Dependent Feature Analysis

1
Dependent Feature Analysis

• Morgan Deters

Doctoral Student Seminar 23 March 2007
2
thermometer
safety switch
scissors
mp3s
Initial vision ? user demands
screwdriver
knife
Big Red Button
integrated cell phone
3
static ssize_t pipe_readv(struct file filp,
const struct iovec _iov, unsigned
long nr_segs, loff_t ppos) struct
inode inode filp-gtf_dentry-gtd_inode
int do_wakeup ssize_t ret
struct iovec iov (struct iovec )_iov
size_t total_len total_len
iov_length(iov, nr_segs) / Null read
succeeds. / if (unlikely(total_len
0)) return 0 do_wakeup
0 ret 0 down(PIPE_SEM(inode
)) for () int size
PIPE_LEN(inode) if (size)
char pipebuf
PIPE_BASE(inode) PIPE_START(inode)
ssize_t chars PIPE_MAX_RCHUNK(ino
de) if (chars gt
total_len) chars
total_len if (chars gt
size) chars
size if
(pipe_iov_copy_to_user(iov, pipebuf, chars))
if (!ret) ret
-EFAULT break

ret chars
PIPE_START(inode) chars
PIPE_START(inode) (PIPE_SIZE - 1)
PIPE_LEN(inode) - chars
total_len - chars
do_wakeup 1
if (!total_len)
break / common path read succeeded /
if
(PIPE_LEN(inode)) / test for cyclic buffers /
continue
if (!PIPE_WRITERS(inode))
break if (!PIPE_WAITING_WRITERS(
inode)) / syscall
merging Usually we must not sleep
if O_NONBLOCK is set, or if we got
some data. But if a
writer sleeps in kernel space, then
we can wait for that data without
violating POSIX. /
if (ret)
break if
(filp-gtf_flags O_NONBLOCK)
ret -EAGAIN
break
if (signal_pending(cur
rent)) if (!ret) ret
-ERESTARTSYS break
if (do_wakeup)
wake_up_interruptible_sync(PI
PE_WAIT(inode))
kill_fasync(PIPE_FASYNC_WRITERS(inode), SIGIO,
POLL_OUT)
pipe_wait(inode)
up(PIPE_SEM(inode)) / Signal writers
asynchronously that there is more room. /
if (do_wakeup)
wake_up_interruptible(PIPE_WAIT(inode))
kill_fasync(PIPE_FASYNC_WRITERS(inode),
SIGIO, POLL_OUT) if (ret gt 0)
file_accessed(filp)
return ret
4
Effect on Developers

• Maintenance
• massive and unintuitive component interdependence

• Footprint
• every user gets everything

• Testing
• unclear what parts affect other parts

5

• Weaving
• code linking logic
• produces composed program
• gains you source-level flexibility

6
Feature Programming

• Aspect-Oriented Programming Kiczales et al.
  1997
• Subject-Oriented Programming Harrison Ossher
  1993
• Hyperspaces Tarr et al. 1999
• Composition Filters Bergmans Aksit 2002
• Adaptive Programming Lieberherr 1996
• AHEAD tool suite Batory
• Generative Programming Czarnecki Eisenecker
  2000

Advanced Separation of Concerns (ASoC)
7
Effect on Developers

• Maintenance
• Kiczales et al. 1997, Harrison Ossher 1993
• clearer separation of code features

• Footprint
• Hunleth 2002, Maddimsetty 2003
• conditionally include features

• Testing
• unclear what parts affect other parts

8
Testing in a Real System
ConsumerDispatch ConsumerQos CorrelationFilter Dir
ectConnect DisableCorba EnableCorba EventAny Event
Object EventPull EventBodyAny EventBodyObject Even
tBodyOctetSeq EventBodyString EventChannelTrace
EventType EventVector RealtimeDispatcher RtecCorre
lationFilter SourceFilter SupplierDispatch Through
putTest Timestamp Ttl

• FACET Hunleth 2002, Maddimsetty 2003

9
Testing Features

• Must test all combinations of N features 2N
• reduce of tests given feature independence
• Which tests are unnecessary?
• What notion of feature dependence?

10
What Notion of Independence?

• Given
• a base program P ? P
• two features ?, ? P ? P
• a test predicate T P ? true, false
• Under what conditions can we prove
• T(P) T(?(P)) T(?(P)) ?? T(?(?(P)))
  T(?(?(P)))
• In other words
• is it sufficient to test features in isolation?

11
What Notion of Independence?
T(P) T(?(P)) T(?(P)) ?? T(?(?(P)))
T(?(?(P)))

• If P and T distinguish present features
• ?, ? not independent over P, T
• For nontrivial ?, ? (not identity, not
  inverse)
• ? P,T that distinguishes
• Need a strict notion of independence
• needs to consider P (can also consider T )
• full analysis of program dependence graph
• inspired by program slicing work Weiser 1984

12
Program Dependence Graph

• Ferrante et al. 1987
• Control dependence
• Data dependence
• Dependence useful for
• Code motion
• Loop optimization
• Dead store elimination

13
isr new InputStreamReader()
ENTRY
Control Flow Graph
in new BufferedReader(isr)
Cups-to-quarts
println(enter of cups)
line in.readLine()
FATAL
cups Integer.parseInt(line)
F
cups gt 0 ?
println(invalid)
T
quarts cups / 4.0f
EXIT
println(quarts)
14
Program Dependence Graph
isr new InputStreamReader()
ROOT
Cups-to-quarts
in new BufferedReader(isr)
println(enter of cups)
line in.readLine()
FATAL
cups Integer.parseInt(line)
F
cups gt 0 ?
println(invalid)
T
quarts cups / 4.0f
println(quarts)
control
data
15
isr new InputStreamReader()
log(entering)
Control Flow Graph
ENTRY
in new BufferedReader(isr)
Cups-to-quarts Logging
println(enter of cups)
line in.readLine()
FATAL
cups Integer.parseInt(line)
F
cups gt 0 ?
println(invalid)
T
quarts cups / 4.0f
log(exiting)
EXIT
println(quarts)
16
Program Dependence Graph
isr new InputStreamReader()
ROOT
Cups-to-quarts Logging
in new BufferedReader(isr)
println(enter of cups)
log(entering)
line in.readLine()
FATAL
log(exiting)
cups Integer.parseInt(line)
F
cups gt 0 ?
println(invalid)
T
quarts cups / 4.0f
println(quarts)
control
data
17
isr new InputStreamReader()
log(entering)
Control Flow Graph
ENTRY
in new BufferedReader(isr)
Cups-to-quarts Logging Metric
println(enter of cups)
line in.readLine()
FATAL
cups Integer.parseInt(line)
F
cups gt 0 ?
println(invalid)
T
quarts cups / 4.0f
log(exiting)
EXIT
println(quarts)
println(liters)
liters quarts / 1.057f
18
Program Dependence Graph
isr new InputStreamReader()
ROOT
Cups-to-quarts Logging Metric
in new BufferedReader(isr)
println(enter of cups)
log(entering)
line in.readLine()
FATAL
log(exiting)
cups Integer.parseInt(line)
F
cups gt 0 ?
println(invalid)
T
quarts cups / 4.0f
liters quarts / 1.057f
println(quarts)
println(liters)
control
data
19
Feature Independence

• Many features are independent
• debugging state inspectors
• GUI updating
• task manager
• synchronization

20
isr new InputStreamReader()
ENTRY
Control Flow Graph
in new BufferedReader(isr)
Cups-to-quarts Metric Input-gallons
println(enter of cups)
println(enter of gallons)
line in.readLine()
FATAL
cups Integer.parseInt(line)
gallons Integer.parseInt(line)
F
cups gt 0 ?
println(invalid)
gallons gt 0 ?
T
quarts cups / 4.0f
quarts gallons 4.0f
println(liters)
EXIT
liters quarts / 1.057f
21
Program Dependence Graph
isr new InputStreamReader()
ROOT
Cups-to-quarts Metric Input-gallons
in new BufferedReader(isr)
println(enter of gallons)
line in.readLine()
FATAL
gallons Integer.parseInt(line)
F
gallons gt 0 ?
println(invalid)
T
quarts gallons 4.0f
liters quarts / 1.057f
println(liters)
control
data
22
Feature Independence

• Many features are independent
• debugging state inspectors
• GUI updating
• task manager
• synchronization
• Many features arent independent
• filters/modifications of state
• FACET

23
Control/data dependence too strict?

• Exception handling ?

24
Program Dependence Graph
isr new InputStreamReader()
ROOT
Cups-to-quarts Logging Metric
in new BufferedReader(isr)
println(enter of cups)
log(entering)
line in.readLine()
FATAL
log(exiting)
cups Integer.parseInt(line)
F
cups gt 0 ?
println(invalid)
T
quarts cups / 4.0f
liters quarts / 1.057f
println(quarts)
println(liters)
control
data
25
Control/data dependence too strict?

• Exception handling
• Path insensitivity ?

26
Control Flow Graph
x
x
27
Control/data dependence too strict?

• Exception handling
• Path insensitivity
• Wrong abstraction ?
• Metric Input-gallons

28
Program Dependence Graph
isr new InputStreamReader()
ROOT
Cups-to-quarts Metric Input-gallons
in new BufferedReader(isr)
println(enter of gallons)
line in.readLine()
FATAL
gallons Integer.parseInt(line)
F
gallons gt 0 ?
println(invalid)
T
quarts gallons 4.0f
liters quarts / 1.057f
println(liters)
control
data
29
Control/data dependence too strict?

• Exception handling
• Path insensitivity
• Wrong abstraction ?
• Metric Input-gallons
• conceptually, they dont interfere
• case for conceptual independence

30
Conceptual Independence

• Feature specifications
• always hold lock L accessing data X
• when a socket is connected, wrap with encryption
• cache the result of function f for future calls
• write to a log when condition ? occurs
• the quantity a b is always lt 100

31
Conceptual Independence

• Feature specifications of today
• code linking logic
• code transformations
• Feature specifications of tomorrow
• logical statements about state of program
• assertions with teeth

32
Implementation

• GCC 4.1.1
• supports subset of AspectJ Kiczales et al. 1997
• feature weaving
• Dependent Feature Analysis

33
Conclusions

• Featureful software is tangled
• Feature programming can untangle software
• subset testing problem
• Dependent Feature Analysis
• determines independent features
• reduces necessary testing
• Limitations of modern feature tools
• user specification of features

34
Shameless Plug
Unwoven Aspect Analysis
Defense in mid-April

• incorporates this analysis
• proposes analyzing aspects in isolation
• current tools dont get us there

35
Thanks !
Morgan Deters mdeters_at_cse.wustl.edu
www.cse.wustl.edu/mdeters Department of
Computer Science Engineering Washington
University Box 1045 St. Louis, MO 63130
USA
36
References

• Avgustinov et al. 2005
• Avgustinov, Pavel, Aske Simon Christensen,
  Laurie Hendren, Sascha Kuzins, Jennifer Lhoták,
  Ondrej Lhoták, Oege de Moor, Damien Sereni,
  Ganesh Sittampalam, and Julian Tibble. abc an
  extensible AspectJ compiler. In AOSD 2005.
  (January 2005.)
• Batory
• Batory, Don S.
• Bergmans Aksit 2002
• Bergmans, Lodewijk and Mehmet Aksit. Composing
  multiple concerns using composition filters. In
  CACM 44(10)5157. (October 2001.)
• Czarnecki Eisenecker 2000
• Czarnecki, Krysztof and Ulrich Eisenecker.
  Generative Programming Methods, Tools, and
  Applications. Addison Wesley, Boston, 2000.

37
References

• Deters 2003
• Deters, Morgan. Dynamic Assignment of Scoped
  Memory Regions in the Translation of Java to
  Real-Time Java. M.S. Thesis, Washington
  University, March 2003.
• Deters Cytron 2001
• Deters, Morgan and Ron K. Cytron. Introduction
  of Program Instrumentation using Aspects. In
  Proceedings of the International Workshop on
  Aspect-Oriented Programming and Separation of
  Concerns, Lancaster, UK. (August, 2001.)
• Deters Cytron 2002
• Deters, Morgan and Ron K. Cytron. Automated
  Discovery of Scoped Memory Regions for Real-Time
  Java. In ISMM 2002, pp. 2535. (June, 2002.)
• Deters/Gill/Cytron 2003
• Deters, Morgan, Christopher Gill, and Ron
  Cytron. Rate-Monotonic Analysis in the C
  Typesystem. In Proceedings of the RTAS 2003
  Workshop on Model-Driven Embedded Systems (MDES).
  (May, 2003.)

38
References

• Deters et al. 2004
• Deters, Morgan, Nicholas A. Leidenfrost, Matthew
  P. Hampton, James C. Brodman, and Ron K. Cytron.
  Automated Reference-Counted Object Recycling for
  Real-Time Java. In RTAS 2004, pp. 424433.
  (May, 2004.)
• Ferrante et al. 1987
• Ferrante, Jeanne, Karl J. Ottenstein, and Joe D.
  Warren. The program dependence graph and its use
  in optimization. In ACM TOPLAS 9(3)319349.
  (July, 1987.)
• Hannemann Kiczales 2002
• Hannemann, Jan and Gregor Kiczales. Design
  pattern implementation in Java and AspectJ. In
  OOPSLA 2002, pp. 161173. (November 2002.)
• Harrison Ossher 1993
• Harrison, William and Harold Ossher.
  Subject-oriented programming a critique of pure
  objects. In OOPSLA 1993, pp. 411428.
  (September 1993.)

39
References

• Hunleth 2002
• Hunleth, Frank. Building Customizable
  Middleware using Aspect-Oriented Programming.
  Masters thesis. Technical report WUCS0207,
  Department of Computer Science, Washington
  University in St. Louis. (May 2002.)
• Kiczales et al. 1997
• Kiczales, Gregor, John Lamping, Anurag
  Mendhekar, Chris Maeda, Cristina Videira Lopes,
  Jean-Marc Loingtier, and John Irwin.
  Aspect-Oriented Programming. In ECOOP 1997. LNCS
  1241220242. (June 1997.)
• Lamping Abadi 1994
• Lamping, John and Martin Abadi. Methods as
  assertions. In ECOOP 1994. LNCS 8216080.
  (July 1994.)
• Lieberherr 1996
• Lieberherr, Karl. Adaptive Object-Oriented
  Software The Demeter Method with Propagation
  Patterns. PWS Publishing Company, Boston, 1996.

40
References

• Linenweber 2003
• Linenweber, Martin. A study in Java bytecode
  engineering with PCESjava. Masters thesis.
  Technical report WUCSE0317, Department of
  Computer Science Engineering, Washington
  University in St. Louis. (May 2003.)
• Maddimsetty 2003
• Maddimsetty, Ravi Pratap. Efficient
  customizable middleware. Masters thesis.
  Technical report WUCSE0378, Department of
  Computer Science Engineering, Washington
  University in St. Louis. (December 2003.)
• Mann et al. 2005
• Mann, Tobias, Morgan Deters, Rob LeGrand, and
  Ron K. Cytron. Static determination of
  allocation rates to support real-time garbage
  collection. In LCTES 2005. (June 2005.)
• Strom Yemini 1986
• Strom, R.E., and S. Yemini. Typestate A
  programming language concept for enhancing
  software reliability. IEEE Transactions on
  Software Engineering 12(1)157171. (January
  1986.)

41
References

• Tarr et al. 1999
• Tarr, Peri, Harold Ossher, William Harrison, and
  Stanley M. Sutton, Jr. N degrees of separation
  multi-dimensional separation of concerns. In
  ICSE 1999, pp. 107119. (May 1999.)
• Walker et al. 2003
• Walker, David, Steve Zdancewic, and Jay Ligatti.
  A theory of aspects. In ICFP 2003.
• Weiser 1984
• Weiser, Mark. Program Slicing. In IEEE
  Transactions on Software Engineering,
  10(4)352357. (July, 1984.)