skip to main content
research-article
Free Access

Semantic foundations for typed assembly languages

Published:16 March 2010Publication History
Skip Abstract Section

Abstract

Typed Assembly Languages (TALs) are used to validate the safety of machine-language programs. The Foundational Proof-Carrying Code project seeks to verify the soundness of TALs using the smallest possible set of axioms: the axioms of a suitably expressive logic plus a specification of machine semantics. This article proposes general semantic foundations that permit modular proofs of the soundness of TALs. These semantic foundations include Typed Machine Language (TML), a type theory for specifying properties of low-level data with powerful and orthogonal type constructors, and Lc, a compositional logic for specifying properties of machine instructions with simplified reasoning about unstructured control flow. Both of these components, whose semantics we specify using higher-order logic, are useful for proving the soundness of TALs. We demonstrate this by using TML and Lc to verify the soundness of a low-level, typed assembly language, LTAL, which is the target of our core-ML-to-sparc compiler.

To prove the soundness of the TML type system we have successfully applied a new approach, that of step-indexed logical relations. This approach provides the first semantic model for a type system with updatable references to values of impredicative quantified types. Both impredicative polymorphism and mutable references are essential when representing function closures in compilers with typed closure conversion, or when compiling objects to simpler typed primitives.

References

  1. Abadi, M. and Cardelli, L. 1996. A Theory of Objects. Springer, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Abramsky, S., Honda, K., and McCusker, G. 1998. A fully abstract game semantics for general references. In Proceedings of the 13th IEEE Symposium on Logic in Computer Science (LICS). IEEE Computer Society, 334--344. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Acar, U., Ahmed, A., and Blume, M. 2008. Imperative self-adjusting computation. In Proceedings of the 35th ACM Symposium on Principles of Programming Languages (POPL). ACM Press, New York, 309--322. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Ahmed, A. 2006. Step-Indexed syntactic logical relations for recursive and quantified types. In Proceedings of the 15th European Symposium on Programming (ESOP). Springer, 69--83. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Ahmed, A., Appel, A. W., and Virga, R. 2002. A stratified semantics of general references embeddable in higher-order logic. In Proceedings of the 17th IEEE Symposium on Logic in Computer Science (LICS). IEEE Computer Society, Los Alamitos, CA, 75--86. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Ahmed, A., Appel, A. W., and Virga, R. 2003. An indexed model of impredicative polymorphism and mutable references. http://www.cs.princeton.edu/~appel/papers/impred.pdf.Google ScholarGoogle Scholar
  7. Ahmed, A. and Blume, M. 2008. Typed closure conversion preserves observational equivalence. In Proceedings of the ACM International Conference on Functional programming (ICFP). ACM Press, New York, 157--168. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Ahmed, A., Fluet, M., and Morrisett, G. 2005. A step-indexed model of substructural state. In Proceedings of the ACM International Conference on Functional programming (ICFP). ACM Press, New York, 78--91. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Ahmed, A., Fluet, M., and Morrisett, G. 2007. L3: A linear language with locations. Fundam. Inf. 77, 4, 397--449. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Ahmed, A. J. 2004. Semantics of types for mutable state. Ph.D. thesis, Princeton University, Princeton, New Jersey. Tech. rep. TR-713-04. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Aiken, A., Foster, J. S., Kodumal, J., and Terauchi, T. 2003. Checking and inferring local non-aliasing. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI). ACM Press, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Appel, A. W. 1985. Semantics-directed code generation. In Proceedings of the 12th ACM Symposium on Principles of Programming Languages (POPL). ACM Press, New York, 315--324. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Appel, A. W. 2000. Hints on proving theorems in Twelf. www.cs.princeton.edu/~appel/twelf-tutorial.Google ScholarGoogle Scholar
  14. Appel, A. W. 2001. Foundational proof-carrying code. In Proceedings of the 16th IEEE Symposium on Logic in Computer Science (LICS). IEEE Computer Society, Los Alamitos, CA, 247--258. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Appel, A. W. and Felty, A. P. 2000. A semantic model of types and machine instructions for proof-carrying code. In Proceedings of the 27th ACM Symposium on Principles of Programming Languages (POPL). ACM Press, New York, 243--253. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Appel, A. W. and MacQueen, D. B. 1991. Standard ML of New Jersey. In Proceedings of the 3rd International Symposium on Programming Language Implementation and Logic Programming, M. Wirsing, Ed. Springer, New York, 1--13.Google ScholarGoogle ScholarCross RefCross Ref
  17. Appel, A. W. and McAllester, D. 2001. An indexed model of recursive types for foundational proof-carrying code. ACM Trans. Program. Lang. Syst. 23, 5 657--683. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Appel, A. W., Mellies, P.-A., Richards, C. D., and Vouillon, J. 2007. A very modal model of a modern, major, general type system. In Proceedings of the 34th ACM Symposium on Principles of Programming Languages (POPL). ACM Press, New York, 109--122. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Appel, A. W., Michael, N. G., Stump, A., and Virga, R. 2003. A trustworthy proof checker. J. Autom. Reas. 31, 231--260. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Arbib, M. and Alagic, S. 1979. Proof rules for gotos. Acta Inf. 11, 139--148.Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Benton, N. 2005. A typed, compositional logic for a stack-based abstract machine. In Proceedings of the 3rd Asian Symposium on Programming Languages and Systems (APLAS). Lecture Notes in Computer Science, vol. 3780. Springer, Berlin. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Benton, N. 2006. Abstracting allocation: The new new thing. In Proceedings of the Computer Science Logic, 20th International Workshop (CSL'06). Lecture Notes in Computer Science, vol. 4207. Springer, Berlin. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Benton, N. and Leperchey, B. 2005. Relational reasoning in a nominal semantics for storage. In Proceedings of the International Conference on Typed Lambda Calculi and Applications. Springer, Berlin, 86--101. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Benton, N. and Zarfaty, U. 2007. Formalizing and verifying semantic type soundness for a simple compiler. In Proceedings of the 9th International ACM SIGPLAN Symposium on Principles and Practice of Declarative Programming (PPDP). ACM Press, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Birkedal, L. and Harper, R. 1997. Relational interpretations of recursive types in an operational setting. In Theoretical Aspects of Computer Software. Springer, Berlin. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Bohr, N. and Birkedal, L. 2006. Relational reasoning for recursive types and references. In Proceedings of the 4th Asian Symposium on Programming Languages and Systems (APLAS). Springer, Berlin. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Cardelli, L. 1997. Program fragments, linking, and modularization. In Proceedings of the 24th ACM Symposium on Principles of Programming Languages (POPL). ACM Press, New York, 266--277. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Chen, J. 2004. A low-level typed assembly language with a machine-checkable soundness proof. Ph.D. thesis, Princeton University, Princeton, New Jersey. Tech. rep. CS-TR-704-04. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Chen, J., Wu, D., Appel, A. W., and Fang, H. 2003. A provably sound TAL for back-end optimization. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI). ACM Press, New York, 208--219. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Church, A. 1940. A formulation of the simple theory of types. J. Symb. Logic 5, 2, 56--68.Google ScholarGoogle ScholarCross RefCross Ref
  31. Clint, M. and Hoare, C. A. R. 1972. Program proving: Jumps and functions. Acta Informatica 1, 214--224.Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Colby, C., Lee, P., Necula, G. C., Blau, F., Cline, K., and Plesko, M. 2000. A certifying compiler for Java. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI). ACM Press, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Crary, K. 2000. Typed compilation of inclusive subtyping. In Proceedings of the ACM International Conference on Functional programming (ICFP). ACM Press, New York, 68--81. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Crary, K. 2003. Toward a foundational typed assembly language. In Proceedings of the 30th ACM Symposium on Principles of Programming Languages (POPL). ACM Press, New York, 198--212. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Crary, K. and Harper, R. 2007. Syntactic logical relations for polymorphic and recursive types. Computation, Meaning and Logic: Articles dedicated to Gordon Plotkin., Electtonic Notes in Theoretical Computer Science vol. 172, 259--299. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Crary, K. and Sarkar, S. 2003. Foundational certified code in a metalogical framework. In Proceedings of the 19th International Conference on Automated Deduction (CADE'03). Springer, Berlin, 106--120.Google ScholarGoogle Scholar
  37. de Bruin, A. 1981. Goto statements: Semantics and deduction systems. Acta Informatica 15, 385--424.Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Feng, X., Ni, Z., Shao, Z., and Guo, Y. 2007. An open framework for foundational proof-carrying code. In Proceedings of the ACM SIGPLAN International Workshop on Types in Language Design and Implementation (TLDI). ACM Press, New York, 67--78. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Girard, J.-Y. 1972. Interprétation fonctionnelle et elimination des coupures dans l'arithmétique d'ordre supérieur. Ph.D. thesis, University of Paris VII.Google ScholarGoogle Scholar
  40. Glew, N. and Morrisett, G. 1999. Type-Safe linking and modular assembly language. In Proceedings of the 26th ACM Symposium on Principles of Programming Languages (POPL). ACM Press, New York, 250--261. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Hamid, N., Shao, Z., Trifonov, V., Monnier, S., and Ni, Z. 2002. A syntactic approach to foundational proof-carrying code. In Proceedings of the 17th IEEE Symposium on Logic in Computer Science (LICS). IEEE Computer Society, Los Alamitos, CA, 89--100. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Harper, R. 1994. A simplified account of polymorphic references. Inf. Process. Lett. 51, 201--206. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Harper, R. and Morrisett, G. 1995. Compiling polymorphism using intensional type analysis. In Proceedings of the 22nd ACM Symposium on Principles of Programming Languages (POPL). ACM Press, New York, 130--141. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Harper, R. and Pfenning, F. 2005. On equivalence and canonical forms in the LF type theory. ACM Trans. Comput. Logic 6, 1, 61--101. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Hoare, C. A. R. 1969. An axiomatic basis for computer programming. Comm. ACM 12, 10, 578--580. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Hriţcu, C. and Schwinghammer, J. 2008. A step-indexed semantics of imperative objects. In Informal Proceedings of the Workshop on Foundations of Object-Oriented Languages (FOOL).Google ScholarGoogle Scholar
  47. Kowaltowski, T. 1977. Axiomatic approach to side effects and general jumps. Acta Inf. 7, 4, 357--360.Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Levy, P. B. 2002. Possible world semantics for general storage in call-by-value. In Proceedings of the 16th International Workshop and 11th Annual Conference of the EACSL on Computer Science Logic (CSL'02). Lecture Notes in Computer Science, vol. 2471. Springer, 232--246. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. MacQueen, D., Plotkin, G., and Sethi, R. 1986. An ideal model for recursive polymophic types. Inf. Comput. 71, 1/2, 95--130. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Matthews, J. and Ahmed, A. 2008. Parametric polymorphiscm through run-time sealing, or, theorems for low, low prices. In Proceedings of the 17th European Symposium on Programming (ESOP). Springer, Berlin, 16--31. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Melliès, P.-A. and Vouillon, J. 2004. Semantic types: A fresh look at the ideal model for types. In Proceedings of the 31st ACM Symposium on Principles of Programming Languages (POPL). ACM Press, New York, 52--63. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Michael, N. G. and Appel, A. W. 2000. Machine instruction syntax and semantics in higher-order logic. In Proceedings of the 17th International Conference on Automated Deduction (CADE). Springer-Verlag, Berlin, 7--24. Lecture Notes in Artificial Intelligence, vol. 1831. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Morrisett, G., Ahmed, A., and Fluet, M. 2005. L3: A linear language with locations. In Proceedings of the International Conference on Typed Lambda Calculi and Applications. Springer, Berlin, 293--307. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Morrisett, G., Crary, K., Glew, N., Grossman, D., Samuels, R., Smith, F., Walker, D., Weirich, S., and Zdancewic, S. 1999a. TALx86: A realistic typed assembly language. In Proceedings of the 2nd ACM SIGPLAN Workshop on Compiler Support for System Software. ACM Press, New York, 25--35.Google ScholarGoogle Scholar
  55. Morrisett, G., Crary, K., Glew, N., and Walker, D. 2002. Stack-Based typed assembly language. J. Funct. Programm. 12, 1, 43--88. Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. Morrisett, G., Walker, D., Crary, K., and Glew, N. 1998. From System F to typed assembly language. In Proceedings of the 25th ACM Symposium on Principles of Programming Languages (POPL). ACM Press, New York, 85--97. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. Morrisett, G., Walker, D., Crary, K., and Glew, N. 1999b. From System F to typed assembly language. ACM Trans. Programm. Lang. Syst. 21, 3, 527--568. Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. Necula, G. C. 1997. Proof-Carrying code. In Proceedings of the 24th ACM Symposium on Principles of Programming Languages (POPL). ACM Press, New York, 106--119. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Ni, Z. and Shao, Z. 2006. Certified assembly programming with embedded code pointers. In Proceedings of the 33rd ACM Symposium on Principles of Programming Languages (POPL). ACM Press, New York, 320--333. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. O'Donnell, M. J. 1982. A critique of the foundations of Hoare style programming logics. Comm. ACM 25, 12, 927--935. Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. Pfenning, F. and Schürmann, C. 1999. System description: Twelf—A meta-logical framework for deductive systems. In Proceedings of the 16th International Conference on Automated Deduction (CADE). Springer, Berlin. Google ScholarGoogle ScholarDigital LibraryDigital Library
  62. Pitts, A. M. 1996. Relational properties of domains. Inf. Comput. 127, 2, 66--90.Google ScholarGoogle ScholarCross RefCross Ref
  63. Pitts, A. M. 1998. Existential types: Logical relations and operational equivalence. In Proceedings of the 25th International Colloquium on Automata, Languages and Programming (ICALP'98). Lecture Notes Computer Science, vol. 1443. Springer, Berlin, 309--326. Google ScholarGoogle ScholarDigital LibraryDigital Library
  64. Pitts, A. M. 2000. Parametric polymorphism and operational equivalence. Math. Struc. Comput. Sci. 10, 321--359. Google ScholarGoogle ScholarDigital LibraryDigital Library
  65. Pitts, A. M. 2002. Operational semantics and program equivalence. In Applied Semantics, Advanced Lectures, G. Barthe, P. Dybjer, and J. Saraiva, Eds. Lecture Notes in Computer Science, vol. 2395. Springer, 378--412. Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. Pitts, A. M. and Stark, I. D. B. 1993. Observable properties of higher order functions that dynamically create local names, or: What's new? In Mathematical Foundations of Computer Science, A. M. Borzyszkowski and S. Sokolowski, Eds. Lecture Notes in Computer Science, vol. 711. Springer, Berlin, 122--141. Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. Plotkin, G. D. 1973. Lambda-Definability and logical relations. Memo. SAI--RM--4, University of Edinburgh, Edinburgh, Scotland.Google ScholarGoogle Scholar
  68. Reynolds, J. C. 1981. The essence of Algol. In Algorithmic Languages, J. W. de Bakker and J. C. van Vliet, Eds. North-Holland, Amsterdam, 345--372.Google ScholarGoogle Scholar
  69. Richards, C. D. 2009. The approximation modality in models of higher-order types. Ph.D. thesis, Princeton University, Princeton, New Jersey.Google ScholarGoogle Scholar
  70. Saabas, A. and Uustalu, T. 2005. A compositional natural semantics and Hoare logic for low-level languages. In Proceedings of the 2nd Workshop on Structured Operational Semantics (SOS'05).Google ScholarGoogle Scholar
  71. Scott, D. S. 1976. Data types as lattices. SIAM J. Comput. 5, 3, 522--587.Google ScholarGoogle ScholarDigital LibraryDigital Library
  72. Shao, Z. 1997. An overview of the FLINT/ML compiler. In Proceedings of the ACM SIGPLAN Workshop on Types in Compilation. ACM Press, New York.Google ScholarGoogle Scholar
  73. Stark, I. D. B. 1994. Names and higher-order functions. Ph.D. thesis, University of Cambridge, Cambridge, UK.Google ScholarGoogle Scholar
  74. Statman, R. 1985. Logical relations and the typed λ-calculus. Inf. Control 65, 2--3, 85--97.Google ScholarGoogle ScholarCross RefCross Ref
  75. Swadi, K. 2003. Typed machine language. Tech. rep. TR-676-03, Princeton University, Princeton, New Jersey.Google ScholarGoogle Scholar
  76. Tait, W. W. 1967. Intensional interpretations of functionals of finite type I. J. Symb. Logic 32, 2, 198--212.Google ScholarGoogle ScholarCross RefCross Ref
  77. Tan, G. 2005. A compositional logic for control flow and its application to foundational proof-carrying code. Tech. rep. CS-TR-731-05, Princeton University, Princeton, New Jersey. Google ScholarGoogle ScholarDigital LibraryDigital Library
  78. Tan, G. and Appel, A. W. 2006. A compositional logic for control flow. In Proceedings of the 7th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI). Lecture Notes in Computer Science, vol. 3855. Springer, Berlin, 80--94. Google ScholarGoogle ScholarDigital LibraryDigital Library
  79. Tan, G., Appel, A. W., Swadi, K. N., and Wu, D. 2004. Construction of a semantic model for a typed assembly language. In Proceedings of the 5th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI). Lecture Notes in Compute Science, vol. 2937. Springer, Berlin, 30--43.Google ScholarGoogle Scholar
  80. Tarditi, D., Morrisett, G., Cheng, P., Stone, C., Harper, R., and Lee, P. 1996. TIL: A type-directed optimizing compiler for ML. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI). ACM Press, New York, 181--192. Google ScholarGoogle ScholarDigital LibraryDigital Library
  81. Wand, M. and Sullivan, G. T. 1997. Denotational semantics using an operationally-based term model. In Proceedings of the 24th ACM Symposium on Principles of Programming Languages (POPL). ACM Press, New York, 386--399. Google ScholarGoogle ScholarDigital LibraryDigital Library
  82. Wright, A. K. and Felleisen, M. 1994. A syntactic approach to type soundness. Inf. Comput. 115, 1, 38--94. Google ScholarGoogle ScholarDigital LibraryDigital Library
  83. Wu, D. 2005. Interfacing compilers, proof checkers, and proofs for foundational proof-carrying code. Tech. rep. CS-TR-733-05, Princeton University, Princeton, New Jersey. Google ScholarGoogle ScholarDigital LibraryDigital Library
  84. Wu, D., Appel, A. W., and Stump, A. 2003. Foundational proof checkers with small witnesses. In Proceedings of the 5th ACM International Conference on Principles and Practice of Declarative Programming (PADL). ACM Press, New York, 264--274. Google ScholarGoogle ScholarDigital LibraryDigital Library
  85. Yu, D., Hamid, N. A., and Shao, Z. 2003. Building certified libraries for PCC: Dynamic storage allocation. In Proceedings of the 12th European Symposium on Programming (ESOP). Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Semantic foundations for typed assembly languages

              Recommendations

              Reviews

              Markus Wolf

              A typed assembly language (TAL) is an assembly language that guarantees certain safety properties of a corresponding program, by virtue of type checking. In order to make this idea work for industry-strength assembly languages, a soundness proof for the corresponding TAL has to be developed, which is not a trivial endeavor. The goal of the project reported in this paper is to construct a machine-checked modular soundness proof for a realistic TAL. The paper describes an intermediate layer that consists of two key components. The first, typed machine language (TML), can be seen as a type theory geared toward describing properties of data and machine states. The second, L C , is a control logic based on "a generalized Hoare logic of multiple-entry and multiple-exit program[s]." These two components, including their syntax and semantics, and various other important properties are the focus of the first part of the paper. The second part of the paper shows how this intermediate layer is used to prove several soundness properties of a list manipulating an example TAL. Furthermore, it gives an overview of the Foundational Proof-Carrying Code (FPCC) project at Princeton, which consists of a complete machine-supported environment for the soundness proof of a richer TAL. The paper ends with a discussion of related work and a conclusion. This paper gives a very round and complete view of the conceptual and technical difficulties in designing a TAL and proving its soundness. It also provides some interesting insights into semantic modeling from real programming languages in a formal setting. In summary, this review cannot adequately express the paper's richness and complexity. Online Computing Reviews Service

              Access critical reviews of Computing literature here

              Become a reviewer for Computing Reviews.

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!