Skip to main content
SpringerLink
Log in

Using Dependent Types to Certify the Safety of Assembly Code

  • Conference paper
Static Analysis (SAS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 3672))

Included in the following conference series:

Abstract

There are many source-level analyses or instrumentation tools that enforce various safety properties. In this paper we present an infrastructure that can be used to check independently that the assembly output of such tools has the desired safety properties. By working at assembly level we avoid the complications with unavailability of source code, with source-level parsing, and we certify the code that is actually deployed.

The novel feature of the framework is an extensible dependently-typed framework that supports type inference and mutation of dependent values in memory. The type system can be extended with new types as needed for the source-level tool that is certified. Using these dependent types, we are able to express the invariants enforced by CCured, a source-level instrumentation tool that guarantees type safety in legacy C programs. We can therefore check that the x86 assembly code resulting from compilation with CCured is in fact type-safe.

This research was supported in part by the National Science Foundation under grant number CCR-00225610. Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Necula, G.C., Condit, J., Harren, M., McPeak, S., Weimer, W.: CCured: Type-safe retrofitting of legacy software. ACM Transactions on Programming Languages and Systems 27 (2005)

    Google Scholar 

  2. Foster, J.S., Terauchi, T., Aiken, A.: Flow-Sensitive Type Qualifiers. In: Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation, Berlin, Germany, pp. 1–12 (2002)

    Google Scholar 

  3. Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proc. 7th USENIX Security Conference, San Antonio, Texas, pp. 63–78 (1998)

    Google Scholar 

  4. Morrisett, G., Walker, D., Crary, K., Glew, N.: From System F to typed assembly language. ACM Transactions on Programming Languages and Systems 21 (1999)

    Google Scholar 

  5. Xi, H., Harper, R.: Dependently Typed Assembly Language. In: The Sixth ACM SIGPLAN Int’l Conference on Functional Programming, Florence, pp. 169–180 (2001)

    Google Scholar 

  6. Chang, B.Y.E., Chlipala, A., Necula, G., Schneck, R.: Type-based verification of assembly language for compiler debugging. In: The 2nd ACM SIGPLAN Workshop on Types in Language Design and Implementation, pp. 91–102 (2005)

    Google Scholar 

  7. Hickey, J.: Formal objects in type theory using very dependent types. In: Proceedings of the 3rd International Workshop on Foundations of Object-Oriented Languages (1996)

    Google Scholar 

  8. Morrisett, G., Crary, K., Glew, N., Grossman, D., Samuels, R., Smith, F., Walker, D., Weirich, S., Zdancewic, S.: TALx86: A realistic typed assembly language. In: Proceedings of the 1999 ACM SIGPLAN Workshop on Compiler Support for System Software, pp. 25–35 (1999)

    Google Scholar 

  9. Morrisett, G., Crary, K., Glew, N., Walker, D.: Stack-based typed assembly language. In: Proceedings of the Second International Workshop on Types in Compilation, pp. 28–52. Springer, Heidelberg (1998)

    Google Scholar 

  10. Schneck, R.R.: Extensible Untrusted Code Verification. PhD thesis, University of California, Berkeley (2004)

    Google Scholar 

  11. Boehm, H.J., Weiser, M.: Garbage collection in an uncooperative environment. In: Software—Practice and Experience, pp. 807–820 (1988)

    Google Scholar 

  12. Colby, C., Crary, K., Harper, R., Lee, P., Pfenning, F.: Automated techniques for provably safe mobile code. Theor. Comput. Sci. 290, 1175–1199 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  13. Necula, G.C.: Proof-carrying code. In: The 24th Annual ACM Symposium on Principles of Programming Languages, pp. 106–119. ACM, New York (1997)

    Chapter  Google Scholar 

  14. Colby, C., Lee, P., Necula, G.C., Blau, F., Plesko, M., Cline, K.: A certifying compiler for java. In: Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation, pp. 95–107. ACM Press, New York (2000)

    Chapter  Google Scholar 

  15. Crary, K., Vanderwaart, J.C.: An expressive, scalable type theory for certified code. In: Proceedings of the seventh ACM SIGPLAN international conference on Functional programming, pp. 191–205. ACM Press, New York (2002)

    Chapter  Google Scholar 

  16. Shao, Z., Saha, B., Trifonov, V., Papaspyrou, N.: A type system for certified binaries. In: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 217–232. ACM Press, New York (2002)

    Chapter  Google Scholar 

  17. Chang, B.Y.E., Chlipala, A., Necula, G.C., Schneck, R.R.: The Open Verifier framework for foundational verifiers. In: The 2nd ACM SIGPLAN Workshop on Types in Language Design and Implementation, pp. 1–12 (2005)

    Google Scholar 

  18. Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 binary executables. In: Duesterwald, E. (ed.) CC 2004. LNCS, vol. 2985, pp. 5–23. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  19. Xi, H.: Imperative programming with dependent types. In: Proceedings of 15th IEEE Symposium on Logic in Computer Science, Santa Barbara, pp. 375–387 (2000)

    Google Scholar 

  20. Grossman, D.: Existential types for imperative languages. In: Proceedings of the 11th European Symposium on Programming Languages and Systems, pp. 21–35 (2002)

    Google Scholar 

  21. Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting Format String Vulnerabilities with Type Qualifiers. In: Proceedings of the 10th Usenix Security Symposium, Washington, D.C (2001)

    Google Scholar 

  22. Johnson, R., Wagner, D.: Finding user/kernel pointer bugs with type inference. In: Proceedings of the 13th USENIX Security Symposium (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Division, University of California, Berkeley, CA, 94720-1776, USA

    Matthew Harren & George C. Necula

Authors
  1. Matthew Harren
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. George C. Necula
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Imperial College London,  

    Chris Hankin

  2. Department of Computing, Imperial College London, 180 Queen’s Gate, SW7 2BZ, London, UK

    Igor Siveroni

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Harren, M., Necula, G.C. (2005). Using Dependent Types to Certify the Safety of Assembly Code. In: Hankin, C., Siveroni, I. (eds) Static Analysis. SAS 2005. Lecture Notes in Computer Science, vol 3672. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11547662_12

Download citation

  • DOI: https://doi.org/10.1007/11547662_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28584-7

  • Online ISBN: 978-3-540-31971-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation