research-article

Open access

Blaming the client: on data refinement in the presence of pointers

Authors:

Ivana Filipović,

Peter O’Hearn,

Noah Torp-Smith,

Hongseok YangAuthors Info & Claims

Formal Aspects of Computing, Volume 22, Issue 5

Pages 547 - 583

https://doi.org/10.1007/s00165-009-0125-8

Published: 01 September 2010 Publication History

Abstract

Data refinement is a common approach to reasoning about programs, based on establishing that a concrete program indeed satisfies all the required properties imposed by an intended abstract pattern. Reasoning about programs in this setting becomes complex when use of pointers is assumed and, moreover, a well-known method for proving data refinement, namely the forward simulation method, becomes unsound in presence of pointers. The reason for unsoundness is the failure of the “lifting theorem” for simulations: that a simulation between abstract and concrete modules can be lifted to all client programs. The result is that simulation does not imply that a concrete can replace an abstract module in all contexts. Our diagnosis of this problem is that unsoundness is due to interference from the client programs. Rather than blame a module for the unsoundness of lifting simulations, our analysis places the blame on the client programs which cause the interference: when interference is not present, soundness is recovered. Technically, we present a novel instrumented semantics which is capable of detecting interference between a module and its client. With use of special simulation relations, namely growing relations, and interpreting the simulation method using the instrumented semantics, we obtain a lifting theorem. We then show situations under which simulation does indeed imply refinement.

References

References

[1]

Back RJ (1978) On the correctness of refinement steps in program development. Technical Report A-1978-4, Department of Computer Science, University of Helsinki

[2]

Back RJ Correctness preserving program refinements: proof theory and applications. Volume 131 of Mathematical Centre Tracts 1980 Amtserdam Mathematisch Centrum

[3]

Biering B, Birkedal L, Torp-Smith N (2007) BI-hyperdoctrines, higher-order separation logic, and abstraction. ACM Trans Program Lang Syst 29(5)

[4]

Barnett M, DeLine R, Fähndrich M, Rustan K, Leino M, Schulte W (2004) Verification of object-oriented programs with invariants. JOT 3(6)

[5]

Benton N (2006) Abstracting allocation: the new new thing. In: Proceedings of computer science logic (CSL’06), volume 4207 of LNCS

[6]

Back RJ, Fan X, Preoteasa V (2003) Reasoning about pointers in refinement calculus. In Proceedings of the tenth Asia-Pacific software engineering conference (APSEC’03)

[7]

Benton N, Leperchley B (2005) Relational reasoning in a nominal semantics for storage. In: 7th TLCA, LNCS 3641, pp 86–101

[8]

Banerjee A and Naumann D Ownership confinement ensures representation independence in object-oriented programs J ACM 2005 52 6 894-960

Digital Library

[9]

Banerjee A, Naumann D (2005) State based ownership, reentrance and encapsulation. In: Proceedings of the nineteenth European conference on object-oriented programming (ECOOP), volume 3586 of LNCS. Springer-Verlag, pp 387 –411

[10]

Banerjee A, Naumann D, Rosenberg S (2008) Regional logic for local reasoning about global invariants. In: Proceedings of the 22nd European conference on object-oriented programming (ECOOP), volume 5142 of LNCS. Springer-Verlag, pp 387–411

[11]

Bornat R (2000) Proving pointer programs in Hoare logic. In: Mathematics of program construction

[12]

Brookes SD A semantics of concurrent separation logic Theor Comput Sci 2007 375 1-3 227-270 (Preliminary version appeared in CONCUR’04, LNCS 3170, pp 16–34)

Digital Library

[13]

Butler M Calculational derivation of pointer algorithms from tree operations Sci Comput Program 1999 33 221-260

Digital Library

[14]

Birkedal L, Yang H (2007) Relational parametricity and separation logic. In: 10th FOSSACS

[15]

Clarke DG, Noble J, Potter JM (2001) Simple ownership types for object containment. In: Proceedings of European conference on object-oriented programming

[16]

de Roever W-P, Engelhardt K (1998) Data Refinement: Model-Oriented Proof Methods and their Comparison. Number 47 in Cambridge tracts in theoretical computer science. Cambridge University Press, Cambridge, UK

[17]

Foster JC, Osipov V, Bhalla N (2005) Buffer overflow attacks: detect, exploit, prevent. Syngress Publishing, Inc.

[18]

Gardiner PH and Morgan CC Data refinement of predicate transformers Theor Comput Sci 1991 87 143-162

Digital Library

[19]

Hoare CAR, He J (1990) Data refinement in a categorical setting. Technical Report PRG-90, Oxford University Computing Laboratory

[20]

He J, Hoare CAR, Sanders JW (1986) Data refinement refined (resume). In: Robinet B, Wilhelm R (eds) ESOP 86, European symposium on programming, volume 213 of Lecture notes in computer science. Springer Verlag, pp 187–196

[21]

Hoare CAR Proof of correctness of data representations Acta Inform 1972 1 271-281

Digital Library

[22]

Hogg J (1991) Islands: aliasing protection in object-oriented languages. In: OOPSLA’91

[23]

Ishtiaq S, O’Hearn PW (2001) BI as an assertion language for mutable data structures. In: Principles of programming languages, vol 28. ACM - SIGPLAN, London

[24]

Jones CB (1980) Software development: a rigorous approach. Prentice-Hall

[25]

Advanced Doug Lea’s malloc exploits (2001) Internet page, 2001. Avaiable at http://doc.bughunter.net/buffer-overflow/advanced-malloc-exploits.html

[26]

Michel “MaXX” Kaempf (2001) Smashing the heap for fun and profit. Internet page, 2001. Available at http://doc.bughunter.net/buffer-overflow/heap-corruption.html#gnu_malloc

[27]

Knuth DE (1973) The art of computer programming, Volume I: fundamental algorithms, 2nd edn. Addison-Wesley

[28]

Kernighan BW and Ritchie DM The C programming language 1988 2 New Jersey Prentice Hall

Digital Library

[29]

Lea D (2001) A memory allocator. Internet page. Avaiable at http://g.oswego.edu/dl/html/malloc.html

[30]

Leavens G, Müllen P, and Leino KRM Specification and verification challenges for sequential object-oriented programs Form Asp Comp 2007 19 2 159-189

Digital Library

[31]

Mijajlović I (2007) Separation and data refinement. PhD thesis, Queen Mary, University of London

[32]

Morgan C, Robinson K, Gardiner P (1988) On the refinement calculus. Technical Report PRG-70, Oxford University Computing Laboratory, October 1988

[33]

Mijajlović I, Torp-Smith N, O’Hearn P (2004) Refinement and separation contexts. In: Lodaya K, Mahajan M (eds) STTCS, volume LNCS 3328, pp 421–433

[34]

Mijajlović I, Yang H (2005) Data refinement with low-level pointer operations. In: Yi K (ed) Programming languages and systems, volume LNCS 3780, pp 19–36

[35]

Naumann D On assertion-based encapsulation for object invariants and simulations Form Asp Comp 2007 19 2 205-224

Digital Library

[36]

O’Hearn PW Resources, concurrency and local reasoning Theoretical computer science 2007 375 1–3 271-307 (Preliminary version appeared in CONCUR’04, LNCS 3170, pp 49–67)

Digital Library

[37]

O’Hearn P, Pym DJ (1999) The logic of bunched implications. Bull Symbolic Logic 5(2)

[38]

O’Hearn PW, Reynolds JC, Yang H (2001) Local reasoning about programs that alter data structures. In: Proceedings of 15th annual conference of the European association for computer science logic: CSL 2001, Lecture notes in computer science, Berlin, Springer-Verlag

[39]

O’Hearn P, Yang H, and Reynolds JC Separation and information hiding ACM TOPLAS 2009 31 3 50 (Preliminary version appeared in POPL’04, pp 268–280)

[40]

Parkinson M (2007) Class invariants: the end of the road? Position paper presented at 3rd international workshop on aliasing, confinement and ownership in object-oriented programming

[41]

Parkinson M, Bierman G (2005) Separation logic and abstraction. In: 32nd POPL, pp 59–70

[42]

Plotkin GD (1973) Lambda definability and logical relations. Technical Report SAI-RM-4, School of Artificial Intelligence, University of Edinburgh

[43]

Pym DJ, O’Hearn P, and Yang H Possible worlds and resources: The semantics of BI Theor Comput Sci 2004 315 1 257-305

Digital Library

[44]

Reynolds JC (1983) Types, abstraction and parametric polymorphism. In: Proceedings of IFIP congress

[45]

Reynolds JC (2002) Separation logic: a logic for shared mutable data structures. In: Proceedings of logic in computer science, vol 17, pp 55 – 74, Copenhagen, July 2002. IEEE

[46]

Reynolds JC (2005) Precise, intuitionistic, and supported assertions in separation logic, May 2005. Slides from the invited talk given at the MFPS XXI Available at author’s home page: http://www.cs.cmu.edu/~jcr/

[47]

Reddy US, Yang H (2003) Correctness of data representations involving heap data structures. In: Degano P (ed) Proceedings of the 12th European symposium on programming, ESOP 2003, Springer Verlag, pp 223–237

[48]

Schwarz J Generic commands—a tool for partial correctness formalisms Comput J 1977 10 2 151-155

[49]

Yang H (2001) Local reasoning for stateful programs. PhD thesis, University of Illinois

[50]

Yang H Relational separation logic Theor Comput Sci 2007 375 1–3 308-334 Festschrift for John C. Reynolds

Digital Library

[51]

Yang H, O’Hearn P (2002) A semantic basis for local reasoning. In: Proceedings of FOSSACS

Cited By

Nanevski ABanerjee ADelbianco GFábregas I(2019)Specifying concurrent programs in separation logic: morphisms and simulationsProceedings of the ACM on Programming Languages10.1145/33605873:OOPSLA(1-30)Online publication date: 10-Oct-2019
https://dl.acm.org/doi/10.1145/3360587
Sun Y(2018)Reasoning About Reference Behavior with RESOLVEACM SIGSOFT Software Engineering Notes10.1145/3229783.322980043:3(18-19)Online publication date: 7-Dec-2018
https://dl.acm.org/doi/10.1145/3229783.3229800
Welsch YPoetzsch-Heffter A(2014)A fully abstract trace-based semantics for reasoning about backward compatibility of class librariesScience of Computer Programming10.1016/j.scico.2013.10.00292(129-161)Online publication date: Oct-2014
https://doi.org/10.1016/j.scico.2013.10.002
Show More Cited By

Index Terms

Blaming the client: on data refinement in the presence of pointers
1. Software and its engineering
2. Theory of computation
  1. Logic
  2. Semantics and reasoning
    1. Program reasoning
    2. Program semantics

Index terms have been assigned to the content through auto-classification.

Recommendations

Interprocedural pointer alias analysis

We present practical approximation methods for computing and representing interprocedural aliases for a program written in a language that includes pointers, reference parameters, and recursion. We present the following contributions: (1) a framework ...
Eliminating two kinds of data flow inaccuracy in the presence of pointer aliasing
APDC '97: Proceedings of the 1997 Advances in Parallel and Distributed Computing Conference (APDC '97)

Program languages with sophisticated usage of pointers as C are hard to analyze. Recent researches on pointer analysis focus on tracking the possible values of pointers, when a program point is reached, and great progress has been achieved. However, how ...
Efficient flow-sensitive interprocedural data-flow analysis in the presence of pointers
CC'06: Proceedings of the 15th international conference on Compiler Construction

This paper presents a new worklist algorithm that significantly speeds up a large class of flow-sensitive data-flow analyses, including typestate error checking and pointer analysis. Our algorithm works particularly well for interprocedural analyses. By ...

Comments

Information & Contributors

Information

Published In

cover image Formal Aspects of Computing

Formal Aspects of Computing Volume 22, Issue 5

Sep 2010

171 pages

ISSN:0934-5043

EISSN:1433-299X

Issue’s Table of Contents

© British Computer Society 2009.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 01 September 2010

Accepted: 04 September 2009

Received: 02 July 2008

Published in FAC Volume 22, Issue 5

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
64
Total Downloads

Downloads (Last 12 months)43
Downloads (Last 6 weeks)10

Reflects downloads up to 31 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Nanevski ABanerjee ADelbianco GFábregas I(2019)Specifying concurrent programs in separation logic: morphisms and simulationsProceedings of the ACM on Programming Languages10.1145/33605873:OOPSLA(1-30)Online publication date: 10-Oct-2019
https://dl.acm.org/doi/10.1145/3360587
Sun Y(2018)Reasoning About Reference Behavior with RESOLVEACM SIGSOFT Software Engineering Notes10.1145/3229783.322980043:3(18-19)Online publication date: 7-Dec-2018
https://dl.acm.org/doi/10.1145/3229783.3229800
Welsch YPoetzsch-Heffter A(2014)A fully abstract trace-based semantics for reasoning about backward compatibility of class librariesScience of Computer Programming10.1016/j.scico.2013.10.00292(129-161)Online publication date: Oct-2014
https://doi.org/10.1016/j.scico.2013.10.002
Gardner PRaad AWheelhouse MWright A(2014)Abstract Local Reasoning for Concurrent LibrariesElectronic Notes in Theoretical Computer Science (ENTCS)10.1016/j.entcs.2014.10.009308:C(147-166)Online publication date: 29-Oct-2014
https://dl.acm.org/doi/10.1016/j.entcs.2014.10.009
Batty MDodds MGotsman A(2013)Library abstraction for C/C++ concurrencyACM SIGPLAN Notices10.1145/2480359.242909948:1(235-248)Online publication date: 23-Jan-2013
https://dl.acm.org/doi/10.1145/2480359.2429099
Batty MDodds MGotsman AGiacobazzi RCousot R(2013)Library abstraction for C/C++ concurrencyProceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages10.1145/2429069.2429099(235-248)Online publication date: 23-Jan-2013
https://dl.acm.org/doi/10.1145/2429069.2429099
Banerjee ANaumann D(2013)State Based Encapsulation for Modular Reasoning about Behavior-Preserving RefactoringsAliasing in Object-Oriented Programming. Types, Analysis and Verification10.1007/978-3-642-36946-9_12(319-365)Online publication date: 2013
https://doi.org/10.1007/978-3-642-36946-9_12
Naumann DSampaio ASilva L(2012)Refactoring and representation independence for class hierarchiesTheoretical Computer Science10.1016/j.tcs.2012.02.009433(60-97)Online publication date: 1-May-2012
https://dl.acm.org/doi/10.1016/j.tcs.2012.02.009
Leino KYessenov K(2012)Stepwise refinement of heap-manipulating code in ChaliceFormal Aspects of Computing10.1007/s00165-012-0254-324:4-6(519-535)Online publication date: 1-Jul-2012
https://dl.acm.org/doi/10.1007/s00165-012-0254-3
Costanzo DShao Z(2012)A Case for Behavior-Preserving Actions in Separation LogicProgramming Languages and Systems10.1007/978-3-642-35182-2_24(332-349)Online publication date: 2012
https://doi.org/10.1007/978-3-642-35182-2_24
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Figures

Tables

Media

View Issue’s Table of Contents