Composite objects: dynamic representation and encapsulation by static classification of object references

The composition of several objects to one higher-level, composite object is a central technique in the construction of object-oriented software systems and for the management of their structural and dynamic complexity. Standard object-oriented programming languages, however, focus their support on the elementary objects and on class inheritance (the other central technique). They do not provide for the expression of objects' composition, and do not ensure any kind of encapsulation of composite objects. In particular, there is no guarantee that composite objects control the changes of their own state (state encapsulation). We propose to advance software quality by new program annotations that document the design with respect to object composition and, based on them, new static checks that exclude designs violating the encapsulation of composite objects' state. No significant restrictions are imposed on the composite objects' internal structure and dynamic construction. Common design patterns like Iterators and Abstract Factories are supported. We extend a subset of the Java language by mode annotations at all types of object references, and a user-specified classification of all methods into potentially state changing mutators and read-only observers. The modes superimpose composition relationships between objects connected by paths of references at run-time. The proposed mode system limits, orthogonally to the type system, the invocation of mutator methods (depending on the mode of the reference to the receiver object), the permissibility of reference passing (as parameter or result), and the compatibility between references of different modes. These restrictions statically guarantee state encapsulation relative to the mode-expressed object composition structure

A programming logic for Java bytecode programs

One significant disadvantage of interpreted bytecode languages, such as Java, is their low execution speed in comparison to compiled languages like C. The mobile nature of bytecode adds to the problem, as many checks are necessary to ensure that downloaded code from untrusted sources is rendered as safe as possible. But there do exist ways of speeding up such systems. One approach is to carry out static type checking at load time, as in the case of the Java Bytecode Verifier. This reduces the number of runtime checks that must be done and also allows certain instructions to be replaced by faster versions. Another approach is the use of a Just In Time (JIT) Compiler, which takes the bytecode and produces corresponding native code at runtime. Some JIT compilers also carry out some code optimization. There are, however, limits to the amount of optimization that can safely be done by the Verifier and JITs; some operations simply cannot be carried out safely without a certain amount of runtime checking. But what if it were possible to prove that the conditions the runtime checks guard against would never arise in a particular piece of code? In this case it might well be possible to dispense with these checks altogether, allowing optimizations not feasible at present. In addition to this, because of time constraints, current JIT compilers tend to produce acceptable code as quickly as possible, rather than producing the best code possible. By removing the burden of analysis from them it may be possible to change this. We demonstrate that it is possible to define a programming logic for bytecode programs that allows the proof of bytecode programs containing loops. The instructions available to use in the programs are currently limited, but the basis is in place to extend these. The development of this logic is non-trivial and addresses several difficult problems engendered by the unstructured nature of bytecode programs

Dagstuhl News January - December 2000

"Dagstuhl News" is a publication edited especially for the members of the Foundation "Informatikzentrum Schloss Dagstuhl" to thank them for their support. The News give a summary of the scientific work being done in Dagstuhl. Each Dagstuhl Seminar is presented by a small abstract describing the contents and scientific highlights of the seminar as well as the perspectives or challenges of the research topic

Concurrency and static analysis

The thesis describes three important contributions developed during my doctoral course, all involving the use and the verification of concurrent Java code: Binary decision diagrams, or BDDs, are data structures for the representation of Boolean functions. These functions are of great importance in many fields. It turns out that BDDs are the state-of-the-art representation for Boolean functions, and indeed all real world applications use a BDD library to represent and manipulate Boolean functions. It can be desirable to perform Boolean operations from different threads at the same time. In order to do this, the BDD library in use must allow threads to access BDD data safely, avoiding race conditions. We developed a Java BDD library, that is fast in both single and multi-threaded applications, that we use in the Julia static program analyzer. We defined a sound static analysis that identifies if and where a Java bytecode program lets data flow from tainted user input (including servlet requests) into critical operations that might give rise to injections. Data flow is a prerequisite to injections, but the user of the analysis must later gage the actual risk of the flow. Namely, analysis approximations might lead to false alarms and proper input validation might make actual flows harmless. Our analysis works by translating Java bytecode into Boolean formulas that express all possible explicit flows of tainted data. The choice of Java bytecode simplifies the semantics and its abstraction (many high-level constructs must not be explicitly considered) and lets us analyze programs whose source code is not available, as is typically the case in industrial contexts that use software developed by third parties, such as banks. The standard approach to prevent data races is to follow a locking discipline while accessing shared data: always hold a given lock when accessing a given shared datum. It is all too easy for a programmer to violate the locking discipline. Therefore, tools are desirable for formally expressing the locking discipline and for verifying adherence to it. The book Java Concurrency in Practice (JCIP) proposed the @GuardedBy annotation to express a locking discipline. The original @GuardedBy annotation was designed for simple intra-class synchronization policy declaration. @GuardedBy fields and methods are supposed to be accessed only when holding the appropriate lock, referenced by another field, in the body of the class (or this). In simple cases, a quick visual inspection of the class code performed by the programmer is sufficient to verify the synchronization policy correctness. However, when we think deeper about the meaning of this annotation, and when we try to check and infer it, some ambiguities rise. Given these ambiguities of the specification for @GuardedBy, different tools interpret it in different ways. Moreover, it does not prevent data races, thus not satisfying its design goals. We provide a formal specification that satisfies its design goals and prevents data races. We have also implemented our specification in the Julia analyzer, that uses abstract interpretation to infer valid @GuardedBy annotations for unannotated programs. It is not the goal of this implementation to detect data races or give a guarantee that they do not exist. Julia determines what locking discipline a program uses, without judging whether the discipline is too strict or too lax for some particular purpose

Proceedings of the RESOLVE Workshop 2002

Proceedings of the RESOLVE Workshop 200

Software architecture visualisation

Tracing the history of software engineering reveals a series of abstractions. In early days, software engineers would construct software using machine code. As time progressed, software engineers and computer scientists developed higher levels of abstraction in order to provide tools to assist in building larger software systems. This has resulted in high-level languages, modelling languages, design patterns, and software architecture. Software architecture has been recognised as an important tool for designing and building software. Some research takes the view that the success or failure of a software development project depends heavily on the quality of the software architecture. For any software system, there are a number of individuals who have some interest in the architecture. These stakeholders have differing requirements of the software architecture depending on the role that they take. Stakeholders include the architects, designers, developers and also the sales, services and support teams and even the customer for the software. Communication and understanding of the architecture is essential in ensuring that each stakeholder can play their role during the design, development and deployment of that software system. Software visualisation has traditionally been focused on aiding the understanding of software systems by those who perform development and maintenance tasks on that software. In supporting developers and maintainers, software visualisation has been largely concerned with representing static and dynamic aspects of software at the code level. Typically, a software visualisation will represent control flow, classes, objects, import relations and other such low level abstractions of the software. This research identifies the fundamental issues concerning software architecture visualisation. It does this by identifying the practical use of software architecture in the real world, and considers the application of software visualisation techniques to the visualisation of software architecture. The aim of this research is to explore the ways in which software architecture visualisation can assist in the tasks undertaken by the differing stakeholders in a software system and its architecture. A prototype tool, named ArchVis, has been developed to enable the exploration of some of the fundamental issues in software architecture visualisation. ArchVis is a new approach to software architecture visualisation that is capable of utilising multiple sources and representations of architecture in order to generate multiple views of software architecture. The mechanism by which views are generated means that they can be more relevant to a wider collection of stakeholders in that architecture. During evaluation ArchVis demonstrates the capability of utilising a number of data sources in order to produce architecture visualisations. Arch Vis' view model is capable of generating the necessary views for architecture stakeholders and those stakeholders can navigate through the views and data in order to obtain relevant information. The results of evaluating ArchVis using a framework and scenarios demonstrate that the majority of the objectives of this research have been achieved

Automation of The SLA Life Cycle in Cloud Computing

Cloud computing has become a prominent paradigm to offer on-demand services for softwares, infrastructures and platforms. Cloud services are contracted by a service level agreement (SLA) between a cloud service provider (CSP) and a cloud service user (CSU) which contains service definitions, quality of service (QoS) parameters, guarantees and obligations. Cloud service providers mostly offer SLAs in descriptive format which is not directly consumable by a machine or a system. The SLA written in natural language may impede the utility of rapid elasticity in a cloud service. Manual management of SLAs with growing usage of cloud services can be a challenging, erroneous and tedious task especially for the CSUs acquiring multiple cloud services. The necessity of automating the complete SLA life cycle (which includes SLA description in machine readable format, negotiation, monitoring and management) becomes imminent due to complex requirements for the precise measurement of QoS parameters. Current approaches toward automating the complete SLA life cycle, lack in standardization, completeness and applicability to cloud services. Automation of different phases of the SLA life cycle (e.g. negotiation, monitoring and management) is dependent on the availability of a machine readable SLA. In this work, a structural specification for the SLAs in cloud computing (S3LACC in short) is presented which is designed specifically for cloud services, covers complete SLA life cycle and conforms with the available standards. A time efficient SLA negotiation technique is accomplished (based on the S3LACC) for concurrently negotiating with multiple CSPs. After successful negotiation process, next leading task in the SLA life cycle is to monitor the cloud services for ensuring the quality of service according to the agreed SLA. A distributed monitoring approach for the cloud SLAs is presented, in this work, which is suitable for services being used at single or multiple locations. The proposed approach reduces the number of communications of SLA violations to a monitoring coordinator by eliminating the unnecessary communications. The presented work on the complete SLA life cycle automation is evaluated and validated with the help of use cases, experiments and simulations

Proceedings of the 11th International Conference, TPHOLs’98 Canberra, Australia, September–October 1998. Supplementary Proceedings

Mechanical theorem provers for higher order logics have been successfully applied in many areas including hardware verification and synthesis; verification of security and communications protocols; software verification, transformation and refinement; compiler construction; and concurrency. The higher order logics used to reason about these problems and the underlying theorem prover technology that support them are also active areas of research. The International Conference on Theorem Proving in Higher Order Logics (TPHOLs) brings together people working in these and related areas for the discussion and dissemination of new ideas in the field. TPHOLs'98 continues the conference tradition of having both a completed work and work-in-progress stream. The Papers from the first stream were formally refereed, and published as volume 1479 of LNCS. This, supplementary, proceedings records work accepted under the work-in-progress category, and is intended to document emerging trends in higher-order logic research. Papers in the work-in-progress stream are vetted for relevance and contribution before acceptance. The work-in-progress stream is regarded as an important feature of the conference as it provides a venue for the presentation of ongoing research projects, where researchers invite discussion of preliminary results. Although the TPHOLs conferences have their genesis in meetings of the users of the HOL theorem proving system, each successive year has seen a higher rate of contribution from the other groups with similar goals, particularly the user communities of Coq, Isabelle, Lambda, Lego, NuPrl, and PVS. Since 1993 the proceedings have been published by Springer as volumes in Lecture Notes in Computer Science series. Bibliographic details of these publications can be found at the back of this book; more history of TPHOLs can be found with further information about the 1998 event at http://cs.anu.edu.au/TPHOLs98/.Conference Papers: Integrating TPS with Omega By Christoph Benzmuller and Volker Sorge Some Theorem Proving Aids By Paul E. Black and Phillip J. Windley Verification of the MDG Components Library in HOL By Paul Curzon, Sofiene Tahar, and Otmane Ait Mohamed Simulating Term-Rewriting in LPF and in Display Logic By Jeremy E. Dawson A Prototype Generic Tool Supporting the Embedding of Formal Notations By Andrew M. Gravell and Chris H. Pratten Embedding a Formal Notation: Experiences of Automating the Embedding of Z in the Higher Order Logics of PVS and HOL By Andrew M. Gravell and Chris H. Pratten Building HOL90 Everywhere Easily (Well Almost) By Elsa L. Gunter Program Composition in COQ-UNITY : By Francois Marques Formally Analysed Dynamic Synthesis of Hardware By Kong Woei Susanto and Tom Melham Requirements for a Simple Proof Checker By Geoffrey Watson Integrating HOL and RAISE: a practitioner's approach By Wai Wong and Karl R. P. H. Leung Effective Support for Mutually Recursive Types By Peter V. Homeie