Tool-Assisted Componentization of Java Applications

Many popular object-oriented (OO) programming languages, such as Java, do not provide explicit support for architecture-based development, i.e., do not provide programming-language constructs that are at the granularity of architectural constructs, such as components and ports. The gap between how engineers design their systems and how they implement them has been one of the leading causes of architectural drift—a situation in which the prescriptive architecture (the designed architecture) does not match the descriptive architecture (the implemented architecture). To mitigate this challenge, in its ninth iteration, Java introduced the concept of Java Platform Module System (JPMS), which for the first time provides explicit implementation-level support for well-known architectural constructs, such as components (called modules) and ports (called module directives). Despite this, the majority of existing Java applications (apps) are still purely OO programs that do not make use of the new constructs, because converting them to well-structured component-based (CB) programs is a tedious and error-prone task. In fact, prior research has shown that when engineers convert OO apps to CB apps, they tend to be highly over-privileged, i.e., components are granted more access privileges than they actually need. To mitigate these challenges, we have developed OO2CB, an approach for conversion of an OO Java app to a least-privilege CB Java app. OO2CB employs component recovery techniques to assist the developer in determining a given OO app’s components. It then statically analyzes the source code of the app to determine the dependencies among its recovered components and the required port types for facilitating their interaction. Finally, OO2CB generates a functionally equivalent CB app that satisfies the least-privilege security principle. Our experiments on several large real-world OO Java apps corroborate the effectiveness of OO2CB.