AspectJ dflow Java dflow dflow AspectJ Java dflow 1 before(string x) : call(void Strm.print(String)) && args(x) && dflow[x, String y] [7] ( call(string Db.lookup(String)) && returns(y) ){ log.info(thisjoinpoint + ": " + x); } Java AspectJ [6] AspectJ Figure 1: dflow... 1 String id = in.read(); 2 String name = db.lookup(id); 3... 4 AspectJ strm.print("<h1>hello, "); 5 strm.print(name.touppercase()); 6 strm.print("</h1>"); 7... 8 Figure 2: 2 dflow dflow[x, y](q) [8] dflow 2 (x, y) 1 p (q) 1 lookup print (p) ( p 1 x q y ) 2 6 print p && dflow[x, y](q) 5,7 print lookup p x q y x y x 1 returns dflow [8] 1
1 pointcut atfilereading(string instr) : 2 target(t) && call(* *Reader.read*(..)) && returns(instr) && 3 dflow[object t, FileInputStream fis]( call(* FileInputStream.new(..)) && returns(fis) ); 4 5 pointcut atinetwriting(string outstr) : 6 target(t) && call(* *Writer.write*(String)) && args(outstr) && 7 dflow[object t, OutputStream os]( call(* Socket.getOutputStream()) && returns(os) ); 8 9 before(string w, String r) : atinetwriting(w) && dflow[w, r]( atfilereading(r) ){ 10 logger.warning(thisjoinpoint + ": " + w); 11 } Figure 3: dflow y instr x y 5 7 atinetwriting outstr 1.1 dflow 9 11 before atfilereading atinetwriting 1 Java 1.2 Java dflow Java [8, 5] [11] Java dflow AspectJ dflow dflow 3 2 AspectJ 3 1 3 AspectJ Java atfilereading instr 2 Reader read dflow invoke invoke t instr 3 FileInputStream fis 2, 3 Reader dflow read 1 invoke invoke (t) FileInputStream (fis) dflow 2 8 2 dflow 2
3 AspectJ set(y) = if(y points to a primitive value p) 4 5 associate flag with p; 6 else if(y points to a non-array object o) 7 8 9 associate flag with o; for(each field fd of o) set(o.fd); else if(y points to an array a) for(each i of 0 i < a.length) set(a[i]); 2 dflow check(x) = dflow if(x points to a primitive value p) dflow if(flag is associated with p) return T; else if(x points to a non-array object o) v1 if(flag is associated with o) return T; else v1 for(each field fd of o) 1 if(check(o.fd)) return T; else if(x points to an array a) Db.lookup for(each i of 0 i < a.length) if(check(a[i])) return T; return F; Strm.read Figure 4: set, check 2.1 p && dflow[x, y](q) dflow propagate [8] set declare propagate : q y call(stringbuffer StringBuffer.append(*)) && y args(s1) && target(s2) && returns(s3) : 4 set from s1, s2 to s3; append s1 s2 check true (+ - ) s3 set propagate check p x 3 dflow x 4 check dflow check AspectJ p && dflow[x, y](q) dflow ( 5) 3 dflow dflow set/check (1) (2) dflow (set$/check$ ) (1),(2) if(a == 0) ++b; a b dflow check 3
1... 89:;<=>0/123-./ *+,+-./?@A-B7=> *+,+-./ 0/123-./ *+,+4536.7! "#"#"#"#$%&'() Figure 5: AspectJ 2 String id = in.read(); 3 String name = db.lookup(id); 4 set$(name); 5... 6 String s1 = "<h1>hello, "; 7 if(check$(s1)) log.info(...); 8 strm.print("<h1>hello, "); 9 String s2 = name.touppercase(); 10 if(check$(s2)) log.info(...); 11 strm.print(s2); 12 String s3 = "</h1>"; 13 if(check$(s3)) log.info(...); 14 strm.print(s3); 15... 2 4 2 4.1 boolean Figure 6: : set$, check$ boolean 3 key dflow value 1 2 Java 6 Java java.util.weakhashmap AspectJ dflow, Java ( 7) AspectJ set$/check$ boolean 1.2 6 set$/check$ 4 set/check 1 1 2 5,7 boolean print 6 boolean 7,13 check$ ( check key value) 3 4
!"! " Figure 8: Figure 7: 4.2 4.2.1 set, check 1 (iaload, iastore ) p set p true check 4 ( 8 true false (1)) set/check 4 API ( 8 (2)) 4.2.2 ( 8 (3)) ( 8 (4)), (iload, istore, iadd, dup ) 7 stack[1] iload 2 iload 5; istore 7 2 Java set$/check$ set/check 5 dflow (getfield, putfield) check 4 java.lang.threadlocal 5
1 0? 1 0? 1 1 1 1 1 1?? 0 1 0? 0? 0?? 1?????? 1. set$/check$ Figure 9: 2. check check mayaddone x X if check X 0 else X mayaddone (X 0) X int mayaddone(int x){ if(...) return x + 1; else return x; } 2.1 append propagate mayaddone 1 (X 0) X X = 1 5.1 1? 5 : 1 ( ) Var 0 ( ) V 1,..., V n 6 Var = V 1... V n? ( ) 5.1.1 5.1.2 (iadd ) 2 10 9 ( ) 2 9 ( 5 6 V 1,..., V n 6
1... 2 Point p1 = new Point(); 3 p1.x = 10; p1.y = 100; 4 int hx = p1.x; 5... (Linpack [1]) (Compress [2]) (Mtrt [2]) Figure 10: : Point class Point { int x, y; } (Db [2]) 2 x set/check dflow 2 y set 5.1.1 void return check points-to flow-insensitive set/check 10 2 new Point dflow set$ 3? AspectJ 3 0 int CPU Pentium4(1.7GHz) 256MByte x, y OS Windows JDK1.4.2 0 4 hx? 6.1 5.2 check 6.1.1? check ( 11) load/store set/check ( check$ (p call/return ) )? p check Linpack Compress p? Db points-to 1.5 Mtrt 7!"#$% 5.1.2 6 4 5 Figure 11: 5 2 3 7
Compress 1.2 %&!"# Linpack Db!"# $ $ $ Linpack double +,-. '( )* )* Db boolean int boolean int 2 Figure 13: ( Compress, Mtrt 100 / ) 6.1.2 12 Compress (1.00) 2/3 Compress!"#$% %&!"#!"# +,-. )* Figure 12: Linpack Db 64 1.7 Mtrt Linpack check load/store 11 set/check API Mtrt API Compress Mtrt 36 206 16 61 7 AspectJ cflow set/check dflow 7 cflow ( 13) 7 4.2 Perl taint-check [12] $ '( )* 1 points-to flow-insensitive 8
ID boolean dflow taint-check Perl 9 dflow 1.1 dflow 1 dflow dflow [11] 0 dflow 60 1 dflow 1/3 Slam [4] JFlow [9] dflow Java points-to points-to [10, 13, 3] API set/check dflow ( ) context-sensitive dflow POPL 8 dflow 1 References dflow [1] Linpack. http://www.netlib.org/ 32 dflow benchmark/linpackjava/. dflow [2] SPECjvm98. http://www.spec.org/osg/ jvm98. (ID) [8] set/check [3] B. Blanchet. Escape analysis for object oriented languages. In OOPSLA 1999, pages 20 ID set/check 34, 1999. [4] N. Heintze and J. G. Riecke. The slam calculus: programming with secrecy and integrity. In ID POPL 1998, pages 365 377, 1998. [5] K. Kawauchi and H. Masuhara. (1, 0,?). In 3 SPA, ID AOP ( ), 2004. 9
[6] G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, and W.G. Griswold. An overview of aspectj. In ECOOP 2001, LNCS 2072, pages 327 355, 2001. [7] G. Kiczales, J. Lamping, A. Menhdhekar, C. Maeda, C. Lopes, J.-M. Loingtier, and J. Irwin. Aspect-oriented programming. In ECOOP 1997, LNCS 1241, pages 220 242, 1997. [8] H. Masuhara and K. Kawauchi. Dataflow pointcut in aspect-oriented programming. In APLAS 2003, LNCS 2895, pages 105 121, 2003. [9] A. C. Myers. Jflow: Practical mostly-static information flow control. In POPL 1999, pages 228 241, 1999. [10] A. Rountev, A. Milanova, and B. G. Ryder. Points-to analysis for java using annotated constrains. In OOPSLA 2001, pages 43 55, 2001. [11] A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE J. Selected Areas in Communications, 21(1):5 19, January 2003. [12] L. Wall and R. Schwartz. Programming Perl. O Reilly and Associates, 1991. [13] J. Whaley and M. Rinard. Compositional pointer and escape analysis for java programs. In OOPSLA 1999, pages 187 206, 1999. 10