Improving device-aware Web services and their mobile clients through an aspect-oriented,model-driven approach

ContextMobile devices have become an essential element in our daily lives, even for connecting to the Internet. Consequently, Web services have become extremely important when offering services through the Internet. However, current Web services are very inflexible as regards their invocation from different types of device, especially if we consider the need for them to be adaptable when being invoked from mobile devices.ObjectiveIn this paper, we provide an approach for the creation of flexible Web services which can be invoked transparently from different device types and which return subsequent responses, as well as providing the client’s adaptation as a result of the particular device characteristics and end-user preferences in a completely decoupled way.MethodAspect-Oriented Programming and model-driven development have been used to reduce both the impact of service and client code adaptation for multiple devices as well as to facilitate the developer’s task.ResultsA model-driven methodology can be followed from system models to code, providing the Web service developer with the option of marking which services should be adapted to mobile devices in the UML models, and obtaining the decoupled adaptation code automatically from the models.ConclusionWe can conclude that the approach presented in this paper provides us with the possibility of following the development of mobile-aware Web services in an integrated platform, benefiting from the use of aspect-oriented techniques not only for maintaining device-related code completely decoupled from the main functionality one, but also allowing a modularized non-intrusive adaptation of mobile clients to the specific device characteristics as well as to final user preferences.     

Aspect-oriented model-driven skeleton code generation: A graph-based transformation approach

Model-driven code generation has been investigated in traditional and object-oriented design paradigms; significant progress has been made. It offers many advantages including the rapid development of high quality code. Errors are reduced and the consistency between the design and the code is retained, in comparison with a purely manual approach. Here, a model-driven code generation approach based on graph transformations for aspect-oriented development is proposed. The approach has two main transformation activities. The first activity transforms a visual (graphical) model of the design into a formal, text-based notation that can be readily processed. The graphical model is created by the software designer and uses a UML profile for aspect-oriented software (i.e., FDAF) to represent aspects and their components. XML is the target notation for this step; the transformation uses the XML meta-model to ensure that the output complies with the language. The second activity transforms the XML model into AspectJ source code. The transformation uses the AspectJ meta-model to ensure the output complies with the language. The transformations from the extended UML model to XML and from XML to AspectJ code are fully automated. The transformation algorithms are based on graph transformations; tool support has been developed. Key technical issues in the approach are discussed, including performance, the amount of code generated, correctness, and adaptability, in addition to a comparison of the proposal with existing alternative approaches. The approach has been validated on three example systems: a banking system, classroom scheduling system, and an insurance system. The banking system example is presented in the paper.     

A technology transfer journey to a model-driven access control system

In the model-driven security domain, access control systems provide an application for handling access of persons through controlled gates. A gate, such as a door, can have a lock mechanism for securing the area from unauthorized access. Most commercial solutions for access control management offer pre-packaged software systems where customization of the authorization logic is either not allowed or subject to payment. Moreover, cross-platform development is a barrier for solution providers due to the high cost of development and maintenance that it implies. To overcome these limitations and further optimize the entire access control systems development process, we propose a model-driven approach that supports automatic code generation to enable communication between an IoT infrastructure and platforms for Facility Access Management. Specifically, the approach combines the benefits of Near-Field Communication (NFC) and Tinkerforge (i.e., an open-source hardware platform) with model-driven techniques. This allows the approach to exploit both behavioral and structural models for the modeling and the consequent code generation of part of the authorization mechanism, thus providing complete coverage of the code generated for the whole system. We implemented and evaluated our approach in a real-world case study within the premises of a fitness center with an IoT infrastructure consisting of several heterogeneous sensors by showing its practical applicability. Experimental results demonstrate the effectiveness of our approach in supporting abstraction and automation concerning traditional code-centric development through code generation features. Consequently, our approach makes the whole development process less time-consuming and error-prone, thus reducing the system’s time to market.

     

MOD2-SCM: A model-driven product line for software configuration management systems

ContextSoftware Configuration Management (SCM) is the discipline of controlling the evolution of large and complex software systems. Over the years many different SCM systems sharing similar concepts have been implemented from scratch. Since these concepts usually are hard-wired into the respective program code, reuse is hardly possible.ObjectiveOur objective is to create a model-driven product line for SCM systems. By explicitly describing the different concepts using models, reuse can be performed on the modeling level. Since models are executable, the need for manual programming is eliminated. Furthermore, by providing a library of loosely coupled modules, we intend to support flexible composition of SCM systems.MethodWe developed a method and a tool set for model-driven software product line engineering which we applied to the SCM domain. For domain analysis, we applied the FORM method, resulting in a layered feature model for SCM systems. Furthermore, we developed an executable object-oriented domain model which was annotated with features from the feature model. A specific SCM system is configured by selecting features from the feature model and elements of the domain model realizing these features.ResultsDue to the orthogonality of both feature model and domain model, a very large number of SCM systems may be configured. We tested our approach by creating instances of the product line which mimic wide-spread systems such as CVS, GIT, Mercurial, and Subversion.ConclusionThe experiences gained from this project demonstrate the feasibility of our approach to model-driven software product line engineering. Furthermore, our work advances the state of the art in the domain of SCM systems since it support the modular composition of SCM systems at the model rather than the code level.     

Automated generation of test oracles using a model-driven approach

ContextSoftware development time has been reduced with new development tools and paradigms, testing must accompany these changes. In order to release software products in a timely manner as well as to minimise the impact of possible errors introduced during maintenance interventions, testing automation has become a central goal. Whilst research has produced significant results in test case generation and tools for test case (re)-execution, one of the most important open problems in testing is the automation of oracle generation. The oracle decides whether the program under test has or has not behaved correctly and then issues a pass/fail verdict. In most cases, writing the oracle is a time-consuming activity that, moreover, is manual in most cases.ObjectiveThis article automates two important steps in the test oracle: obtention of expected output and its comparison with the actual output, using a model-driven approach.MethodThe oracle automation problem is resolved using a model-driven framework, based on OMG standards: UML is used as metamodel and QVT and MOF2Text as transformation languages. The automated testing framework takes the models that describe the system as input, using UML notation and derives from them the test model and then the test code, following a model-driven approach. Test oracle procedures are obtained from a UML state machine.ResultsA complete executable test case at functional test level is obtained, composed of a test procedure with parametrized input test data and expected result automation.ConclusionThe oracle automation is obtained using a model-driven approach, test cases are obtained automatically from UML models. The model-driven testing framework was applied to an industrial application and has been useful to testing automation for the main functionalities in the system.     

Detecting deviations in the code using architecture view-based drift analysis

ContextOne of the key requirements for the code is conformance with the architecture. Architectural drift implies the diverging of the implemented code from the architecture design of the system. Manually checking the consistency between the implemented code and architecture can be intractable and cumbersome for large-scale systems.ObjectiveThis article proposes a holistic, automated architecture drift analysis approach that explicitly focuses on the adoption of architecture views. The approach builds on, complements, and enhances existing architecture conformance analysis methods that do not adopt a holistic approach or fail to address the architecture viewpoints.MethodA model-driven development approach is adopted in which architecture views are represented as specifications of domain-specific languages. The code in its turn, is analyzed, and the architectural view specifications are reconstructed, which are then automatically checked with the corresponding architecture models.ResultsTo illustrate the approach, we have applied a systematic case study research for an architecture drift analysis of the business-to-customer (B2C) system within a large-scale software company.ConclusionThe case study research showed that divergences and absences of architectural elements could be detected in a cost-effective manner with the proposed approach.     

Automated test generation technique for aspectual features in AspectJ

ContextAspect-oriented programming (AOP) has been promoted as a means for handling the modularization of software systems by raising the abstraction level and reducing the scattering and tangling of crosscutting concerns. Studies from literature have shown the usefulness and application of AOP across various fields of research and domains. Despite this, research shows that AOP is currently used in a cautious way due to its natural impact on testability and maintainability.ObjectiveTo realize the benefits of AOP and to increase its adoption, aspects developed using AOP should be subjected to automated testing. Automated testing, as one of the most pressing needs of the software industry to reduce both effort and costs in assuring correctness, is a delicate issue in testing aspect-oriented programs that still requires advancement and has a way to go before maturity.MethodPrevious attempts and studies in automated test generation process for aspect-oriented programs have been very limited. This paper proposes a rigorous automated test generation technique, called RAMBUTANS, with its tool support based on guided random testing for the AspectJ programs.ResultsThe paper reports the results of a thorough empirical study of 9 AspectJ benchmark programs, including non-trivial and larger software, by means of mutation analysis to compare RAMBUTANS and the four existing automated AOP testing approaches for testing aspects in terms of fault detection effectiveness and test effort efficiency. The results of the experiment and statistical tests supplemented by effect size measures presented evidence of the effectiveness and efficiency of the proposed technique at 99% confidence level (i.e. p < 0.01).ConclusionThe study showed that the resulting randomized tests were reasonably good for AOP testing, thus the proposed technique could be worth using as an effective and efficient AOP-specific automated test generation technique.     

An information retrieval process to aid in the analysis of code clones

The advent of new static analysis tools has automated the searching for code clones, which are duplicated or similar code fragments in a program. However, clone detection tools can report many clones if the source code that is being searched is large. Programmers may have difficulty comprehending the extensive results from the detection tool, which may inhibit the ability to maintain the identified clones. Latent Semantic Indexing (LSI) is an information retrieval technique that attempts to find relationships in a corpus based on the analysis of the documents in the corpus and the terms in the documents. In this paper, LSI is used to cluster clone classes that have been identified initially by a clone detection tool. The goal of this paper is to detect trends and associations among the clustered clone classes and determine if they provide further comprehension to assist in the maintenance of clones. Experimental evaluation of the approach is reported from a sequence of tools that are chained together to perform an analysis of clones detected in the Microsoft Windows NT kernel source code.

<Emphasis Type="Italic">RAMBUTANS</Emphasis>: automatic AOP-specific test generation tool

Aspect-oriented programming (AOP) is a programmatic methodology to handle better modularized code by separating crosscutting concerns from the traditional abstraction boundaries. Automated testing, as one of the most demanding needs of the software development to reduce both human effort and costs, is a delicate issue in testing aspect-oriented programs. Prior studies in the automated test generation for aspect-oriented programs have been very limited with respect to the need for both adequate tool support and capability concerning effectiveness and efficiency. This paper describes a new AOP-specific tool for testing aspect-oriented programs, called RAMBUTANS. The RAMBUTANS tool uses a directed random testing technique that is especially well suited for generating tests for aspectual features in AspectJ. The directed random aspect of the tool is parameterized by associating weights to aspects, advice, methods, and classes by controlling object and joint point creations during the test generation process. We present a comprehensive empirical evaluation of our tool against the current AOP test generation approaches on three industrial aspect-oriented projects. The results of the experimental and statistical tests showed that RAMBUTANS tool produces test suites that have higher fault-detection capability and efficiency for AspectJ-like programs.     

面向方面体系结构建模研究

面向方面体系结构建模是面向方面软件开发(AOSD)的重要组成部分,也是近些年面向方面领域研究的热点问题。传统的软件体系结构设计方法没有单独地考虑横切关注点。因此,在软件体系结构设计阶段,建模人员需要新的机制来描述这些横切关注点。本文首先提出一个以横切为中心的面向方面体系结构概念框架;然后通过在体系结构设计阶段引入该框架中的核心概念,提出一种在体系结构设计阶段建模横切关注点的方法,从而支持其在早期进行横切关注点的分离。     

An empirical study of aspect-oriented metrics

Metrics for aspect-oriented software have been proposed and used to investigate the benefits and the disadvantages of crosscutting concerns modularisation. Some of these metrics have not been rigorously defined nor analytically evaluated. Also, there are few empirical data showing typical values of these metrics in aspect-oriented software. In this paper, we provide rigorous definitions, usage guidelines, analytical evaluation, and empirical data from ten open source projects, determining the value of six metrics for aspect-oriented software (lines of code, weighted operations in module, depth of inheritance tree, number of children, crosscutting degree of an aspect, and coupling on advice execution). We discuss how each of these metrics can be used to identify shortcomings in existing aspect-oriented software.     

A classification and rationalization of model-based software development

The use of model-based software development is increasingly popular due to recent advancements in modeling technology. Numerous approaches exist; this paper seeks to organize and characterize them. In particular, important terminological confusion, challenges, and recurring techniques of model-based software development are identified and rationalized. New perspectives are provided on some fundamental issues, such as the distinctions between model-driven development and architecture-centric development, code generation, and metamodeling. On the basis of this discussion, we opine that architecture-centric development and domain-specific model-driven development are the two most promising branches of model-based software development. Achieving a positive future will require, however, specific advances in software modeling, code generation, and model-code consistency management.     

面向方面程序的调用图生成算法

调用图(call graph)分析是进行程序分析、程序理解、软件测试和软件维护的重要基础.目前已提出的调用图生成算法多数是针对面向对象编程;而面向方面编程作为面向对象编程的扩展,还没有比较良好的调用图生成算法.为此,分析了既有的面向对象程序调用图生成算法,讨论了面向方面程序语言(AspectJ为例)的特殊语言元素及其对生成的调用图的影响,从而构筑了面向方面程序调用图的生成算法.     

Impact analysis and change propagation in service-oriented enterprises: A systematic review

ContextThe adoption of Service-oriented Architecture (SOA) and Business Process Management (BPM) is fairly recent. The major concern is now shifting towards the maintenance and evolution of service-based business information systems. Moreover, these systems are highly dynamic and frequent changes are anticipated across multiple levels of abstraction. Impact analysis and change propagation are identified as potential research areas in this regard.ObjectiveThe aim of this study is to systematically review extant research on impact analysis and propagation in the BPM and SOA domains. Identifying, categorizing and synthesizing relevant solutions are the main study objectives.MethodThrough careful review and screening, we identified 60 studies relevant to 4 research questions. Two classification schemes served to comprehend and analyze the anatomy of existing solutions. BPM is considered at the business level for business operations and processes, while SOA is considered at the service level as deployment architecture. We focused on both horizontal and vertical impacts of changes across multiple abstraction layers.ResultsImpact analysis solutions were mainly divided into dependency analysis, traceability analysis and history mining. Dependency analysis is the most frequently adopted technique followed by traceability analysis. Further categorization of dependency analysis indicates that graph-based techniques are extensively used, followed by formal dependency modeling. While considering hierarchical coverage, inter-process and inter-service change analyses have received considerable attention from the research community, whereas bottom-up analysis has been the most neglected research area. The majority of change propagation solutions are top-down and semi-automated.ConclusionsThis study concludes with new insight suggestions for future research. Although, the evolution of service-based systems is becoming of grave concern, existing solutions in this field are less mature. Studies on hierarchical change impact are scarce. Complex relationships of services with business processes and semantic dependencies are poorly understood and require more attention from the research community.     

A transformation contract to generate aspects from access control policies

Access control is an important security issue. It has been addressed since the late 1960s in the early time-sharing computer systems. Many access control models have been proposed since than but of particular interest is Ferraiolo and Khun’s role-based access control model (RBAC). It is a simple and yet general model which has been deeply studied and applied both in industry and in academia. A variety of industrial standards have been proposed based on this model. Generating code for an access control policy is an interesting challenge. Understanding access control as a non-functional concern that cross-cuts the functional part of a system raises difficulties quite suitable for a solution based on aspect-oriented programming. In this paper, we address the problems of specification and validation of code generation for access control policies targeting an aspect-based infra-structure. We propose an MDA approach. The code generator is a transformation from SecureUML, an RBAC-based modeling language, to the language Aspects for Access Control (AAC), an aspect-oriented modeling language proposed in this paper. Metamodels are used to represent the languages and to specify the transformation. A metamodel is used to represent the abstract syntax of a language and the constraints that a given instance model of the metamodel must fulfill. We also use a metamodel to specify the code generator. This transformation metamodel, together with all the constraints, that is, from both languages and those constraints regarding the merge of the two languages, we call a transformation contract. It merges and conservatively extends the source and target metamodels of the model transformation it represents. In the context of code-generation for access control policies, the transformation contract specifies the relationships between the abstract syntaxes of SecureUML and AAC and constrains the two languages. The validation of the code generator also uses the transformation contract. For a given access control policy and aspect, represented as instances of the appropriate metamodels, with aspects produced by the code generator, the constraints of the transformation contract must hold. We have prototyped a transformer from SecureUML to aspects on top of ITP/OCL, an OCL interpreter that automatically validates the generated aspect code by applying the constraints of the transformation contract.     

Applying and combining three different aspect Mining Techniques

Understanding a software system at source-code level requires understanding the different concerns that it addresses, which in turn requires a way to identify these concerns in the source code. Whereas some concerns are explicitly represented by program entities (like classes, methods and variables) and thus are easy to identify, crosscutting concerns are not captured by a single program entity but are scattered over many program entities and are tangled with the other concerns. Because of their crosscutting nature, such crosscutting concerns are difficult to identify, and reduce the understandability of the system as a whole. In this paper, we report on a combined experiment in which we try to identify crosscutting concerns in the JHotDraw framework automatically. We first apply three independently developed aspect mining techniques to JHotDraw and evaluate and compare their results. Based on this analysis, we present three interesting combinations of these three techniques, and show how these combinations provide a more complete coverage of the detected concerns as compared to the original techniques individually. Our results are a first step towards improving the understandability of a system that contains crosscutting concerns, and can be used as a basis for refactoring the identified crosscutting concerns into aspects. M. Ceccato is a PhD student in ITC-irst in Trento, Italy. He received his degree in Software Engineering from the University of Padova, Italy, in 2003. The master thesis concerned the Re-engineering of an existing big-sized data warehouse application. The project was developed in the Information Technology department in Alcoa Servizi. His research interests are on source code analysis and manipulation, especially for the the migration of object-oriented code to aspect-oriented programming. He collaborates with King’s College London and Loyola College in Maryland on the automatic support for this migration process. He has been involved in the organization and in the program committee of a number of AOP-related events, such as Late Workshop, in Chicago (2005) and in Bonn, Germany (2006), held within the major Aspect Oriented Programming conference (AOSD) and 3rd European Workshop on Aspects in Software (EWAS’06) in Enschede, The Netherlands. Marius Marin is a Ph.D. researcher in the Software Evolution Reseach Laboratory at Delft University of Technology, the Netherlands. He was granted an engineering degree by the Technical University of Civil Engineering, Bucharest, in 2000, and Licentiate in Economic Computer Science from the Academy of Economic Studies, Bucharest, in 2002. Before starting his Ph.D. studies, he worked as a software engineer in industry. His main research interests are in the area of reverse engineering, software modularization and modeling, and aspect-oriented software development. He is the main author of the publicly available aspect mining tool FINT and he publishes at international conferences in the aforementioned topics. He has been involved in program- and organizing committees of several workshops related to aspect mining. Kim Mens obtained his Ph.D. in Computer Science at the Vrije Universiteit Brussel, on “architectural conformance checking,” for which he used a declarative meta-programming approach. After his Ph.D. he became a full-time professor (chargé de cours) at the Université catholique de Louvain-la-Neuve (UCL). In addition to his current interest in logic meta-programming and intensional views, Kim Mens is one of the originators of the reuse contracts technique for automatically detecting conflicts in evolving software. He has been formally involved in several research networks related to software evolution. He has a strong interest in object-oriented and aspect-oriented software development and has actively participated in the organization of several workshops and conferences on those topics. He combines all these different research interests under the common denominator of co-evolution (between source code and earlier life-cycle software artifacts). Other research topics that fit this common theme and in which he is interested are software architecture, software maintenance, reverse engineering, software transformation, software restructuring and renovation, aspect mining and evolution of aspect programs. L. Moonen is an assistant professor in the Software Evolution Research Lab at Delft University of Technology and a researcher at the Centre for Mathematics and Computer Science (CWI), the Netherlands. His research interests are the design and development of advanced program analysis tools and techniques that support development, maintenance and evolution of large software systems. Concrete topics include the reverse engineering and exploration of views on software systems and their use for understanding and assessing software quality attributes such as evolvability, reliability and security. Dr. Moonen received an MSc (cum laude, Computer Science, 1996) and PhD (Computer Science, 2002) from the University of Amsterdam. He is one of the founders of the Software Improvement Group, a company that specializes in tools and consultancy to help organizations solve their legacy problems. He publishes regularly at, and serves on organizing-, steering- and program committees of, international workshops and conferences on reverse engineering (WCRE), source code analysis (SCAM), software maintenance (ICSM), program understanding (ICPC), reengineering (CSMR), aspect mining (Dagstuhl 06302, TEAM) and software security (CoBaSSA). Paolo Tonella is a senior researcher at ITC-irst, Trento, Italy. He received his laurea degree cum laude in Electronic Engineering from the University of Padova, Italy, in 1992, and his Ph.D. degree in Software Engineering from the same University, in 1999, with the thesis “Code Analysis in Support to Software Maintenance.” Since 1994 he has been a full time researcher of the Software Engineering group at ITC-irst. He participated in several industrial and European Community projects on software analysis and testing. He is the author of “Reverse Engineering of Object Oriented Code,” Springer, 2005. His current research interests include reverse engineering, aspect oriented programming, empirical studies, Web applications and testing. Tom Tourwé obtained the degree of Licentiate in Computer Science in 1997 and Ph.D. in Science in 2002 at the Vrije Universiteit Brussel. He is currently associated to the Centrum voor Wiskunde en Informatica, based in Amsterdam, The Netherlands, where he works as a post- doctoral researcher in the Ideals project. His main research interests lie in the broad area of software engineering, and include aspect-oriented software evolution and re-engineering in particular. He published several peer-reviewed articles on these topics in international journals and conferences, and organised a number of workshops on those themes.     

A generic framework: from modeling to code

Model-driven development (MDD) is a very popular technique in the area of software development, but this technique is criticized due to lack of a formal semantics. MDD is used for large-scale system development using semi-formal techniques like UML (Unified Modeling Language), which are not amenable to formal analysis and consistency checking. Formal methods with MDD may provide an assurance of correctness of the system. This paper advocates an approach to building generic framework for rigorous MDD that is based on combining semi-formal notations with formal modeling languages, correctness of the system using model checker and automatic code generation from the verified formal specification. The main objective of this work is to apply model-driven techniques and tools with formal verification and its code generation for designing critical systems. An assessment of the proposed framework is given through a case study, relative to the development of a cardiac pacemaker system.