Aspects are intended to add needed functionality to a system or to treat concerns of the system by augmenting or changing the existing code in a manner that cross-cuts the usual class or process hierarchy. However, sometimes aspects can invalidate some of the already existing desirable properties of the system. This paper shows how to automatically identify such situations. The importance of specifications of the underlying system is emphasized, and shown to clarify the degree of obliviousness appropriate for aspects. The use of regression testing is considered, and regression verification is recommended instead, with possible division into static analysis, deductive proofs, and aspect validation using model checking. Static analysis of only the aspect code is effective when strongly typed and clearly parameterized aspect languages are used. Spectative aspects can then be identified, and imply absence of harm for all safety and liveness properties involving only the variables and fields of the original system. Deductive proofs can be extended to show inductive invariants are not harmed by an aspect, also by treating only the aspect code. Aspect validation to establish lack of harm is defined and suggested as an optimal approach when the entire augmented system with the aspect woven in must be considered.
[1]
Shmuel Katz,et al.
Superimpositions and Aspect-oriented Programming
,
2003,
Comput. J..
[2]
Shmuel Katz,et al.
Aspect Validation Using Model Checking
,
2003,
Verification: Theory and Practice.
[3]
Barry J. Devereux.
Compositional reasoning about aspects using alternating-time logic
,
2003
.
[4]
Henny B. Sipma,et al.
A Formal Model for Cross-cutting Modular Transition Systems
,
2003
.
[5]
Leslie Lamport,et al.
What Good is Temporal Logic?
,
1983,
IFIP Congress.
[6]
Daniel P. Friedman,et al.
Aspect-Oriented Programming is Quantification and Obliviousness
,
2000
.