Advertisement

An Expressive Aspect Language for System Applications with Arachne

  • Rémi Douence
  • Thomas Fritz
  • Nicolas Loriant
  • Jean-Marc Menaud
  • Marc Ségura-Devillechaise
  • Mario Südholt
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3880)

Abstract

Security, networking and prefetching are typical examples of concerns which crosscut system-level C applications. While a careful design can help to address these concerns, they frequently become an issue at runtime, especially if avoiding server downtime is important. Vulnerabilities caused by buffer overflows and double-free bugs are frequently discovered after deployment, thus opening critical breaches in running applications. Performance issues also often arise at run time: in the case of Web caches, e.g., a prefetching strategy may be required to increase performance. Aspect-oriented programming is an appealing solution to solve these issues. However, none of the current dynamic aspect systems is expressive and efficient enough to support them properly in the context of C applications. Arachne is a new aspect system specifically designed to address these issues. Its aspect language allows aspects to be expressed concisely using a sequence construct for quantification over function calls and accesses through variable aliases. Arachne enables aspects to be woven “on the fly” in running legacy applications. We show how these abilities can be used to prevent security breaches, to modularize the replacement of network protocols by more efficient ones, and to introduce prefetching in Web caches. We present two formal semantics for Arachne: one which defines in abstract terms the main properties of the sequence construct, and a second one which enables reasoning about the actual implementation. Following a detailed presentation of Arachne’s implementation, we give performance evaluations showing that Arachne is fast enough to extend high-performance applications, such as the Squid Web cache.

Keywords

Base Program Valuation Function Dynamic Link Library Crosscutting Concern Aspect Language 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Wessels, D.: Squid: The Definitive Guide. O’Reilly, Sebastopol (2004)Google Scholar
  2. 2.
    Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C.V., Loingtier, J.-M., Irwin, J.: Aspect-Oriented Programming. In: Aksit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  3. 3.
    Coady, Y., Kiczales, G., Feeley, M., Smolyn, G.: Using AspectC to improve the modularity of path-specific customization in operating system code. In: Gruhn, V. (ed.) Proceedings of the Joint 8th European Software Engeneering Conference and 9th ACM SIGSOFT Symposium on the Foundation of Software Engineering (ESEC/FSE 2001). SOFTWARE ENGINEERING NOTES, vol. 26(5), pp. 88–98. ACM, New York (2001)Google Scholar
  4. 4.
    Ségura-Devillechaise, M., Menaud, J.M., Muller, G., Lawall, J.: Web cache prefetching as an aspect: Towards a dynamic-weaving based solution. In: Proceedings of the 2nd International Conference on Aspect-Oriented Software Development, pp. 110–119. ACM, New York (2003)CrossRefGoogle Scholar
  5. 5.
    Arce, I., Levy, E.: An analysis of the slapper worm. IEEE Security and Privacy 1, 82–87 (2003)CrossRefGoogle Scholar
  6. 6.
    Solar Designer: JPEG COM Marker Processing Vulnerability in Netscape Browsers (1997), http://www.openwall.com/advisories/OW002-netscape-jpeg/
  7. 7.
    Ubuntu: Squid Proxy Cache Double Memory Free Vulnerability (2005), http://www.security.nnov.ru/Idocument338.html
  8. 8.
    American National Standards Institute: ANSI/ISO/IEC 9899-1999: Programming Languages — C. American National Standards Institute, New York (1999)Google Scholar
  9. 9.
    CERT Coordination Center: CERT Advisory CA-2001-13 Buffer Overflow in IIS Indexing Service DLL (2001), http://www.cert.org/advisories/CA-2001-13.html
  10. 10.
    CERT Coordination Center: ”Code Red” Worm Exploiting Buffer Overflow in IIS Indexing Service DLL (CERT Incident Note IN-2001-10) (2001), http://www.cert.org/incident_notes/IN-2001-08.html
  11. 11.
    US-CERT (United States Computer Emergency Readiness Team): Microsoft SQL Server 2000 contains stack buffer overflow in SQL Server Resolution Service (Vulnerability Note VU#484891) (2002), http://www.kb.cert.org/vuls/id/484891
  12. 12.
    CERT Coordination Center: CERT Advisory CA-2003-04 MS-SQL Server Worm (2003), http://www.cert.org/advisories/CA-2003-04.html
  13. 13.
    US-CERT (United States Computer Emergency Readiness Team): Microsoft Windows RPC vulnerable to buffer overflow (Vulnerability Note VU#568148) (2003), http://www.kb.cert.org/vuls/id/568148
  14. 14.
    CERT Coordination Center: CERT Advisory CA-2003-20 W32/Blaster worm (2003), http://www.cert.org/advisories/CA-2003-20.html
  15. 15.
    Ruwase, O., Lam, M.S.: A practical dynamic buffer overflow detector. In: Proceedings of the 11th Annual Network and Distributed System Security Symposium. Internet Society, San Diego (2004)Google Scholar
  16. 16.
    CERT Coordination Center: CERT/CC advisories (1988), http://www.cert.org/advisories/
  17. 17.
    Wagner, D., Foster, J.S., Brewer, E.A., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: Network and Distributed System Security Symposium, pp. 3–17. Internet Society, San Diego (2000)Google Scholar
  18. 18.
    Cowan, C., Wagle, P., Pu, C., Beattie, S., Walpole, J.: Buffer overflows: Attacks and defenses for the vulnerability of the decade. In: DARPA Information Survivability Conference and Exposition (DISCEX), Hilton Head Island, SC, USA, vol. 2, pp. 119–129. IEEE, Los Alamitos (2000)CrossRefGoogle Scholar
  19. 19.
    Wilander, J., Kamkar, M.: A comparison of publicly available tools for dynamic buffer overflow prevention. In: Proceedings of the 10th Network and Distributed System Security Symposium, pp. 149–162. Internet Society, San Diego (2003)Google Scholar
  20. 20.
    Larochelle, D., Evans, D.: Statically detecting likely buffer overflow vulnerabilities. In: Proceedings of the 10th USENIX Security Symposium, pp. 177–190, USENIX, Washington, (2001)Google Scholar
  21. 21.
    Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proc. 7th USENIX Security Conference, pp. 63–78, USENIX, San Antonio (1998)Google Scholar
  22. 22.
    Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., Wang, Y.: Cyclone: A safe dialect of C. In: Proceedings of the USENIX Annual Technical Conference, pp. 275–288, USENIX, Monterey (2002)Google Scholar
  23. 23.
    Condit, J., Harren, M., McPeak, S., Necula, G.C., Weimer, W.: CCured in the real world. In: PLDI 2003: Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, pp. 232–244. ACM, San Diego (2003)CrossRefGoogle Scholar
  24. 24.
    Jones, R., Kelly, P.: Backwards-compatible bounds checking for arrays and pointers in C programs. In: Kamkar, M. (ed.) Proceedings of the Third International Workshop on Automatic Debugging, Linköping, Sweden, vol. 2. Linköping Electronic Articles in Computer and Information Science, pp. 13–26 (1997)Google Scholar
  25. 25.
    Keromytis, A.D.: Patch on demand saves even more time? IEEE Computer 37, 94–96 (2004)CrossRefGoogle Scholar
  26. 26.
    US-CERT (United States Computer Emergency Readiness Team): Squid Proxy Server contains buffer overflow in parsing of the authentication portion of FTP URLs (Vulnerability Note VU#613459) (2002), http://www.kb.cert.org/vuls/id/613459
  27. 27.
    Berners-Lee, T., Fielding, R., Frystyk, H.: RFC 1945: Hypertext Transfer Protocol — HTTP/1.0. Status: INFORMATIONAL (1996)Google Scholar
  28. 28.
    Postel, J.: Transmission Control Protocol. RFC 793 (1981), http://www.rfc-editor.org/rfc/rfc793.txt
  29. 29.
    Arlitt, M., Jin, T.: A workload characterization study of the 1998 world cup web site. IEEE Network 14, 30–37 (2000)CrossRefGoogle Scholar
  30. 30.
    Cidon, I., Gupta, A., Rom, R., Schuba, C.: Hybrid TCP-UDP transport for web traffic. Technical Report 99-71, Sun Microsystems Laboratories, Palo Alto, CA (1999)Google Scholar
  31. 31.
    Rabinovich, M., Wang, H.: DHTTP: An efficient and cache-friendly transfer protocol for web traffic. In: IEEE INFOCOM, pp. 1597–1606 (2001)Google Scholar
  32. 32.
    Chen, H., Mohapatra, P.: CATP: A context-aware transportation protocol for HTTP. In: International Workshop on New Advances in Web Servers and Proxy Technologies Held with ICDCS, Providence, RI, USA, pp. 922–927 (2003)Google Scholar
  33. 33.
    Postel, J.: User datagram protocol. RFC 768 (1980), http://www.rfc.net/rfc768.html
  34. 34.
    Comer, D., Stevens, D.: Internetworking with TCP/IP, Volume III — Client-Server Programming and Applications for the BSD Socket Version, vol. III. Prentice Hall, Englewood Cliffs (1993)Google Scholar
  35. 35.
    Issarny, V., Banâtre, M., Charpiot, B., Menaud, J.-M.: Quality of Service and Electronic Newspaper: The Etel Solution. In: Krakowiak, S., Shrivastava, S.K. (eds.) BROADCAST 1999. LNCS, vol. 1752, pp. 472–496. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  36. 36.
    Lieberherr, K.J., Palm, J., Sundaram, R.: Expressiveness and complexity of crosscut languages. Technical Report NU-CCIS-04-10, Northeastern University (2004)Google Scholar
  37. 37.
    Douence, R., Fradet, P., Südholt, M.: A framework for the detection and resolution of aspect interactions. In: Batory, D., Consel, C., Taha, W. (eds.) GPCE 2002. LNCS, vol. 2487, pp. 173–188. Springer, Heidelberg (2002)Google Scholar
  38. 38.
    Douence, R., Fradet, P., Südholt, M.: Composition, reuse and interaction analysis of stateful aspects. In: AOSD 2004: Proc. of 3rd International Conference on Aspect-Oriented Software Development, pp. 141–150. ACM, Lancaster (2004)Google Scholar
  39. 39.
    Jaffar, J., Michaylov, S., Stuckey, P.J., Yap, R.H.C.: The clp(r) language and system. ACM Trans. Program. Lang. Syst. 14, 339–395 (1992)CrossRefGoogle Scholar
  40. 40.
    Schmidt, D.A.: Denotational semantics - A methodology for language development. Allyn and Bacon (1986), http://www.cis.ksu.edu/~schmidt/text/densem.html
  41. 41.
    Fritz, T.: An expressive aspect language with arachne. Master’s thesis, Ludwig-Maiximilians-Universität München (2005)Google Scholar
  42. 42.
    System Unix, U.S.L.: System V application binary interface intel 386 architecture processor supplement. Prentice Hall Trade (1994)Google Scholar
  43. 43.
    Hilsdale, E., Hugunin, J.: Advice weaving in AspectJ. In: Proceedings of the 3rd International Conference on Aspect-Oriented Software Development, pp. 26–35. ACM, New York (2004)CrossRefGoogle Scholar
  44. 44.
    Clowes, S.: Injectso: Modifying and spying on running processes under linux. In: Black Hat Briefings (2001)Google Scholar
  45. 45.
    Intel Corportation: IA-32 Intel Architecture software developer’s manual. Intel Corportation (2001)Google Scholar
  46. 46.
    Chinen, K.I., Yamaguchi, S.: An interactive prefetching proxy server for improvement of WWW latency. In: INET 1997: Seventh Annual Conference of the Kuala Lumpur Internet Society, Malaysia (1997)Google Scholar
  47. 47.
    Rousskov, A., Wessels, D.: High-performance benchmarking with Web Polygraph. Software Practice and Experience 34, 187–211 (2004)CrossRefGoogle Scholar
  48. 48.
    Kegel, D.: dkftpbench (2000), http://www.kegel.com/dkftpbench/
  49. 49.
    Spinczyk, O., Gal, A., Schröder-Preikschat, W.: AspectC++: An aspect-oriented extension to the C++ programming language. In: Proceedings of the Fortieth International Conference on Tools Pacific, Australian Computer Society, Sydney, Australia, pp. 53–60 (2002)Google Scholar
  50. 50.
    Almajali, S., Elrad, T.: Coupling availability and efficiency for aspect-oriented runtime weaving systems. In: DAW 2005: Proceeding of the 2nd Dynamic Aspects Workshop at AOSD, Chicago, IL, pp. 47–56 (2005)Google Scholar
  51. 51.
    Engel, M., Freisleben, B.: Supporting autonomic computing functionality via dynamic operating system kernel aspects. In: AOSD 2005: Proceedings of the 4th International Conference on Aspect-Oriented Software Development, pp. 51–62. ACM, New York (2005)Google Scholar
  52. 52.
    Douence, R., Motelet, O., Südholt, M.: A formal definition of crosscuts. In: Yonezawa, A., Matsuoka, S. (eds.) Reflection 2001. LNCS, vol. 2192, pp. 170–186. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  53. 53.
    Masuhara, H., Kawauchi, K.: Dataflow Pointcut in Aspect-Oriented Programming. In: Ohori, A. (ed.) APLAS 2003. LNCS, vol. 2895, pp. 105–121. Springer, Heidelberg (2003)Google Scholar
  54. 54.
    de Volder, K.: Aspect-Oriented Logic Meta Programming. In: Cointe, P. (ed.) Reflection 1999. LNCS, vol. 1616, pp. 250–272. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  55. 55.
    Andrews, J.H.: Process-algebraic foundations of aspect-oriented programming. In: Yonezawa, A., Matsuoka, S. (eds.) Reflection 2001. LNCS, vol. 2192, pp. 187–209. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  56. 56.
    Aßmann, U., Ludwig, A.: Aspect Weaving with Graph Rewriting. In: Czarnecki, K., Eisenecker, U.W. (eds.) GCSE 1999. LNCS, vol. 1799, pp. 24–36. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  57. 57.
    Åberg, R.A., Lawall, J.L., Südholt, M., Muller, G., Meur, A.F.L.: On the automatic evolution of an OS kernel using temporal logic and AOP. In: ASE 2003: Proceedings of the 18th IEEE International Conference on Automated Software Engineering, pp. 196–204. IEEE Computer Society, Montreal (2003)CrossRefGoogle Scholar
  58. 58.
    Douence, R., Südholt, M.: A model and a tool for event-based aspect-oriented programming (eaop). Technical Report 02/11/INFO, École des mines de Nantes (2002); French version published in Proc. of LMO 2003, Hermes SciencesGoogle Scholar
  59. 59.
    Vanderperren, W., Suvée, D., Cibrán, M.A., De Fraine, B.: Stateful Aspects in JAsCo. In: Gschwind, T., Aßmann, U., Nierstrasz, O. (eds.) SC 2005. LNCS, vol. 3628, pp. 167–181. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  60. 60.
    Allan, C., Avgustinov, P., Christensen, A.S.: Adding trace matching with free variables to AspectJ. In: Gabriel, R.P. (ed.) OOPSLA 2005: ACM Conference on Object-Oriented Programming, Systems and Languages. ACM, New York (2005)Google Scholar
  61. 61.
    Aspray, W.: John von Neumann’s contributions to computing and computer science. Annals of the History of Computing 11, 189–195 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  62. 62.
    Luk, C.K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: Building customized program analysis tools with dynamic instrumentation. In: PLDI: Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation, pp. 190–200. ACM, Chicago (2005)CrossRefGoogle Scholar
  63. 63.
    Hollingsworth, J.K., Miller, B.P., Goncalves, M.J.R., Naim, O., Xu, Z., Zheng, L.: MDL: A language and compiler for dynamic program instrumentation. In: PACT: Proceedings of the 6th Conference on Parallel Architectures and Compilation Techniques, pp. 201–213. IEEE Computer Society, San Francisco (1997)Google Scholar
  64. 64.
    Chiba, S.: Load-Time Structural Reflection in Java. In: Bertino, E. (ed.) ECOOP 2000. LNCS, vol. 1850, pp. 313–336. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  65. 65.
    Pawlak, R., Seinturier, L., Duchien, L., Florin, G.: JAC: A Flexible Solution for Aspect-Oriented Programming in Java. In: Yonezawa, A., Matsuoka, S. (eds.) Reflection 2001. LNCS, vol. 2192, pp. 1–24. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  66. 66.
    Popovici, A., Alonso, G., Gross, T.R.: Just-in-time aspects: Efficient dynamic weaving for Java. In: AOSD: Proceedings of the 2nd International Conference on Aspect-Oriented Software Development, pp. 100–109. ACM, New York (2003)CrossRefGoogle Scholar
  67. 67.
    Chiba, S., Nakagawa, K.: Josh: An open AspectJ-like language. In: Murphy, G.C., Lieberherr, K.J. (eds.) AOSD: Proceedings of the Third International Conference on Aspect-Oriented Software Development, pp. 102–111. ACM, New York (2004)CrossRefGoogle Scholar
  68. 68.
    Suvée, D., Vanderperren, W., Jonckers, V.: JasCo: An aspect-oriented approach tailored for component-based software development. In: Press, A. (ed.) AOSD 2003: Proc. of 2nd International Conference on Aspect-Oriented Software Development, pp. 21–29 (2003)Google Scholar
  69. 69.
    Bockisch, C., Haupt, M., Mezini, M., Ostermann, K.: Virtual machine support for dynamic join points. In: AOSD 2004: Proceedings of the 3rd International Conference on Aspect-Oriented Software Development, pp. 83–92. ACM, New York (2004)Google Scholar
  70. 70.
    JBoss Inc.: JBoss AOP (2005), http://jboss.com/products/aop
  71. 71.
    Spring Framework: Spring AOP (2005), http://www.springframework.org/

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Rémi Douence
    • 1
  • Thomas Fritz
    • 2
  • Nicolas Loriant
    • 1
  • Jean-Marc Menaud
    • 1
  • Marc Ségura-Devillechaise
    • 1
  • Mario Südholt
    • 1
  1. 1.OBASCO projectÉcole des Mines de Nantes – INRIA, LINANantesFrance
  2. 2.Gruppe PST, Institut für InformatikLudwig-Maximilians-Universität MünchenMünchenGermany

Personalised recommendations