of extending VMs to efficiently host and execute multiple, dynamic languages. We are designing and implementing a VM following the "everything is extensible" paradigm. Among the novel use cases that will be enabled by our research are: VM extensions by third parties, support for multiple languages inside one VM, and a universal VM for mobile devices.

Our research will be based on the existing state of the art. We will reuse an existing metacircular Java VM and an existing dynamic language VM implemented in Java. We will split the VMs into fine-grained modules, define explicit interfaces and extension points for the modules, and finally re-connect them.

Performance is one of the most important concerns for VMs. Modularity improves flexibility but can introduce an unacceptable performance overhead at the module boundaries, e.g., for inter-module method calls. We will identify this overhead and address it with novel feedback-directed compiler optimizations. These optimizations will also improve the performance of modular applications running on top of our VM.

The expected results of our research will be not only new insights and a new design approach for VMs, but also a complete reference implementation of a modular VM where everything is extensible by third parties and that supports multiple languages.

Aspect-orientation is a mechanism for modularizing cross-cutting concerns that has been added to many existing software engineering languages. The implementations of aspect-oriented language extensions, however, are typically tied to a specific base language. There is little or no code reuse between aspect-oriented extensions for different base languages, which makes these extensions difficult and expensive to build. In addition, existing software engineering tools do not work with the resulting aspect-oriented languages unless new plugins are developed.

We present Carpenter, an object-oriented framework for developing aspect-oriented language extensions. An aspect language is developed by reusing classes for generic language constructs from Carpenter, and writing subclasses of the abstractions in Carpenter to define new language constructs. An aspect weaver is created by implementing framework interfaces to weave language-specific constructs. The coordination of the weaving process is done by the Carpenter framework. Aspect languages developed with Carpenter get full IDE support with only a few lines of code. We have used our framework to create aspect weavers for Java, JLo, and AspectU.

Emerging languages are often source-to-source compiled to mainstream ones, which offer standardized, fine-tuned implementations of non-functional concerns (NFCs)-including persistence, security, transactions, and testing. Because these NFCs are specified through metadata such as XML configuration files, compiling an emerging language to a mainstream one does not include NFC implementations. Unable to access the mainstream language's NFC implementations, emerging language programmers waste development effort reimplementing NFCs. In this paper, we present a novel approach to reusing NFC implementations across languages by automatically translating metadata. To add an NFC to an emerging language program, the programmer declares metadata, which is then translated to reuse the specified NFC implementation in the source-to-source compiled mainstream target language program. By automatically translating metadata, our approach eliminates the need to reimplement NFCs in the emerging language. As a validation, we add unit testing and transparent persistence to X10 by reusing implementations of these NFCs in Java and C++, the X10 backend compilation targets. The reused persistence NFC is efficient and scalable, making it possible to checkpoint and migrate processes, as demonstrated through experiments with third-party X10 programs. These results indicate that our approach can effectively reuse NFC implementations across languages, thus saving development effort.

Many dynamic analysis tools for programs written in managed languages such as Java rely on bytecode instrumentation. Tool development is often tedious because of the use of low-level bytecode manipulation libraries. While aspect-oriented programming (AOP) offers high-level abstractions to concisely express certain dynamic analyses, the join point model of mainstream AOP languages such as AspectJ is not well suited for many analysis tasks and the code generated by weavers in support of certain language features incurs high overhead. In this paper we introduce DiSL (domain-specific language for instrumentation), a new language especially designed for dynamic program analysis. DiSL offers an open join point model where any region of bytecodes can be a shadow, synthetic local variables for efficient data passing, efficient access to comprehensive static and dynamic context information, and weave-time execution of user-defined static analysis code. We demonstrate the benefits of DiSL with a case study, recasting an existing dynamic analysis tool originally implemented in AspectJ. We show that the DiSL version offers better code coverage, incurs significantly less overhead, and eases the integration of new analysis features that could not be expressed in AspectJ.

This paper presents MView, a technique that enables the separation of various developer stakeholder views on an architectural connector in distributed software systems. While state-of-the-art AO-ADLs focus on describing compositions using aspect-based connectors, there is no support for describing a connector across multiple architectural views. This is, however, essential for distributed systems, where run-time and distribution characteristics are not represented in a single view. The result is connectors that suffer from monolithic descriptions, where the views of different stakeholders are tangled.

MView untangles these stakeholder views by defining them in separate modules and specifying refinement relations between these modules. We have integrated MView in a prototypical ADL, which allows code generation for multiple AO-middleware platforms.

We evaluate MView in terms of stakeholder effort in a content distribution system for e-Media. We have created an Eclipse-plugin that supports the ADL, and performs code generation to the JBoss and Spring middleware platforms.

UML state machines are widely used for modeling software behavior. Due to the low-level character of the language, UML state machines are often poorly modularized and hard to use. High-Level Aspects (HiLA) is an aspect-oriented extension of UML state machines which provides high-level language constructs for behavior modeling. HiLA considerably improves the modularity of UML state machines by extending them by semantic aspects. This paper presents the weaving process for HiLA that we have shown to be sound with respect to the transition-system semantics of HiLA. In particular, we show how our weaving process deals with implicit state activation (and deactivation), maps semantic pointcuts to syntactic elements, and resolves potential conflicts between different aspects. The process has been implemented in an extension of the Hugo/RT UML translator and model checker, the correctness of our weaving is validated by model checking.