Henrique Rebêlo

SYMDIFF: a language-agnostic semantic diff tool for imperative programs

In this paper, we describe SymDiff, a language-agnostic tool for equivalence checking and displaying semantic (behavioral) differences over imperative programs. The tool operates on an intermediate verification language Boogie, for which translations exist from various source languages such as C, C# and x86. We discuss the tool and the front-end interface to target various source languages. Finally, we provide a brief description of the front-end for C programs.

Towards modularly comparing programs using automated theorem provers

In this paper, we present a general framework for modularly comparing two (imperative) programs that can leverage single-program verifiers based on automated theorem provers. We formalize (i) mutual summaries for comparing the summaries of two programs, and (ii) relative termination to describe conditions under which two programs relatively terminate. The two rules together allow for checking correctness of interprocedural transformations. We also provide a general framework for dealing with unstructured control flow (including loops) in this framework. We demonstrate the usefulness and limitations of the framework for verifying equivalence, compiler optimizations, and interprocedural transformations.

Implementing Java modeling language contracts with AspectJ

The Java Modeling Language (JML) is a behavioral interface specification language (BISL) designed for Java. It was developed to improve functional software correctness of Java applications. However, instrumented object program generated by the JML compiler use the Java reflection mechanism and data structures not supported by Java ME applications. To deal with this limitation, we propose the use of AspectJ to implement a new JML compiler, which generates an instrumented bytecode compliant with both Java SE and Java ME applications. The paper includes a comparative study to demonstrate the quality of the final code generated by our compiler. The size of the code is compared against the code generated by an existent JML compiler. Moreover, we evaluate the amount of additional code required to implement the JML assertions in Java applications. Results indicate that the overhead in code size produced by our compiler is very small, which is essential for Java ME applications.

AspectJML: modular specification and runtime checking for crosscutting contracts

Aspect-oriented programming (AOP) is a popular technique for modularizing crosscutting concerns. In this context, researchers have found that the realization of design by contract (DbC) is crosscutting and fares better when modularized by AOP. However, previous efforts aimed at supporting crosscutting contract modularity might actually compromise the main DbC principles. For example, in AspectJ-style, reasoning about the correctness of a method call may require a whole-program analysis to determine what advice applies and what that advice does relative to DbC implementation and checking. Also, when contracts are separated from classes a programmer may not know about them and may break them inadvertently. In this paper we solve these problems with AspectJML, a new specification language that supports crosscutting contracts for Java code. We also show how AspectJML supports the main DbC principles of modular reasoning and contracts as documentation.

Modular aspect-oriented design rule enforcement with XPIDRs

Aspect-oriented programming (AOP) is a popular technique for modularizing crosscutting concerns. However, constructs aimed at supporting crosscutting modularity may break class modularity. For example, to understand a method call may require a whole-program analysis to determine what advice applies and what that advice does. Moreover, in AspectJ, advice is coupled to the parts of the program advised, the base code, so the meaning of advice may change when the base code changes. Such coupling also hinders parallel development between base code and aspects. We propose some simple modifications to the design of crosscut programming interfaces (XPIs) to include expressive design rule specifications. We call our form of XPIs crosscutting programming interfaces with design rules (XPIDRs). The XPIDR-based approach, by design, supports modular runtime checking and parallel development by decoupling aspects from base code. We also show how XPIDRs allow specification of interesting control flow effects, such as when advice does (or does not) proceed. We have implemented XPIDRs as a simple contract extension to AspectJ. Since XPIDRs do not require any new AspectJ constructs, they can be adopted easily by the AspectJ community.

Assessing Idioms for Implementing Features with Flexible Binding Times

Maintainability of a software product line depends on the possibility to modularize its variations, often expressed in terms of optionally selected features. Conventional modularization techniques bind variations either statically or dynamically, but ideally it should be possible to flexibly choose between both. In this paper, we propose improved solutions for modularizing and flexibly binding varying features in form of idioms in aspect-oriented languages AspectJ and CaesarJ. We evaluate the idioms qualitatively by discussing their advantages and deficiencies and quantitatively by means of metrics.

A JML Compiler Based on AspectJ

The Java modeling language (JML) is a behavioral interface specification language (BISL) designed for Java. It was developed with the aim of improving the functional software correctness of Java applications. The JML compiler (jmlc) generates bytecodes that use the Java reflection mechanism and data structures not supported by Java ME applications. In order to overcome this limitation, we propose the use of AspectJ to implement a new JML compiler, which generates an instrumented bytecode compliant with both Java SE and Java ME applications. The paper also includes a comparative study to demonstrate the quality of the final code generated by our compiler. Results indicate that the overhead in code size produced by our compiler is very small, which is essential for Java ME applications.

Modularizing crosscutting contracts with AspectJML

It is claimed in the literature that the contracts of a system present crosscutting structure during its realization. In this context, there has been attempts to improve separation of crosscutting contracts, e.g. by aspect-oriented programming and design by contract languages, but none give programmers textual separation of contracts/specifications and modular reasoning at the same time. In this demonstration we show how our language, AspectJML, a simple and practical aspect-oriented extension to JML, allows the separation of crosscutting contracts while maintaining the key benefits of a design by contract language, like documentation and modular reasoning. AspectJMLs quantified statements, written in terms of AspectJ pointcut language, allow one to select join points in which the contracts are written in a modular and convenient way. Also, all the crosscutting contracts are well documented in the class they apply to, thus allowing the reasoning about crosscutting contracts in a modular fashion. This demonstration will proceed by discussing several examples that highlights the main features of the AspectJML language and show the use of AspectJMLs compiler, ajmlc. We will conclude with a discussion of ongoing work on design, implementation and runtime checking of both Java and AspectJ programs with AspectJML/ajmlc.

Optimizing generated aspect-oriented assertion checking code for JML using program transformations: An empirical study

The AspectJ JML compiler (ajmlc) explores aspect-oriented programming (AOP) mechanisms to implement JML specifications, such as pre- and postconditions, and enforce them during runtime. This compiler was created to improve source-code modularity. Some experiments were conducted to evaluate the performance of the code generated through ajmlc. Results demonstrated that the strategy of adopting AOP to implement JML specifications is very promising. However, there is still a need for optimization of the generated codes bytecode size and running time. This paper presents a catalog of transformations which represent the optimizations implemented in the new optimized version of the ajmlc compiler. We employ such transformations to reduce the bytecode size and running time of the code generated through the ajmlc compiler. Aiming at demonstrating the impact of such transformation on the code quality, we conduct an empirical study using four applications in optimized and non-optimized versions generated by ajmlc. We show that our AOP transformations provide a significant improvement, regarding bytecode size and running time.

AspectJ-Based Idioms for Flexible Feature Binding

In Software Product Lines (SPL), we can bind reusable features to compose a product at different times, which in general are static or dynamic. The former allows customizability without any overhead at runtime. On the other hand, the latter allows feature activation or deactivation while running the application with the cost of performance and memory consumption. To implement features, we might use aspect-oriented programming (AOP), in which aspects enable a clear separation between base code and variable code. In this context, recent work provides AspectJ-based idioms to implement flexible feature binding. However, we identified some design deficiencies. Thus, to solve the issues of these idioms, we incrementally create three new AspectJ-based idioms. Moreover, to evaluate our new idioms, we quantitatively analyze them with respect to code cloning, scattering, tangling, and size by means of software metrics. Besides that, we qualitatively discuss our new idioms in terms of code reusability, changeability, and instrumentation overhead.