Remote Pointcut - A Language Construct for Distributed AOP

Download Report

Transcript Remote Pointcut - A Language Construct for Distributed AOP 

Negligent Class Loaders for Software
Evolution
Yoshiki Sato, Shigeru Chiba
(Tokyo Institute of Technology and
Japan Science and Technology Corp)
Jun 14, 2004
RAM-SE'04 Workshop, Oslo,
Norway
1
Java class loaders are great!!
 How do you implement dynamic AOP or reflection ?
 It should be easy if using class loaders
loader = new CustomClassLoader(…);
byte[] modifiedclass = translator.compose(“Product”, “Logging”);
Class c = loader.load(modifiedClass);
Product p = (Product) c.newInstance();
1.
Creating a custom class loader
2. Putting the logging functionality on the Product class using a translator
3. Loading the modified version of the Product class
Finally, we can get an instance of the new Product class
Common mistake!!!
Jun 14, 2004
RAM-SE'04 Workshop, Oslo,
Norway
2
Java class loaders are useless!!
 This is wrong implementation
 Two Product classes are loaded as different classes
 The system class loader loads one class file
 The CustomClassLoader loads another
They have the same name but are not compatible
loader = new CustomClassLoader(…);
byte[] modifiedclass = translator.compose(“Product”, “Logging”);
Class c = loader.load(modifiedClass);
Product p = (Product) c.newInstance(); ClassCastException
 Some experts may define the Product class as an interface
 But it is troublesome, slow and inflexible
We want to enable such a cast operation
Jun 14, 2004
RAM-SE'04 Workshop, Oslo,
Norway
3
The version barrier forbids this cast
 The version barrier is an obstacle to software evolution
 as well as the restricted ability for reloading a class
 Different versions of a class is not compatible in Java
 Those are separately loaded by distinct class loaders
 An instance can not be assigned to a variable of another
version of a class
loader1
product
old
product
Jun 14, 2004
new
incompatible
RAM-SE'04 Workshop, Oslo,
Norway
Version barrier
(i.e. namespace)
loader2
4
Why did the Java designer select this ?
 The version barrier guards JVMs against typespoofing without runtime type checks

Type-spoofing may crash JVMs by accessing an illegal memory
space (Sun JDK1.1 had the similar problem reported by Saraswat)
loader1(http://aaa/B.jar)
Product
getName()
getPrice()
loader2(http://xxx/Y.jar)
Product
Product p = (Product) c.newInstance();
p getName()
int price = p.getPrice();
p.getPrice()
Segmentation fault
 If the JVM does type checks on every instance access, the version
barrier is not needed
 It is unacceptable for Java
 Because the Java design prefers high-performance
Jun 14, 2004
RAM-SE'04 Workshop, Oslo,
Norway
5
Proposal:
Negligent Class Loader (NCL)
 The NCL can relax the version barrier among
the sibling loaders pairing in advance
1. Allows changing the class schema securely
2. Needs additional runtime checks but minimum
3. Negligent in updating instances
Parent class loader
Elder
NCL
An instance can be assigned
to a variable of the version of
the pairing loader
Jun 14, 2004
product
RAM-SE'04 Workshop, Oslo,
Norway
product
Younger NCL
6
Proposal:
Negligent Class Loader (NCL)
 The NCL can relax the version barrier among
the sibling loaders pairing in advance
1. Allows changing the class schema securely
 Adding, deleting and changing a method
 Not allowed weakening the access restriction
 Not allowed changing the class hierarchy
2. Needs additional runtime checks but minimum
3. Negligent in updating instances
Jun 14, 2004
RAM-SE'04 Workshop, Oslo,
Norway
7
Proposal:
Negligent Class Loader (NCL)
 The NCL can relax the version barrier among
the sibling loaders paired in advance
1. Allows changing the class schema securely
2. Needs additional runtime checks but minimum
 Compliant schema updates at class liking time
 The additional type checks for the NCL are needed only
when an explicit cast operator is executed
3. Negligent in updating instances
Jun 14, 2004
RAM-SE'04 Workshop, Oslo,
Norway
8
Proposal:
Negligent Class Loader (NCL)
 The NCL can relax the version barrier among
the sibling loaders paired in advance
1. Allows changing the class schema securely
2. Needs additional runtime checks but minimum
3. Negligent in updating instances
 The NCL doesn’t change the class versions of existing
instances
 Multiple class versions of instances coexist in a single
namespace without using an interface
 An instance keeps the initial version of the class as long
as it works properly
Jun 14, 2004
RAM-SE'04 Workshop, Oslo,
Norway
9
Changing the class schema securely
(TIB: type information block)
 The TIBs of both versions are updated to be compliant
with each other when a new version is loaded
 The corresponding methods share the same index into the TIB
 A TIB entry of a missing method is filled up with a SHF
(secure handling function) e.g. RuntimeException
caller
code
Old
1 a()
2 b()
object
Jun 14, 2004
a
b
TIB
Compliant schema
updates 1 a() Old
2
A new version
is loaded
b()
a
b
3
1
c() New
a()
a
SHF
c
SHF
RAM-SE'04 Workshop, Oslo,
10
compatible
Norway
Additional runtime checks
 Only runtime checks by checkcast is extended
 Different versions of the class are compatible between the
pairing NCLs (relaxed version barrier)
 Other instructions such as invokevirtual, getfield and astore
are not extended because of the bridge-safe property
An instance from the pairing NCL must be
 upcast to their supertype loaded by their common parent loader
 downcast to a variable of the corresponding type
Object obj =
(Product) obj;
Product p = checkcast
Jun 14, 2004
Elder NCL
RAM-SE'04 Workshop, Oslo,
Norway
Parent CL
c.newInstance();
Younger NCL
11
Two approaches for runtime evolution
 Dealing with instances of multiple versions of a class
 Negligent Class Loaders
 Runtime instrumentation of running programs




Sun JDK1.4 JPDA (JDK1.5 java.lang.instrument)
Dynamic Java Classes [Malabarba00ECOOP]
PROSE2 [Popovicci03ECOOP]
Steamloom [Bockisch04AOSD]
Most of
previous
work
 Recompiling a new version of a class definition
 And invalidating an old version of a class definition
It implies performance penalties and spoils runtime
optimizations by a JIT compiler
Jun 14, 2004
RAM-SE'04 Workshop, Oslo,
Norway
12
Conclusions
 We are currently implementing our approach on IBM
Jikes RVM 2.3.2
 Future directions



Evaluating performance overheads
Handling fields and arrays of multi-versioned class
The proof of type safety and Java security architecture
Extensibility
Jun 14, 2004
Our goal
Dynamic typing
CLOS,Smalltalk,Ruby
-> flexible but slow
Static typing
Java,C#,C++
Runtime
Workshop, Oslo,
-> fastRAM-SE'04
but inflexible
Norway
overhead
13
Difficult issues
 The existing fields must not be decreased in the new
version and only a private field can be added into the
new version
 Because an entry of a field table is generally not a function
but just an element of arrays
 The SHF can not be invoked at a field access by being
inserted into a field table
 Inlining methods must be invalidated
 Because it is not executed by referring the function tables
with the specified method index
 An instance can not be handled keeping its own version
Jun 14, 2004
RAM-SE'04 Workshop, Oslo,
Norway
14