DOCSLIB.ORG

Exploitation As Code Reuse: on the Need of Formalization

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Exploitation As Code Reuse: on the Need of Formalization it 1/15 Exploitation as Code Reuse: On the Need of Formalization Sergey Bratus, Anna Shubina Abstract: This position paper discusses the need for modeling exploit computations and discusses possible formal approaches to it. ACM CCS: Security and privacy ! Formal methods and theory of security. Keywords: Exploitation, modeling, weird machines. 1 Introduction the security domain may be skewed due to the lack of uniform criteria. For example, Turing completeness of Exploitation of a vulnerability in software or hardware exploit programming models is a reasonable proxy for is making the system containing the vulnerability beha- the composability of their primitives|but is not equal ve unexpectedly. Since trustworthiness of a machine or to it. We may be under-studying practically important device is a matter of its expected behaviors, exploitation exploit models that are composable but not Turing com- is the central phenomenon of computer security. Acade- plete. mic computer security advances by formal models of the In this position paper, we attempt to unify the different computing phenomena it studies. Surprisingly, though, ideas regarding exploitation, and unpack the concepts it still lacks a unified formal approach to describing ex- possibly considered obvious|and thus overlooked. ploitation. One may argue that the concept of exploitation is so intuitive that it does not need formal definitions. Alt- hough we used to believe so in the past, we doubt it 2 Prior work now. For example, is being exploitable a property of a particular bug or feature, or a whole-system property of The understanding of exploitation as a programming the containing system? Our current terminology confu- discipline focusing on unexpected computation has a ses these alternatives. long history in the hacker community. Bratus et al. [8] give a sketch of how this discipline developed from lever- For a more substantive confusion, consider vastly diver- aging specific cases of memory corruption to chaining up gent treatment of exploitation across different techno- multiple primitives into powerful and generic program- logical domains. Academic literature on exploitation of ming models|up to Turing-completeness. executable binaries overwhelmingly uses the device of Turing completeness as a criterion of viable contributi- Exploits were understood both as proofs-by- on, whereas literature on exploitation of web applicati- construction of the unexpected computation's existence on platforms almost never uses this device, focusing in- (a.k.a. vulnerability) and as programs in their own stead on the specific techniques used (SQLi, XSS, etc.) right. But if exploits are programs, and generalize into or specific kinds of information that can be stolen. This programming models, what machines do they run on? is despite the fact that exploitation in both domains is Tautologically, exploits violate the expectations of the driven by crafted inputs and produces complex unex- original programmer or designer of the vulnerable soft- pected computations with unexpectedly meager means. ware, and hence their models of the target machine. The- This disparity is striking, and it persists across other se programmers or designers failed to see a richer ma- target domains. chine embedded or emergent in the target. Exploits run on these richer machines, and are proof-by-construction When closely related phenomena are treated so dif- that these richer machines exist. ferently, their root causes are masked, and their analysis is muddled. Research effort, after all, goes where success The term \weird machines", informally coined in [7] and is evident and likely to be recognized; our very view of expanded by [9], attempted to capture this intuition, by it { Information Technology 57 (2015) 1 c de Gruyter Oldenbourg 1 introducing the idea that an exploit's underlying execu- Intuitively, we might expect well-written programs to be tion model extended the programmer abstraction of the \stable" with respect to violations of their intermediary machine with additional \weird" states and transitions, conditions: we might expect small deviations from their arising, e.g., from memory corruptions or leaky abstrac- component preconditions to produce only small variati- tions. The underlying implementations or architectures ons in behavior. made these states representable and manipulable. The This expectation, however, is unfounded. The fact is manipulation (primarily, by means of crafted inputs) that correctness proofs of program verification—the was the subject of exploit programming, of \setting up, best weapon we have against unexpected execution|are instantiating, and programming the weird machine." [9] brittle with respect to any violations of their precondi- So formulated, the concept of a \weird machine" is in- tions. tuitive, and was indeed instantly recognizable to many exploitation researchers. This intuition has been applied 3.1 Program verification to a variety of programming models such as computa- tions driven by ELF metadata [21], x86 memory des- Proving the absence of unexpected computation is, of criptors [4], Linux kernel's signal-processing data struc- course, the holy grail of security|so it makes sense to tures [5], and Windows kernel's memory deduplication look at exploitation from the verification point of view. functionality [6], as well as others. Still, although pro- The foundations for proving correctness of computer ductive, it lacked a formal definition. programs were laid by the classic 1969 C.A.R. Hoare In [24], Vanegue produced the first formal definition paper [14]. for the weird machine as a computational phenomenon in the context of Proof-Carrying Code (PCC). Dullien in [10] constructs an architectural model demonstrating Hoare's formalism in a nutshell. In Hoare's con- the emergence of unexpected computation on a formally struction, code Q comes with pre-conditions P , and, defined platform. Vanegue in [25] develops an axiomatic given that these pre-conditions hold true, after execu- model connected with program verification. tion produces the post-conditions R (if Q terminates). Such statements P fQg R are written for all the ele- The purpose of this position paper is to explore the in- mentary operations of a programming language, and tuitions regarding exploitations in breadth rather than combined using intuitive Boolean logic axioms, such as: in depth. We leave the development of the formalisms to if P fQ1g R1 and R1 fQ2g R hold, then P fQ1 ; Q2g R the two papers mentioned above; here we discuss what hold. Then, if the entire program could be built up wi- could be formalized. thin the braces using such compositions, statement by statement, so that the condition P is empty|meaning \anything", \any circumstances"|then the program is 3 Exploitation and code reuse: a program considered proven to produce the desired post-condition, i.e., \proven correct". This construction from the ele- verification perspective mentary operations upwards is itself the proof|and cor- Code reuse in exploitation could be seen as a trivial responds directly to the more recent insights that pro- convenience (less attack payload to write and debug) or grams are proofs and propositions are types (cf. [26]). as a specialized trick to bypass certain protective mea- sures that prevent execution of foreign code (e.g., non- Code reuse vs proofs. An important property of the- executable stacks and heaps, or load-time code-signing se constructions is that they are brittle with respect to checks). When seen that way, code reuse may seem a violations of the pre-conditions at any point in the chain. marginal phenomenon that will be eventually mitigated No matter if some Q is proven correct under its precon- with further protective measures such as better ASLR, ditions P , we cannot assert anything about Q's behavior code diversity, etc. Defenders might also be tempted under a different P 0, however \small" (according to so- to apply these protections based on how desirable they me metric) the difference is. think the code is for the attackers to reuse (e.g., func- tion epilogues or indirect jumps for ROP), rather than Suppose we have a program fragment Q for which we throughout the code base. have proven P fQg R. Let us pose the question: what will Q compute, i.e., what set of post-conditions R it This view would be grossly misleading. If we take the can create, if we feed it inputs that don't obey P ? perspective that exploitation is unexpected computa- tion, then almost all code that runs under conditi- This is exactly how an exploit (re)uses Q. ons it was not meant to encounter|such as consu- For instance, can we use Q to construct a Turing- ming data not conforming to the type intended for its complete computation, similar to \weird machine" con- consumption|will likely perform unexpected computa- structions that reuse other code such as function epilo- tion. That is, any code that can have its assumptions gues, the ELF RTLD, or the x86 MMU? Can we use Q violated is potentially reusable by an exploit. as a primitive to combine with others in an exploit? In 2 short, what is the computational power of Q if we are located on the tape; for automata models, it is not spe- allowed to vary its inputs arbitrarily? cified where they exist before being fed in one by one, We can frame this question slightly differently. Given but we can assume a tape that moves only forward past P , Q, P fQg R and some variation P 0 of P , what can a fixed reading-only head. Nothing other that consump- we infer about the conditions R0 such
Load more

Recommended publications
  • New Inheritance Models That Facilitate Source Code Reuse in Object-Oriented Programming
    NEW INHERITANCE MODELS THAT FACILITATE SOURCE CODE REUSE IN OBJECT- ORIENTED PROGRAMMING By HISHAM M. AL-HADDAD Bachelor of Science Yarmouk University lrbid, Jordan 1986 Master of Science Northrop University Los Angeles, California 1988 Submitted to the Faculty of the Graduate College of the Oklahoma State University in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY July, 1992 Oklahoma Statt.' Ur1iv. Library NEW INHERITANCE MODELS THAT FACILITATE SOURCE CODE REUSE IN OBJECT- ORIENTED PROGRAMMING C/ wU::r-~ B I A~c;p .... _.-~ Dean of the Graduate CoUege ii PREFACE Code reusability is a primary objective in the development of software systems. The object-oriented programming methodology is one of the areas that facilitate the development of software systems by allowing and promoting code reuse and modular designs. Object-oriented programming languages (OOPLs) provide different facilities to attain efficient reuse and reliable extension of existing software components. Inheritance is an important language feature that is conducive to reusability and extensibility. Various OOPLs provide different inheritance models based on different interpretations of the inheritance notion. Therefore, OOPLs have different characteristics derived from their respective inheritance models. This dissertation is concerned with solutions for three major problems that limit the utilization of inheritance for code reusability. The range of object-oriented applications and thus the usage of object-oriented programming in general is also discussed. The three major problems are: 1) the relationship between inheritance and other related issues such as encapsulation, access techniques, visibility of inheritance, and subtyping; 2) the hierarchical structure imposed by inheritance among classes; and 3) the accessibility of previous versions of the modified methods defmed in classes located at higher levels of the inheritance structure than the parent classes.
    [Show full text]
  • Generic Programming
    Generic Programming July 21, 1998 A Dagstuhl Seminar on the topic of Generic Programming was held April 27– May 1, 1998, with forty seven participants from ten countries. During the meeting there were thirty seven lectures, a panel session, and several problem sessions. The outcomes of the meeting include • A collection of abstracts of the lectures, made publicly available via this booklet and a web site at http://www-ca.informatik.uni-tuebingen.de/dagstuhl/gpdag.html. • Plans for a proceedings volume of papers submitted after the seminar that present (possibly extended) discussions of the topics covered in the lectures, problem sessions, and the panel session. • A list of generic programming projects and open problems, which will be maintained publicly on the World Wide Web at http://www-ca.informatik.uni-tuebingen.de/people/musser/gp/pop/index.html http://www.cs.rpi.edu/˜musser/gp/pop/index.html. 1 Contents 1 Motivation 3 2 Standards Panel 4 3 Lectures 4 3.1 Foundations and Methodology Comparisons ........ 4 Fundamentals of Generic Programming.................. 4 Jim Dehnert and Alex Stepanov Automatic Program Specialization by Partial Evaluation........ 4 Robert Gl¨uck Evaluating Generic Programming in Practice............... 6 Mehdi Jazayeri Polytypic Programming........................... 6 Johan Jeuring Recasting Algorithms As Objects: AnAlternativetoIterators . 7 Murali Sitaraman Using Genericity to Improve OO Designs................. 8 Karsten Weihe Inheritance, Genericity, and Class Hierarchies.............. 8 Wolf Zimmermann 3.2 Programming Methodology ................... 9 Hierarchical Iterators and Algorithms................... 9 Matt Austern Generic Programming in C++: Matrix Case Study........... 9 Krzysztof Czarnecki Generative Programming: Beyond Generic Programming........ 10 Ulrich Eisenecker Generic Programming Using Adaptive and Aspect-Oriented Programming .
    [Show full text]
  • Code Reuse and Refactoring: Going Agile on Complex Products
    Code Reuse and Refactoring: Going Agile on Complex Products Using enterprise Software Version Management to coordinate complex products, seamlessly support Git developers, and solve refactoring problems. Table of Contents Component-Based Development __________________________________________________ 1 CBD Product Model ______________________________________________________________ 1 The Repository Model ____________________________________________________________ 2 Managing CBD in Git _____________________________________________________________ 2 Setting Up the CBD Model _____________________________________________________ 2 Incorporating Non-Software Components ____________________________________ 3 Updating Component Baselines ________________________________________________ 3 Submitting Patches to Components _____________________________________________ 4 Developer View _______________________________________________________________ 4 Refactoring: In Practice ________________________________________________________ 4 Refactoring: Developer Impact _________________________________________________ 4 Managing CBD in Perforce Software Version Management and Perforce Git Fusion ______ 5 Setting Up the CBD Model _____________________________________________________ 5 Incorporating Non-Software Components ____________________________________ 5 Updating Component Baselines ________________________________________________ 5 Submitting Patches to Components _____________________________________________ 5 Developer View _______________________________________________________________
    [Show full text]
  • A Model of Inheritance for Declarative Visual Programming Languages
    An Abstract Of The Dissertation Of Rebecca Djang for the degree of Doctor of Philosophy in Computer Science presented on December 17, 1998. Title: Similarity Inheritance: A Model of Inheritance for Declarative Visual Programming Languages. Abstract approved: Margaret M. Burnett Declarative visual programming languages (VPLs), including spreadsheets, make up a large portion of both research and commercial VPLs. Spreadsheets in particular enjoy a wide audience, including end users. Unfortunately, spreadsheets and most other declarative VPLs still suffer from some of the problems that have been solved in other languages, such as ad-hoc (cut-and-paste) reuse of code which has been remedied in object-oriented languages, for example, through the code-reuse mechanism of inheritance. We believe spreadsheets and other declarative VPLs can benefit from the addition of an inheritance-like mechanism for fine-grained code reuse. This dissertation first examines the opportunities for supporting reuse inherent in declarative VPLs, and then introduces similarity inheritance and describes a prototype of this model in the research spreadsheet language Forms/3. Similarity inheritance is very flexible, allowing multiple granularities of code sharing and even mutual inheritance; it includes explicit representations of inherited code and all sharing relationships, and it subsumes the current spreadsheet mechanisms for formula propagation, providing a gradual migration from simple formula reuse to more sophisticated uses of inheritance among objects. Since the inheritance model separates inheritance from types, we investigate what notion of types is appropriate to support reuse of functions on different types (operation polymorphism). Because it is important to us that immediate feedback, which is characteristic of many VPLs, be preserved, including feedback with respect to type errors, we introduce a model of types suitable for static type inference in the presence of operation polymorphism with similarity inheritance.
    [Show full text]
  • Beginning SOLID Principles and Design Patterns for ASP.NET Developers — Bipin Joshi Beginning SOLID Principles and Design Patterns for ASP.NET Developers
    THE EXPERT’S VOICE® IN .NET DEVELOPMENT Beginning SOLID Principles and Design Patterns for ASP.NET Developers — Bipin Joshi Beginning SOLID Principles and Design Patterns for ASP.NET Developers Bipin Joshi Beginning SOLID Principles and Design Patterns for ASP.NET Developers Bipin Joshi 301 Pitruchhaya Thane, India ISBN-13 (pbk): 978-1-4842-1847-1 ISBN-13 (electronic): 978-1-4842-1848-8 DOI 10.1007/978-1-4842-1848-8 Library of Congress Control Number: 2016937316 Copyright © 2016 by Bipin Joshi This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher's location, in its current version, and permission for use must always be obtained from Springer. Permissions for use may be obtained through RightsLink at the Copyright Clearance Center. Violations are liable to prosecution under the respective Copyright Law. Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.
    [Show full text]
  • Software Reusability: Approaches and Challenges
    International Journal of Research and Innovation in Applied Science (IJRIAS) |Volume VI, Issue V, May 2021|ISSN 2454-6194 Software Reusability: Approaches and Challenges Moko Anasuodei1, Ojekudo, Nathaniel Akpofure2 1Department of Computer Science and Informatics, Faculty of Science, Federal University Otuoke, Nigeria 2Department of Computer Science, Faculty of Natural and Applied Sciences, Ignatius Ajuru University of Education, Nigeria Abstract: Software reuse is used to aid the software phases. Software engineering has been more centered on development process which in recent times can improve the original development which gives an optimal software at a resulting quality and productivity of software development, by faster and less costly price, a design process based on assisting software engineers throughout various software systemic reusable is now recognized. engineering phases to enhance the quality of software, provide quick turnaround time for software development using few Software reuse reduces efforts and cost, because software people, tools, and methods, which creates a good software development costs can be extremely high, but they are quality by enhancing integration of the software system to shared, such that the cost of reuse can be extremely low. provide a competitive advantage. This paper examines the One major advantage of software reuse suggested by concept of software reuse, the approaches to be considered for keswani et al (2014) explains that there is a significant need software reuse, which is broadly shared into three categories: component-based software reuse, domain engineering and for the number of bugs to be reduced during software software product lines, architecture-based software reuse and development process, such that instead of developing an challenges that affect the software reuse development process.
    [Show full text]
  • Using Recursive Java Generics to Support Code Reuse in the CS2 Course
    Using Recursive Java Generics to Support Code Reuse in the CS2 Course J. Andrew Holey and Lynn R. Ziegler Department of Computer Science Saint John’s University and the College of Saint Benedict Collegeville, Minnesota 56321 [email protected] and [email protected] Abstract Showing students examples of code reuse in early Java programming courses is highly desirable, but one significant class of examples, linked data structures, is difficult to reuse and leads to frequent casting. We show a technique for using recursive generic parameters that significantly simplifies the inheritance of linked data structures, and we discuss the use of this technique in the CS2 course. 1 Introduction Java is well-established as the most frequently-used language in the first two programming courses at colleges and universities (CS1 and CS2). While there is serious and well-founded debate about whether other languages may be more appropriate for an introductory programming sequence at the college level, many computer science faculty members have become comfortable with using Java in these courses and are able to teach programming and problem-solving very effectively using this language. One of the advantages of using object-oriented languages like Java for teaching introductory programming is their support for the construction of abstract data types (ADTs). This support was enhanced in Java 5.0 with the introduction of generics. Libraries like the Java Collection Framework have reduced the emphasis on construction of ADTs in many CS2 courses, but most textbooks and instructors still choose to spend considerable time on the implementation of ADTs. It is now possible to guide students to produce simple and elegant implementations of the standards ADTs, including stacks, queues, various types of lists and trees, maps and even graphs.
    [Show full text]
  • A Foundation for Trait-Based Metaprogramming
    A foundation for trait-based metaprogramming John Reppy Aaron Turon University of Chicago {jhr, adrassi}@cs.uchicago.edu Abstract We present a calculus, based on the Fisher-Reppy polymorphic Scharli¨ et al. introduced traits as reusable units of behavior inde- trait calculus [FR03], with support for trait privacy, hiding and deep pendent of the inheritance hierarchy. Despite their relative simplic- renaming of trait methods, and a more granular trait typing. Our ity, traits offer a surprisingly rich calculus. Trait calculi typically in- calculus is more expressive (it provides new forms of conflict- clude operations for resolving conflicts when composing two traits. resolution) and more flexible (it allows after-the-fact renaming) In the existing work on traits, these operations (method exclusion than the previous work. Traits provide a useful mechanism for shar- and aliasing) are shallow, i.e., they have no effect on the body of the ing code between otherwise unrelated classes. By adding deep re- other methods in the trait. In this paper, we present a new trait sys- naming, our trait calculus supports sharing code between methods. tem, based on the Fisher-Reppy trait calculus, that adds deep oper- For example, the JAVA notion of synchronized methods can im- ations (method hiding and renaming) to support conflict resolution. plemented as a trait in our system and can be applied to multiple The proposed operations are deep in the sense that they preserve methods in the same class to produce synchronized versions. We any existing connections between the affected method and the other term this new use of traits trait-based metaprogramming.
    [Show full text]
  • REUSABILITY and MAINTAINABILITY in OBJECT ORIENTED LANGUAGES Suvarnalata Hiremath1, C M Tavade2 1Associate Professor, Dept
    REUSABILITY AND MAINTAINABILITY IN OBJECT ORIENTED LANGUAGES Suvarnalata Hiremath1, C M Tavade2 1Associate Professor, Dept. of CS&E, BKEC, Basavakalyan, India, 2 Professor, Dept of E&TC, SIT-COE, Yadrav, India Abstract In object-oriented languages, inheritance plays an important part for software reusability and maintainability. The separation of sub typing and inheritance makes inheritance a more flexible mechanism reusing code. Object-oriented programming has been widely acclaimed as the technology that will support the creation of reusable software, particularly because of the "inheritance” facility. In this paper, we Object Oriented Programming is a practical and explore the importance of reusability and useful programming methodology that maintainability in object oriented language. encourages modular design and software reuse. KEYWORDS: Object Oriented Object oriented Language make the promises of programming Language, Inheritance, reduced maintainance,code reusability, Software reuse and maintainability. improved reliability and flexibility and easier maintenance through better data encapsulation. I. INTRODUCTION To achieve these gains, object oriented Object-Oriented Programming (OOP) is the term language introduce the concepts of objects, used to describe a programming approach based classes, data abstraction and encapsulation, on objects and classes. The object-oriented inheritance and polymorphism. paradigm allows us to organise software as a collection of objects that consist of both data and In object oriented Language, the objects are behaviour. This is in contrast to conventional well-defined data structures coupled with a set functional programming practice that only of operations, these operations are called loosely connects data and behaviour. behavior and are only visible part of an object The object-oriented programming approach and only these operations can manipulate the encourages: objects.
    [Show full text]
  • 5. Subroutines
    IA010: Principles of Programming Languages 5. Subroutines Jan Obdržálek obdrzalek@fi.muni.cz Faculty of Informatics, Masaryk University, Brno IA010 5. Subroutines 1 Subroutines Subprograms, functions, procedures, . • principal mechanism for control abstraction • details of subroutine’s computation are replaced by a statement that calls the subroutine • increases readability: emphasizes logical structure, while hiding the low-level details • facilitate code reuse, saving • memory • coding time • subroutines vs OOP methods: • differ in the way they are called • methods are associated with classes and objects IA010 5. Subroutines 2 Outline Fundamentals of subroutines Parameter-passing methods Overloaded and generic subroutines Functions – specifics Coroutines IA010 5. Subroutines 3 Fundamentals of subroutines IA010 5. Subroutines 4 Subroutine characteristics • each subroutine has a single entry point • the calling program unit is suspended during subroutine execution (so only one subroutine is in execution at any given time) • control returns to the caller once subroutine execution is terminated • alternatives: • coroutines • concurrent units IA010 5. Subroutines 5 Basic definitions • subroutine definition – describes the interface and actions • subroutine call – an explicit request for the subroutine to be executed • active subroutine – has been executed, but has not yet completed its execution • subroutine header – part of the definition, specifies: • the kind of the subroutine (function/procedure) • a name (if not anonymous) • a list of parameters • parameter profile – the number, order and types of formal parameters • protocol – parameter profile + return type IA010 5. Subroutines 6 Procedures and functions procedures • do not return values • in effect define new statements • as functions: can return a value using • global variables • two-way communication through parameters functions • return values • function call is, in effect, replaced by the return value • as procedures: e.g.
    [Show full text]
  • Code Reuse Between Java and Android Applications
    Code Reuse between Java and Android Applications Yoonsik Cheon, Carlos V. Chavez and Ubaldo Castro Department of Computer Science, The University of Texas at El Paso, El Paso, Texas, U.S.A. Keywords: Code Reuse, Multiplatform Application, Platform Difference, Android, Java. Abstract: Java and Android applications can be written in the same programming language. Thus, it is natural to ask how much code can be shared between them. In this paper we perform a case study to measure quantita- tively the amount of code that can be shared and reused for a multiplatform application running on the Java platform and the Android platform. We first configure a multiplatform development environment consisting of platform-specific tools. We then propose a general architecture for a multiplatform application under a guiding design principle of having clearly defined interfaces and employing loose coupling to accommodate platform differences and variations. Specifically, we separate our application into two parts, a platform-independent part (PIP) and a platform-dependent part (PDP), and share the PIP between platform-specific versions. Our finding is that 37%–40% of code can be shared and reused between the Java and the Android versions of our application. Interestingly, the Android version requires 8% more code than Java due to platform-specific con- straints and concerns. We also learned that the quality of an application can be improved dramatically through multiplatform development. 1 INTRODUCTION ing an experiment to measure quantitatively the de- gree of code reuse possible between Java and An- droid versions of an application. Our experiment is Java is one of the most popular programming lan- a case study developing natively a Java application guages in use today for developing a wide spectrum and its Android version running on mobile devices of applications running on a range of platforms from like smartphones and tablets.
    [Show full text]
  • Compile-Time Reflection and Metaprogramming for Java
    Compile-time Reflection and Metaprogramming for Java Weiyu Miao Jeremy Siek University of Colorado at Boulder {weiyu.miao, jeremy.siek}@colorado.edu Abstract we also likely need to change the hasGetters for that class, therefore Java reflection enables us to write reusable programs that are inde- such implementation is not adaptable to the change of a class. pendent of certain classes. However, when runtime performance is With runtime reflection, we can write a hasGetters that is appli- a big concern, we propose to use compile-time reflection for writ- cable to any class. Following shows the partial implementation of ing metaprograms that generate non-reflective class/type specific the hasGetters. code, which has lower runtime cost. 1 public boolean hasGetters(Class cls) { We proposed both compile-time reflection and metaprogram- 2 Field[] fds = cls.getFields(); ming for Java, and extended our previous work on pattern-based 3 for(int i=0;i < fds.length; ++i) { traits. Pattern-based traits integrate pattern-based reflection with 4 Field fd = fds[i]; flexible composition of traits. They are capable of pattern-matching 5 String mn = ”get”+capitalize(fd.getName()); over class members and generating expressive code. We add and 6 Class fTy = fd.getType(); formalize pattern-based reflection at the statement-level, which 7 try { enables a meta program to generate statements. We add reified 8 Method m = cls.getMethod(mn, new Class[0]); 9 if (! m.getReturnType().equals(fTy)) { generics for pattern-based traits, which enables a pattern to iter- 10 ... /∗ print the message that field fd has no getter ∗/ ate over any class when traits are instantiated.
    [Show full text]