Presentation is loading. Please wait.

Presentation is loading. Please wait.

TALx86: A Realistic Typed Assembly Language

Published byBuddy Owens Modified over 5 years ago

Similar presentations

Presentation on theme: "TALx86: A Realistic Typed Assembly Language"— Presentation transcript:

1 TALx86: A Realistic Typed Assembly Language
Types inside TALx86: A Realistic Typed Assembly Language Dan Grossman, Fred Smith Cornell University Joint work with: Greg Morrisett, Karl Crary (CMU), Neal Glew, Richard Samuels, Dave Walker, Stephanie Weirich, Steve Zdancewic

2 Everyone wants extensibility:
Web browser applets, plug-ins OS Kernel packet filters, device drivers “Active” networks service routines Databases extensible ADTs 1 May 1999

3 Extension is written in a “safe” language:
The Language Approach Extension is written in a “safe” language: Java, Modula-3, ML, Scheme Key point: language provides abstractions ADTs, closures, objects, modules, etc. Can be used to build fine-grained capabilities Host ensures code respects abstractions: Static checking (verification) Inserting dynamic checks (code-rewriting) 1 May 1999

4 Example: Your Web Browser
JVM verifier System Interface Low-Level IL Java Source Browser javac Optimizer JVM bytecode System Binary Binary 1 May 1999

5 JVM Pros & Cons Pros: Cons: Portability
Hype: $, tools, libraries, books, training Cons: Performance unsatisfying, even with off-line compilation Only really suitable for Java (or slight variants): relatively high-level instructions tailored to Java type system is Java specific and... 1 May 1999

6 Large Trusted Computing Base
No complete formal model JVM verifier System Interface Must insert right checks Low-Level IL Browser Good code  big optimizer  bugs in optimizer Optimizer System Binary Lots of “native” methods (i.e., not-safe code) Binary 1 May 1999

7 Ideally: trusted computing base System Interface Your favorite
language verifier System Binary Low-Level IL optimizer machine code 1 May 1999

8 The Types Way trusted computing base TAL System Interface Your safe
language verifier System Binary Typed Low-Level IL Verifier is a type-checker Type system flexible and expressive A useful instantiation of the “proof carrying code” framework Typed optimizer TAL 1 May 1999

9 TALx86 in a Nutshell Most of the IA32 80x86 flat model assembly language Memory management primitives Sound type system Types for code, stacks, structs Other advanced features Future work (what we can’t do yet) 1 May 1999

10 Primitive types: (e.g., int) Code types: {r1:t1,…,rn:tn}
TALx86 Basics: Primitive types: (e.g., int) Code types: {r1:t1,…,rn:tn} “I’m code that requires register ri to have type ti before you can jump to me.” Code blocks are annotated with their types Think pre-condition Verify block assuming pre-condition 1 May 1999

11 Sample Loop <n and retn addr as input> sum: <type>
C: int sum(int n){ int s=0; while(!n) { s+=n; --n; } return n; TAL sketch: <n and retn addr as input> sum: <type> <initialize s> loop: <type> <add to s, decrement n> test: <type> <return if n is 0> 1 May 1999

12 Verification sum: {ecx:int, ebx:{edx:int}} mov eax,0 jmp test
loop:{ecx:int, ebx:{edx:int}, eax:int} add eax,ecx dec ecx test:{ecx:int, ebx:{edx:int}, eax:int} cmp ecx,0 jne loop mov edx,eax jmp ebx {ecx:int, ebx:{edx:int}, eax:int} OK: sub-type of type labeling test {ecx:int, ebx:{edx:int}, eax:int} {ecx:int, ebx:{edx:int}, eax:int} OK: sub-type of type labeling next block {ecx:int, ebx:{edx:int}, eax:int} OK: sub-type of type labeling loop {ecx:int, ebx:{edx:int}, eax:int, edx:int} OK: sub-type of {edx:int} -- type of ebx 1 May 1999

13 Stacks & Procedures Stack Types (lists): s ::= nil | t::s | r
where r is a stack type variable. Examples using C calling convention: int square(int); int mult(int,int); "r1 {esp: t1::int::r1} "r2 {esp: t2::int::int::r2} where where t1={eax: int, esp: int::r1} t2={eax: int, esp: int::int::r2} 1 May 1999

14 r1 Stacks & Verification int t1 int int taft
square: "r1 {esp: t1::int::r1} where t1={eax: int, esp: int::r1} push [esp+4] push [esp+8] call mult[with r2 = t1::int::r1] add esp,8 retn mult: "r2 {esp: t2::int::int::r2} where t2={eax: int, esp: int::int::r2} taft={eax:int, esp: int::int::t1::int::r1} int int {esp: t2::int::int::t1::int::r1} where t2={eax: int, esp: int::int::t1::int::r1} taft 1 May 1999

15 Important Properties Abstraction Flexibility
“Because the type of the rest of the stack is abstract the callee cannot read/write this portion of the stack” Flexibility Can encode and enforce many calling conventions (stack shape on return, callee-save, tail calls, etc.) 1 May 1999

16 Callee-Save Example mult: "a "r2 {ebp: a, esp: t2::int::int::r2}
where t2={ebp: a, eax: int, esp: int::int::r2} 1 May 1999

17 Structs MALLOC “instruction” Goals:
Prevent reading uninitialized fields Permit flexible scheduling of initialization MALLOC “instruction” returns uninitialized record Type of struct tracks initialization of fields Example: {ecx: int} MALLOC eax,8 [int,int] ; eax : ^*[intu, intu] mov [eax+0], ecx ; eax : ^*[intrw,intu] mov ecx, [eax+4] ; type error! 1 May 1999

18 Much, much more Arrays (see next slide) Tagged Unions
Displays, Exceptions [TIC’98] Static Data Modules and Interfaces [POPL’99] Run-time code generation [PEPM’99 Jim, Hornof] 1 May 1999

19 Mis-features MALLOC and garbage collection in trusted computing base [POPL’99] No way to express aliasing No array bounds check elimination [Walker] Object/class support too primitive [Glew] 1 May 1999

20 Summary and Conclusions
We can type real machine code Potential for performance + flexibility + safety Challenge: Finding generally useful abstractions Lots of work remains 1 May 1999

Download ppt "TALx86: A Realistic Typed Assembly Language"

Similar presentations

COS 441 Exam Stuff David Walker. TAL 2 Logistics take-home exam will become available on the course web site Jan 15-18 write down when you download &

COS 441 Exam Stuff David Walker. TAL 2 Logistics take-home exam will become available on the course web site Jan write down when you download &
Type Analysis and Typed Compilation Stephanie Weirich Cornell University.

Type Analysis and Typed Compilation Stephanie Weirich Cornell University.
Coalescing Register Allocation CS153: Compilers Greg Morrisett.

Coalescing Register Allocation CS153: Compilers Greg Morrisett.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
C Programming and Assembly Language Janakiraman V – NITK Surathkal 2 nd August 2014.

C Programming and Assembly Language Janakiraman V – NITK Surathkal 2 nd August 2014.
The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI 297 5.31.2005.

The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI
Extensible Verification of Untrusted Code Bor-Yuh Evan Chang, Adam Chlipala, Kun Gao, George Necula, and Robert Schneck May 14, 2004 OSQ Retreat Santa.

Extensible Verification of Untrusted Code Bor-Yuh Evan Chang, Adam Chlipala, Kun Gao, George Necula, and Robert Schneck May 14, 2004 OSQ Retreat Santa.
Typed Assembly Languages COS 441, Fall 2004 Frances Spalding Based on slides from Dave Walker and Greg Morrisett.

Typed Assembly Languages COS 441, Fall 2004 Frances Spalding Based on slides from Dave Walker and Greg Morrisett.
Survey of Typed Assembly Language (TAL) Introduction and Motivation –Conventional untyped compiler < Typed intermediate languages –Typed intermediate language.

Survey of Typed Assembly Language (TAL) Introduction and Motivation –Conventional untyped compiler < Typed intermediate languages –Typed intermediate language.
1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.

1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.
1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)

1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)
Typed Memory Management in a Calculus of Capabilities David Walker (with Karl Crary and Greg Morrisett)

Typed Memory Management in a Calculus of Capabilities David Walker (with Karl Crary and Greg Morrisett)
1 Enforcing Confidentiality in Low-level Programs Andrew Myers Cornell University.

1 Enforcing Confidentiality in Low-level Programs Andrew Myers Cornell University.
1 A Dependently Typed Assembly Language Hongwei Xi University of Cincinnati and Robert Harper Carnegie Mellon University.

1 A Dependently Typed Assembly Language Hongwei Xi University of Cincinnati and Robert Harper Carnegie Mellon University.
Proofs, Types, and Safe Mobile Code CoS 598E David Walker.

Proofs, Types, and Safe Mobile Code CoS 598E David Walker.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.

Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
Accessing parameters from the stack and calling functions.

Accessing parameters from the stack and calling functions.
Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.

Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.
STAL David Walker (joint work with Karl Crary, Neal Glew and Greg Morrisett)

STAL David Walker (joint work with Karl Crary, Neal Glew and Greg Morrisett)
Language-Based Security Proof-Carrying Code Greg Morrisett Cornell University Thanks to G.Necula & P.Lee.

Language-Based Security Proof-Carrying Code Greg Morrisett Cornell University Thanks to G.Necula & P.Lee.

Similar presentations

Ads by Google