以AspectFun探討模組化型態擴充與泛型程式設計 / A study on modular type extension and generic programming using AspectFun

陳政宏, Chen, Cheng Hung

Unknown Date

AspectFun是一個語法近似Haskell語言的函數式剖面導向語言。本論文中探討AspectFun在模組化型態擴充以及泛型程式設計上可扮演的角色。研究首先比較剖面與Haskell語言的type class在處理型態擴充需求議題的可行性，型態擴充議題我們以著名的Expression Problem作為代表(程式語言機制如何確保程式在擴充資料與運算函數的過程中，不需要修改舊有的程式碼，並能確保程式的型態安全)。 我們接著會探討剖面如何以模組化方式實現泛型程式設計。泛型程式設計是指函數接收一額外的型態引數，且函數所執行的運算是依據此型態引數結構來進行的。型態引數是用來表示函數所處理的引數或其回傳值型態為何，但型態引數在函數定義中可能是明確定義的或者隱含的。在此研究中會展示以剖面實現的泛型程式設計更優於使用type class。此外，本研究為使AspectFun可以實現泛型程式設計方法，亦在AspectFun擴充了Existential types與多型互遞迴函數。 / AspectFun is an aspect-oriented functional language with a Haskell-like syntax. This thesis present an study on modular type extension and generic programming using AspectFun. First, we compare the feasibility of using aspects and Haskell's type classes to address the type extension requirements as stated in the famous expression problem (which calls for language mechanisms that can support type-safe program extension in both the dimensions of data types and associated operations, yet neither code duplication nor code rewriting is required.) Second, we investigate how to use aspects to support generic programming in amodular manner. Generic programming means a form of programming in which a function takes a type as argument, and its behavior depends upon the structure of this type. The type argument, which may be explicit or implicit, represents the type of values to which the function is applied, or which the function returns. We show that aspects can do better than type classes in supporting generic programming. In particular, we extend AspectFun with existential types and polymorphic mutual recursion to achieve such a result.

函數式剖面導向語言

泛型程式設計

AspectFun

generic programming

expression problem

type class

建構可重用與細緻化的剖面導向存取控管框架 / Building a Reusable and Fine-grained Aspect-Oriented Access Control Framework

黃植懋, Huang , Chih-Mao

Unknown Date

隨著網路應用的發達與普及，應用系統的安全防護非常重要，但是要將安全方防護方面的設計與製作做好，卻不容易。因為與安全相關的程式碼必須嵌入到應用系統的各個模組中去執行，具有橫跨（cross-cutting）的特性。在設計時，若不加以區分，仍然以一般的物件或是函式模組來將其模組化的話，往往造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象，當系統愈趨複雜時，這些問題就愈顯嚴重，結果導致系統不易維護且錯誤頻仍。 最近興起的剖面導向程式設計（Aspect-Oriented Programming）基於關注分離的原則（Separation of Concerns），針對像安全這類橫跨性的需求，倡議在原有的物件或函式模組外，另以剖面（aspect）作為這些橫跨性需求的模組單位，以大幅改善應用系統的模組性。近兩三年來，這方面的發展迅速，各種支援方面導向的程式語言與相關工具相繼推出，美國全錄公司柏拉圖實驗室發展的AspectJ語言就是一個具代表性的成果。本論文以剖面導向的原則，以AspectJ及JBossAOP為主要工具，針對Web應用程式在認證與存取控管方面的安全需求，設計與製作一套具重用性且可處理資料內容相關、細緻層級的存取控管框架。 / Access control is a system-wide concern that has both a generic nature and an application dependent characteristic. It is generic as many functions must be protected with restricted access, yet the rule to grant a request is highly dependent on the application state. Hence it is common to see the code for implementing access control scattered over the system and tangled with the functional code, making the system difficult to maintain. This thesis addresses this issue for Web applications by presenting a practical access control framework based on aspect-oriented programming (AOP). Our approach accommodates a wide range of access control requirements of different granularity. AOP supports the modular implementation of access control while still enables the code to get a hold of the application state. Moreover, framework technology offers a balanced view between reuse and customization. As a result, our framework is able to enforce fine-grained access control for Web applications in a highly adaptable manner.

存取控管

剖面導向程式設計

框架

網頁應用程式

Access Control

Aspect-Oriented Programming

Framework

Web Applications

利用剖面織入技術偵測Java程式中的記憶體漏失 / Aspect-Based Instrumentation for Locating

陳鉅秉, Chen,Ju-Bing

Unknown Date

Despite the built-in garbage collector, Java programs can still suffer the memory leak problem resulted from the unhealthy programming style of retaining unwanted references. This paper presents an aspect-based tool for assisting programmers in locating such references to fix the problem. This tool, FindLeaks, utilizes an aspect to collect memory consumption statistics and object references created during a program’s execution and analyzes them for detecting memory leaks. The distinctive feature of FindLeaks is that it reports not only suspected classes of leaked objects but also where in the source the unwanted references were created. Besides, this paper also reports our experience with FindLeaks on three open source Java programs and how we enhanced it to lower its overhead.

記憶體漏失

垃圾回收器

程式織入

剖面導向程式設計

memory leak

garbage collection

code instrumentation

aspect-oriented programming

AspectJ

以靜態織入方法實現剖面導向工作流程 / Design and Implementation of a Static Weaver for Aspectual Workflow

許朝傑, Hsu, Chao Chieh

Unknown Date

現今的應用系統中常會有橫跨性(Cross-Cutting)的程式模組存在，這類程式模組包括：日誌記錄、授權認證、資料永存性等，而這種程式模組在系統中若沒有被區分抽離出來，常常會導致系統重複出現與主要功能需求無關的程式碼，除此之外，這些橫跨性需求的程式碼還會與主要功能需求程式碼糾結在一起，造成程式碼夾雜不清的現象。在工作流程(Workflow)的開發過程中也有著相同的問題。為了解決上述的問題，本研究以JBoss jBPM(Java Business Process Manage- ment)為基礎平台，將剖面導向程式設計(Aspect-Oriented Progra- mming)的觀念與技術運用在工作流程的領域中，使流程設計人員能夠利用AOP的方式來解決橫跨性需求的模組化問題，並且利用靜態織入方法，改善jBPM工作流程引擎進行剖面流程在織入時的效能。 / Cross-cutting concerns are those system design issues that cut across the various modules of an application and are typically foundational system services that we need to consider before diving into building an application. Most common among these are logging, authentication, authorization, and persistence. Cross-cutting concerns always cause program code to be scattered and tangled, and therefore make it harder to understand and maintain. Similar problem also occurs in the field of workflow. In our research, we apply the concept of aspect-oriented programming(AOP) to the field of workflow system, and implement a static weaver for jBPM. With static weaver, process designer can use the facilities of AOP, and the performance is also improved via static weaving .

剖面導向程式設計

工作流程

流程描述語言

靜態織入

橫跨性流程

aspect-oriented programming

workflow

jPDL

static weaving

cross-cutting concerns

應用剖面導向技術研製網路應用程式之可設定式細緻化存取控管

林經緯, Lin,Ching Wei

Unknown Date

存取控管(Access Control)是網路應用程式(Web Applications)安全防護中的核心課題。貫徹存取控管的程式碼往往必須嵌入到應用系統的各個模組中，具有橫跨(cross-cutting)的特性，卻也因此常常造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象。所以學界業界紛紛提出了許多可設定式(configurable)的存取控管機制來解決此一問題。但這些機制都著重在一般功能性(function-level)的存取控管，對於較細緻化(fine-grained)的資料存取(data-level)控管，並未提供設定式的控管方式，還是得透過程式化(programmatic)的方式處理，所以仍然有程式橫跨性的問題。 最近興起的剖面導向程式設計(Aspect-Oriented Programming)基於關注分離的原則(Separation of Concerns)，針對像安全橫跨性的需求，倡議在原有的物件或函式模組外，另以剖面作為這些橫跨性需求的模組單位，既可集中開發又可依規則將安全程式碼整合至系統的各個模組。因此本研究將以AOP技術來設計與製作一套可設定式的細緻化存取控管服務與工具。 / Security is attracting more and more concerns in the development of Web applications. However, it is not easy to derive a robust security implementation for Web applications. The principle difficulty in designing security such as access control into an application system is that it is a concern that permeates through all the different modules of a system. As a result, security concerns in an application are often implemented with scattered and tangled code, which is not only error-prone but also makes it difficult to verify its correctness and perform the needed maintenance. Aspect-Oriented Programming (AOP) is a relative new design method that allows a programmer to isolate some of the code that crosscuts his program modules into a separate module, and thus realizes the concept of Separation of Concerns. AOP offers significant advantages to programming over traditional OO techniques in implementing crosscutting concerns such as access control. In this thesis, we define an XML schema for specifying fine-grained access control rules for Web applications in a configuration file and devise an aspect-oriented implementation scheme. Specifically, we develop an aspect synthesis tool that generates concrete access control aspects automatically from access control rules. These aspects, after woven into the base application, will enforce proper access control in a highly modular manner. As a result, we get a configurable implementation of access control that is not only adaptive but also effective.

網路應用程式

宣告式存取控管機制

以角色為基礎之存取控管

資料層次存取控管

剖面導向程式設計

web applications

data-level access control

Role-based access control

MVC

Aspect-oriented programming