A Type System for First-Class Layers with Inheritance, Subtyping, and Swapping

Context-Oriented Programming (COP) is a programming paradigm to encourage modularization of context-dependent software. Key features of COP are layers---modules to describe context-dependent behavioral variations of a software system---and their dynamic activation, which can modify the behavior of multiple objects that have already been instantiated. Typechecking programs written in a COP language is difficult because the activation of a layer can even change objects' interfaces. Inoue et al. have informally discussed how to make JCop, an extension of Java for COP by Appeltauer et al., type-safe. In this article, we formalize a small COP language called ContextFJ$_{<:}$ with its operational semantics and type system and show its type soundness. The language models main features of the type-safe version of JCop, including dynamically activated first-class layers, inheritance of layer definitions, layer subtyping, and layer swapping

Adaptivity: Linguistic Mechanisms and Static Analysis Techniques

Adaptive systems modify their behaviour in order to run always and everywhere. Their structure is therefore subject to continuous changes, which however could compromise the correct behaviour of applications and break the guarantees on their non-functional requirements. Effective mechanisms are thus required to adapt software to the new added functionalities and to changes of the operational environment, namely the context in which applications are plugged in. These mechanisms must also maintain the applications properties after adaptation occurs. Consequently, a shift in programming technologies and methodologies is needed to manage adaptivity successfully. Since every system, be it adaptive or not, has to be programmed, programming languages need to natively support adaptivity. Furthermore, having adaptivity as a linguistic construct enables us to design and to develop more adequate verification tools that can help to prevent system failures due to erroneous or unexpected changes. This thesis addresses adaptivity, adopting an approach firmly based on programming languages and formal methods. In particular, we have two main concerns. The first one consists of introducing appropriate linguistic primitives to describe the context and to express adaptation. The second one is about the design of verification tools, based on static analysis techniques, in order to ensure that the software maintains its consistency after adaptation

Adaptive object management for distributed systems

This thesis describes an architecture supporting the management of pluggable software components and evaluates it against the requirement for an enterprise integration platform for the manufacturing and petrochemical industries. In a distributed environment, we need mechanisms to manage objects and their interactions. At the least, we must be able to create objects in different processes on different nodes; we must be able to link them together so that they can pass messages to each other across the network; and we must deliver their messages in a timely and reliable manner. Object based environments which support these services already exist, for example ANSAware(ANSA, 1989), DEC's Objectbroker(ACA,1992), Iona's Orbix(Orbix,1994)Yet such environments provide limited support for composing applications from pluggable components. Pluggability is the ability to install and configure a component into an environment dynamically when the component is used, without specifying static dependencies between components when they are produced. Pluggability is supported to a degree by dynamic binding. Components may be programmed to import references to other components and to explore their interfaces at runtime, without using static type dependencies. Yet thus overloads the component with the responsibility to explore bindings. What is still generally missing is an efficient general-purpose binding model for managing bindings between independently produced components. In addition, existing environments provide no clear strategy for dealing with fine grained objects. The overhead of runtime binding and remote messaging will severely reduce performance where there are a lot of objects with complex patterns of interaction. We need an adaptive approach to managing configurations of pluggable components according to the needs and constraints of the environment. Management is made difficult by embedding bindings in component implementations and by relying on strong typing as the only means of verifying and validating bindings. To solve these problems we have built a set of configuration tools on top of an existing distributed support environment. Specification tools facilitate the construction of independent pluggable components. Visual composition tools facilitate the configuration of components into applications and the verification of composite behaviours. A configuration model is constructed which maintains the environmental state. Adaptive management is made possible by changing the management policy according to this state. Such policy changes affect the location of objects, their bindings, and the choice of messaging system

A Statically Typed Logic Context Query Language With Parametric Polymorphism and Subtyping

The objective of this thesis is programming language support for context-sensitive program adaptations. Driven by the requirements for context-aware adaptation languages, a statically typed Object-oriented logic Context Query Language  (OCQL) was developed, which is suitable for integration with adaptation languages based on the Java type system. The ambient information considered in context-aware applications often originates from several, potentially distributed sources. OCQL employs the Semantic Web-language RDF Schema to structure and combine distributed context information. OCQL offers parametric polymorphism, subtyping, and a fixed set of meta-predicates. Its type system is based on mode analysis and a subset of Java Generics. For this reason a mode-inference approach for normal logic programs that considers variable aliasing and sharing was extended to cover all-solution predicates. OCQL is complemented by a service-oriented context-management infrastructure that supports the integration of OCQL with runtime adaptation approaches. The applicability of the language and its infrastructure were demonstrated with the context-aware aspect language CSLogicAJ. CSLogicAJ aspects encapsulate context-aware behavior and define in which contextual situation and program execution state the behavior is woven into the running program. The thesis concludes with a case study analyzing how runtime adaptation of mobile applications can be supported by pure object-, service- and context-aware aspect-orientation. Our study has shown that CSLogicAJ can improve the modularization of context-aware applications and reduce anticipation of runtime adaptations when compared to other approaches

Realizing Adaptive Process-aware Information Systems with ADEPT2

In dynamic environments it must be possible to quickly implement new business processes, to enable ad-hoc deviations from the defined business processes on-demand (e.g., by dynamically adding, deleting or moving process activities), and to support dynamic process evolution (i.e., to propagate process schema changes to already running process instances). These fundamental requirements must be met without affecting process consistency and robustness of the process-aware information system. In this paper we describe how these challenges have been addressed in the ADEPT2 process management system. Our overall vision is to provide a next generation technology for the support of dynamic processes, which enables full process lifecycle management and which can be applied to a variety of application domains

Language Design for Reactive Systems: On Modal Models, Time, and Object Orientation in Lingua Franca and SCCharts

Reactive systems play a crucial role in the embedded domain. They continuously interact with their environment, handle concurrent operations, and are commonly expected to provide deterministic behavior to enable application in safety-critical systems. In this context, language design is a key aspect, since carefully tailored language constructs can aid in addressing the challenges faced in this domain, as illustrated by the various concurrency models that prevent the known pitfalls of regular threads. Today, many languages exist in this domain and often provide unique characteristics that make them specifically fit for certain use cases. This thesis evolves around two distinctive languages: the actor-oriented polyglot coordination language Lingua Franca and the synchronous statecharts dialect SCCharts. While they take different approaches in providing reactive modeling capabilities, they share clear similarities in their semantics and complement each other in design principles. This thesis analyzes and compares key design aspects in the context of these two languages. For three particularly relevant concepts, it provides and evaluates lean and seamless language extensions that are carefully aligned with the fundamental principles of the underlying language. Specifically, Lingua Franca is extended toward coordinating modal behavior, while SCCharts receives a timed automaton notation with an efficient execution model using dynamic ticks and an extension toward the object-oriented modeling paradigm

Security issues in adaptive programming

Adaptive systems improve their efficiency by modifying their behaviour to respond to changes of their operational environment. Also security must adapt to these changes and enforcing policies becomes dependent on the dynamic contexts. We address some issues of context-aware security from a language-based perspective, by extending a core adaptive functional language, with primitives to enforce security policies on the code execution. We then accordingly extend an existing static analysis in order to insert checks in a program so to guarantee that no violation of the required security policies occurs at runtime

FOAL 2004 Proceedings: Foundations of Aspect-Oriented Languages Workshop at AOSD 2004

Aspect-oriented programming is a paradigm in software engineering and FOAL logos courtesy of Luca Cardelli programming languages that promises better support for separation of concerns. The third Foundations of Aspect-Oriented Languages (FOAL) workshop was held at the Third International Conference on Aspect-Oriented Software Development in Lancaster, UK, on March 23, 2004. This workshop was designed to be a forum for research in formal foundations of aspect-oriented programming languages. The call for papers announced the areas of interest for FOAL as including, but not limited to: semantics of aspect-oriented languages, specification and verification for such languages, type systems, static analysis, theory of testing, theory of aspect composition, and theory of aspect translation (compilation) and rewriting. The call for papers welcomed all theoretical and foundational studies of foundations of aspect-oriented languages. The goals of this FOAL workshop were to: � Make progress on the foundations of aspect-oriented programming languages. � Exchange ideas about semantics and formal methods for aspect-oriented programming languages. � Foster interest within the programming language theory and types communities in aspect-oriented programming languages. � Foster interest within the formal methods community in aspect-oriented programming and the problems of reasoning about aspect-oriented programs. The papers at the workshop, which are included in the proceedings, were selected frompapers submitted by researchers worldwide. Due to time limitations at the workshop, not all of the submitted papers were selected for presentation. FOAL also welcomed an invited talk by James Riely (DePaul University), the abstract of which is included below. The workshop was organized by Gary T. Leavens (Iowa State University), Ralf L?ammel (CWI and Vrije Universiteit, Amsterdam), and Curtis Clifton (Iowa State University). The program committee was chaired by L?ammel and included L?ammel, Leavens, Clifton, Lodewijk Bergmans (University of Twente), John Tang Boyland (University of Wisconsin, Milwaukee), William R. Cook (University of Texas at Austin), Tzilla Elrad (Illinois Institute of Technology), Kathleen Fisher (AT&T Labs�Research), Radha Jagadeesan (DePaul University), Shmuel Katz (Technion�Israel Institute of Technology), Shriram Krishnamurthi (Brown University), Mira Mezini (Darmstadt University of Technology), Todd Millstein (University of California, Los Angeles), Benjamin C. Pierce (University of Pennsylvania), Henny Sipma (Stanford University), Mario S?udholt ( ?Ecole des Mines de Nantes), and David Walker (Princeton University). We thank the organizers of AOSD 2004 for hosting the workshop

Quantitative bounds on the security-critical resource consumption of JavaScript apps

Current resource policies for mobile phone apps are based on permissions that unconditionally grant or deny access to a resource like private data, sensors and services. In reality, the legitimacy of an access may be context-dependent - for example, depending on how often a resource is accessed and in which situation. This thesis presents research into providing bounds on the access of JavaScript apps to security and privacy-relevant resources on mobile devices. The investigated bounds are quantitative and interaction-dependent: for example, permitting one access each time the user presses a specified button. Two novel systems are presented with different approaches to providing these bounds. The system PhoneWrap injects a quantitative policy into an app and enforces the bound dynamically during runtime by monitoring the resource consumption and the user interaction. If the injected bound is exceeded, the resource request is replaced by a deny action. This way, PhoneWrap restricts the unwanted behaviour while the expected functionality can be performed. Policies for this system describe the UI elements which trigger the expected resource consumption and the number of resource units consumed for each interaction. The enforcement of the policies is achieved via wrapping the critical APIs using JavaScript internal features. The injection of a policy can be performed automatically. PhoneWrap is the first system using the lightweight wrapping method to inject policies directly into mobile apps and the first to combine quantitative policies with interaction-dependencies. The second system AmorJiSe statically analyses the resource consumption of a given JavaScript program. This system automatically infers amortised annotations on top of given JavaScript data types. The amortised annotations symbolise reserved resource units stored in the data structures. This way the amount of resource units available to the app is expressed dependent on the size of the data structures. The resulting function types of the UI handlers can be used to extract interaction-dependent bounds. The correctness of these bounds is proven in relation to a resource-aware operational semantics. AmorJiSe extends the known amortised type paradigm to JavaScript with its dynamic object structures and applies this paradigm to the novel domain of mobile resources. Although, the two systems are based on similar resource models and produce similar resource bounds, they use different methods with different properties which are presented in this dissertation