Toward a foundational typed assembly language
Karl Crary
2003
SIGPLAN notices
We present the design of a typed assembly language called TALT that supports heterogeneous tuples, disjoint sums, arrays, and a general account of addressing modes. TALT also implements the von Neumann model in which programs are stored in memory, and supports relative addressing. Type safety for execution and for garbage collection are shown by machine-checkable proofs. TALT is the first formalized typed assembly language to provide any of these features. For grid computing, however, the
more »
... to minimize trust in the steward goes beyond such general considerations. The key issue is extensibility. Our aim is to enable the establishment of a decentralized grid computing fabric available for a wide array of participants. For this purpose, it is implausible to imagine that a single type system will suffice for all potential grid applications. Furthermore, it is also implausible (and indeed undesirable) that a single trusted agent would check the soundness of all proposed new type systems. Thus, it is necessary that the basic steward can be safely extended with new type systems from untrusted sources. The natural way to achieve this is using foundational certified code, in which the entire safety argument, down to a safety policy expressed in terms of the concrete architecture, is given in machine-checkable form. In its incarnation as foundational PCC [1], a binary is accompanied by an complete proof of its safety. In our proposed foundational TAL, a program's safety argument is broken into two parts: The first portion, a self-certified type system, is the specification of a type system and a machine-checkable proof that it satisfies an established safety policy. This portion would generally be independent of any particular application. The second portion is the application's typing derivation in a certified type system. In this model, any grid application developer could devise his or her own type system sufficient to certify his or her applications. Whenever a steward encountered a certified application referring to an unknown type system, the steward would automatically download the type system, verify its safety proof, and thereafter accept applications with valid typing derivations in that type system. This model addresses each of the four issues demanding trust of the new type system. The first three issues are clearly dealt with by the use of complete, machine-checkable proofs. By packaging applications with typing derivations, as opposed to type annotations, the fourth issue is also addressed: a single proof checker can check derivations for any type system, and no new checker need ever be employed. The aim of this work is to implement a first example of foundational typed assembly language for the Intel IA-32 architecture, and also to build a flexible foundation on which a variety of other type systems may be built. Accordingly, we have broken the development of our system into two stages (in the model of Hamid, et al.'s development of "Featherweight TAL" [12]): • The first stage develops a general typed assembly language that is not (very) specific to any architecture. This general language is given an operational semantics, and its abstract safety is established by machine-checkable proofs of type preservation and progress. The safety of garbage collection is also established at this level (Section 4). • The second stage shows that the abstract operational semantics maps correctly onto the concrete architecture. The general type system is designed to account for all those issues that pertain to the type system (including nearly all central issues), so this second stage is a type-free simulation argument. This topic of this paper is the first stage of this effort. The second is currently underway.
doi:10.1145/640128.604149
fatcat:o7jlwr74anhirhzk6kxl4khbri