Section: New Results

Aspect-Oriented Design of Dynamic Components Assemblies

Early Aspects and Model Driven Engineering

Participants : Maja D'Hondt, Laurence Duchien.

Model inconsistency management is a crucial aspect of model-driven software engineering. It is therefore important to provide automated support for this activity. The problem is, however, that the resolution of inconsistencies may give rise to new inconsistencies. To address this problem, we propose to express inconsistency detection and resolutions as graph transformation rules, and to apply the theory of critical pair analysis to analyse potential dependencies between the detection and resolution of model inconsistencies. As a proof-of-concept, we report on an experiment that we have carried out along these lines using the critical pair analysis algorithm implemented in the state-of-the-art graph transformation tool AGG. The results show that both anticipated and unexpected dependencies between inconsistency detection and resolution rules are found by AGG. We discuss how the integration of the proposed approach into contemporary modelling tools can improve inconsistency management in various ways [31] , [47] .

In a second work, we propose an approach that combines Model-Driven Engineering and Aspect-Oriented Software Development in order to automatically translate high-level business rules to aspects and integrate them with existing object-oriented applications. The separation of rule-based knowledge from the core application as explicit business rules has been the focus of many existing approaches. However, they fail at supporting rules that are both high-level, defined in domain terms, and operational, i.e. automatically executable from the core application. We propose high-level languages for expressing business rules at the domain level, as well as their connections to the core application. We provide support for automatically translating high-level rules to object-oriented programs and their connections to aspects, since these crosscut the core application. Separation of concerns is preserved at the domain and implementation levels, facilitating traceability, reusability and adaptability. A prototype implementation highlighting the challenges encountered in the transformations is presented [15] , [20] .

Aspects at Design Time

Participants : Laurence Duchien, Anne-Françoise Le Meur, Missi Tran-Anh, Guillaume Waignier.

SafArchie Studio has been developed in the context of Olivier Barais' PhD thesis [58] and aims to facilitate the construction, analysis and evolution of software architectures. One of the features of SafArchie Studio is to allow the architect to build architectures by incrementally adding new functionalities. This approach, inspired by Aspect-Oriented Programming, relies on both the definition of architecture integration patterns and the use of a weaver to integrate patterns into the target architecture. A pattern consists of three parts: a sub architecture, a join point mask and a set of transformation rules. The sub architecture is a component assembly corresponding to a given functionality. The join point mask expresses properties that the target architecture must satisfy for the integration to be possible. Finally, the set of transformation rules specifies the operations that the weaver has to perform to integrate the sub architecture into the target architecture.

The languages used to express the join point mask as well as the transformation rules have been specifically designed to enable verifications that ensure that the integration of a given concern, represented by the sub-architecture of a pattern, will be performed safely, i.e., will result into a correct architecture. The various verifications include static verifications that check coherence properties once the pattern has been defined, and dynamic verifications that focus on the parts of the architecture that are affected by the pattern [18] .

Several tools have been used to implement the integration process, which has been decomposed into three distinct stages. The first stage consists in performing static analysis on a newly created architectural pattern. The second step focuses on finding the integration sites on the target architecture, i.e., the parts of the architecture that satisfy the properties expressed by a given join point mask. The last stage addresses the actual integration of the architectural pattern into the target architecture. These stages are implemented using different mechanisms: graph transformation, forward-chaining and backward-chaining. The actual tools used are (AGG ), (Drools ) and (Prolog ). AGG, which is a graph transformation tool, and Drools, which is a forward-chaining rule engine, are both data-driven whereas Prolog, which is a backward-chaining rule engine, is goal-driven.

When AGG is used, the software architecture is seen as a graph. In this context, the detection of integration sites relies on the graph matching feature provided by AGG. Moreover the transformation rules applied on the architecture are translated into a set of transformation rules to be applied on its associated graph. In the case of Drools and Prolog, the elements of the software architecture are put in a knowledge base. The detection of integration sites and the verification of architectural patterns with Prolog are based on queries whereas they rely on pattern matches and rule activations with Drools. The transformations are performed by modifying the knowledge base in both cases [46] . This implementation work has mainly been performed by Hanh-Missi Tran, and Olivier Barais. See http://transat.gforge.inria.fr .

This integration approach had been developed specifically to target a single ADL, i.e., SafArchie. In the context of Guillaume Waignier's Master thesis [53] , we have investigated the possibility of having a more generic approach, which has led to the development of FIESTA, a Framework for Incremental Evolution of SofTware Architectures. To generalize the SafArchie approach in order to be independent of any specific ADL, we have performed a domain analysis to understand the integration process in architectures described in various ADLs. This analysis has allowed us to identify the common architecture elements that are involved in integration, leading to the definition of a generic ADL model. This analysis has also enabled us to define more abstract expressions to specify a join point mask and the transformation rules. Furthermore, we have built our generic framework so that adding support for new ADLs is easy as the generic engine can be configured through the specification of a limited number of well-identified ADL-specific functions [48] .

Finally, in the domain of soft real-time application design, the gap between component-specification models and the implementations often implies that the implementations cannot fully take advantage of the specification models. To limit this gap, we propose an approach to generate a QoS monitor from the timed behavior specification. To support this approach, we rely on two different component models: one focused on formal description and the other on practical implementation. Those models are interconnected by model transformation, using a Model-Driven Engineering style [43] .

Logic Pointcut Languages for Object-Oriented Programs

Participants : Johan Brichau, Laurence Duchien, Carlos Francisco Noguera Garcia.

A crosscutting concern affects a software application in many heterogeneous places. An aspect that encapsulates such a crosscutting concern has a means for denoting these places in a pointcut expression. There have been several aspect-oriented approaches that use Prolog as a language for expressing pointcuts as logical queries. The first such approach, Carma [71] was developed at Prog-Ssel. More recently, other approaches have started using logic pointcut languages, such as LogicAJ [77] , showing that this is a valid approach.

Johan Brichau joined the INRIA from January 1st to September 30th 2006 and has continued his work with Kim Mens (UCL) and Andy Kellens (VUB) on the fragile pointcut problem in aspect-oriented programming languages. Their joint research focuses on the use of an advanced (logic-based) pointcut language in an integration with the intensional views approach. Following the successful publication of their work at ECOOP 2006 in Nantes [29] , they have met during a full week at the INRIA to improve their approach and execute more advanced experiments. In particular, they are extending the intensional views approach with tuple calculus to cope with the full predicate logic of the advanced pointcut language [28] . Furthermore, they have built a more advanced prototype and written a publication to the academic track of the European Smalltalk Conference [19] .

In a second collaboration between Johan Brichau, Coen de Roover, Théo D'Hondt, Laurence Duchien and Carlos Noguera, the expertise of Carlos on templates [34] and Coen's static analysis and program investigation [22] expertises are combined into the development of a template language for the querying of programs based on static as well as dynamic properties. This work will permit the querying of the source code of a program by providing an example of the intended behaviour. This kind of querying has applications in pointcut languages, program comprehension, and design pattern mining, among others.

Aspects and Components for Software Architectures

Participants : Laurence Duchien, Guillaume Dufrêne, Frédéric Loiret, Nicolas Pessemier, Ales Plsek, Lionel Seinturier.

This action is concerned with the definition and the implementation of a programming environment for complex applications in the domain of middleware, embedded systems and ubiquitous computing. This action investigates the use of two software engineering techniques: component-based software engineering (CBSE) and aspect-oriented software development (AOSD).

In [35] and [36] , we show that far from being conflicting, AOSD and CBSE can be integrated in an unified programming environment. The novelty of the approach is to give developers tools for building the business part of their applications with software components and the technical part with aspects. An isomorphism has been defined between components and aspects: aspects are components and are connected to the rest of the software architecture with bindings whose semantics has been defined. This model has been used for implementing applications in various case studies such as the steering of numerical applications (in the context of the ARC COA action).

In [44] and [45] , we propose an approach for designing and implementing an adaptable component framework. The idea is to let the non-functional services which are provided by the framework to components be able to change. This leads to a component framework which can be adapted depending on the properties of the execution context or on the user requirements. The novelty of the approach is that we are using aspects to achieve this goal, i.e., the adaptability of the component framework is provided by aspects. The second scientific contribution is that this is a reflective framework in the sense that the notion of a component is used both for the applications which are hosted by the framework and for the implementation of the framework itself.

These two results were achieved partially in the context of the ongoing grant with France Telecom R&D. Two open source platforms have been released in this context: FAC and AOKell. AOKell is hosted by the ObjectWeb consortium for open source middleware. It takes the form of an implementation of the Fractal specification and is thus released as a subproject of the Fractal project.

Two other results in the domain of AOSD and CBSE are worth noticing. Firstly, concerning AOSD, we conducted a study in the context of the LAFMI AProSec project where we proposed an aspect-based model and its implementation for detecting malicious attacks (of the form SQL-injection and cross-side scripting) on Web applications. We showed that the use of aspects for securing such applications is less intrusive than traditional techniques and does not introduce any performance penalties. Secondly, concerning CBSE, we set up a bridge between the Fractal and the SCA component models in the context of the master thesis of Guillaume Dufrêne [51] . We showed that, far from being incompatible, these two models can interoperate. This experiment opens many interesting perspectives for using software components at different levels of granularity in service-oriented architectures.

Complex Aspects

Participants : Denis Conan, Johan Fabry, Nicolas Pessemier, Lionel Seinturier.

This topic focuses on the software engineering properties of the aspect itself. As the aspect itself is a piece of software, it should obey the software engineering principles of good modularisation and separation of concerns. Instead we see that, aspects themselves may suffer from bad modularisation and lack adequate separation of concerns. In some cases this leads to aspect code which itself is tangled, a phenomenon we call tangled aspect code.

This topic on complex aspects has been largely focused on re-examining previous work to obtain new insights concerning software engineering issues due to the complexity of the aspect. This previous work consists of two separate elements, both in the domain of distributed systems. The first element is the domain-specific aspect language KALA for advanced transaction management. The second is a case-study of the use of the JAC language to aspectize the use of group communication systems. In both cases problems were encountered regarding the modularization of the aspect itself leading to tangled aspect code [26] . In other words, we were not able to cleanly separate the aspect itself into a collection of modules. In studying these two cases we gained new knowledge as to the fundamental underlying cause, and a possible solution strategy. The fundamental underlying cause of the problems with regard to modularity of the aspect itself, can be concisely stated as follows: "The aspect itself is also subject to a dominant decomposition, which leads to the emergence of cross-cutting sub-concerns, i.e., sub-aspects.". With a large aspect, splitting it into sub-concerns will yield a dominant decomposition. Combined with the known phenomenon of the 'tyranny of the dominant decomposition', this yields that in a large aspect unavoidably cross-cutting sub-concerns will arise. Modularizing these will require sub-aspects. In both cases introduced above, we encounter this as follows: In KALA the dominant decomposition imposed by the language is the life-cycle of a transaction in begin, commit and abort phases. The different modules however encapsulate sub-concerns of the implementation of an advanced transaction model and these impact multiple phases of the life-cycle. In group communication systems two possible dominant decompositions can be made. These are the, so called, vertical stack or horizontal stack. Remarkably, in both decompositions the different sub-concerns implementing the particularities of the protocols used are cross-cutting. This shows that choosing a different decomposition does not necessarily yield the absence of tangled aspect code. We have investigated possible solution strategies, based on the following requirement: To avoid tangled aspect code we require more composition support at the level of the aspect. Current popular aspect languages typically provide aspect precedence as the only composition mechanism, which is inadequate to solve the problem of tangled aspect code. To achieve more composition support we propose the use of more symmetrical aspect paradigms. With such symmetry, the code of the aspect itself is treated as any other module, and therefore all composition functionality at the level of the base code can be used, including aspects themselves.

Transformation Languages and Tools

Participants : Carlos Francisco Noguera Garcia, Renaud Pawlak, Nicolas Petitprez.

In order to support analysis and design-level validation in an efficient way, we have worked at building language-level transformation tools. For this, we have developed Spoon [17] , which is an annotation-driven program transformation tool. In 2004, Sun Microsystems released Java 5, which includes "generics" and "annotations". With annotations, the Java 5 programmers can define and attach metadata on program elements. These metadata allow for declarative configuration of the programs to define non-functional properties. In many cases, an annotation-based configuration is preferred over a typically XML-based one, because it is more integrated into Java, much safer (type-safety), and it avoids information redundancy. However, current tools to deal with annotations are limited to large-grained annotation-based program validation and documentation generation. Spoon's goal is to answer the needs of the industry and of the Java community in general for a tool that fully supports generics and annotations and that allows for fined-grained and type-safe program validation and transformations. Spoon has applications in several domains. Spoon can be used in component containers (to implement annotation-driven deployment), for general software engineering (in particular AOSD can benefit from the use of annotation to parameterize the pointcuts), ubiquitous computing (annotations would help the programs to target the right environment), real-time systems (programmers would then define time constraints annotations directly in the Java code), etc.

We also study and develop on attribute-oriented programming (@OP) and expressive pointcut languages. For @OP, he defined AVal: an @DSL (Attribute-based Domain Specific Language) validator on the top of Spoon and distributed as a Spoonlet. The idea behind AVal consists of defining meta-attributes (attributes for attributes), which constrain the @DSL and avoid misusing it. AVal has been used to validate the Java 5 Fraclet @DSL for Fractal. This work has been published in [33] . From the expressive pointcut languages, Carlos has been working on matching program structures and behaviors using code templates. He used Spoon templates to express advanced pointcuts in Spoon AOP.