The present invention relates generally to designing software applications, and more particularly to an aspect-oriented programming implementation for designing by contract.
Modem software program are large and complex creations, often created by teams of developers. Because of the collaborative nature of software development, incompatible program modules commonly result, and debugging is required to resolve these differences. However, as is often the case, the resources expended in debugging a software program can rival those required to create the software program in the first place.
This situation can be avoided by not creating the incompatibilities in the first place. This may be done through Design by Contract. Design by Contract is a design methodology in which every program module designed states very explicitly and clearly the preconditions for using that module correctly and the postconditions that module guarantees. The benefit of stating these up front is that bugs in the implementation may be detected more quickly because the preconditions and postconditions may be checked at runtime. Reliability is built into the software program so no debugging is necessary later.
This methodology is referred to as Design by Contract because it acts in a way that mirrors human contracts. In essence, a program offers to provide something in exchange for something else. More specifically, the program module guarantees that certain postconditions will be satisfied if the caller satisfies certain preconditions.
For instance, if a precondition is violated, then the software calling the module is doing something wrong. If, on the other hand, a postcondition is violated, then an error exists in the implementation of the module.
Design by Contract is typically used during the development of software, but when the final product is ready for shipment, the preconditions and postconditions are removed to improve performance. By defining preconditions and postconditions, a routine and its callers may be bound in a contract. In other words, if a caller promises to call a routine with the preconditions satisfied, then the routine promises to deliver a final state in which the postconditions are satisfied. With this convention programming style is considerably simplified because by having the constraints which calls to a routine must observe specified as preconditions, the developer may assume when writing the routine body that the constraints are satisfied, and does not need to test for them in the body.
So if a square root function, meant to produce a real number as a result, is of the form
sqrt (x: REAL): REAL is
xe2x80x94Square root of x
require
x greater than =0
do . . . end
the developer may write the algorithm for computing the square root without any concern for the case in which x is negative because this is taken care of by the precondition and becomes the responsibility of the clients.
While conventional programming wisdom would suggest that in order to create reliable software every component of the system should be designed so that it protects itself as much as possible, such as by providing checks, under the theory that while a redundant check may not help, at least it won""t hurt.
However, the xe2x80x9cat least it won""t hurtxe2x80x9d theory ignores the cost of computing. Redundant checks imply a performance penalty because the checks must be executed. If the checks are used, then they must be later removed to remove the performance penalty.
With Design by Contract, the checks are no longer needed because of the guarantee that for every interaction between two elements there is an explicit roster of mutual obligations and benefits, i.e., the contract. The contract specifies which party is responsible for the enforcement of each specified condition that could jeopardize a routine""s proper functioning.
If the caller is to be responsible for enforcement of a particular condition, the condition is specified as a precondition of the routine. If the routine is to be responsible, then the condition will be expressed as a conditional instruction, or some functional equivalent, in the body of the routine.
A programming language called Eiffel was created to facilitate Design by Contract. Eiffel provides built-in features to support the implementation of Design by Contract. The example below illustrates those features. The following example shows a partial implementation of a bounded queue, with methods put and remove. The pre- and post-conditions for those methods are coded explicitly with the xe2x80x9crequirexe2x80x9d and xe2x80x9censurexe2x80x9d features of Eiffel.
The assertions are checked at run-time. This checking can be turned on or off as a result of a compilation switch.
Design by Contract and the Eiffel programming language are described in more detail in Bertrand Meyer, Object-Oriented Software Construction, 2/e, Prentice-Hall PTR, 1997, which is hereby incorporated by reference.
In most traditional programming languages, Design by Contract is implemented by intertwining the implementation of the preconditions and postconditions with the implementation of the modules, such as in Table 1, which will be described in greater detail below.
With aspect-oriented programming, the implementations of the preconditions and postconditions may be extracted into aspects, so that they are easier to plug in and unplug from the program module being developed.
Traditional programming languages typically work well for design decisions that define a unit of functionality, such as a procedure or an object. Procedural languages such as for Fortran, Pascal, and C are useful for defining programs where the execution is straightforward, beginning at a starting point and executing in a stepwise manner to an end. In this model, design issues can be addressed by units of contiguous program execution. Deviations from the straightforward path are provided by function calls which allow program execution to jump from the main routine to the subroutine, and back again to the main routine. The use of subroutines allows for programming efficiency for implementing common routines; however, with programs becoming increasingly more complicated, and the number of common routines also growing, programs written in procedural languages are becoming increasingly complicated and difficult to maintain.
With modem computer programs becoming increasingly long and complex creations which may have many millions of lines of code, the concept of modularity is becoming increasingly important in the development of software. With a modular approach, the various functions of a computer program may be separated into modules which various programmers can work on independently. One popular programming paradigm that embodies the concept of modularity is that of object-oriented programming (OOP).
The central idea behind object-oriented programming is the object model, where all programs are structured as collections of interrelated objects, each of which represents an instance of some class in a hierarchy of object classes.
Object-oriented programming involves defining, creating, using, and reusing xe2x80x9cobjects,xe2x80x9d which can be used to model ideas and things in terms of their features (data) and behaviors (methods). Each object is a self-contained software element including data and methods for operating on the data. Objects are created by defining object classes from which objects are created, or xe2x80x9cinstantiated.xe2x80x9d The object classes are templates for creating objects. Each object created from a particular object class includes all the data and methods of the object class, as well as data and methods from its superclasses, and different objects of the same object class may be used for different purposes. Common object-oriented programming languages include Smalltalk, C++, and Java.
Other, non-OOP approaches are also commonly used, such as embodied in procedural programming languages and functional programming languages.
When design features may be cleanly divided among distinct elements, these approaches capture the benefits of modularity very well. However, these approaches fail to provide the proper support in certain situations, such as those involving shared resources, error handling, or other systemic issues where the same or similar functionality affects or is affected by many different elements.
The reason why these approaches are insufficient is that those issues cross-cut the primary modularization of the systems. Cross-cutting occurs when some particular concern depends on and/or must affect parts of the implementation of several of the functional modules of the system. Functional modules may include such software entities as objects and program modules, among others, and cross-cutting may occur across different software entities, in different places within the same software entities, or a combination of the two. Many cross-cuts are not weaknesses of the designs; they are a natural and unavoidable phenomena in complex systems, and they are the basis for the concept of xe2x80x9caspect.xe2x80x9d
Implementing those cross-cutting concerns in traditional programming languages, even object-oriented ones, typically requires scattering bits of code throughout the program, resulting in code that is referred to as xe2x80x9ctangled.xe2x80x9d
An aspect is a concern that cross-cuts the primary modularization of a software system. An aspect-oriented programming language extends traditional programming languages with constructs for programming aspects. Such constructs can localize the implementation of cross-cutting concerns in a small number of special purpose program modules, rather than spreading the implementation of such concerns throughout the primary program modules. As with other types of software elements, an aspect may include both data and methods.
In order to capture the cross-cutting nature of aspects, such special program modules break the traditional rules of encapsulation in principled ways. They can affect the implementation of software entities implementing primary functionality without the explicit consent of those software entities; further, they can do that for several software entities simultaneously.
Aspect oriented programming (AOP) extends the expressive facilities available to the programmer, so that many design decisions can be expressed locally. The AOP programmer writes the base program in a traditional programming language, and also writes pieces of aspect code, each of which affects executions that are described in some parts of the base program.
In such a manner, aspect code can localize the implementation of some design patterns in a few modules, rather than spreading the fields and methods of those patterns throughout the classes, and can capture the tracing, debugging and instrumentation support for a complex system in a few modules, capture error handling protocols involving several classes in a single module, and capture resource sharing algorithms involving several classes in a single module, rather than as multiple code fragments tangled throughout the classes.
The special program modules for programming aspects enable this by cross-cutting the modularity of classes in principled ways. So one of those special program modules can affect the implementation of several classes (or several methods within a single class) in a clean, principled way. Aspect-Object interaction differs from Object-Object interaction and other traditional programming paradigms in that with the traditional approaches, all behaviors of the objects are encapsulated in the objects themselves, either as a direct implementation in the object class definition, as a request encoded in the object class definition to use the behaviors of other objects (e.g., a method call), or as a request in the object class definition to reuse the implementations of other object classes (e.g., through inheritance). Thus, in these traditional approaches, all control of an object""s behavior lies with the object itself. In the AOP environment, on the other hand, a part of the object""s behavior can be defined in an aspect outside of the object without the object having to request the behavior in any way. Thus, it can be said that a part of the object""s behavior is transparently forced on the object by the aspect. Moreover, aspects have a more global effect in that one aspect can forces its behavior on multiple objects, possibly of different classes.
The paradigm of Aspect-Oriented Programming (AOP) was first introduced in Gregor Kiczales et al., Aspect-Oriented Programming in Proceedings of the European Conference on Object-Oriented Programming (ECOOP 97), June 1997 (xe2x80x9cKiczalesxe2x80x9d), which is hereby incorporated by reference. A new unit of software modularity, called an aspect, is provided that appears to provide a better handle on managing cross-cutting concerns.
In Kiczales, only highly domain-specific aspect-oriented systems had been developed. It also addresses a goal of developing a general purpose AOP mechanism. However, it remains unknown in the art how to generalize from the very specific examples of AOP to arrive at the necessary abstractions to create a general model. Thus, aspect-oriented programming has remained a hypothetical paradigm having the goal of providing a clean separation between and among components and aspects.
While it is desirable to ensure correct design using preconditions and postconditions during the development of a software program, it becomes undesirable to retain those preconditions and postconditions once the software program is complete because of they are no longer necessary, and only serve to increase the size of the program, and decrease execution speed. However, since the code for implementing the preconditions and postconditions cross-cut code for the program module being developed, the task of removing the preconditions and postconditions after testing involves substantial editing of the software entity embodying the resource.
The features of the Eiffel programming language have some similarities with aspects, but they are significantly different. First of all, in Eiffel the assertions are coded within the classes, and not in separate modules. Each method in Eiffel can include a xe2x80x9cheaderxe2x80x9d with preconditions and a xe2x80x9cfooterxe2x80x9d with postconditions, but there is no way to program those assertions outside of the methods, and with a more global perspective. So, in an Eiffel application the design contract does not correspond to an implementation contract module in the program.
Second, the assertions in Eiffel are part of the classes, and not imposed on them. In the current invention, assertions can be imposed by aspect modules on other modules of the program. One useful usage of this is to provide contracts for interfaces (modules with operations but without implementations).
The present invention is directed to the development of software programs using Design by Contract methodology implemented in an aspect-oriented programming environment. A presently employed aspect-oriented programming environment is called AspectJ.
AspectJ is an extension to the object-oriented Java programming language. In AspectJ, object code is encapsulated in Java classes, and aspect code is encapsulated in special program modules called xe2x80x9caspectsxe2x80x9d.