Skip to main content
SpringerLink
Log in

Blaming the client: on data refinement in the presence of pointers

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

Data refinement is a common approach to reasoning about programs, based on establishing that a concrete program indeed satisfies all the required properties imposed by an intended abstract pattern. Reasoning about programs in this setting becomes complex when use of pointers is assumed and, moreover, a well-known method for proving data refinement, namely the forward simulation method, becomes unsound in presence of pointers. The reason for unsoundness is the failure of the “lifting theorem” for simulations: that a simulation between abstract and concrete modules can be lifted to all client programs. The result is that simulation does not imply that a concrete can replace an abstract module in all contexts. Our diagnosis of this problem is that unsoundness is due to interference from the client programs. Rather than blame a module for the unsoundness of lifting simulations, our analysis places the blame on the client programs which cause the interference: when interference is not present, soundness is recovered. Technically, we present a novel instrumented semantics which is capable of detecting interference between a module and its client. With use of special simulation relations, namely growing relations, and interpreting the simulation method using the instrumented semantics, we obtain a lifting theorem. We then show situations under which simulation does indeed imply refinement.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Back RJ (1978) On the correctness of refinement steps in program development. Technical Report A-1978-4, Department of Computer Science, University of Helsinki

  2. Back RJ (1980) Correctness preserving program refinements: proof theory and applications. Volume 131 of Mathematical Centre Tracts. Mathematisch Centrum, Amtserdam

    Google Scholar 

  3. Biering B, Birkedal L, Torp-Smith N (2007) BI-hyperdoctrines, higher-order separation logic, and abstraction. ACM Trans Program Lang Syst 29(5)

  4. Barnett M, DeLine R, Fähndrich M, Rustan K, Leino M, Schulte W (2004) Verification of object-oriented programs with invariants. JOT 3(6)

  5. Benton N (2006) Abstracting allocation: the new new thing. In: Proceedings of computer science logic (CSL’06), volume 4207 of LNCS

  6. Back RJ, Fan X, Preoteasa V (2003) Reasoning about pointers in refinement calculus. In Proceedings of the tenth Asia-Pacific software engineering conference (APSEC’03)

  7. Benton N, Leperchley B (2005) Relational reasoning in a nominal semantics for storage. In: 7th TLCA, LNCS 3641, pp 86–101

  8. Banerjee A, Naumann D (2005) Ownership confinement ensures representation independence in object-oriented programs. J ACM 52(6): 894–960

    Article  MathSciNet  Google Scholar 

  9. Banerjee A, Naumann D (2005) State based ownership, reentrance and encapsulation. In: Proceedings of the nineteenth European conference on object-oriented programming (ECOOP), volume 3586 of LNCS. Springer-Verlag, pp 387 –411

  10. Banerjee A, Naumann D, Rosenberg S (2008) Regional logic for local reasoning about global invariants. In: Proceedings of the 22nd European conference on object-oriented programming (ECOOP), volume 5142 of LNCS. Springer-Verlag, pp 387–411

  11. Bornat R (2000) Proving pointer programs in Hoare logic. In: Mathematics of program construction

  12. Brookes SD (2007) A semantics of concurrent separation logic. Theor Comput Sci 375(1-3): 227–270 (Preliminary version appeared in CONCUR’04, LNCS 3170, pp 16–34)

    Article  MATH  MathSciNet  Google Scholar 

  13. Butler M (1999) Calculational derivation of pointer algorithms from tree operations. Sci Comput Program 33: 221–260

    Article  MATH  Google Scholar 

  14. Birkedal L, Yang H (2007) Relational parametricity and separation logic. In: 10th FOSSACS

  15. Clarke DG, Noble J, Potter JM (2001) Simple ownership types for object containment. In: Proceedings of European conference on object-oriented programming

  16. de Roever W-P, Engelhardt K (1998) Data Refinement: Model-Oriented Proof Methods and their Comparison. Number 47 in Cambridge tracts in theoretical computer science. Cambridge University Press, Cambridge, UK

  17. Foster JC, Osipov V, Bhalla N (2005) Buffer overflow attacks: detect, exploit, prevent. Syngress Publishing, Inc.

  18. Gardiner PH, Morgan CC (1991) Data refinement of predicate transformers. Theor Comput Sci 87: 143–162

    Article  MATH  MathSciNet  Google Scholar 

  19. Hoare CAR, He J (1990) Data refinement in a categorical setting. Technical Report PRG-90, Oxford University Computing Laboratory

  20. He J, Hoare CAR, Sanders JW (1986) Data refinement refined (resume). In: Robinet B, Wilhelm R (eds) ESOP 86, European symposium on programming, volume 213 of Lecture notes in computer science. Springer Verlag, pp 187–196

  21. Hoare CAR (1972) Proof of correctness of data representations. Acta Inform 1: 271–281

    Article  MATH  Google Scholar 

  22. Hogg J (1991) Islands: aliasing protection in object-oriented languages. In: OOPSLA’91

  23. Ishtiaq S, O’Hearn PW (2001) BI as an assertion language for mutable data structures. In: Principles of programming languages, vol 28. ACM - SIGPLAN, London

  24. Jones CB (1980) Software development: a rigorous approach. Prentice-Hall

  25. Advanced Doug Lea’s malloc exploits (2001) Internet page, 2001. Avaiable at http://doc.bughunter.net/buffer-overflow/advanced-malloc-exploits.html

  26. Michel “MaXX” Kaempf (2001) Smashing the heap for fun and profit. Internet page, 2001. Available at http://doc.bughunter.net/buffer-overflow/heap-corruption.html#gnu_malloc

  27. Knuth DE (1973) The art of computer programming, Volume I: fundamental algorithms, 2nd edn. Addison-Wesley

  28. Kernighan BW, Ritchie DM (1988) The C programming language, 2nd edn. Prentice Hall, New Jersey

    Google Scholar 

  29. Lea D (2001) A memory allocator. Internet page. Avaiable at http://g.oswego.edu/dl/html/malloc.html

  30. Leavens G, Müllen P, Leino KRM (2007) Specification and verification challenges for sequential object-oriented programs. Form Asp Comp 19(2): 159–189

    Article  MATH  Google Scholar 

  31. Mijajlović I (2007) Separation and data refinement. PhD thesis, Queen Mary, University of London

  32. Morgan C, Robinson K, Gardiner P (1988) On the refinement calculus. Technical Report PRG-70, Oxford University Computing Laboratory, October 1988

  33. Mijajlović I, Torp-Smith N, O’Hearn P (2004) Refinement and separation contexts. In: Lodaya K, Mahajan M (eds) STTCS, volume LNCS 3328, pp 421–433

  34. Mijajlović I, Yang H (2005) Data refinement with low-level pointer operations. In: Yi K (ed) Programming languages and systems, volume LNCS 3780, pp 19–36

  35. Naumann D (2007) On assertion-based encapsulation for object invariants and simulations. Form Asp Comp 19(2): 205–224

    Article  MATH  Google Scholar 

  36. O’Hearn PW (2007) Resources, concurrency and local reasoning. Theoretical computer science 375(1–3): 271–307 (Preliminary version appeared in CONCUR’04, LNCS 3170, pp 49–67)

    Article  MATH  MathSciNet  Google Scholar 

  37. O’Hearn P, Pym DJ (1999) The logic of bunched implications. Bull Symbolic Logic 5(2)

  38. O’Hearn PW, Reynolds JC, Yang H (2001) Local reasoning about programs that alter data structures. In: Proceedings of 15th annual conference of the European association for computer science logic: CSL 2001, Lecture notes in computer science, Berlin, Springer-Verlag

  39. O’Hearn P, Yang H, Reynolds JC (2009) Separation and information hiding. ACM TOPLAS 31(3): 50 (Preliminary version appeared in POPL’04, pp 268–280)

    Google Scholar 

  40. Parkinson M (2007) Class invariants: the end of the road? Position paper presented at 3rd international workshop on aliasing, confinement and ownership in object-oriented programming

  41. Parkinson M, Bierman G (2005) Separation logic and abstraction. In: 32nd POPL, pp 59–70

  42. Plotkin GD (1973) Lambda definability and logical relations. Technical Report SAI-RM-4, School of Artificial Intelligence, University of Edinburgh

  43. Pym DJ, O’Hearn P, Yang H (2004) Possible worlds and resources: The semantics of BI. Theor Comput Sci 315(1): 257–305

    Article  MATH  MathSciNet  Google Scholar 

  44. Reynolds JC (1983) Types, abstraction and parametric polymorphism. In: Proceedings of IFIP congress

  45. Reynolds JC (2002) Separation logic: a logic for shared mutable data structures. In: Proceedings of logic in computer science, vol 17, pp 55 – 74, Copenhagen, July 2002. IEEE

  46. Reynolds JC (2005) Precise, intuitionistic, and supported assertions in separation logic, May 2005. Slides from the invited talk given at the MFPS XXI Available at author’s home page: http://www.cs.cmu.edu/~jcr/

  47. Reddy US, Yang H (2003) Correctness of data representations involving heap data structures. In: Degano P (ed) Proceedings of the 12th European symposium on programming, ESOP 2003, Springer Verlag, pp 223–237

  48. Schwarz J (1977) Generic commands—a tool for partial correctness formalisms. Comput J 10(2): 151–155

    Article  Google Scholar 

  49. Yang H (2001) Local reasoning for stateful programs. PhD thesis, University of Illinois

  50. Yang H (2007) Relational separation logic. Theor Comput Sci 375(1–3): 308–334 Festschrift for John C. Reynolds

    Article  MATH  Google Scholar 

  51. Yang H, O’Hearn P (2002) A semantic basis for local reasoning. In: Proceedings of FOSSACS

Download references

Author information

Authors and Affiliations

  1. Queen Mary, University of London, Mile End Road, London, E1 4NS, UK

    Ivana Filipović, Peter O’Hearn & Hongseok Yang

  2. Maconomy A/S, Vordingborggade 18-22, 2100, Copenhagen, Denmark

    Noah Torp-Smith

Authors
  1. Ivana Filipović
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peter O’Hearn
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Noah Torp-Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hongseok Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ivana Filipović.

Additional information

Communicated by M. J. Butler

Rights and permissions

Reprints and permissions

About this article

Cite this article

Filipović, I., O’Hearn, P., Torp-Smith, N. et al. Blaming the client: on data refinement in the presence of pointers. Form Asp Comp 22, 547–583 (2010). https://doi.org/10.1007/s00165-009-0125-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-009-0125-8

Keywords

Search

Navigation