Abstract
Data refinement is a common approach to reasoning about programs, based on establishing that a concrete program indeed satisfies all the required properties imposed by an intended abstract pattern. Reasoning about programs in this setting becomes complex when use of pointers is assumed and, moreover, a well-known method for proving data refinement, namely the forward simulation method, becomes unsound in presence of pointers. The reason for unsoundness is the failure of the “lifting theorem” for simulations: that a simulation between abstract and concrete modules can be lifted to all client programs. The result is that simulation does not imply that a concrete can replace an abstract module in all contexts. Our diagnosis of this problem is that unsoundness is due to interference from the client programs. Rather than blame a module for the unsoundness of lifting simulations, our analysis places the blame on the client programs which cause the interference: when interference is not present, soundness is recovered. Technically, we present a novel instrumented semantics which is capable of detecting interference between a module and its client. With use of special simulation relations, namely growing relations, and interpreting the simulation method using the instrumented semantics, we obtain a lifting theorem. We then show situations under which simulation does indeed imply refinement.
Similar content being viewed by others
References
Back RJ (1978) On the correctness of refinement steps in program development. Technical Report A-1978-4, Department of Computer Science, University of Helsinki
Back RJ (1980) Correctness preserving program refinements: proof theory and applications. Volume 131 of Mathematical Centre Tracts. Mathematisch Centrum, Amtserdam
Biering B, Birkedal L, Torp-Smith N (2007) BI-hyperdoctrines, higher-order separation logic, and abstraction. ACM Trans Program Lang Syst 29(5)
Barnett M, DeLine R, Fähndrich M, Rustan K, Leino M, Schulte W (2004) Verification of object-oriented programs with invariants. JOT 3(6)
Benton N (2006) Abstracting allocation: the new new thing. In: Proceedings of computer science logic (CSL’06), volume 4207 of LNCS
Back RJ, Fan X, Preoteasa V (2003) Reasoning about pointers in refinement calculus. In Proceedings of the tenth Asia-Pacific software engineering conference (APSEC’03)
Benton N, Leperchley B (2005) Relational reasoning in a nominal semantics for storage. In: 7th TLCA, LNCS 3641, pp 86–101
Banerjee A, Naumann D (2005) Ownership confinement ensures representation independence in object-oriented programs. J ACM 52(6): 894–960
Banerjee A, Naumann D (2005) State based ownership, reentrance and encapsulation. In: Proceedings of the nineteenth European conference on object-oriented programming (ECOOP), volume 3586 of LNCS. Springer-Verlag, pp 387 –411
Banerjee A, Naumann D, Rosenberg S (2008) Regional logic for local reasoning about global invariants. In: Proceedings of the 22nd European conference on object-oriented programming (ECOOP), volume 5142 of LNCS. Springer-Verlag, pp 387–411
Bornat R (2000) Proving pointer programs in Hoare logic. In: Mathematics of program construction
Brookes SD (2007) A semantics of concurrent separation logic. Theor Comput Sci 375(1-3): 227–270 (Preliminary version appeared in CONCUR’04, LNCS 3170, pp 16–34)
Butler M (1999) Calculational derivation of pointer algorithms from tree operations. Sci Comput Program 33: 221–260
Birkedal L, Yang H (2007) Relational parametricity and separation logic. In: 10th FOSSACS
Clarke DG, Noble J, Potter JM (2001) Simple ownership types for object containment. In: Proceedings of European conference on object-oriented programming
de Roever W-P, Engelhardt K (1998) Data Refinement: Model-Oriented Proof Methods and their Comparison. Number 47 in Cambridge tracts in theoretical computer science. Cambridge University Press, Cambridge, UK
Foster JC, Osipov V, Bhalla N (2005) Buffer overflow attacks: detect, exploit, prevent. Syngress Publishing, Inc.
Gardiner PH, Morgan CC (1991) Data refinement of predicate transformers. Theor Comput Sci 87: 143–162
Hoare CAR, He J (1990) Data refinement in a categorical setting. Technical Report PRG-90, Oxford University Computing Laboratory
He J, Hoare CAR, Sanders JW (1986) Data refinement refined (resume). In: Robinet B, Wilhelm R (eds) ESOP 86, European symposium on programming, volume 213 of Lecture notes in computer science. Springer Verlag, pp 187–196
Hoare CAR (1972) Proof of correctness of data representations. Acta Inform 1: 271–281
Hogg J (1991) Islands: aliasing protection in object-oriented languages. In: OOPSLA’91
Ishtiaq S, O’Hearn PW (2001) BI as an assertion language for mutable data structures. In: Principles of programming languages, vol 28. ACM - SIGPLAN, London
Jones CB (1980) Software development: a rigorous approach. Prentice-Hall
Advanced Doug Lea’s malloc exploits (2001) Internet page, 2001. Avaiable at http://doc.bughunter.net/buffer-overflow/advanced-malloc-exploits.html
Michel “MaXX” Kaempf (2001) Smashing the heap for fun and profit. Internet page, 2001. Available at http://doc.bughunter.net/buffer-overflow/heap-corruption.html#gnu_malloc
Knuth DE (1973) The art of computer programming, Volume I: fundamental algorithms, 2nd edn. Addison-Wesley
Kernighan BW, Ritchie DM (1988) The C programming language, 2nd edn. Prentice Hall, New Jersey
Lea D (2001) A memory allocator. Internet page. Avaiable at http://g.oswego.edu/dl/html/malloc.html
Leavens G, Müllen P, Leino KRM (2007) Specification and verification challenges for sequential object-oriented programs. Form Asp Comp 19(2): 159–189
Mijajlović I (2007) Separation and data refinement. PhD thesis, Queen Mary, University of London
Morgan C, Robinson K, Gardiner P (1988) On the refinement calculus. Technical Report PRG-70, Oxford University Computing Laboratory, October 1988
Mijajlović I, Torp-Smith N, O’Hearn P (2004) Refinement and separation contexts. In: Lodaya K, Mahajan M (eds) STTCS, volume LNCS 3328, pp 421–433
Mijajlović I, Yang H (2005) Data refinement with low-level pointer operations. In: Yi K (ed) Programming languages and systems, volume LNCS 3780, pp 19–36
Naumann D (2007) On assertion-based encapsulation for object invariants and simulations. Form Asp Comp 19(2): 205–224
O’Hearn PW (2007) Resources, concurrency and local reasoning. Theoretical computer science 375(1–3): 271–307 (Preliminary version appeared in CONCUR’04, LNCS 3170, pp 49–67)
O’Hearn P, Pym DJ (1999) The logic of bunched implications. Bull Symbolic Logic 5(2)
O’Hearn PW, Reynolds JC, Yang H (2001) Local reasoning about programs that alter data structures. In: Proceedings of 15th annual conference of the European association for computer science logic: CSL 2001, Lecture notes in computer science, Berlin, Springer-Verlag
O’Hearn P, Yang H, Reynolds JC (2009) Separation and information hiding. ACM TOPLAS 31(3): 50 (Preliminary version appeared in POPL’04, pp 268–280)
Parkinson M (2007) Class invariants: the end of the road? Position paper presented at 3rd international workshop on aliasing, confinement and ownership in object-oriented programming
Parkinson M, Bierman G (2005) Separation logic and abstraction. In: 32nd POPL, pp 59–70
Plotkin GD (1973) Lambda definability and logical relations. Technical Report SAI-RM-4, School of Artificial Intelligence, University of Edinburgh
Pym DJ, O’Hearn P, Yang H (2004) Possible worlds and resources: The semantics of BI. Theor Comput Sci 315(1): 257–305
Reynolds JC (1983) Types, abstraction and parametric polymorphism. In: Proceedings of IFIP congress
Reynolds JC (2002) Separation logic: a logic for shared mutable data structures. In: Proceedings of logic in computer science, vol 17, pp 55 – 74, Copenhagen, July 2002. IEEE
Reynolds JC (2005) Precise, intuitionistic, and supported assertions in separation logic, May 2005. Slides from the invited talk given at the MFPS XXI Available at author’s home page: http://www.cs.cmu.edu/~jcr/
Reddy US, Yang H (2003) Correctness of data representations involving heap data structures. In: Degano P (ed) Proceedings of the 12th European symposium on programming, ESOP 2003, Springer Verlag, pp 223–237
Schwarz J (1977) Generic commands—a tool for partial correctness formalisms. Comput J 10(2): 151–155
Yang H (2001) Local reasoning for stateful programs. PhD thesis, University of Illinois
Yang H (2007) Relational separation logic. Theor Comput Sci 375(1–3): 308–334 Festschrift for John C. Reynolds
Yang H, O’Hearn P (2002) A semantic basis for local reasoning. In: Proceedings of FOSSACS
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by M. J. Butler
Rights and permissions
About this article
Cite this article
Filipović, I., O’Hearn, P., Torp-Smith, N. et al. Blaming the client: on data refinement in the presence of pointers. Form Asp Comp 22, 547–583 (2010). https://doi.org/10.1007/s00165-009-0125-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-009-0125-8