Abstract
Security, networking and prefetching are typical examples of concerns which crosscut system-level C applications. While a careful design can help to address these concerns, they frequently become an issue at runtime, especially if avoiding server downtime is important. Vulnerabilities caused by buffer overflows and double-free bugs are frequently discovered after deployment, thus opening critical breaches in running applications. Performance issues also often arise at run time: in the case of Web caches, e.g., a prefetching strategy may be required to increase performance. Aspect-oriented programming is an appealing solution to solve these issues. However, none of the current dynamic aspect systems is expressive and efficient enough to support them properly in the context of C applications. Arachne is a new aspect system specifically designed to address these issues. Its aspect language allows aspects to be expressed concisely using a sequence construct for quantification over function calls and accesses through variable aliases. Arachne enables aspects to be woven “on the fly” in running legacy applications. We show how these abilities can be used to prevent security breaches, to modularize the replacement of network protocols by more efficient ones, and to introduce prefetching in Web caches. We present two formal semantics for Arachne: one which defines in abstract terms the main properties of the sequence construct, and a second one which enables reasoning about the actual implementation. Following a detailed presentation of Arachne’s implementation, we give performance evaluations showing that Arachne is fast enough to extend high-performance applications, such as the Squid Web cache.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Wessels, D.: Squid: The Definitive Guide. O’Reilly, Sebastopol (2004)
Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C.V., Loingtier, J.-M., Irwin, J.: Aspect-Oriented Programming. In: Aksit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997)
Coady, Y., Kiczales, G., Feeley, M., Smolyn, G.: Using AspectC to improve the modularity of path-specific customization in operating system code. In: Gruhn, V. (ed.) Proceedings of the Joint 8th European Software Engeneering Conference and 9th ACM SIGSOFT Symposium on the Foundation of Software Engineering (ESEC/FSE 2001). SOFTWARE ENGINEERING NOTES, vol. 26(5), pp. 88–98. ACM, New York (2001)
Ségura-Devillechaise, M., Menaud, J.M., Muller, G., Lawall, J.: Web cache prefetching as an aspect: Towards a dynamic-weaving based solution. In: Proceedings of the 2nd International Conference on Aspect-Oriented Software Development, pp. 110–119. ACM, New York (2003)
Arce, I., Levy, E.: An analysis of the slapper worm. IEEE Security and Privacy 1, 82–87 (2003)
Solar Designer: JPEG COM Marker Processing Vulnerability in Netscape Browsers (1997), http://www.openwall.com/advisories/OW002-netscape-jpeg/
Ubuntu: Squid Proxy Cache Double Memory Free Vulnerability (2005), http://www.security.nnov.ru/Idocument338.html
American National Standards Institute: ANSI/ISO/IEC 9899-1999: Programming Languages — C. American National Standards Institute, New York (1999)
CERT Coordination Center: CERT Advisory CA-2001-13 Buffer Overflow in IIS Indexing Service DLL (2001), http://www.cert.org/advisories/CA-2001-13.html
CERT Coordination Center: ”Code Red” Worm Exploiting Buffer Overflow in IIS Indexing Service DLL (CERT Incident Note IN-2001-10) (2001), http://www.cert.org/incident_notes/IN-2001-08.html
US-CERT (United States Computer Emergency Readiness Team): Microsoft SQL Server 2000 contains stack buffer overflow in SQL Server Resolution Service (Vulnerability Note VU#484891) (2002), http://www.kb.cert.org/vuls/id/484891
CERT Coordination Center: CERT Advisory CA-2003-04 MS-SQL Server Worm (2003), http://www.cert.org/advisories/CA-2003-04.html
US-CERT (United States Computer Emergency Readiness Team): Microsoft Windows RPC vulnerable to buffer overflow (Vulnerability Note VU#568148) (2003), http://www.kb.cert.org/vuls/id/568148
CERT Coordination Center: CERT Advisory CA-2003-20 W32/Blaster worm (2003), http://www.cert.org/advisories/CA-2003-20.html
Ruwase, O., Lam, M.S.: A practical dynamic buffer overflow detector. In: Proceedings of the 11th Annual Network and Distributed System Security Symposium. Internet Society, San Diego (2004)
CERT Coordination Center: CERT/CC advisories (1988), http://www.cert.org/advisories/
Wagner, D., Foster, J.S., Brewer, E.A., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: Network and Distributed System Security Symposium, pp. 3–17. Internet Society, San Diego (2000)
Cowan, C., Wagle, P., Pu, C., Beattie, S., Walpole, J.: Buffer overflows: Attacks and defenses for the vulnerability of the decade. In: DARPA Information Survivability Conference and Exposition (DISCEX), Hilton Head Island, SC, USA, vol. 2, pp. 119–129. IEEE, Los Alamitos (2000)
Wilander, J., Kamkar, M.: A comparison of publicly available tools for dynamic buffer overflow prevention. In: Proceedings of the 10th Network and Distributed System Security Symposium, pp. 149–162. Internet Society, San Diego (2003)
Larochelle, D., Evans, D.: Statically detecting likely buffer overflow vulnerabilities. In: Proceedings of the 10th USENIX Security Symposium, pp. 177–190, USENIX, Washington, (2001)
Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proc. 7th USENIX Security Conference, pp. 63–78, USENIX, San Antonio (1998)
Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., Wang, Y.: Cyclone: A safe dialect of C. In: Proceedings of the USENIX Annual Technical Conference, pp. 275–288, USENIX, Monterey (2002)
Condit, J., Harren, M., McPeak, S., Necula, G.C., Weimer, W.: CCured in the real world. In: PLDI 2003: Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, pp. 232–244. ACM, San Diego (2003)
Jones, R., Kelly, P.: Backwards-compatible bounds checking for arrays and pointers in C programs. In: Kamkar, M. (ed.) Proceedings of the Third International Workshop on Automatic Debugging, Linköping, Sweden, vol. 2. Linköping Electronic Articles in Computer and Information Science, pp. 13–26 (1997)
Keromytis, A.D.: Patch on demand saves even more time? IEEE Computer 37, 94–96 (2004)
US-CERT (United States Computer Emergency Readiness Team): Squid Proxy Server contains buffer overflow in parsing of the authentication portion of FTP URLs (Vulnerability Note VU#613459) (2002), http://www.kb.cert.org/vuls/id/613459
Berners-Lee, T., Fielding, R., Frystyk, H.: RFC 1945: Hypertext Transfer Protocol — HTTP/1.0. Status: INFORMATIONAL (1996)
Postel, J.: Transmission Control Protocol. RFC 793 (1981), http://www.rfc-editor.org/rfc/rfc793.txt
Arlitt, M., Jin, T.: A workload characterization study of the 1998 world cup web site. IEEE Network 14, 30–37 (2000)
Cidon, I., Gupta, A., Rom, R., Schuba, C.: Hybrid TCP-UDP transport for web traffic. Technical Report 99-71, Sun Microsystems Laboratories, Palo Alto, CA (1999)
Rabinovich, M., Wang, H.: DHTTP: An efficient and cache-friendly transfer protocol for web traffic. In: IEEE INFOCOM, pp. 1597–1606 (2001)
Chen, H., Mohapatra, P.: CATP: A context-aware transportation protocol for HTTP. In: International Workshop on New Advances in Web Servers and Proxy Technologies Held with ICDCS, Providence, RI, USA, pp. 922–927 (2003)
Postel, J.: User datagram protocol. RFC 768 (1980), http://www.rfc.net/rfc768.html
Comer, D., Stevens, D.: Internetworking with TCP/IP, Volume III — Client-Server Programming and Applications for the BSD Socket Version, vol. III. Prentice Hall, Englewood Cliffs (1993)
Issarny, V., Banâtre, M., Charpiot, B., Menaud, J.-M.: Quality of Service and Electronic Newspaper: The Etel Solution. In: Krakowiak, S., Shrivastava, S.K. (eds.) BROADCAST 1999. LNCS, vol. 1752, pp. 472–496. Springer, Heidelberg (2000)
Lieberherr, K.J., Palm, J., Sundaram, R.: Expressiveness and complexity of crosscut languages. Technical Report NU-CCIS-04-10, Northeastern University (2004)
Douence, R., Fradet, P., Südholt, M.: A framework for the detection and resolution of aspect interactions. In: Batory, D., Consel, C., Taha, W. (eds.) GPCE 2002. LNCS, vol. 2487, pp. 173–188. Springer, Heidelberg (2002)
Douence, R., Fradet, P., Südholt, M.: Composition, reuse and interaction analysis of stateful aspects. In: AOSD 2004: Proc. of 3rd International Conference on Aspect-Oriented Software Development, pp. 141–150. ACM, Lancaster (2004)
Jaffar, J., Michaylov, S., Stuckey, P.J., Yap, R.H.C.: The clp(r) language and system. ACM Trans. Program. Lang. Syst. 14, 339–395 (1992)
Schmidt, D.A.: Denotational semantics - A methodology for language development. Allyn and Bacon (1986), http://www.cis.ksu.edu/~schmidt/text/densem.html
Fritz, T.: An expressive aspect language with arachne. Master’s thesis, Ludwig-Maiximilians-Universität München (2005)
System Unix, U.S.L.: System V application binary interface intel 386 architecture processor supplement. Prentice Hall Trade (1994)
Hilsdale, E., Hugunin, J.: Advice weaving in AspectJ. In: Proceedings of the 3rd International Conference on Aspect-Oriented Software Development, pp. 26–35. ACM, New York (2004)
Clowes, S.: Injectso: Modifying and spying on running processes under linux. In: Black Hat Briefings (2001)
Intel Corportation: IA-32 Intel Architecture software developer’s manual. Intel Corportation (2001)
Chinen, K.I., Yamaguchi, S.: An interactive prefetching proxy server for improvement of WWW latency. In: INET 1997: Seventh Annual Conference of the Kuala Lumpur Internet Society, Malaysia (1997)
Rousskov, A., Wessels, D.: High-performance benchmarking with Web Polygraph. Software Practice and Experience 34, 187–211 (2004)
Kegel, D.: dkftpbench (2000), http://www.kegel.com/dkftpbench/
Spinczyk, O., Gal, A., Schröder-Preikschat, W.: AspectC++: An aspect-oriented extension to the C++ programming language. In: Proceedings of the Fortieth International Conference on Tools Pacific, Australian Computer Society, Sydney, Australia, pp. 53–60 (2002)
Almajali, S., Elrad, T.: Coupling availability and efficiency for aspect-oriented runtime weaving systems. In: DAW 2005: Proceeding of the 2nd Dynamic Aspects Workshop at AOSD, Chicago, IL, pp. 47–56 (2005)
Engel, M., Freisleben, B.: Supporting autonomic computing functionality via dynamic operating system kernel aspects. In: AOSD 2005: Proceedings of the 4th International Conference on Aspect-Oriented Software Development, pp. 51–62. ACM, New York (2005)
Douence, R., Motelet, O., Südholt, M.: A formal definition of crosscuts. In: Yonezawa, A., Matsuoka, S. (eds.) Reflection 2001. LNCS, vol. 2192, pp. 170–186. Springer, Heidelberg (2001)
Masuhara, H., Kawauchi, K.: Dataflow Pointcut in Aspect-Oriented Programming. In: Ohori, A. (ed.) APLAS 2003. LNCS, vol. 2895, pp. 105–121. Springer, Heidelberg (2003)
de Volder, K.: Aspect-Oriented Logic Meta Programming. In: Cointe, P. (ed.) Reflection 1999. LNCS, vol. 1616, pp. 250–272. Springer, Heidelberg (1999)
Andrews, J.H.: Process-algebraic foundations of aspect-oriented programming. In: Yonezawa, A., Matsuoka, S. (eds.) Reflection 2001. LNCS, vol. 2192, pp. 187–209. Springer, Heidelberg (2001)
Aßmann, U., Ludwig, A.: Aspect Weaving with Graph Rewriting. In: Czarnecki, K., Eisenecker, U.W. (eds.) GCSE 1999. LNCS, vol. 1799, pp. 24–36. Springer, Heidelberg (2000)
Åberg, R.A., Lawall, J.L., Südholt, M., Muller, G., Meur, A.F.L.: On the automatic evolution of an OS kernel using temporal logic and AOP. In: ASE 2003: Proceedings of the 18th IEEE International Conference on Automated Software Engineering, pp. 196–204. IEEE Computer Society, Montreal (2003)
Douence, R., Südholt, M.: A model and a tool for event-based aspect-oriented programming (eaop). Technical Report 02/11/INFO, École des mines de Nantes (2002); French version published in Proc. of LMO 2003, Hermes Sciences
Vanderperren, W., Suvée, D., Cibrán, M.A., De Fraine, B.: Stateful Aspects in JAsCo. In: Gschwind, T., Aßmann, U., Nierstrasz, O. (eds.) SC 2005. LNCS, vol. 3628, pp. 167–181. Springer, Heidelberg (2005)
Allan, C., Avgustinov, P., Christensen, A.S.: Adding trace matching with free variables to AspectJ. In: Gabriel, R.P. (ed.) OOPSLA 2005: ACM Conference on Object-Oriented Programming, Systems and Languages. ACM, New York (2005)
Aspray, W.: John von Neumann’s contributions to computing and computer science. Annals of the History of Computing 11, 189–195 (1989)
Luk, C.K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: Building customized program analysis tools with dynamic instrumentation. In: PLDI: Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation, pp. 190–200. ACM, Chicago (2005)
Hollingsworth, J.K., Miller, B.P., Goncalves, M.J.R., Naim, O., Xu, Z., Zheng, L.: MDL: A language and compiler for dynamic program instrumentation. In: PACT: Proceedings of the 6th Conference on Parallel Architectures and Compilation Techniques, pp. 201–213. IEEE Computer Society, San Francisco (1997)
Chiba, S.: Load-Time Structural Reflection in Java. In: Bertino, E. (ed.) ECOOP 2000. LNCS, vol. 1850, pp. 313–336. Springer, Heidelberg (2000)
Pawlak, R., Seinturier, L., Duchien, L., Florin, G.: JAC: A Flexible Solution for Aspect-Oriented Programming in Java. In: Yonezawa, A., Matsuoka, S. (eds.) Reflection 2001. LNCS, vol. 2192, pp. 1–24. Springer, Heidelberg (2001)
Popovici, A., Alonso, G., Gross, T.R.: Just-in-time aspects: Efficient dynamic weaving for Java. In: AOSD: Proceedings of the 2nd International Conference on Aspect-Oriented Software Development, pp. 100–109. ACM, New York (2003)
Chiba, S., Nakagawa, K.: Josh: An open AspectJ-like language. In: Murphy, G.C., Lieberherr, K.J. (eds.) AOSD: Proceedings of the Third International Conference on Aspect-Oriented Software Development, pp. 102–111. ACM, New York (2004)
Suvée, D., Vanderperren, W., Jonckers, V.: JasCo: An aspect-oriented approach tailored for component-based software development. In: Press, A. (ed.) AOSD 2003: Proc. of 2nd International Conference on Aspect-Oriented Software Development, pp. 21–29 (2003)
Bockisch, C., Haupt, M., Mezini, M., Ostermann, K.: Virtual machine support for dynamic join points. In: AOSD 2004: Proceedings of the 3rd International Conference on Aspect-Oriented Software Development, pp. 83–92. ACM, New York (2004)
JBoss Inc.: JBoss AOP (2005), http://jboss.com/products/aop
Spring Framework: Spring AOP (2005), http://www.springframework.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Douence, R., Fritz, T., Loriant, N., Menaud, JM., Ségura-Devillechaise, M., Südholt, M. (2006). An Expressive Aspect Language for System Applications with Arachne. In: Rashid, A., Aksit, M. (eds) Transactions on Aspect-Oriented Software Development I. Lecture Notes in Computer Science, vol 3880. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11687061_6
Download citation
DOI: https://doi.org/10.1007/11687061_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-32972-5
Online ISBN: 978-3-540-32974-9
eBook Packages: Computer ScienceComputer Science (R0)