H. Xi and R. Harper. A dependently typed assembly language (extended abstract). (To appear), July 1999.  Home/Search   Document Details and Download   Summary   Related Articles   Check

.... By trichotomy (and some rearranging) we may obtain rco(r) set = x) set (x) set (x) and then cmpjcc rco(r) o, gte, o fail leaves r with type set (x) It seems likely that a more sophisticated treatment of array bounds checks is possible using something like Xi and Harper s DTAL [31] to track dependencies between various integer values, but we have not explored such an extension at this time, as mechanizing their proofs seems likely to be burdensome. 3.3 Relative Addressing Given the TALT machine model, PC relative addressing is not di#cult to add operationally. We simply ....

Hongwei Xi and Robert Harper. A dependently typed assembly language. In 2001 ACM International Conference on Functional Programming, pages 169--180, Florence, Italy, September

....LTAL is shown in Figure 8. Extending the term translation to deal with cons, nil, and case expressions is easy. To deal with arbitrary, user de ned datatypes, we could introduce singleton integer types and union types along the lines of the encoding of recursive types in Alias Types [30] or DTAL [33]. 5.1.3 Polymorphism Another important feature which we have not shown how to implement is parametric polymorphism. LTAL already supports polymorphism; however, our source and intermediate languages do not. We can easily add universally quanti ed types to the source and LIL in the usual way. The ....

Hongwei Xi and Robert Harper. A dependently typed assembly language. In International Conference on Functional Programming, pages 169-180, 2001.

....as a metatheorem outside of the proving system; the proof is hand written and not machine checkable. The typing rules and the type checker are in the trusted computing base (TCB) that is, bugs in these components can let unsafe code slip past the checker. There have been many variants of TAL [15, 23, 16], which rely on similar soundness metatheorems. A recent variant [10] has a machine checkable metatheorem. It is hard to manage the soundness proofs and avoid errors when scaling up to realistic type systems for real compilers. The goal of the Foundational Proof Carrying Code (FPCC) 2] project at ....

....specification Machine checked soundness proof Minimal checker Atomicity Compiler can choose data reprs. Dataflow analysis Position independent code Basic blocks Syntax directed checking 1 2 3 4 5 6 7 8 9 10 11 SpecialJ [9] # . TALx86 [17] # . # . # # # DTAL [23] . FTAL [12] # . TALT [10] # # . # Our LTAL # . # . # . Figure 1: Comparison of typed assembly languages (see Appendix A) Machine checked proof. We have a machine checked proof (mostly finished) of the soundness of our system that is, if the LTAL type checks, the ....

[Article contains additional citation context not shown here]

Hongwei Xi and Robert Harper. A dependently typed assembly language. In 2001.

....proof (for the underlying type system) can reduce the trusted base is not new [16, 3] however, none of the existing work has shown how to use the syntactic proof to build the foundational proof. In addition, we show in Sections 3 and 4 that navely combining existing typed assembly languages (TAL) [14, 13, 26] with their soundness proofs do not necessarily produce valid FPCC. To make the syntactic approach work, we need to ensure that a close correspondence can be established between the TAL and the underlying FPCC machine. This involves developing a type system for TAL which is not only sound but ....

....of proof terms are provided in Section 5. This method imposes requirements on the design of the typed assembly language other than just having a sound type system. For the approach we follow in this article, if the assembly language has macro instructions (e.g. malloc [14, 13] and newarray [26], which expand into sequences of several machine instructions) the well formedness of the assembly program alone will be insu#cient for the construction of the global invariant. This is because Inv must hold for all machine states reachable from S 0 . For the intermediate states of the ....

H. Xi and R. Harper. A dependently typed assembly language. In Proc. 2001 ACM SIGPLAN Int'l Conf. on Functional Prog., pages 169--180. ACM Press, Sept. 2001.

....specific, they require solving a set of integer equality or inequality equations to prove the soundness of the index types and to control resource consumption. Unfortunately, existing approaches either include the constraints solver into the trusted computing base (e.g. Xi s DML [19] and DTAL [20]) or lock the safety policy with one particular solver logic (e.g. Necula s Simplex solver logic [11, 10] The goal of this work is to study the feasibility of producing a generic framework where the constraints solver does not have to be in the TCB and the safety policy is independent of the ....

....they introduce the Simplex Logic, a form of minimalistic logic tailored for proving results obtained by the Simplex algorithm. However, since this logic is very specific, they can neither express proofs using any other algorithm or extend their algorithm to more generic constraints. Xi [22, 20], on the other hand, proposes a dependent type system, which totally abstracts the the solver algorithm, considering it as a prerequisite. Several other works require integer constraints solving algorithms in PCC and would benefit from a generic framework. Among them, TAL [8] Crary and Weirich ....

H. Xi and R. Harper. A dependently typed assembly language. Technical Report CMU-CS-99-xxx, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, July 1999.

....specific, they require solving a set of integer equality or inequality equations to prove the soundness of the index types and to control resource consumption. Unfortunately, existing approaches either include the constraints solver into the trusted computing base (e.g. Xi s DML [17] and DTAL [18]) or lock the safety policy with one particular solver logic (e.g. Necula s Simplex solver logic [10, 9] The goal of this work is to study the feasibility of producing a generic framework where the constraints solver does not have to be in the TCB and the safety policy is independent of the ....

....they introduce the Simplex Logic, a form of minimalistic logic tailored for proving results obtained by the Simplex algorithm. However, since this logic is very specific, they can neither express proofs using any other algorithm or extend their algorithm to more generic constraints. Xi [20, 18], on the other hand, proposes a dependent type system, which totally abstracts the the solver algorithm, considering it as a prerequisite. Several other works require integer constraints solving algorithms in PCC and would benefit from a generic framework. Among them, TAL [7] Crary and Weirich ....

H. Xi and R. Harper. A dependently typed assembly language. Technical Report CMU-CS-99xxx, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, July 1999.

....proof (for the underlying type system) can reduce the trusted base is not new [16, 3] however, none of the existing work has shown how to use the syntactic proof to build the foundational proof. In addition, we show in Sections 3 and 4 that navely combining existing typed assembly languages (TAL) [14, 13, 25] with their soundness proofs do not necessarily produce valid FPCC. The relationship between TAL [14] and PCC [17] has never been made precise even though the two are considered as related approaches for certifying low level code. In Section 5 we show how to translate each well typed program ....

....of proof terms are provided in Section 5. This method imposes requirements on the design of the typed assembly language other than just having a sound type system. For the approach we follow in this paper, if the assembly language has macro instructions (e.g. malloc [14, 13] and newarray [25], which expand into sequences of several machine instructions) the wellformedness of the assembly program alone will be insufficient for the construction of the global invariant. This is because Inv must hold for all machine states reachable from S 0 . For the intermediate states of the ....

H. Xi and R. Harper. A dependently typed assembly language. In Proc. 2001.

No context found.

H. Xi and R. Harper. A dependently typed assembly language (extended abstract). (To appear), July 1999.

No context found.

H. Xi and R. Harper. A dependently typed assembly language. Technical Report OGI-CSE-99-008, Computer Science Department, Oregon Graduate Institute, July 1999.

No context found.

Hongwei Xi and Robert Harper. A Dependently Typed Assembly Language. In Proceedings of International Conference on Functional Programming, pages 169-180, September 2001.

No context found.

Xi, H. and R. Harper (2001, September). A Dependently Typed Assembly Language. In Proceedings of International Conference on Functional Programming, pp. 169--180.

No context found.

Hongwei Xi and Robert Harper. Dependently typed assembly language. In Proceedings of the 6th International Conference on Functional Programming (ICFP'01), pages 169--180, Florence, Italy, September 2001. ACM Press.

No context found.

H. Xi and R. Harper. A Dependently Typed Assembly Language. Technical Report CSE-99-008, Oregon Graduate Institute, July 1999. Also available as http://www.cs.bu.edu/hwxi/academic/papers/ DTAL.ps.

....methods are not mutually exclusive. We are currently exploring their integration using dependent types which allow assertions to be blended with types in a single type theoretic formalism. This technique is robust and can be applied to high level languages [27,28] as well as low level languages [29], thereby providing an ideal basis for their use in certifying compilers. 13 3.2 Typed Intermediate Languages To give a sense of how type information might be attached to intermediate code, we give an example derived from the representation of lists. At the level of the source language, there ....

H. Xi, R. Harper, A dependently typed assembly language, Tech. Rep. OGICSE -99-008, Computer Science Department, Oregon Graduate Institute (July 1999).

....2.1 Syntax We assume that there are a xed number nr of registers. A register le R is a nite mapping from the set f0; 1; nr 1g into types. The intent is to capture some type information on registers with R. The syntax for DTAL is given in Figure 3. Note that stacks, which are treated in [16], are omitted here for simplicity, though we do use stacks in some code example. One may simply think of a stack as an in nite list of registers. Also, we omit tuples, which can be handled as in TAL. Intuitively speaking, dependent types are types which depend on the values of language ....

....proof of the type soundness of DTAL have regular derivations. Therefore, the scenario of shared pointers mentioned previously can never occur. This allows us to establish Theorem 5.1. Note the issue here, which we think is rather subtle to recognize, does not occur in either DML or TAL. Please see [16] for details. 6. EXTENSION WITH SUM TYPES The programmer can declare in Xanadu a polymorphic union type as in Figure 12 for representing lists and then implement the length function. The concrete syntax a list is for the type of lists in which all elements are of type a (we use a for a type ....

[Article contains additional citation context not shown here]

H. Xi and R. Harper. A Dependently Typed Assembly Language. Technical Report CSE-99-008, Oregon Graduate Institute, July 1999. Also available as http://www.ececs.uc.edu/~hwxi/academic/papers/DTAL.ps.

....methods are not mutually exclusive. We are currently exploring their integration using dependent types which allow assertions to be blended with types in a single type theoretic formalism. This technique is robust and can be applied to high level languages [27,28] as well as low level languages [29], thereby providing an ideal basis for their use in certifying compilers. 13 3.2 Typed Intermediate Languages To give a sense of how type information might be attached to intermediate code, we give an example derived from the representation of lists. At the level of the source language, there ....

H. Xi, R. Harper, A dependently typed assembly language, Tech. Rep. OGICSE -99-008, Computer Science Department, Oregon Graduate Institute (July 1999).

....programmer can use dependent types to more accurately capture program properties and thus detect more program errors at compile time. It is also demonstrated that dependent types in DML can facilitate array bound check elimination (Xi and Pfenning 1998) redundant pattern matching clause removal (Xi 1999a) tag check elimination and tagless representation of datatypes (Xi 1999b) Evidently, an immediate question is whether we can reap some similar bene ts by introducing dependent types into imperative programming. We give a postive answer to this question in this paper. Intuitively speaking, ....

....and thus detect more program errors at compile time. It is also demonstrated that dependent types in DML can facilitate array bound check elimination (Xi and Pfenning 1998) redundant pattern matching clause removal (Xi 1999a) tag check elimination and tagless representation of datatypes (Xi 1999b) Evidently, an immediate question is whether we can reap some similar bene ts by introducing dependent types into imperative programming. We give a postive answer to this question in this paper. Intuitively speaking, dependent types are types which depend on the values of language expressions. ....

[Article contains additional citation context not shown here]

Xi, H. and R. Harper (1999, July). A Dependently Typed Assembly Language. Technical Report CSE-99-008, Oregon Graduate Institute. Also available at http://www.ececs.uc.edu/~hwxi/academic/papers/DTAL.ps.

....Syntax We assume that there are a xed number nr of registers and. A register le R is a nite mapping from the set f0; 1; nr 1g into types. The intent is to capture some type information on registers with R. The syntax for DTAL is given in Figure 3. Note that stacks, which are treated in [Xi and Harper 1999], are omitted here for simplicity, though we do use stacks in some code example. One may simply type variables state types : state( R) reg le types R : r0 : 0 ; rnr 1 : nr 1 ] types : j j top j int(x) j array(x) j 9 : type erasures : j top j int j ....

....one type. We can then prove that if M j= R[ has a regular derivation then M 0 j= R 0 [ 0 ] 0 ] also has a regular derivable. This allows us to establish Theorem 5.1. Note the issue here, which we think is a bit subtle to recognize, does not occur int either DML or TAL. Please see [Xi and Harper 1999] for details. 6. EXTENSION WITH SUM TYPES No. R 04 m : nat; n : nat; m n; i : nat R2 05 m : nat; n : nat; m n; i : nat R2 [r5 : int(i m) 06 m : nat; n : nat; m n; i : nat; i m 0 R2 [r5 : int(i m) 07 m : nat; n : nat; m n; i : nat; i m 0 R2 [r5 : int] 08 m : nat; n ....

[Article contains additional citation context not shown here]

Xi, H. and R. Harper (1999, July). A Dependently Typed Assembly Language. Technical Report CSE-99-008, Oregon Graduate Institute. Also available at http://www.ececs.uc.edu/~hwxi/academic/papers/DTAL.ps.

No context found.

Hongwei Xi and Robert Harper. A dependently typed assembly language. In Proceedings of the 2001 ACM SIGPLAN International Conference on Functional Programming (ICFP '01), pages 169--180, New York, September 2001. ACM Press.

No context found.

Hongwei Xi and Robert Harper. A dependently typed assembly language. In 6th ACM International Conference on Functional Programming, pages 169--180, 2001.

No context found.

H. Xi and R. Harper. A dependently typed assembly language. In International Conference on Functional Programming, Florence, Italy, September 2001.

No context found.

Hongwei Xi and Robert Harper. A dependently typed assembly language. In Press, 2001.

No context found.

Hongwei Xi and Robert Harper. A dependently typed assembly language. In 6th ACM International Conference on Functional Programming, pages 169--180, Florence, Italy, September 2001.

No context found.

H. Xi and R. Harper. Dependently Typed Assembly Language. In Proceedings of the Sixth ACM SIGPLAN International Conference on Functional Programming, pages 169-180, Florence, September 2001.

No context found.

H. Xi and R. Harper. A dependently typed assembly language. In Proc. 2001.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC