ABSTRACT
This paper defines an object-oriented language with harmless aspect-oriented advice. A piece of harmless advice is a computation that, like ordinary aspect-oriented advice, executes when control reaches a designated control-flow point. However, unlike ordinary advice, harmless advice is designed to obey a weak non-interference property. Harmless advice may change the termination behavior of computations and use I/O, but it does not otherwise influence the final result of the mainline code. The benefit of harmless advice is that it facilitates local reasoning about program behavior. More specifically, programmers may ignore harmless advice when reasoning about the partial correctness properties of their programs. In addition, programmers may add new pieces of harmless advice to pre-existing programs in typical "after-the-fact" aspect-oriented style without fear they will break important data invariants used by the mainline code.In order to detect and enforce harmlessness, the paper defines a novel type and effect system related to information-flow type systems. The central technical result is that well-typed harmless advice does not interfere with the mainline computation. The paper also presents an implementation of the language and a case study using harmless advice to implement security policies.
- J. Aldrich. Open modules: Modular reasoning about advice. In European Conference on Object-Oriented Programming, pages 144--168, July 2005. Google ScholarDigital Library
- L. Bauer, J. Ligatti, and D. Walker. Composing security policies in polymer. In ACM Conference on Programming Language Design and Implementation, June 2005. Google ScholarDigital Library
- C. Clifton and G. T. Leavens. Observers and assistants: A proposal for modular aspect-oriented reasoning. In Foundations of Aspect Languages, Apr. 2002.Google Scholar
- A. Colyer and A. Clement. Large-scale AOSD for middleware. In Proceedings of the 3rd international conference on Aspect-oriented software development, pages 56--65. ACM Press, 2004. Google ScholarDigital Library
- D. S. Dantas, D. Walker, G. Washburn, and S. Weirich. PolyAML: a polymorphic aspect-oriented functional programming language. In ICFP '05: Proceedings of the tenth ACM SIGPLAN international conference on Functional programming, pages 306--319, New York, NY, USA, 2005. ACM Press. Google ScholarDigital Library
- R. Douence, P. Fradet, and M. Südholt. Composition, reuse and interaction analysis of stateful aspects. In AOSD '04: Proceedings of the 3rd international conference on Aspect-oriented software development, pages 141--150, New York, NY, USA, 2004. ACM Press. Google ScholarDigital Library
- R. Douence, O. Motelet, and M. Südholt. A formal definition of crosscuts. In Third International Conference on Metalevel architectures and separation of crosscutting concerns, volume 2192 of Lecture Notes in Computer Science, pages 170--186, Berlin, Sept. 2001. Springer-Verlag. Google ScholarDigital Library
- Úlfar. Erlingsson and F. B. Schneider. IRM enforcement of Java stack inspection. In IEEE Symposium on Security and Privacy, pages 246--255, Oakland, California, May 2000. Google ScholarDigital Library
- D. Evans. Policy-Directed Code Safety. PhD thesis, MIT, 1999. Google ScholarDigital Library
- D. Evans and A. Twyman. Flexible policy-directed code safety. In IEEE Security and Privacy, Oakland, CA, May 1999.Google ScholarCross Ref
- R. E. Filman and D. P. Friedman. Aspect-oriented programming is quantification and obliviousness. In R. E. Filman, T. Elrad, S. Clarke, and M. Akşit, editors, Aspect-Oriented Software Development, pages 21--35. Addison-Wesley, Boston, 2005.Google Scholar
- R. Harper and C. Stone. A type-theoretic interpretation of Standard ML. In Proof, Language and Interaction: Essays in Honour of Robin Milner. The MIT Press, 1998. Google ScholarDigital Library
- List of main users. AspectJ Users List: [email protected], June 2004. Requires subscription to access archives.Google Scholar
- R. Jagadeesan, A. Jeffrey, and J. Riely. A calculus of typed aspect-oriented programs. Unpublished manuscript., 2003.Google Scholar
- R. Jagadeesan, A. Jeffrey, and J. Riely. A calculus of untyped aspect-oriented programs. In European Conference on Object-Oriented Programming, Darmstadt, Germany, July 2003.Google ScholarCross Ref
- S. Katz. Diagnosis of harmful aspects using regression verification. In Foundations of Aspect-Oriented Languages, Mar. 2004.Google Scholar
- G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, and W. Griswold. An overview of AspectJ. In European Conference on Object-oriented Programming. Springer-Verlag, 2001. Google ScholarDigital Library
- G. Kiczales and M. Mezini. Aspect-oriented programming and modular reasoning. In ICSE '05: Proceedings of the 27th international conference on Software engineering, pages 49--58, New York, NY, USA, 2005. ACM Press. Google ScholarDigital Library
- M. Kim, M. Viswanathan, H. Ben-Abdallah, S. Kannan, I. Lee, and O. Sokolsky. Formally specified monitoring of temporal properties. In European Conference on Real-time Systems, York, UK, June 1999.Google Scholar
- S. Krishnamurthi, K. Fisler, and M. Greenberg. Verifying aspect advice modularly. In Foundations of Software Engineering, Oct.-Nov. 2004. Google ScholarDigital Library
- K. J. Lieberherr, D. Lorenz, and J. Ovlinger. Aspectual collaborations -- combining modules and aspects. The Computer Journal, 46(5):542--565, September 2003.Google ScholarCross Ref
- H. Masuhara, G. Kiczales, and C. Dutchyn. Compilation semantics of aspect-oriented programs. In G. T. Leavens and R. Cytron, editors, Foundations of Aspect-Oriented Languages Workshop, pages 17--25, Apr. 2002.Google Scholar
- A. Myers and B. Liskov. Jflow: Practical mostly-static information flow control. In Twenty-Sixth ACM Symposium on Principles of Programming Languages, pages 226--241, Jan. 1998. Google ScholarDigital Library
- J. Ovlinger. Modular Programming with Aspectual Collaborations. PhD thesis, Northeastern University, 2003.Google Scholar
- F. Pottier and V. Simonet. Information flow inference for ML. ACM Transactions on Programming Languages and Systems, 25(1):117--158, Jan. 2003. Google ScholarDigital Library
- M. Rinard, A. Salcianu, and S. Bugrara. A classification system and analysis for aspect-oriented programs. In SIGSOFT '04/FSE-12: Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering, pages 147--158, New York, NY, USA, 2004. ACM Press. Google ScholarDigital Library
- A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1), 2003., 21(1):5--19, 2003. Google ScholarDigital Library
- K. Sullivan, W. G. Griswold, Y. Song, Y. Cai, M. Shonle, N. Tewari, and H. Rajan. Information hiding interfaces for aspect-oriented design. In ESEC/FSE-13: Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering, pages 166--175, New York, NY, USA, 2005. ACM Press. Google ScholarDigital Library
- D. B. Tucker and S. Krishnamurthi. Pointcuts and advice in higher-order languages. In Proceedings of the 2nd International Conference on Aspect-Oriented Software Development, pages 158--167, 2003. Google ScholarDigital Library
- D. Walker, S. Zdancewic, and J. Ligatti. A theory of aspects. In ACM International Conference on Functional Programming, Uppsala, Sweden, Aug. 2003. Google ScholarDigital Library
- M. Wand, G. Kiczales, and C. Dutchyn. A semantics for advice and dynamic join points in aspect-oriented programming. ACM Transactions on Programming Languages and Systems, 26(5):890--910, 2004. Google ScholarDigital Library
Index Terms
- Harmless advice
Recommendations
Harmless advice
Proceedings of the 2006 POPL ConferenceThis paper defines an object-oriented language with harmless aspect-oriented advice. A piece of harmless advice is a computation that, like ordinary aspect-oriented advice, executes when control reaches a designated control-flow point. However, unlike ...
Security policies for downgrading
CCS '04: Proceedings of the 11th ACM conference on Computer and communications securityA long-standing problem in information security is how to specify and enforce expressive security policies that control information flow while also permitting information release (i.e., declassification) where appropriate. This paper presents security ...
Enforcing robust declassification and qualified robustness
Special issue on CSFW17Noninterference requires that there is no information flow from sensitive to public data in a given system. However, many systems release sensitive information as part of their intended function and therefore violate noninterference. To control ...
Comments