Done well, separation of concerns can provide many soft-ware engineering benefits, including reduced complexity, im-proved reusability, and simpler evolution. The choice of boundaries for separate concerns depends on both require-ments on the system and on the kind(s) of decompositionand composition a given formalism supports. The predominant methodologies and formalisms available, however, support only orthogonal separations of concerns, along sdngle dimen-sions of composition and decomposition. These characteris-tics lead to a number of well-known and difficult problems. This paper describes a new paradigm for modeling and im-plementing software artifacts, one that permits separation of overlapping concerns along multiple dimensions of composi-tion and decomposition. This approach addresses numerous problems throughout the software lifecycle in achieving well-engineered, evolvable, flexible software artifacts and trace-ability across artifacts.

Abstract not found

As software systems become more complex, the overall system structure---or software architecture---becomes a central design problem. A system's architecture provides a model of the system that suppresses implementation detail, allowing the architect to concentrate on the analyses and decisions that are most crucial to structuring the system to satisfy its requirements. Unfortunately, current representations of software architecture are informal and ad hoc. While architectural concepts are often embodied in infrastructure to support specific architectural styles and in the initial conceptualization of a system configuration, the lack of an explicit, independently-characterized architecture or architectural style significantly limits the benefits of software architectural design in current practice. In this dissertation, I show that an Architecture Description Language based on a formal, abstract model of system behavior can provide a practical means of describing and analyzing softwar...

A major obstacle to finding program errors in a real system is knowing what correctness rules the system must obey. These rules are often undocumented or specified in an ad hoc manner. This paper demonstrates tech-niques that automatically extract such checking information from the source code itself, rather than the programmer, thereby avoiding the need for a priori knowledge of system rules. The cornerstone of our approach is inferring programmer "beliefs" that we then cross-check for contradictions. Beliefs are facts implied by code: a dereference of a pointer, p, implies a belief that p is non-null, a call to "unlock(1)" implies that 1 was locked, etc. For beliefs we know the programmer must hold, such as the pointer dereference above, we immediately flag contra-

: Separation of concerns is at the core of software engineering, and has been for decades. This has led to the invention of many interesting, and effective, modularization approaches. Yet many of the problems it is supposed to alleviate are still with us, including dangerous and expensive invasive change, and obstacles to reuse and component integration. A key reason is that one needs different decompositions according to different concerns at different times, but most languages and modularization approaches support only one "dominant" kind of modularization (e.g., by class in object-oriented languages). Once a system has been decomposed, extensive refactoring and reengineering are needed to remodularize it. Multi-dimensional separation of concerns allows simultaneous separation according to multiple, arbitrary kinds (dimensions) of concerns, with on-demand remodularization. Concerns can overlap and interact. This paper discusses multi-dimensional separation of concerns in general, our particular approach to providing it, called hyperspaces , and our support for hyperspaces in Java^TM , called Hyper/J^TM. 2 Chapter # 1.

We present MultiJava, a backward-compatible extension to Java supporting open classes and symmetric multiple dispatch. Open classes allow one to add to the set of methods that an existing class supports without creating distinct subclasses or editing existing code. Unlike the “Visitor ” design pattern, open classes do not require advance planning, and open classes preserve the ability to add new subclasses modularly and safely. Multiple dispatch offers several well-known advantages over the single dispatching of conventional object-oriented languages, including a simple solution to some kinds of “binary method ” problems. MultiJava’s multiple dispatch retains Java’s existing class-based encapsulation properties. We adapt previous theoretical work to allow compilation units to be statically typechecked modularly and safely, ruling out any link-time or run-time type errors. We also present a novel compilation scheme that operates modularly and incurs performance overhead only where open classes or multiple dispatching are actually used. 1.

Polyglot is an extensible compiler framework that supports the easy creation of compilers for languages similar to Java, while avoiding code duplication.

This paper shows how system-specific static analysis can nd security errors that violate rules such as "integers from untrusted sources must be sanitized before use" and "do not dereference user-supplied pointers." In our approach, programmers write system-specific extensions that are linked into the compiler and check their code for errors. We demonstrate the approach's effectiveness by using it to nd over 100 security errors in Linux and OpenBSD, over 50 of which have led to kernel patches. An unusual feature ofour approach is the use of methods to automatically detect when we miss code actions that should be checked.

Supporting both intraclass and interclass crosscutting through model extension. It has been demonstrated that certain design concerns, such as access control, synchronization, and object interactions cannot be expressed in current OO languages as a separate software module [4, 7]. These so-called crosscutting concerns generally result in implementations scattered over multiple operations. If a crosscutting concern cannot be treated as a single module, its adaptability and reusability are likely to be reduced. A num-ber of programming techniques have been proposed to express cross-cutting concerns, for example, adaptive programming [9], AspectJ [8], Hyperspaces [10], and Composition Filters [1]. Here, we present the Composition Filters (CF) model and illustrate how it addresses evolving crosscutting concerns.

Requirements such as distribution or tracing have an impact on multiple classes in a system. They are cross-cutting requirements, or aspects. Their support is, by necessity, scattered across those multiple classes. A look at an individual class may also show support for cross-cutting requirements tangled up with the core responsibilities of that class. Scattering and tangling make object-oriented software difficult to understand, extend and reuse. Though design is an important activity within the software lifecycle with well-documented benefits, those benefits are reduced when cross-cutting requirements are present. This paper presents a means to mitigate these problems by separating the design of cross-cutting requirements into composition patterns. Composition patterns require extensions to the UML, and are based on a combination of the subjectoriented model for composing separate, overlapping designs, and UML templates. This paper also demonstrates how composition patterns map to one programming model that provides a solution for separation of cross-cutting requirements in code---aspect-oriented programming. This mapping serves to illustrate that separation of aspects may be maintained throughout the software lifecycle.