Issue No.03 - May/June (2008 vol.34)
Michael Hicks , University of Maryland at College Park, College Park
Jeffrey S. Foster , University of Maryland at College Park, College Park
Patrick Jenkins , University of Maryland at College Park, College Park
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TSE.2008.25
This paper presents CMod, a novel tool that provides a sound module system for C. CMod works by enforcing four rules that are based on principles of modular reasoning and on current programming practice. CMod's rules flesh out the convention that .h header files are module interfaces and .c source files are module implementations. Although this convention is well-known, existing explanations of it are incomplete, omitting important subtleties needed for soundness. In contrast, we have proven formally that CMod's rules enforce both information hiding and type-safe linking. To use CMod, the programmer develops and builds their software as usual, redirecting the compiler and linker to CMod's wrappers. We evaluated CMod by applying it to 30 open source programs, totaling more than one million LoC. Violations to CMod's rules revealed more than a thousand information hiding errors, dozens of typing errors, and hundreds of cases that, although not currently bugs, make programming mistakes more likely as the code evolves. At the same time, programs generally adhere to the assumptions underlying CMod's rules, and so we could fix rule violations with a modest effort. We conclude that CMod can effectively support modular programming in C: it soundly enforces type-safe linking and information-hiding while being largely compatible with existing practice.
Coding Tools and Techniques, Modules, packages, Reliability, Code design, Information hiding
Michael Hicks, Jeffrey S. Foster, Patrick Jenkins, "Modular Information Hiding and Type-Safe Linking for C", IEEE Transactions on Software Engineering, vol.34, no. 3, pp. 357-376, May/June 2008, doi:10.1109/TSE.2008.25