Section: New Results

Aspect-Oriented Programming

Participants : Henri-Charles Blondeel, Pascal Fradet [contact person] , Alain Girault, Marnes Hoff.

The goal of Aspect-Oriented Programming (AOP ) is to isolate aspects (such as security, synchronization, or error handling) which cross-cut the program basic functionality and whose implementation usually yields tangled code. In AOP , such aspects are specified separately and integrated into the program by an automatic transformation process called weaving.

Although this paradigm has great practical potential, it still lacks formalization and undisciplined uses make reasoning on programs very difficult. Our work on AOP addresses these issues by studying foundational issues (semantics, analysis, verification) and by considering domain-specific aspects (availability, fault tolerance or refinement aspects) as formal properties.

Aspects Preserving Properties

Aspect Oriented Programming can arbitrarily distort the semantics of programs. In particular, weaving can invalidate crucial safety and liveness properties of the base program.

We have identified categories of aspects that preserve some classes of properties [10] . Our categories of aspects comprise, among others, observers, aborters, and confiners. For example, observers do not modify the base program's state and control-flow (e.g., persistence, profiling, and debugging aspects). These categories are defined formally based on a language independent abstract semantic framework. The classes of properties are defined as subsets of LTL for deterministic programs and CTL* for non-deterministic ones. We have formally proved that, for any program, the weaving of any aspect in a category preserves any property in the related class.

In a second step, we have designed for each aspect category a specialized aspect language which ensures that any aspect written in that language belongs to the corresponding category. These languages preserve the corresponding classes of properties by construction.

This work was conducted in collaboration with Rémi Douence from the Ascola Inria team at École des Mines de Nantes.

Fault Tolerance Aspects

In the recent years, we have studied the implementation of specific fault tolerance techniques in real-time embedded systems using program transformation [1] . We are now investigating the use of fault-tolerance aspects in digital circuits. To this aim, we consider program transformations for hardware description languages (HDL). Our goal is to design an aspect language allowing users to specify and tune a wide range of fault tolerance techniques, while ensuring that the woven HDL program remains synthesizable. The advantage would be to produce fault-tolerant circuits by specifying fault-tolerant strategies separately from the functional specifications.

We have reviewed the different fault tolerant techniques used in integrated circuits: concurrent error detection, error detecting and correcting codes (Hamming, Berger codes, ...), spatial and time redundancy. We have designed a simple hardware description language inspired from Lustre and Lucid Synchrone. It is a core functional language manipulating synchronous boolean streams. Faults are represented by bit flips and we take into account all fault models of the form “at most $k$ faults within $n$ clock signals”. The language semantics as well as the fault model have been formalized in Coq. The next step is to express standard fault tolerance techniques as program transformations and prove that they allow to tolerate all faults of a given model.

Refinement Aspects

Chemical programming describes computation in terms of a chemical solution in which molecules (representing data) interact freely according to reaction rules (representing the program). Solutions are represented by multisets of elements and reactions by rewrite rules which consume and produce new elements according to conditions. This paradigm makes it possible to express programs without artificial sequentiality in a very abstract way. It bridges the gap between specification and implementation languages.

A drawback of chemical languages is that their very high-level nature usually leads to very inefficient programs. We have proposed a refinement oriented approach where the basic functionality is expressed as a chemical program whereas efficiency is achieved separately by:

• structuring the multiset with a data type defining neighborhood relations;

• describing the selection of elements according to their neighborhood;

• specifying the evaluation strategy (i.e., the application of rules and termination).

Using these three implementation aspects (data structure, selection and strategy), the chemical program can then be refined automatically into an efficient low-level program. The crucial methodological advantage is that logical issues are decoupled from efficiency issues.

This research, that takes place within the AutoChem project (see Section  8.1.1 ), is done in collaboration with Jean-Louis Giavitto (Ircam, Paris). It is the subject matter of Marnes Hoff's PhD thesis.