Article

Modular verification of assembly code with stack-based control abstractions

Authors:
Xinyu Feng

Yale University, New Haven, CT , U.S.A.

Yale University, New Haven, CT , U.S.A.
View Profile

,
Zhong Shao

Yale University, New Haven, CT , U.S.A.

Yale University, New Haven, CT , U.S.A.
View Profile

,
Alexander Vaynberg

Yale University, New Haven, CT , U.S.A.

Yale University, New Haven, CT , U.S.A.
View Profile

,
Sen Xiang

University of Science and Technology of China, Anhui, China

University of Science and Technology of China, Anhui, China
View Profile

,
Zhaozhong Ni

Yale University, New Haven, CT

Yale University, New Haven, CT
View Profile

PLDI '06: Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and ImplementationJune 2006Pages 401–414https://doi.org/10.1145/1133981.1134028

Published:11 June 2006Publication History

PLDI '06: Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 401–414

ABSTRACT

Runtime stacks are critical components of any modern software--they are used to implement powerful control structures such as function call/return, stack cutting and unwinding, coroutines, and thread context switch. Stack operations, however, are very hard to reason about: there are no known formal specifications for certifying C-style setjmp/longjmp, stack cutting and unwinding, or weak continuations (in C--). In many proof-carrying code (PCC) systems, return code pointers and exception handlers are treated as general first-class functions (as in continuation-passing style) even though both should have more limited scopes.In this paper we show that stack-based control abstractions follow a much simpler pattern than general first-class code pointers. We present a simple but flexible Hoare-style framework for modular verification of assembly code with all kinds of stackbased control abstractions, including function call/return, tail call, setjmp/longjmp, weak continuation, stack cutting, stack unwinding, multi-return function call, coroutines, and thread context switch. Instead of presenting a specific logic for each control structure, we develop all reasoning systems as instances of a generic framework. This allows program modules and their proofs developed in different PCC systems to be linked together. Our system is fully mechanized. We give the complete soundness proof and a full verification of several examples in the Coq proof assistant.

References

A. Ahmed and D. Walker. The logical approach to stack typing. In Proc. of the 2003 ACM SIGPLAN Int'l workshop on Types in Lang. Design and Impl., pages 74--85. ACM Press, 2003. Google ScholarDigital Library
A. W. Appel. Compiling with Continuations. Cambridge University Press, New York, 1992. Google ScholarDigital Library
A. W. Appel. Foundational proof-carrying code. In Symp. on Logic in Comp. Sci. (LICS'01), pages 247--258. IEEE Comp. Soc., June 2001. Google ScholarDigital Library
K. R. Apt. Ten years of Hoare's logic: A survey - part I. ACM Trans. on Programming Languages and Systems, 3(4):431--483, 1981. Google ScholarDigital Library
N. Benton. A typed, compositional logic for a stack-based abstract machine. In Proc. Third Asian Symp. on Prog. Lang. and Sys., LNCS 3780, pages 364--380. Springer-Verlag, November 2005. Google ScholarDigital Library
J. Berdine, P. O'hearn, U. Reddy, and H. Thielecke. Linear continuation-passing. Higher Order Symbol. Comput., 15(2-3):181--208, 2002. Google ScholarDigital Library
D. Chase. Implementation of exception handling, Part I. The Journal of C Language Translation, 5(4):229--240, June 1994.Google Scholar
W. D. Clinger. Proper tail recursion and space efficiency. In Proc. 1997 ACM Conf. on Prog. Lang. Design and Impl., pages 174--185, New York, 1997. ACM Press. Google ScholarDigital Library
C. Colby, P. Lee, G. Necula, F. Blau, M. Plesko, and K. Cline. A certifying compiler for Java. In Proc. 2000 ACM Conf. on Prog. Lang. Design and Impl., pages 95--107, New York, 2000. ACM Press. Google ScholarDigital Library
M. E. Conway. Design of a separable transition-diagram compiler. Communications of the ACM, 6(7):396--408, July 1963. Google ScholarDigital Library
K. Crary. Toward a foundational typed assembly language. Technical Report CMU-CS-02-196, Carnegie Mellon University, School of Computer Science, Dec. 2002.Google Scholar
S. J. Drew, J. Gough, and J. Ledermann. Implementing zero overhead exception handling. Technical Report 95-12, Faculty of Information Technology, Queensland U. of Technology, Brisbane, Australia, 1995.Google Scholar
X. Feng, Z. Shao, A. Vaynberg, S. Xiang, and Z. Ni. Modular verification of assembly code with stack-based control abstractions. Technical Report YALEU/DCS/TR-1336 and Coq Implementation, Dept. of Computer Science, Yale University, New Haven, CT, Nov. 2005. http://flint.cs.yale.edu/publications/sbca.html.Google Scholar
N. A. Hamid, Z. Shao, V. Trifonov, S. Monnier, and Z. Ni. A syntactic approach to foundational proof-carrying code. In Proc. Seventeenth Annual IEEE Symposium on Logic In Computer Science (LICS'02), pages 89--100. IEEE Computer Society, July 2002. Google ScholarDigital Library
D. R. Hanson. C Interface & Implementations. Add. Wesley, 1997.Google Scholar
C. A. R. Hoare. An axiomatic basis for computer programming. Communications of the ACM, 12(10):576--580, Oct. 1969. Google ScholarDigital Library
L. Jia, F. Spalding, D. Walker, and N. Glew. Certifying compilation for a language with stack allocation. In Proc. 20th IEEE Symposium on Logic in Computer Science, pages 407--416, June 2005. Google ScholarDigital Library
C. B. Jones. Tentative steps toward a development method for interfering programs. ACM Trans. on Programming Languages and Systems, 5(4):596--619, 1983. Google ScholarDigital Library
C. B. Jones. Systematic software development using VDM. Prentice Hall International (UK) Ltd., 1986. Google ScholarDigital Library
B. W. Kernighan and D. M. Ritchie. The C Programming Language (Second Edition). Prentice Hall, 1988. Google ScholarDigital Library
L. Lamport. The temporal logic of actions. ACM Trans. on Programming Languages and Systems, 16(3):872--923, May 1994. Google ScholarDigital Library
T. Lindholm and F. Yellin. The Java Virtual Machine Specification (Second Edition). Addison-Wesley, 1999. Google ScholarDigital Library
G. Morrisett, K. Crary, N. Glew, and D. Walker. Stack-based typed assembly language. In Proc. 1998 Int'l Workshop on Types in Compilation: LNCS Vol 1473, pages 28--52. Springer-Verlag, 1998. Google ScholarDigital Library
G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to typed assembly language. In Proc. 25th ACM Symp. on Principles of Prog. Lang., pages 85--97. ACM Press, Jan. 1998. Google ScholarDigital Library
D. A. Naumann. Predicate transformer semantics of a higher-order imperative language with record subtyping. Science of Computer Programming, 41(1):1--51, 2001. Google ScholarDigital Library
G. Necula. Compiling with Proofs. PhD thesis, School of Computer Science, Carnegie Mellon Univ., Sept. 1998. Google ScholarDigital Library
G. Necula and P. Lee. The design and implementation of a certifying compiler. In Proc. 1998 ACM Conf. on Prog. Lang. Design and Impl., pages 333--344, New York, 1998. Google ScholarDigital Library
Z. Ni and Z. Shao. A translation from typed assembly languages to certified assembly programming. Technical report, Dept. of Computer Science, Yale Univ., New Haven, CT, Nov. 2005. http://flint.cs.yale.edu/flint/publications/talcap.html.Google Scholar
Z. Ni and Z. Shao. Certified assembly programming with embedded code pointers. In Proc. 33rd ACM Symp. on Principles of Prog. Lang., pages 320--333, Jan. 2006. Google ScholarDigital Library
N. Ramsey and S. P. Jones. A single intermediate language that supports multiple implementations of exceptions. In Proc. 2000 ACM Conf. on Prog. Lang. Design and Impl., pages 285--298, 2000. Google ScholarDigital Library
J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In Proc. 17th Annual IEEE Symposium on Logic in Computer Science, pages 55--74. IEEE Computer Society, 2002. Google ScholarDigital Library
O. Shivers and D. Fisher. Multi-return function call. In Proc. 2004 ACM SIGPLAN Int'l Conf. on Functional Prog., pages 79--89. ACM Press, Sept. 2004. Google ScholarDigital Library
R. Stata and M. Abadi. A type system for java bytecode subroutines. In Proc. 25th ACM Symp. on Principles of Prog. Lang., pages 149--160. ACM Press, 1998. Google ScholarDigital Library
G. L. Steele. Rabbit: a compiler for Scheme. Technical Report AI-TR-474, MIT, Cambridge, MA, 1978. Google ScholarDigital Library
The Coq Development Team. The Coq proof assistant reference manual. The Coq release v8.0, Oct. 2004.Google Scholar
J. C. Vanderwaart and K. Crary. A typed interface for garbage collection. In Proc. 2003 ACM SIGPLAN International Workshop on Types in Language Design and Implementation, pages 109--122, 2003. Google ScholarDigital Library
D. von Oheimb. Hoare logic for Java in Isabelle/HOL. Concurrency and Computation: Practice and Experience, 13(13):1173--1214, 2001.Google ScholarCross Ref
A. K. Wright and M. Felleisen. A syntactic approach to type soundness. Information and Computation, 115(1):38--94, 1994. Google ScholarDigital Library
D. Yu, N. A. Hamid, and Z. Shao. Building certified libraries for PCC: Dynamic storage allocation. In Proc. 2003 European Symposium on Programming, LNCS Vol. 2618, pages 363--379, 2003. Google ScholarDigital Library
D. Yu and Z. Shao. Verification of safety properties for concurrent assembly code. In Proc. 2004 ACM SIGPLAN Int'l Conf. on Functional Prog., pages 175--188, September 2004. Google ScholarDigital Library
Y. Yu. Automated Proofs of Object Code For A Widely Used Microprocessor. PhD thesis, University of Texas at Austin, 1992. Google ScholarDigital Library

Index Terms

Modular verification of assembly code with stack-based control abstractions
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
  2. Software organization and properties
    1. Software functional properties
      1. Correctness
      2. Formal methods
2. Theory of computation
  1. Logic
    1. Proof theory
  2. Semantics and reasoning
    1. Program reasoning

Recommendations

Modular verification of assembly code with stack-based control abstractions
Proceedings of the 2006 PLDI Conference

Runtime stacks are critical components of any modern software--they are used to implement powerful control structures such as function call/return, stack cutting and unwinding, coroutines, and thread context switch. Stack operations, however, are very ...
Read More
Modular Verification of SPARCv8 Code
Abstract
Inline assembly code is common in system software to interact with the underlying hardware platforms. The safety and correctness of the assembly code is crucial to guarantee the safety of the whole system. In this paper, we propose a practical ...
Read More
Certified assembly programming with embedded code pointers
POPL '06: Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Embedded code pointers (ECPs) are stored handles of functions and continuations commonly seen in low-level binaries as well as functional or higher-order programs. ECPs are known to be very hard to support well in Hoare-logic style verification systems. ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
PLDI '06: Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2006
438 pages
ISBN:1595933204
DOI:10.1145/1133981
General Chair:
Michael Schwartzbach
University of Aarhus, Denmark
,
Program Chair:
Thomas Ball
Microsoft Research
ACM SIGPLAN Notices Volume 41, Issue 6
Proceedings of the 2006 PLDI Conference
June 2006
426 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1133255
Issue’s Table of Contents
Copyright © 2006 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 11 June 2006
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
assembly code verification
control abstractions
modularity
proof-carrying code
stack-based
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate406of2,067submissions,20%
Upcoming Conference
PLDI '24

Sponsor:

sigplan

ACM SIGPLAN Conference on Programming Language Design and Implementation

June 24 - 28, 2024

Copenhagen , Denmark
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 62
  Total Citations
  View Citations
- 614
  Total Downloads
- Downloads (Last 12 months)13
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Modular verification of assembly code with stack-based control abstractions

PLDI '06: Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation

ABSTRACT

References

Cited By

Index Terms

Recommendations

Modular verification of assembly code with stack-based control abstractions

Modular Verification of SPARCv8 Code

Certified assembly programming with embedded code pointers