Skip to main content
SpringerLink
Log in

An Expressive Aspect Language for System Applications with Arachne

  • Conference paper
Transactions on Aspect-Oriented Software Development I

Part of the book series: Lecture Notes in Computer Science ((TAOSD,volume 3880))

Abstract

Security, networking and prefetching are typical examples of concerns which crosscut system-level C applications. While a careful design can help to address these concerns, they frequently become an issue at runtime, especially if avoiding server downtime is important. Vulnerabilities caused by buffer overflows and double-free bugs are frequently discovered after deployment, thus opening critical breaches in running applications. Performance issues also often arise at run time: in the case of Web caches, e.g., a prefetching strategy may be required to increase performance. Aspect-oriented programming is an appealing solution to solve these issues. However, none of the current dynamic aspect systems is expressive and efficient enough to support them properly in the context of C applications. Arachne is a new aspect system specifically designed to address these issues. Its aspect language allows aspects to be expressed concisely using a sequence construct for quantification over function calls and accesses through variable aliases. Arachne enables aspects to be woven “on the fly” in running legacy applications. We show how these abilities can be used to prevent security breaches, to modularize the replacement of network protocols by more efficient ones, and to introduce prefetching in Web caches. We present two formal semantics for Arachne: one which defines in abstract terms the main properties of the sequence construct, and a second one which enables reasoning about the actual implementation. Following a detailed presentation of Arachne’s implementation, we give performance evaluations showing that Arachne is fast enough to extend high-performance applications, such as the Squid Web cache.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Wessels, D.: Squid: The Definitive Guide. O’Reilly, Sebastopol (2004)

    Google Scholar 

  2. Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C.V., Loingtier, J.-M., Irwin, J.: Aspect-Oriented Programming. In: Aksit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  3. Coady, Y., Kiczales, G., Feeley, M., Smolyn, G.: Using AspectC to improve the modularity of path-specific customization in operating system code. In: Gruhn, V. (ed.) Proceedings of the Joint 8th European Software Engeneering Conference and 9th ACM SIGSOFT Symposium on the Foundation of Software Engineering (ESEC/FSE 2001). SOFTWARE ENGINEERING NOTES, vol. 26(5), pp. 88–98. ACM, New York (2001)

    Google Scholar 

  4. Ségura-Devillechaise, M., Menaud, J.M., Muller, G., Lawall, J.: Web cache prefetching as an aspect: Towards a dynamic-weaving based solution. In: Proceedings of the 2nd International Conference on Aspect-Oriented Software Development, pp. 110–119. ACM, New York (2003)

    Chapter  Google Scholar 

  5. Arce, I., Levy, E.: An analysis of the slapper worm. IEEE Security and Privacy 1, 82–87 (2003)

    Article  Google Scholar 

  6. Solar Designer: JPEG COM Marker Processing Vulnerability in Netscape Browsers (1997), http://www.openwall.com/advisories/OW002-netscape-jpeg/

  7. Ubuntu: Squid Proxy Cache Double Memory Free Vulnerability (2005), http://www.security.nnov.ru/Idocument338.html

  8. American National Standards Institute: ANSI/ISO/IEC 9899-1999: Programming Languages — C. American National Standards Institute, New York (1999)

    Google Scholar 

  9. CERT Coordination Center: CERT Advisory CA-2001-13 Buffer Overflow in IIS Indexing Service DLL (2001), http://www.cert.org/advisories/CA-2001-13.html

  10. CERT Coordination Center: ”Code Red” Worm Exploiting Buffer Overflow in IIS Indexing Service DLL (CERT Incident Note IN-2001-10) (2001), http://www.cert.org/incident_notes/IN-2001-08.html

  11. US-CERT (United States Computer Emergency Readiness Team): Microsoft SQL Server 2000 contains stack buffer overflow in SQL Server Resolution Service (Vulnerability Note VU#484891) (2002), http://www.kb.cert.org/vuls/id/484891

  12. CERT Coordination Center: CERT Advisory CA-2003-04 MS-SQL Server Worm (2003), http://www.cert.org/advisories/CA-2003-04.html

  13. US-CERT (United States Computer Emergency Readiness Team): Microsoft Windows RPC vulnerable to buffer overflow (Vulnerability Note VU#568148) (2003), http://www.kb.cert.org/vuls/id/568148

  14. CERT Coordination Center: CERT Advisory CA-2003-20 W32/Blaster worm (2003), http://www.cert.org/advisories/CA-2003-20.html

  15. Ruwase, O., Lam, M.S.: A practical dynamic buffer overflow detector. In: Proceedings of the 11th Annual Network and Distributed System Security Symposium. Internet Society, San Diego (2004)

    Google Scholar 

  16. CERT Coordination Center: CERT/CC advisories (1988), http://www.cert.org/advisories/

  17. Wagner, D., Foster, J.S., Brewer, E.A., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: Network and Distributed System Security Symposium, pp. 3–17. Internet Society, San Diego (2000)

    Google Scholar 

  18. Cowan, C., Wagle, P., Pu, C., Beattie, S., Walpole, J.: Buffer overflows: Attacks and defenses for the vulnerability of the decade. In: DARPA Information Survivability Conference and Exposition (DISCEX), Hilton Head Island, SC, USA, vol. 2, pp. 119–129. IEEE, Los Alamitos (2000)

    Chapter  Google Scholar 

  19. Wilander, J., Kamkar, M.: A comparison of publicly available tools for dynamic buffer overflow prevention. In: Proceedings of the 10th Network and Distributed System Security Symposium, pp. 149–162. Internet Society, San Diego (2003)

    Google Scholar 

  20. Larochelle, D., Evans, D.: Statically detecting likely buffer overflow vulnerabilities. In: Proceedings of the 10th USENIX Security Symposium, pp. 177–190, USENIX, Washington, (2001)

    Google Scholar 

  21. Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proc. 7th USENIX Security Conference, pp. 63–78, USENIX, San Antonio (1998)

    Google Scholar 

  22. Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., Wang, Y.: Cyclone: A safe dialect of C. In: Proceedings of the USENIX Annual Technical Conference, pp. 275–288, USENIX, Monterey (2002)

    Google Scholar 

  23. Condit, J., Harren, M., McPeak, S., Necula, G.C., Weimer, W.: CCured in the real world. In: PLDI 2003: Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, pp. 232–244. ACM, San Diego (2003)

    Chapter  Google Scholar 

  24. Jones, R., Kelly, P.: Backwards-compatible bounds checking for arrays and pointers in C programs. In: Kamkar, M. (ed.) Proceedings of the Third International Workshop on Automatic Debugging, Linköping, Sweden, vol. 2. Linköping Electronic Articles in Computer and Information Science, pp. 13–26 (1997)

    Google Scholar 

  25. Keromytis, A.D.: Patch on demand saves even more time? IEEE Computer 37, 94–96 (2004)

    Article  Google Scholar 

  26. US-CERT (United States Computer Emergency Readiness Team): Squid Proxy Server contains buffer overflow in parsing of the authentication portion of FTP URLs (Vulnerability Note VU#613459) (2002), http://www.kb.cert.org/vuls/id/613459

  27. Berners-Lee, T., Fielding, R., Frystyk, H.: RFC 1945: Hypertext Transfer Protocol — HTTP/1.0. Status: INFORMATIONAL (1996)

    Google Scholar 

  28. Postel, J.: Transmission Control Protocol. RFC 793 (1981), http://www.rfc-editor.org/rfc/rfc793.txt

  29. Arlitt, M., Jin, T.: A workload characterization study of the 1998 world cup web site. IEEE Network 14, 30–37 (2000)

    Article  Google Scholar 

  30. Cidon, I., Gupta, A., Rom, R., Schuba, C.: Hybrid TCP-UDP transport for web traffic. Technical Report 99-71, Sun Microsystems Laboratories, Palo Alto, CA (1999)

    Google Scholar 

  31. Rabinovich, M., Wang, H.: DHTTP: An efficient and cache-friendly transfer protocol for web traffic. In: IEEE INFOCOM, pp. 1597–1606 (2001)

    Google Scholar 

  32. Chen, H., Mohapatra, P.: CATP: A context-aware transportation protocol for HTTP. In: International Workshop on New Advances in Web Servers and Proxy Technologies Held with ICDCS, Providence, RI, USA, pp. 922–927 (2003)

    Google Scholar 

  33. Postel, J.: User datagram protocol. RFC 768 (1980), http://www.rfc.net/rfc768.html

  34. Comer, D., Stevens, D.: Internetworking with TCP/IP, Volume III — Client-Server Programming and Applications for the BSD Socket Version, vol. III. Prentice Hall, Englewood Cliffs (1993)

    Google Scholar 

  35. Issarny, V., Banâtre, M., Charpiot, B., Menaud, J.-M.: Quality of Service and Electronic Newspaper: The Etel Solution. In: Krakowiak, S., Shrivastava, S.K. (eds.) BROADCAST 1999. LNCS, vol. 1752, pp. 472–496. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  36. Lieberherr, K.J., Palm, J., Sundaram, R.: Expressiveness and complexity of crosscut languages. Technical Report NU-CCIS-04-10, Northeastern University (2004)

    Google Scholar 

  37. Douence, R., Fradet, P., Südholt, M.: A framework for the detection and resolution of aspect interactions. In: Batory, D., Consel, C., Taha, W. (eds.) GPCE 2002. LNCS, vol. 2487, pp. 173–188. Springer, Heidelberg (2002)

    Google Scholar 

  38. Douence, R., Fradet, P., Südholt, M.: Composition, reuse and interaction analysis of stateful aspects. In: AOSD 2004: Proc. of 3rd International Conference on Aspect-Oriented Software Development, pp. 141–150. ACM, Lancaster (2004)

    Google Scholar 

  39. Jaffar, J., Michaylov, S., Stuckey, P.J., Yap, R.H.C.: The clp(r) language and system. ACM Trans. Program. Lang. Syst. 14, 339–395 (1992)

    Article  Google Scholar 

  40. Schmidt, D.A.: Denotational semantics - A methodology for language development. Allyn and Bacon (1986), http://www.cis.ksu.edu/~schmidt/text/densem.html

  41. Fritz, T.: An expressive aspect language with arachne. Master’s thesis, Ludwig-Maiximilians-Universität München (2005)

    Google Scholar 

  42. System Unix, U.S.L.: System V application binary interface intel 386 architecture processor supplement. Prentice Hall Trade (1994)

    Google Scholar 

  43. Hilsdale, E., Hugunin, J.: Advice weaving in AspectJ. In: Proceedings of the 3rd International Conference on Aspect-Oriented Software Development, pp. 26–35. ACM, New York (2004)

    Chapter  Google Scholar 

  44. Clowes, S.: Injectso: Modifying and spying on running processes under linux. In: Black Hat Briefings (2001)

    Google Scholar 

  45. Intel Corportation: IA-32 Intel Architecture software developer’s manual. Intel Corportation (2001)

    Google Scholar 

  46. Chinen, K.I., Yamaguchi, S.: An interactive prefetching proxy server for improvement of WWW latency. In: INET 1997: Seventh Annual Conference of the Kuala Lumpur Internet Society, Malaysia (1997)

    Google Scholar 

  47. Rousskov, A., Wessels, D.: High-performance benchmarking with Web Polygraph. Software Practice and Experience 34, 187–211 (2004)

    Article  Google Scholar 

  48. Kegel, D.: dkftpbench (2000), http://www.kegel.com/dkftpbench/

  49. Spinczyk, O., Gal, A., Schröder-Preikschat, W.: AspectC++: An aspect-oriented extension to the C++ programming language. In: Proceedings of the Fortieth International Conference on Tools Pacific, Australian Computer Society, Sydney, Australia, pp. 53–60 (2002)

    Google Scholar 

  50. Almajali, S., Elrad, T.: Coupling availability and efficiency for aspect-oriented runtime weaving systems. In: DAW 2005: Proceeding of the 2nd Dynamic Aspects Workshop at AOSD, Chicago, IL, pp. 47–56 (2005)

    Google Scholar 

  51. Engel, M., Freisleben, B.: Supporting autonomic computing functionality via dynamic operating system kernel aspects. In: AOSD 2005: Proceedings of the 4th International Conference on Aspect-Oriented Software Development, pp. 51–62. ACM, New York (2005)

    Google Scholar 

  52. Douence, R., Motelet, O., Südholt, M.: A formal definition of crosscuts. In: Yonezawa, A., Matsuoka, S. (eds.) Reflection 2001. LNCS, vol. 2192, pp. 170–186. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  53. Masuhara, H., Kawauchi, K.: Dataflow Pointcut in Aspect-Oriented Programming. In: Ohori, A. (ed.) APLAS 2003. LNCS, vol. 2895, pp. 105–121. Springer, Heidelberg (2003)

    Google Scholar 

  54. de Volder, K.: Aspect-Oriented Logic Meta Programming. In: Cointe, P. (ed.) Reflection 1999. LNCS, vol. 1616, pp. 250–272. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  55. Andrews, J.H.: Process-algebraic foundations of aspect-oriented programming. In: Yonezawa, A., Matsuoka, S. (eds.) Reflection 2001. LNCS, vol. 2192, pp. 187–209. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  56. Aßmann, U., Ludwig, A.: Aspect Weaving with Graph Rewriting. In: Czarnecki, K., Eisenecker, U.W. (eds.) GCSE 1999. LNCS, vol. 1799, pp. 24–36. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  57. Åberg, R.A., Lawall, J.L., Südholt, M., Muller, G., Meur, A.F.L.: On the automatic evolution of an OS kernel using temporal logic and AOP. In: ASE 2003: Proceedings of the 18th IEEE International Conference on Automated Software Engineering, pp. 196–204. IEEE Computer Society, Montreal (2003)

    Chapter  Google Scholar 

  58. Douence, R., Südholt, M.: A model and a tool for event-based aspect-oriented programming (eaop). Technical Report 02/11/INFO, École des mines de Nantes (2002); French version published in Proc. of LMO 2003, Hermes Sciences

    Google Scholar 

  59. Vanderperren, W., Suvée, D., Cibrán, M.A., De Fraine, B.: Stateful Aspects in JAsCo. In: Gschwind, T., Aßmann, U., Nierstrasz, O. (eds.) SC 2005. LNCS, vol. 3628, pp. 167–181. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  60. Allan, C., Avgustinov, P., Christensen, A.S.: Adding trace matching with free variables to AspectJ. In: Gabriel, R.P. (ed.) OOPSLA 2005: ACM Conference on Object-Oriented Programming, Systems and Languages. ACM, New York (2005)

    Google Scholar 

  61. Aspray, W.: John von Neumann’s contributions to computing and computer science. Annals of the History of Computing 11, 189–195 (1989)

    Article  MathSciNet  MATH  Google Scholar 

  62. Luk, C.K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: Building customized program analysis tools with dynamic instrumentation. In: PLDI: Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation, pp. 190–200. ACM, Chicago (2005)

    Chapter  Google Scholar 

  63. Hollingsworth, J.K., Miller, B.P., Goncalves, M.J.R., Naim, O., Xu, Z., Zheng, L.: MDL: A language and compiler for dynamic program instrumentation. In: PACT: Proceedings of the 6th Conference on Parallel Architectures and Compilation Techniques, pp. 201–213. IEEE Computer Society, San Francisco (1997)

    Google Scholar 

  64. Chiba, S.: Load-Time Structural Reflection in Java. In: Bertino, E. (ed.) ECOOP 2000. LNCS, vol. 1850, pp. 313–336. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  65. Pawlak, R., Seinturier, L., Duchien, L., Florin, G.: JAC: A Flexible Solution for Aspect-Oriented Programming in Java. In: Yonezawa, A., Matsuoka, S. (eds.) Reflection 2001. LNCS, vol. 2192, pp. 1–24. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  66. Popovici, A., Alonso, G., Gross, T.R.: Just-in-time aspects: Efficient dynamic weaving for Java. In: AOSD: Proceedings of the 2nd International Conference on Aspect-Oriented Software Development, pp. 100–109. ACM, New York (2003)

    Chapter  Google Scholar 

  67. Chiba, S., Nakagawa, K.: Josh: An open AspectJ-like language. In: Murphy, G.C., Lieberherr, K.J. (eds.) AOSD: Proceedings of the Third International Conference on Aspect-Oriented Software Development, pp. 102–111. ACM, New York (2004)

    Chapter  Google Scholar 

  68. Suvée, D., Vanderperren, W., Jonckers, V.: JasCo: An aspect-oriented approach tailored for component-based software development. In: Press, A. (ed.) AOSD 2003: Proc. of 2nd International Conference on Aspect-Oriented Software Development, pp. 21–29 (2003)

    Google Scholar 

  69. Bockisch, C., Haupt, M., Mezini, M., Ostermann, K.: Virtual machine support for dynamic join points. In: AOSD 2004: Proceedings of the 3rd International Conference on Aspect-Oriented Software Development, pp. 83–92. ACM, New York (2004)

    Google Scholar 

  70. JBoss Inc.: JBoss AOP (2005), http://jboss.com/products/aop

  71. Spring Framework: Spring AOP (2005), http://www.springframework.org/

Download references

Author information

Authors and Affiliations

  1. OBASCO project, École des Mines de Nantes – INRIA, LINA, 4, rue Alfred Kastler, 44307 Cedex 3, Nantes, France

    Rémi Douence, Nicolas Loriant, Jean-Marc Menaud, Marc Ségura-Devillechaise & Mario Südholt

  2. Gruppe PST, Institut für Informatik, Ludwig-Maximilians-Universität München, Oettingenstraße 67, 80538, München, Germany

    Thomas Fritz

Authors
  1. Rémi Douence
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Fritz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nicolas Loriant
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jean-Marc Menaud
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Marc Ségura-Devillechaise
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Mario Südholt
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computing, InfoLab 21, South Drive, Lancaster University, LA1 4WA, Lancaster, UK

    Awais Rashid

  2. University of Twente, P.O. Box 217, 7500, Enschede, AE, The Netherlands

    Mehmet Aksit

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Douence, R., Fritz, T., Loriant, N., Menaud, JM., Ségura-Devillechaise, M., Südholt, M. (2006). An Expressive Aspect Language for System Applications with Arachne. In: Rashid, A., Aksit, M. (eds) Transactions on Aspect-Oriented Software Development I. Lecture Notes in Computer Science, vol 3880. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11687061_6

Download citation

  • DOI: https://doi.org/10.1007/11687061_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-32972-5

  • Online ISBN: 978-3-540-32974-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation