Dynamic Virtual Join Point Dispatch

Conceptually, join points are points in the execution of a program and advice is late-bound to them. We propose the notion of virtual join points that makes this concept explicit not only at a conceptual, but also at implementation level. In current implementations of aspect-oriented languages, binding is performed early, at deploy-time, and only a limited residual dispatch is executed. Current implementations fall in the categories of modifying the application code, modifying the meta-level of an application, or interacting with the application by means of events—the latter two already realizing virtual join points to some degree. We provide an implementation of an aspect-oriented execution environment that supports truly virtual join points and discuss how this approach also favors optimizations in the execution environment

Abmash: Mashing Up Legacy Web Applications by Automated Imitation of Human Actions

Many business web-based applications do not offer applications programming interfaces (APIs) to enable other applications to access their data and functions in a programmatic manner. This makes their composition difficult (for instance to synchronize data between two applications). To address this challenge, this paper presents Abmash, an approach to facilitate the integration of such legacy web applications by automatically imitating human interactions with them. By automatically interacting with the graphical user interface (GUI) of web applications, the system supports all forms of integrations including bi-directional interactions and is able to interact with AJAX-based applications. Furthermore, the integration programs are easy to write since they deal with end-user, visual user-interface elements. The integration code is simple enough to be called a "mashup".Comment: Software: Practice and Experience (2013)

The Limits of Reading Law in the Affordable Care Act Cases

One of the most highly lauded legacies of Justice Scalia\u27s decades-long tenure on the Supreme Court was his leadership of a movement to tether statutory interpretation more closely to statutory text. His dissents in the Affordable Care Act cases- National Federation of Independent Business v. Sebelius and King v. Burwell- demonstrate both the nature and the limits of his success in that effort. These were two legal challenges, one constitutional and the other statutory, that threatened to bring down President Obama\u27s signature legislative achievement, the Patient Protection and Affordable Care Act. Both times the Court swerved away from a direct collision. And both times Justice Scalia accused the Court majority- led by Chief Justice Roberts- of twisting the statutory text. Justice Scalia was right about the twistifications. But that does not mean he was right to condemn them both. Sometimes the governing law of interpretation calls on judges to adopt an interpretation other than the one that most straightforwardly follows from the application of standard interpretive conventions to statutory text

Integrating independent components with on-demand remodularization

This paper proposes language concepts that facilitate the separation of an application into independent reusable building blocks and the integration of pre-build generic software components into applications that have been developed by third party vendors. A key element of our approach are on-demand remodularizations, meaning that the abstractions and vocabulary of an existing code base are translated into the vocabulary understood by a set of components that are connected by a common collaboration interface. This general concept allows us to mix-and-match remodularizations and components on demand

CPL: A Core Language for Cloud Computing -- Technical Report

Running distributed applications in the cloud involves deployment. That is, distribution and configuration of application services and middleware infrastructure. The considerable complexity of these tasks resulted in the emergence of declarative JSON-based domain-specific deployment languages to develop deployment programs. However, existing deployment programs unsafely compose artifacts written in different languages, leading to bugs that are hard to detect before run time. Furthermore, deployment languages do not provide extension points for custom implementations of existing cloud services such as application-specific load balancing policies. To address these shortcomings, we propose CPL (Cloud Platform Language), a statically-typed core language for programming both distributed applications as well as their deployment on a cloud platform. In CPL, application services and deployment programs interact through statically typed, extensible interfaces, and an application can trigger further deployment at run time. We provide a formal semantics of CPL and demonstrate that it enables type-safe, composable and extensible libraries of service combinators, such as load balancing and fault tolerance.Comment: Technical report accompanying the MODULARITY '16 submissio

Querying Source Code with Natural Language

International audienceOne common task of developing or maintaining software is searching the source code for information like specific method calls or write accesses to certain fields. This kind of information is required to correctly implement new features and to solve bugs. This paper presents an approach for querying source code with natural language

A Natural Language Interface for Code Search

One common task of developing or maintaining software is searching the source code for information like specific method calls or write accesses to certain fields. This kind of information is required to correctly implement new features and to solve bugs. This paper presents an approach for querying source code with a natural language interface. It enables the developer to execute a huge range of precise searches while being as easy and intuitive to use as writing natural language. The evaluation shows that the prototype implementation, integrated with the Eclipse development environment for Java, supports a wide range of queries and is able to correctly understand most real developer queries

CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs

Various studies have empirically shown that the majority of Java and Android apps misuse cryptographic libraries, causing devastating breaches of data security. It is crucial to detect such misuses early in the development process. To detect cryptography misuses, one must first define secure uses, a process mastered primarily by cryptography experts, and not by developers. In this paper, we present CrySL, a definition language for bridging the cognitive gap between cryptography experts and developers. CrySL enables cryptography experts to specify the secure usage of the cryptographic libraries that they provide. We have implemented a compiler that translates such CrySL specification into a context-sensitive and flow-sensitive demand-driven static analysis. The analysis then helps developers by automatically checking a given Java or Android app for compliance with the CrySL-encoded rules. We have designed an extensive CrySL rule set for the Java Cryptography Architecture (JCA), and empirically evaluated it by analyzing 10,000 current Android apps. Our results show that misuse of cryptographic APIs is still widespread, with 95% of apps containing at least one misuse. Our easily extensible CrySL rule set covers more violations than previous special-purpose tools with hard-coded rules, with our tooling offering a more precise analysis