Modular Information Hiding and Type-Safe Linking for C.

This paper presents CMOD, a novel tool that provides a sound module system for C. CMOD works by enforcing a set of four rules that are based on principles of modular reasoning and on current programming practice. CMOD's rules flesh out the convention that . h header files are module interfaces and . c source files are module implementations. Although this convention is well known, existing explanations of it are incomplete, omitting important subtleties needed for soundness. In contrast, we have formally proven that CMOD's rules enforce both information hiding and type-safe linking. To use CMOD, the programmer develops and builds their software as usual, redirecting the compiler and linker to CMOD's wrappers. We evaluated CMOD by applying it to 30 open source programs, totaling more than one million lines of code. Violations to CMOD's rules revealed more than a thousand information hiding errors, dozens of typing errors, and hundreds of cases that, although not currently bugs, make programming mistakes more likely as the code evolves. At the same time, programs generally adhere to the assumptions underlying CMOD's rules and, so, we could fix rule violations with a modest effort. We conclude that CMOD can effectively support modular programming in C: It soundly enforces typesafe linking and information hiding while being largely compatible with existing practice. [ABSTRACT FROM AUTHOR]