J. Software Engineering & Applications, 2010, 3: 303-311
doi:10.4236/jsea.2010.34036 Published Online April 2010 (http://www.SciRP.org/journal/jsea)
Copyright © 2010 SciRes JSEA
Separation of Fault Tolerance and Non-Functional
Concerns: Aspect Oriented Patterns and
Kashif Hameed, Rob Williams, Jim Smith
University of the West of England, Bristol Institute of Technology, Bristol, UK.
Email: {Kashif3.Hameed, Rob.Williams, James.Smith}@uwe.ac.uk
Received January 1st, 2010; revised January 30th, 2010; accepted February 1st, 2010.
Dependable computer based systems employing fault tolerance and robust software development techniques demand
additional error detection and recovery related tasks. This results in tangling of core functionality with these cross cut-
ting non-functional concerns. In this regard current work identifies these dependability related non-functional and
cross-cutting co ncerns and proposes design and implementation solu tions in an aspect oriented framewor k that modu-
larizes and separates them from core function a lity. The degree o f sep aration has been quan tified us ing so ftwa re metrics.
A Lego NXT Robot based case study has been completed to evaluate the proposed design framework.
Keywords: Aspect Oriented Design and Programming, Separation of Concerns, Executable Assertions, Exception
Handling, Fault Tolerance, So ftware Metrics
1. Introduction
Adding fault tolerance (FT) measures and other non-
functional requirements to safety critical and mission
critical applications introduces additional complexity to
the core application. By incorporating handler code, for
error detection, checkpointing, exception handling, and
redundancy/diversity management, the additional com-
plexity may adversely affect the dependability o f a safety
critical or mission critical system.
One of the solutions to reduce this complexity is to
separa te and modular ize the extra , cross-cu tting conce rns
from the true functionality.
Although Rate of Change (ROC) based plausibility
checks for error detection and recovery have been ad-
dressed by [1,2], unfortunately none of the previous stu-
dies propose the separation of these error handling con-
cerns from true functionality to avoid complexity.
At the level of design and programming, several ap-
proaches have been utilized that aim at separating func-
tional and non-functional aspects. Component level ap-
proach like IFTC [3], computational reflection and me-
ta-object protocol based MOP [4] have shown that de-
pendability issues can be implemented independently of
functional requirements.
The evolving area of Aspect-Oriented Programming &
Design (AOP&D) presents the same level of independ-
ence by supporting the modularized implementation of
crosscutting concerns.
Aspect-oriented language extensions, like AspectJ [5]
and AspectC++ [6] pr ovide mechanisms like Advice (be-
havioural and structural changes) that may be applied by
a pre-processor at specific locations in the program
called join point. These are designated by pointcut ex-
pressions. In addition to that, static and dynamic modifi-
cations to a program are incorporated by slices which can
affect the static structure of classes and functions.
The current work thus proposes some generalized as-
pect oriented design patterns representing fault tolerance
error detection and recovery mechanisms like ROC plau-
sibility checks, exception handling, checkpointing and
watchdog. Moreover some additional design patterns for
developing robust mission/safety critical software are also
presented. Software metrics like coupling, cohesion and
size have been applied quite successfully to access and
evaluate the quality attrib utes of OO software systems [7,
8]. However separation of concerns (SOC) especially
cross cutting ones in the light of new abstraction ad-
dressed by AO software development demands some ad-
ditional metrics. The current work reviews these addi-
tional metrics like concern diffusion over the components
(CDC), concern diffusion over the operations (CDO) and
concern diffusion over the lines of code (CDLOC). The
Separation of Fault Tolerance and Non-Functional Concerns: Aspect Oriented Patterns and Evaluation
SOC metric suite is later applied on the proposed AO
patterns in an empirical case study. This helps evaluating
the degree to which AOSD modularizes the FT concerns
and its impact on other quality attributes.
The validation and dependability assessment of pro-
posed AOFT patterns has already been done in an earlier
work by the author [9].
2. Aspect Oriented Exception Handling
Exception handling has been deployed as a key mecha-
nism in implementing software fault tolerance through
forward and backward error recovery mechanisms. It
provides a convenient means of structuring software that
has to deal with erroneous condition s [10].
In [11], the authors addresses the weaknesses of ex-
ception handling mechanisms provided by mainstream
programming languages like Java, Ada, C++, C#. In their
experience exception handling code is inter-twined with
the normal code. This hinders maintenance and reuse of
both normal and exception handling code.
Moreover as argued by [12], exception handling is
difficult to develop and has not been well understood.
This is due to the fact that it introduces additional com-
plexity and has been misused when applied to a novel
application domain. This has further increased the ratio
of system failures due to poorly designed fault tolerance
Thus fault tolerance measures using exception han-
dling should make it possible to produce software where
1) error handling code and normal code are separated
logically and physically; 2) the impact of complexity on
the overall system is minimized; and 3) the fault toler-
ance strategy may be maintainable and evolvable with
increasing demands of dependability.
In this respect, [4] has proposed an architectural pattern
for exception handling. They address the issues like spe-
cification and signaling of exceptions, specification and
invocation of handlers and searching of handlers. These
architectural and design patterns have been influenced by
computati onal refl ect i on and meta-object prot ocol .
However, most meta-programming languages suffer
performance penalties due to the increase in meta-level
computation at run-time. This is because most of the de-
cisions about semantics are made at run-time by the me-
ta-objects, and the overhead to invoke the meta-objects
reduces the system performance [13].
Therefore we propose generalized aspect based pat-
terns for monitoring, error detection, exception raising
and exception handling using a static aspect weaver.
These patterns would lead to integration towards a robust
and dependable aspect based software fault tolerance.
The following design notations have been used to ex-
press aspect-oriented design patterns shown in Figure 1.
2.1 Error Detection and Exception Throwing
Error detection and throwing exceptions has been an an-
chor in implementing any fault tolerance strategy. This
aspect detects faults and throws range, input and output
type of exceptions. The overall structure of this aspect is
shown in Figure 2. The GenThrowErrExcept join points
the NormalClass via three pointcut expressions for each
type of fault tolerance case.
RangeErrPc: this jo in points the contexMethod() only.
It initiates a before advice to check the range type errors
before executing the contextMethod(). In case the asser-
tions don’t remain valid or acceptable behavior con-
straints are not met, RaneErrExc exception is raised.
InputErrPc: this join points the contextMethod() fur-
ther scoped down with input arguments of the con-
textMethod(). It initiates a before advice to check the
valid input before the execution of the context method.
Incase the input is not valid it raises InputErrExc.
OutputErrPc: this join points the contextMethod()
Figure 1. Aspect oriented design notations
Figure 2. Error detection, exception throwing
Copyright © 2010 SciRes JSEA
Separation of Fault Tolerance and Non-Functional Concerns: Aspect Oriented Patterns and Evaluation305
further scoped down with results as output of the con-
textMethod(). It initiates an after advice to check the va-
lid output after the execution of the context method. In-
case the output is not valid it raises OutputErrExc.
2.2 Rate of Change Plausibility Check Aspect
This aspect as shown in Figures 3 and 4 is responsible for
checking the erroneous state of the system based on the
rate of change in critical signal/data values. Once an er-
roneous state is detected, the respective exception is
raised. Various exceptions are also defined and initial-
ized in this aspect. The pointcut GetSensorData defines
the location where error checking plausibility checks are
weaved whenever a critical data/sensor reading function
is called. The light weight ROC-based plausibility asser-
tions are executed in the advice part of this aspect.
2.3 Catcher Handler Aspect
The CatcherHandler aspect as shown shown in Figure
5(a) is responsible for identifying and invoking the ap-
propriate handler. This pattern addresses two run-time
handling strategies.
The first strategy is designated by an exit_main point-
Figure 3. Rate of change aspect pattern structure
Figure 4. Rate of change aspect pattern dynamics
cut expression. It checks the run-time main() function for
various fatal error exceptions and finally aborts or exits
the main program upon error detection. This aspect may
be used to implement safe shut-down or restart mecha-
nisms in safety critical systems to ensure safety, if a fatal
error occu rs or safety is breached.
The second strategy returns from the called fu nction as
soon as the error is detected. The raised exception is
caught after giving warning or doing some effective ac-
tion in the catch block. This can help in preventing error
propagation. Using this aspect, every call to critical func-
tions is secured under a try/catch block to ensure effec-
tive fault tolerance ag ainst an erroneous state.
It can be seen in the Figure 5(a) below th at exit_main
pointcut expression join points the main() run-time func-
tion. Whereas caller_return pointcut expression join
points every call to the contextMethod(). Moreover ex-
it_main and caller_return pointcut expressions are asso-
ciated with an around advice to implement error handling.
The tjpproceed() allows the execution run-time main()
and called functions in the try block.
The advice block of the catcher handler identifies the
exception raised as a result of in-appropriate changes in
the rate of signal or data. Once the excep tion is identified,
the recovery mechanism is initiated that assign new val-
ues to signal or data variables based on previous trends
or history of the variable.
2.4 Dynamics of Exception Handling Aspect
This scenario shown in Figure 5(b) represents a typical
error handling case. It simulates two error handling
strategies. In the first case, control is returned from the
caller to stop the propagation of errors along with a sys-
tem warning. In the second case the program exits du e to
a fatal error. This may be used to implement shutdo wn or
restart scenarios. Moreover the extension of a class
member function with a try block is also explained. A
client object invokes the contextMethod() on an instance
of NormalCl ass . The control is transferred to Catcher-
Handler aspect that extends the contextMethod() by
wrapping it in a try block and executes the normal code.
In case an exception is raised by previous aspect, the
exception is caught by the CatcherHandler aspect. This
is shown by the catch message. The condition shows the
type of exception e to be handled by the handler aspect.
CatcherHandler aspect handles the exception e. the call-
er_return strategy warns or signals the client about the
exception and returns from the caller. The client may
invoke the contextMethod2() as appropriate. In exit_main
strategy, the control is retuned to client that exits the
current instances as shown by the life line end status.
3. Watch Dog Aspect
A watchdog is a common concept used in real time sys-
tems for detecting and handling errors in real time sys
Copyright © 2010 SciRes JSEA
Separation of Fault Tolerance and Non-Functional Concerns: Aspect Oriented Patterns and Evaluation
Figure 5. Catcher handler aspect. (a) Structure; (b) Dy-
tems. It is a component that detects error by receiving a
delayed or null service response. Based on such timing
faults, it initiates a corrective action, such as reset, shut-
down, alarm to notify attending personnel, or signaling
more elaborate error-recovery mechanisms. Sometimes
software watchdogs are more active by performing peri-
odic built-in-tests (BIT). Synchronous tasks are more
prone to such timing based faults resulting in mission
In this regard we present a watchdog aspect (Figure 6)
to make such tasks fault tolerant by weaving an advice
code. Thus every synchronous mission critical task is
monitored against a deadline that is derived from the
worst case execution time of the overall task. As the d ead
line is expired, the mission is aborted. The watchdog
aspect is presented below. It can be seen that every call
to a contextMethod() of a NormalClass is weaved with
a timing check to see whether time delay between curren t
and previous call exceeds the dead line or not. The
watchdog aspect communicates with an external clock
interface to receive time stamps. Thus the watch dog
aspect separates timing concerns from the true function-
ality. It also localizes the definition and signaling of ex-
4. Save Data and Checkpointing Aspect
Some tasks require context related critical data to be
stored for post analysis and executing recovery mecha-
nisms. Every call to these tasks is weaved with a data
saving advice. SaveData aspect (Figure 7) provides
checkpointed stable recovery data to be used in ROC
based error detection and recovery mechanisms.
Whenever a critical function is called, SaveData as-
pect stores the contextual state information with the help
of MemoryInterface.
5. System Configuration & Initialization Aspect
Most real time systems rely on sensors in-order to attain
Figure 6. Watchdog aspect
Figure 7. Save data & checkpointing aspect
Copyright © 2010 SciRes JSEA
Separation of Fault Tolerance and Non-Functional Concerns: Aspect Oriented Patterns and Evaluation307
physical information from external environment. These
sensors need to be configured and initialized depending
upon the modes of operation. For example a Lego NXT
robot (Tribot) used in our case study uses light, ultra-
sonic and rotation sensors to carry out tasks. These sen-
sors are mapped on respective ports of the NXT brick.
Moreover they must be initialized before starting actual
tasks. It has also been observed that rotation sensors are
reinitialized as the direction of rotation changes (when
Tribot start traversing backward). All such requirements
either cut-across true functional concern or emerges as
additional non-functional requirement. Such require-
ments have been implemented in an aspect thus separat-
ing them from true functional concern. This aspect is
weaved as a startup advice in the control flow of main
6. Mission Pre-Conditions Aspect
Mission critical real time systems require some pre-con-
ditions or constraints to be met before starting the core
task. For example Tribot check the voltage level of bat-
teries and ambient light before staring its mission so that
it could fulfill its tasks reliably. If the above constraints
are not met, mission is aborted. Such constraints are
cross cutting to core functional requirements and thus
implemented as a separate aspect as shown as shown in
Figure 8.
As soon as the software finishes system initialization,
the said aspect acquires environmental data from the
SensorInteface and checks against the pre-conditions or
constraints. If the constraints are not met, an exception is
thrown and mission is ab orted.
7. Case Study
In order to evaluate proposed AO design patterns, a case
study has been carried out using a LEGO NXT Robot
(Tribot). This uses an Atmel 32-bit ARM processor run-
ning at 48 MHz. Our development environment utilizes
AspectC++ 1.0pre3 as aspect weaver [6].
The Tribot has been built consisting of two front
wheels driven by servo motors, a small rear wheel and an
arm holding a hockey stick with the help of some stan-
dard Lego parts. Ultrasonic and light sensors are also
available for navigation and guidance purposes.
An interesting task has been chosen to validate our de-
sign. In this example Tribot hits a red ball with its hock-
ey stick avoiding the blue ball placed on the same ball
stand. It makes use of the ultrasonic and light sensors to
complete this task. This task is mapped on a goal-tree
diagram as shown in Figure 9.
Any deviation in full-filling the OR goals and corre-
sponding AND sub-goals is considered as a mission
8. Aspects Evaluation via So ftware Metrics
Although software metrics like coupling, cohesion and
size has been used to access the software quality for quite
some time, yet the separation of concerns especially
cross cutting ones with the aid of aspect oriented soft-
ware development demands some additional metrics
suite for its assessment. In this regard [14-16] have pro-
posed additional metric suite for separation of concerns.
This metric suite has been utilized in [17] to access the
quality of some large scale software systems.
These additional metrics measure the degree to which
a single concern in the system maps to the design com-
ponents (classes and aspects), operations (methods and
advice), and lines of code. For all the employed metrics,
a lower value implies a better result. Some of these met-
rics used in our study are explained below.
8.1 Separation of Concerns Metrics
Separation of concern s (SoC) refers to th e ability to id en-
tify, encapsulate and manipulate those parts of software
that are relevant to a particular concern. The metrics for
Figure 8. Mission pre-condition aspect
Leg o NXT
Hockey Player
Hit Red Ball Miss Blue Ball
Move Forward & Stop
25 cm short of ball post
Differentiate Ball
Move Back
Figure 9. Lego NXT robot case study: Goal tree diagram
Copyright © 2010 SciRes JSEA
Separation of Fault Tolerance and Non-Functional Concerns: Aspect Oriented Patterns and Evaluation
Copyright © 2010 SciRes JSEA
SoC measurement are:
Concern Diffusion over Components (CDC)
This metric measures the degree to which a single
concern in the system maps to the components in the
software design. The more direct a concern maps to the
components, the easier it is to understand. It is also easier
to modify and reuse the existin g components.
Definition: CDC is measured by counting the number
of primary components whose main purpose is to con-
tribute to the implementation of a concern. Furthermore,
it counts the number of components that access the pri-
mary components by using them in attribute declarations,
formal parameters, return types, throws declarations and
local variables, or call their methods.
Concern Diffusion over Operations (CDO)
One way of measuring the code tangling is by count-
ing the number of operations affected by concern code. If
a concern is scattered around more operations, it be-
comes harder to understand, maintain and reuse.
Definition: CDO is measured by counting the number
of primary operations whose main purpose is to contrib-
ute to the implementation of a concern. In addition, it
counts the number of methods and advices that access
any primary component by calling their methods or using
them in formal parameters, return types, throws declara-
tions and local variables. Constructors also are counted
as operations.
Concern Diffusion over LOC (CDLOC)
The intuition behind this metric is to find concern
switching with in the lines of code. For each concern, the
program text is analyzed line by line in order to count
transition points. The higher the CDLOC, the more in-
termingled is the conc ern code within the implementation
of the components; the lower the CDLOC, the more lo-
calized is the concern code.
Definition: CDLOC counts the number of transition
points for each concern through the lines of code. The
use of this metric requires a shadowing process that par-
titions the code into shadowed areas and non-shadowed
areas. The shadowed areas are lines of code that imple-
ment a given concern. Transition points are the points in
the code where there is a transition from a non-shadowed
area to a shadowed area and vice-versa. An extensive set
of guidelines to assist the shadowing process is reported
in [15].
8.2 Coupling Metrics
Coupling is an indication of the strength of interconnec-
tions between the components in a system. Highly cou-
pled systems have strong interconnections, with program
units dependent on each other [14]. The larger the num-
ber of couples, the higher the sensitivity to changes in
other parts of the design and therefore maintenance is
more difficult. Excessive coupling between components
is detrimental to modular design and prevents reuse. The
more independent a component is, the easier it is to reuse
it in another application [14]. The metrics in this cate-
gory are Coupling between Components (CBC) and
Depth of Inheritance Tree (DIT).
Coupling between Components (CBC)
This counts the coupling between classes, classes and
aspects and between other aspects. It counts the classes
used in attribute declarations i.e. C2 and C3 depicted in
figure below. It also counts the number of components
declared in formal parameters, return types, throws dec-
larations and local variables. Moreover classes and as-
pects from which attribute and method selections are
made are also included.
New coupling dimension are also defined in [14] in
order to support aspect oriented software development
(AOSD). For e.g. access to aspect methods and attributes
defined by introduction (couplings C4, C5, C7, C8, C10),
and the relationships between aspects and classes or oth-
er aspects defined in the pointcut (couplings C6, C9) as
depicted in Figure 10. Thus overall this metric encom-
passes nine coupling dimensions (from C2 to C10). If a
component is coupled to another component in an arbi-
trary number of forms, CBC counts only once.
Depth of Inheritance Tree (DIT)
DIT is defined as the maximum length from a node to
the root of the tree. It counts how far down the inheri-
tance hierarchy a class or aspect is declared. This metric
encompasses the coupling dimensions C1 and C11 illus-
trated in Figure 10.
8.3 Lego NXT Software Measures Analysis
Software metrics are attained for the Lego NXT Robot
case study as shown in Figure 11. In this case study, a
C++ based true function ality has been made fau lt tolerant
by weaving various concerns in 30 places using 7 aspects
and 10 independent point cut expressions. These 7 as-
pects represent different concerns that otherwise may be
added to actual true concern making the code more tan-
gled, non maintainable and non reusable.
Separation of Concern Measures
Separation of concerns has been evaluated using CDC,
CDO and CDLOC figures attained in the above case
The Concern Diffusion over the components (CDC)
metrics measures the mapping of a single concern on
various components. It can be inferred from Figure 12
below that there is 64% reduction in mapping of true
concern on the components present in the system due the
introduction of aspects. Moreover the individual aspects
implementing cross cutting concerns don’t present large
CDC figures that means, the aspects are loosely coupled
with the system and thus can be more powerful candi-
dates for reusability.
Same behavior has been observed in CDO measures as
shown in Figure 13. As argued in [15,16], the code tang-
Separation of Fault Tolerance and Non-Functional Concerns: Aspect Oriented Patterns and Evaluation 309
Figure 10. Coupling dimensions on AOSD [14]
Figure 11. Lego NXT software metrics
ling may be visualized by observing the diffusion of a
concern in different operations. Again the true concern
seems more tangled in different operations as compared
to cross cutting concerns implemented as aspects.
Concern diffusion over the lines of code (CDOLC) is a
measure of how much tangled and inter-winded is the
code implemented for a component. The larger the value,
more tangled is the code with other concerns.
CDLOC for the core functionality (TCS) counts to 2
that seems a reasonable reduction as compared to non
aspect oriented implementation. The seven non-fun-
ctional/cross cutting concerns may add to presen t a larger
CDLOC (Figure 14).
It can also be observed from the CDLOC dispersion
that there are some indicators of bit code tangling with
the true functionality especially for the aspects responsi-
ble for error detection and exception handling. Upon
code reviewing it was observed that some critical con-
textual information is required that resulted in concern
switching. Apart from that, overall concern switching for
each component is reasonably small to be considered
better candidates for reusability and maintainability.
There were four concerns implemented with null concern
switching in this study.
Coupling Measures
As observed in the study by [17], the coupling be-
tween components for various concerns has not increased
a lot in our case as well. Coupling between components
seem to be uniformly distributed with an average value
of 2 as shown in Figure 15. Apart from core functional-
ity (TCS), the increased coupling has been observed in
the concerns implementing error detection and recovery
Copyright © 2010 SciRes JSEA
Separation of Fault Tolerance and Non-Functional Concerns: Aspect Oriented Patterns and Evaluation
mechanisms. This is due to the fact that aspects imple-
menting these concerns are coupled with the core con-
cern for acquiring contextual information used in error
detection and recovery mechanisms.
Exception Throwing & Handling Measures
It can be seen from Figures 16(a) and 16(b) that ex-
ceptions definition and throwing have been localized in
the components responsible for error detection like ROC
plausibility Checks and Watch Dog. Moreover, ex ception
handling has also been localized in their respective as-
pects without diffusing an y other component.
Figure 12. CDC dispersion
Figure 13. CDO dispersion
TCS, 2
EPC, 0
ECI, 0
SD, 0
RO C, 2
EMH, 1
RCH, 1
Figure 14. CDLOC dispersion
9. Conclusions & Future Work
The current work proposes AO design patterns for de-
veloping fault tolerant and robust software applications.
The aspect oriented design patterns under this frame-
work bring additional benefits like the localization of
error handling code in terms of definitions, in itializations
and implementation. Thus error handling code is not du-
plicated as the same error detection and handling aspect
is responsible for all the calling contexts of a safety
critical function. Reusability has also been improved
because different error handling strategies can be plugged
in separately. In this way, aspect and functional code
may both be ported more easily to new systems.
Although a detailed analysis of concerns separation
through aspects by refactoring large scale software ap-
TCS, 3
EPC, 3
ECI, 2
SD, 3
WD, 1
RO C , 1
EM H, 1
RCH, 3
Figure 15. Coupling between components
EPC, 2
WD, 1
RO C, 4O T HERS, 0
EMH, 1
RCH, 2
Figure 16. (a) Exceptions define & throw; (b) Try/catch
Copyright © 2010 SciRes JSEA
Separation of Fault Tolerance and Non-Functional Concerns: Aspect Oriented Patterns and Evaluation
Copyright © 2010 SciRes JSEA
plication has been provided in [17]. Our case study also
compliments some of the results. It has been observed
that localization of exception management (definition,
initialization and throwing) and exception handling im-
proves modularity. It has been observed that fault toler-
ance concerns when implemented as aspects have re-
sulted in considerable reduction in diffusion of concerns
over the core functionality. The concern diffusion in
terms of LOC does indicate clear separation and localiza-
tion of error management related issues. However some
code tangling has been observed with error detection
based aspects. This is due to the sharing of context in-
formation needed for detecting erroneous states. Apart
from that CDLOC measures too small in the true func-
tionality. Coupling has been increased in the components
responsible for error detection. Thus overall there has
been an improvement in separation of concerns at the
cost of slightly increased coupling.
This further probes the need for incorporating an error
masking strategy like Recovery Blocks and N-Version
Programming. An aspect oriented design version of these
strategies is also under consideration.
[1] M. Hiller, et al., “Executable Assertions for Detecting
Data Errors in Embedded Control Systems,” Proceedings
of the International Conference on Dependable Systems
& N etwo rks, New York, June 2000, pp. 24-33.
[2] M. Hiller, “Error Recovery Using Forced Validity As-
sisted by Executable Assertions for Error Detection: An
Experimental Evaluation,” Proceedings of the 25th EU-
ROMICRO Conference, Milan, Vol. 2, September 1999,
pp. 105-112.
[3] P. A. C. Guerra, et al., “Structuring Exception Handling
for Dependable Component-Based Software Systems,”
Proceedings of the 30th EUROMICRO Conference (EU-
ROMICRO’04), Rennes, 2004, pp. 575-582.
[4] A. F. Garcia, D. M. Beder and C. M. F. Rubira, “An Ex-
ception Handling Software Architecture for Developing
Fault-Tolerant Software,” Proceedings of the 5th IEEE
HASE, Albuquerque, November 2000, pp. 311-332.
[5] AspectJ Project Homepage. http://eclipse.org/aspectj/
[6] AspectC++ Project Homepage. http://www.aspectc.org
[7] S. Chidamber and C. Kemerer, “A Metrics Suite for Ob-
ject Oriented Design,” IEEE Transactions on Software
Engineering, Vol. 20, No. 6, June 1994, pp. 476-493.
[8] V. Basili, L. Briand and W. Melo, “A Validation of Ob-
ject-Oriented Design Metrics as Quality Indicators,”
IEEE Transactions on Software Engineering, Vol. 22, No.
10, October 1996, pp. 751-761.
[9] K. Hameed, R. Williams and J. Smith, “Aspect Oriented
Software Fault Tolerance,” Proceedings of 4th Interna-
tional Conference on Computer Science & Education
(WCE09), London, Vol. 1, 1-3 July 2009.
[10] L. L. Pullum, “Software Fault Tolerance Techniques and
Implementation,” Artech House Inc., Boston, London, 2001.
[11] F. C. Filho, et al., “Error Handling as an Aspect,” Work-
shop BPAOSD’07, Vancouver, 12-13 March 2007.
[12] A. Romanovsky, “A Looming Fault Tolerance Software
Crisis,” ACM SIGSOFT Software Engineering Notes, Vol.
32, No. 2, March 2007, p. 1.
[13] K. Murata, R. N. Horspool, E. G. Manning, Y. Yokote
and M. Tokoro, “Unification of Compile-Time and
Run-Time Metaobject Protocol,” ECOOP Workshop in
Advances in Meta Object Protocols and Reflection
(Meta’95), August 1995.
[14] C. Sant’Anna, et al., “On the Reuse and Maintenance of
Aspect-Oriented Software: An Assessment Framework,”
Proceedings of the 17th Brazilian Symposium on Soft-
ware Engineering, Salvador, October 2003, pp. 19-34.
[15] A. Garcia, et al., “Agents and Objects: An Empirical
Study on Software Engineering,” Technical Report 06-03,
Computer Science Department, PUC-Rio, February 2003.
[16] A. Garcia, et al., “Agents and Objects: An Empirical
Study on the Design and Implementation of Multi-Agent
Systems,” Proceedings of the SELMAS’03 Workshop at
ICSE’03, Portland, May 2003, pp. 11-22.
[17] F. C. Filho, et al., “Exceptions and Aspects: The Devil in
Details,” Proceedings of the 14th ACM SIGSOFT Inter-
national Symposium on Foundations of Software Engi-
neering, Portland, 5 November 2006.