Modular Information Hiding and Type-Safe Linking for C

TitleModular Information Hiding and Type-Safe Linking for C
Publication TypeJournal Articles
Year of Publication2008
AuthorsSrivastava S, Hicks MW, Foster JS, Jenkins P
JournalIEEE Transactions on Software Engineering
Pagination357 - 376
Date Published2008/06//May
ISBN Number0098-5589
KeywordsC language, CMOD, Code design, Coding Tools and Techniques, compiler, data encapsulation, Information hiding, modular information hiding, modular reasoning, modules, object-oriented programming, open source programs, packages, program compilers, public domain software, reliability, software reusability, type-safe linking

This paper presents CMod, a novel tool that provides a sound module system for C. CMod works by enforcing four rules that are based on principles of modular reasoning and on current programming practice. CMod's rules flesh out the convention that .h header files are module interfaces and .c source files are module implementations. Although this convention is well-known, existing explanations of it are incomplete, omitting important subtleties needed for soundness. In contrast, we have proven formally that CMod's rules enforce both information hiding and type-safe linking. To use CMod, the programmer develops and builds their software as usual, redirecting the compiler and linker to CMod's wrappers. We evaluated CMod by applying it to 30 open source programs, totaling more than one million LoC. Violations to CMod's rules revealed more than a thousand information hiding errors, dozens of typing errors, and hundreds of cases that, although not currently bugs, make programming mistakes more likely as the code evolves. At the same time, programs generally adhere to the assumptions underlying CMod's rules, and so we could fix rule violations with a modest effort. We conclude that CMod can effectively support modular programming in C: it soundly enforces type-safe linking and information-hiding while being largely compatible with existing practice.