One of the main benefits of computational reflection is to allow a clear and disciplined separation of concerns between base- and meta-level functionality [2]. However, widely used reflective software architectures do not enforce this separation, allowing undisciplined cross-level interaction. This brings several drawbacks to the development of reflective applications.
If it is possible for a base-level object to directly use features of meta-objects, the developers of the base-level object may be tempted to do so, and this will harden the evolution of the application, because meta-objects will not be easily replaceable.
Allowing direct access to meta-objects, from the base level or from the meta level itself, can also make it impossible to use the meta level to implement robust security mechanisms.
We have considered these issues during the design of the Meta-Object Protocol (MOP) of Guaranį [4,6]. The present paper relates each design decision with the reasoning and the requirements associated with them, such as security, reliability, adaptability and ease of maintenance.
Even though Guaranį is currently implemented in Java TM, the design of its MOP, and, particularly, the arguments presented in this paper, are not limited to this programming language. The main contribution of this paper is to provide guidelines for the design of other MOPs, so that they can benefit from the security issues learnt from our experiences during the design and implementation of Guaranį.
In Section 2, we shortly describe a simplified meta-object protocol and show that it satisfies the requirements presented. Section 3 introduces reconfiguration mechanisms, designed in a way that does not violate the presented security concerns. Section 4 concludes the paper.