Strength Through Typing: A more powerful dependently-typed assembly language Matt Harren George Necula OSQ 2004.

Slides:

Advertisements

Similar presentations

Lecture 2 - Introduction Objective C is used primarily for application development on Apple's Mac OS X and iPhone. On the Apple it is used together with.

Advertisements

CHECKING MEMORY SAFETY AND TEST GENERATION USING B LAST By: Pashootan Vaezipoor Computing Science Dept of Simon Fraser University.

Copyright 2013 – Noah Mendelsohn Compiling C Programs Noah Mendelsohn Tufts University Web:

Introduction to Assembly language

Carnegie Mellon Lecture 7 Instruction Scheduling I. Basic Block Scheduling II.Global Scheduling (for Non-Numeric Code) Reading: Chapter 10.3 – 10.4 M.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.

CSI 3120, Implementing subprograms, page 1 Implementing subprograms The environment in block-structured languages The structure of the activation stack.

Compiler construction in4020 – lecture 10 Koen Langendoen Delft University of Technology The Netherlands.

The Interface Definition Language for Fail-Safe C Kohei Suenaga, Yutaka Oiwa, Eijiro Sumii, Akinori Yonezawa University of Tokyko.

The Assembly Language Level

The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI

Ross Tate, Juan Chen, Chris Hawblitzel. Typed Assembly Languages Compilers are great but they make mistakes and can introduce vulnerabilities Typed assembly.

Chapter 10 Implementing Subprograms. Copyright © 2012 Addison- Wesley. All rights reserved. 1-2 Chapter 10 Topics The General Semantics of Calls and Returns.

Coolaid: Debugging Compilers with Untrusted Code Verification Bor-Yuh Evan Chang with George Necula, Robert Schneck, and Kun Gao May 14, 2003 OSQ Retreat.

Extensible Verification of Untrusted Code Bor-Yuh Evan Chang, Adam Chlipala, Kun Gao, George Necula, and Robert Schneck May 14, 2004 OSQ Retreat Santa.

Korey Breshears. Overview  What are automated security tools?  Why do we need them?  What types of tools are there?  What problems do these tools.

Introduction The Approach ’ s Overview A Language of Pointers The Type System Operational Semantics Type Safety Type Inference The Rest of C Experiments.

George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.

1 Storage Registers vs. memory Access to registers is much faster than access to memory Goal: store as much data as possible in registers Limitations/considerations:

Under the Hood of the Open Verifier Bor-Yuh Evan Chang, Adam Chlipala, Kun Gao, George Necula, and Robert Schneck October 21, 2003 OSQ Group Meeting.

Type-Safe Programming in C George Necula EECS Department University of California, Berkeley.

Runtime Environments Source language issues Storage organization

1 A Dependently Typed Assembly Language Hongwei Xi University of Cincinnati and Robert Harper Carnegie Mellon University.

Shangri-La: Achieving High Performance from Compiled Network Applications while Enabling Ease of Programming Michael K. Chen, Xiao Feng Li, Ruiqi Lian,

Run time vs. Compile time

A Type System for Expressive Security Policies David Walker Cornell University.

The Structure of the GNAT Compiler. A target-independent Ada95 front-end for GCC Ada components C components SyntaxSemExpandgigiGCC AST Annotated AST.

By: Bryan Dixon.  Performance  Explicit Memory Management  Fine-grained control over assembly level data representation.

1 Run time vs. Compile time The compiler must generate code to handle issues that arise at run time Representation of various data types Procedure linkage.

1 Type Type system for a programming language = –set of types AND – rules that specify how a typed program is allowed to behave Why? –to generate better.

CCured in the Real World Jeremy ConditMatthew Harren Scott McPeakGeorge Necula Westley Weimer OSQ Retreat May 14, 2003.

Guide To UNIX Using Linux Third Edition

May 9, 2001OSQ Retreat 1 Run-Time Type Checking for Pointers and Arrays in C Wes Weimer, George Necula Scott McPeak, S.P. Rahul, Raymond To.

Extensible Untrusted Code Verification Robert Schneck with George Necula and Bor-Yuh Evan Chang May 14, 2003 OSQ Retreat.

Building An Interpreter After having done all of the analysis, it’s possible to run the program directly rather than compile it … and it may be worth it.

1 The Problem o Fluid software cannot be trusted to behave as advertised unknown origin (must be assumed to be malicious) known origin (can be erroneous.

Extensible Code Verification Kun Gao (Senior EECS) with Professor George Necula, Evan Chang, Robert Schneck, Adam Chlipala An individual receives code.

May 22, 2002OSQ Retreat 1 CCured: Taming C Pointers George Necula Scott McPeak Wes Weimer

Checking Memory Safety with BLAST Dirk Beyer, et al. FASE 2005 KAIST CS750b 2006 Fall Seonggun Kim.

Software Development and Software Loading in Embedded Systems.

Safety in the C programming Language Peter Wihl May 26 th, 2005 CS 297 Security and Programming Languages.

JVM And CLR Dan Agar April 16, Outline Java and.NET Design Philosophies Overview of Virtual Machines Technical Look at JVM and CLR Comparison of.

Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.

Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.

CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 2.

Compiler Construction

1.  10% Assignments/ class participation  10% Pop Quizzes  05% Attendance  25% Mid Term  50% Final Term 2.

Run-Time Storage Organization Compiler Design Lecture (03/23/98) Computer Science Rensselaer Polytechnic.

The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)

Compilers: Overview/1 1 Compiler Structures Objective – –what are the main features (structures) in a compiler? , Semester 1,

Lecture by: Prof. Pooja Vaishnav.  Language Processor implementations are highly influenced by the kind of storage structure used for program variables.

Chapter 1 Introduction Major Data Structures in Compiler

Chapter 1: Introduction 1 Compiler Designs and Constructions Chapter 1: Introduction Objectives: Course Objectives Introduction Dr. Mohsen Chitsaz.

Automated tactics for separation logic VeriML Reconstruct Z3 Proof Safe incremental type checker Certifying code transformation Proof carrying hardware.

1 Compiler & its Phases Krishan Kumar Asstt. Prof. (CSE) BPRCE, Gohana.

Semantic Analysis II Type Checking EECS 483 – Lecture 12 University of Michigan Wednesday, October 18, 2006.

SAFE KERNEL EXTENSIONS WITHOUT RUN-TIME CHECKING George C. Necula Peter Lee Carnegie Mellon U.

LECTURE 3 Compiler Phases. COMPILER PHASES Compilation of a program proceeds through a fixed series of phases.  Each phase uses an (intermediate) form.

Presented by Ted Higgins, SQL Server DBA C Programming - Pointers.

Prof. Necula CS 164 Lecture 171 Operational Semantics of Cool ICOM 4029 Lecture 10.

 Data Type is a basic classification which identifies different types of data.  Data Types helps in: › Determining the possible values of a variable.

CSC 8505 Compiler Construction

Programming Languages Meeting 3 September 9/10, 2014.

As a general rule you should be using multiple languages these days (except for Java)

Dr. M. Al-Mulhem Introduction 1 Chapter 6 Type Systems.

Lecture 9 Symbol Table and Attributed Grammars

Compiler Construction (CS-636)

Run-time environments

Variables © 2018 Kris Jordan.

Presentation transcript:

Strength Through Typing: A more powerful dependently-typed assembly language Matt Harren George Necula OSQ 2004

Dependent Types for Assembly Code Goal: To reason about type safety in the compiled code generated from CCured and other languages. We need a typed assembly language that can handle destructive updates in dependent types. Later, we will generate formal proofs of type safety for PCC.  With the OpenVerifier, of course.

CCured pointers are multiword structures  Some CCured pointers have dynamic typing information or array bounds. In assembly language, updates are not atomic. How do we safely update these pointers? The Target: CCured pointer  (  * SEQ *) baseend  … pointer Tag for   (void * RTTI *)

A separate typing rule for each pointer kind in CCured. We use a special type for pointers (to records) that is parameterized on the pointer itself, and on the memory state. For array types, we need quantifiers. The Types (pointer field) (tag field)

The Framework Use type inference over assembly code.  Now we can use an off-the-shelf compiler/optimizer Goal: typecheck CCured’s output after running through gcc –O3  Minimal annotations required. Use symbolic execution  Now we can reason about multiple memory writes that together maintain our type dependencies.