COS 441 Exam Stuff David Walker

TAL 2 Logistics take-home exam will become available on the course web site Jan write down when you download & when you turn in to kenny or deliver to his office by hand you have 24 hours to complete the exam content: anything from class, assignments, or assigned textbook readings

TAL 3 Content: Pre-midterm Judgments, inductive definitions, proofs by induction (Chapter 3) Intuitionistic logic: formulas, proofs, proof checking & the Curry-Howard isomorphism Untyped lambda calculus, operational semantics, properties, encodings (Chapter 5) Typed lambda calculus: syntax, operational semantics, typing rules, properties including type safety, progress, preservation, canonical forms, substitution, inversion principles, etc. (Chapter 8,9,11) Typed datastructures: tuples, sums (Chapter 11) Implementation of programming language concepts (syntax, substitution, operational semantics, type checking)

TAL 4 Content: Post-midterm recursive types (Chap 20.1, 20.2) effectful computations: references, exceptions, semantics using evaluation contexts (Chap 13,14; evaluation contexts note above) quantified types: universal polymorphism, existential types, type inference (Chap , , 24) subtyping: subtyping relations, co-, contra-, and in-variance, subsumption rule, proving soundness of declarative system, showing subtyping rules are “bad”, don’t worry about relating declarative and algorithmic subtyping formally (Chap , ) class-based, object-oriented languages: featherweight Java (Chap ) applications of operational semantics & type systems: stack inspection stuff we cover today in lecture implementation of any of the concepts above

Typed Assembly Language David Walker Slides stolen from: Greg Morrisett

TAL 6 Types “Type systems for programming languages are a syntactic mechanism for enforcing abstraction.” J. Reynolds

TAL 7 What is TAL? A type system for assembly language(s): built-in abstractions (tuple,code) operators to build new abstractions ( , , ) annotations on assembly code an abstraction checker Thm: well-annotated code cannot violate abstractions.

TAL 8 What We Did [popl 98, toplas 99 & others] Theory: small RISC-style assembly language compiler from System F to TAL soundness and preservation theorems Practice: most of IA32 (32-bit Intel x86) more type constructors everything you can think of and more safe C compiler ~40,000LOC & compiles itself

TAL 9 Why Type Assembly? Theory: simplifies proofs of compiler correctness deeper understanding of compilation Practice: compiler debugging software-based protection

TAL 10 Type-Based Protection (JVM) Java Source javac JVM bytecodes JVM verifierSystem Interface Binary Optimizer Low-Level IL System Binary “Kernel”

TAL 11 JVM Pros & Cons Pros: portable hype: $, tools, libraries, books, training Cons: trusted computing base includes JIT requires many run-time tests “down” casts, arrays, null pointers, etc. only suitable for Java (too high-level) no formal spec (when we started with TAL)

TAL 12 Ideally: Your favorite language Low-Level IL (SSA) optimizer machine code verifierSystem Interface System Binary “Kernel”

TAL 13 Rest of the Lecture: Examples TAL core types: bytes, tuples, code,  Control-Flow: calling conventions, stacks, exns I won’t get to: closures, objects, modules, type analysis, ADTs

TAL 14 Simple Built-In Types Bytes: b1, b2, b4 Tuples: (  1  1,…,  n  n )  Code: {r 1 :  1,…, r n :  n } like a pre-condition argument type of function no return type because code doesn’t really return, just jumps somewhere else... Polymorphic types:  . ,  . 

TAL 15 Simple Loop sum: {ecx:b4, ebx:{eax:b4}} ; int sum(int x) { moveax,0 ; int a = 0; jmptest ; loop: {eax:b4, ecx:b4, ebx:{eax:b4}} ; while(!x) { addeax,ecx ; a += x; dececx ; x--; FALLTHRU ; } test: {eax:b4, ecx:b4, ebx:{eax:b4}} ; cmpecx,0 ; jneloop ; return(a); jmpebx ; }

TAL 16 Allocation: mkpair: {eax:b4, ebx:{eax:(b4 1, b4 1 )}} movecx,eax MALLOCeax,8,(b4, b4) ; eax : (b4 0, b4 0 ) mov[eax+0],ecx ; eax : (b4 1, b4 0 ) mov[eax+4],ecx ; eax : (b4 1, b4 1 ) jmpebx

TAL 17 Callee-Saves Register addone: .{eax:b4, ecx: , ebx:{eax:b4, ecx:  }} inc eax ; x+1 jmpebx ; return main: {ebx:{eax:b4}} moveax,3 movecx,ebx ; save main’s return address movebx,done jmpaddone[{eax:b4}] done: {eax:b4,ecx:{eax:b4}} inceax jmpecx

TAL 18 In General: Need to save more stuff (e.g., locals): MALLOC ecx,4n,(  1,…,  n ) ; frame for storage mov[ecx+0],r1 … ; save locals mov[ecx+4n-4],rn jmpaddone[(  1,…,  n )] Heap-Allocated Activation Records

TAL 19 Stacks Want to use stack for activation frames. Stack types:  ::= nil |   ::  |  |   2

TAL 20 Typing Stack Operations { esp:  } { esp:  1  ::  2  ::…::  i  ::  } sub esp,i*4 add esp,i*4 { esp: b4 0 ::b4 0 ::…::b4 0 ::  } { esp :  { r: , esp:  1  ::  2  ::…::  i  ::  } { r: , esp:  } mov [esp+i*4],r push r { r: , esp:  1  ::  2  ::…::  1 ::  } { r:  esp:  1 ::  } { esp:  1  ::  2  ::…::  i 1 ::  } { esp:  1 ::  } mov r,[esp+i*4] pop r { r:  i, esp:  1  ::  2  ::…::  i 1 ::  } { r:  esp:  }

TAL 21 Recursion thru Stack Variables fact: .{eax:b4, esp:{eax:b4, esp:  }::  } cmpeax,1 jneL[  ] retn L:  ’.{eax:b4, esp:{eax:b4, esp:  ’}::  ’} pusheax deceax callfact[b4::{eax:b4, esp:  ’}::  ’] popecx imuleax,ecx retn

TAL 22 Fact Fact fact: .{eax:b4, esp:{eax:b4, esp:  }::  } Because  is abstract, fact cannot read or write this portion of the stack. Caller’s frame is protected from callee…

TAL 23 Scope, Closures, and Objects let foo : unit -> int = let seed = ref 42 in fun () -> (seed := !seed + 1; !seed) final class Foo { private int seed = 42; public int foo() { return(seed++); } } In both cases, seed is private to the code foo.

TAL 24 Encoding “Private” Data:  foo :  .( ,  {eax: , esp:{eax:b4,esp:  }::  } ) Read: - there is some (abstract) type   - foo is a pair of an  value and a code pointer - the code requires the  value as an argument - no other  values can exist (i.e., you can’t forge the private data)

TAL 25 “Self” and Recursive Closures:  . .( ,  {eax: , esp:{eax:b4,esp:  }::  }) Read: - there is some (abstract) type   -  ( ,  {eax: , esp:{eax:b4,esp:  }::  }) - that is, the code takes the whole object as an argument

TAL 26 Other TAL Features Module system interfaces, implementations, ADTs Sum type/datatype support Fancy arrays/vector typing (Higher Order) Type constructors Fault tolerance checking Other people still writing papers about more...

TAL 27 Long Term? Low-level, portable, safe language: OO-support of Java typing support of ML programmer control of C good model of space good model of running time many optimizations expressible in the language Microsoft research working on a new compiler (Phoenix) to generate TAL