Typing a multi-language intermediate code

The Microsoft .NET Framework is a new computing architecture designed to support a variety of distributed applications and web-based services. .NET software components are typically distributed in an object-oriented intermediate language, Microsoft IL, executed by the Microsoft Common Language Runtime. To allow convenient multi-language working, IL supports a wide variety of high-level language constructs, including class-based objects, inheritance, garbage collection, and a security mechanism based on type safe execution.This paper precisely describes the type system for a substantial fragment of IL that includes several novel features: certain objects may be allocated either on the heap or on the stack; those on the stack may be boxed onto the heap, and those on the heap may be unboxed onto the stack; methods may receive arguments and return results via typed pointers, which can reference both the stack and the heap, including the interiors of objects on the heap. We present a formal semantics for the fragment. Our typing rules determine well-typed IL instruction sequences that can be assembled and executed. Of particular interest are rules to ensure no pointer into the stack outlives its target. Our main theorem asserts type safety, that well-typed programs in our IL fragment do not lead to untrapped execution errors.Our main theorem does not directly apply to the product. Still, the formal system of this paper is an abstraction of informal and executable specifications we wrote for the full product during its development. Our informal specification became the basis of the product team's working specification of type-checking. The process of writing this specification, deploying the executable specification as a test oracle, and applying theorem proving techniques, helped us identify several security critical bugs during development.

[1]  Robin Milner,et al.  Definition of standard ML , 1990 .

[2]  Erik Ruf,et al.  Marmot: an optimizing compiler for Java , 2000 .

[3]  Michael Norrish C formalised in HOL , 1998 .

[4]  Stephen N. Freund,et al.  A Type System For Object Initialization In the Java Bytecode Language , 1997, Electron. Notes Theor. Comput. Sci..

[5]  Simon Peyton Jones,et al.  A static semantics for Haskell , 1992 .

[6]  Sophia Drossopoulou,et al.  Java is Type Safe - Probably , 1997, ECOOP.

[7]  Zhenyu Qian,et al.  A Formal Specification of Java Virtual Machine Instructions for Objects, Methods and Subrountines , 1999, Formal Syntax and Semantics of Java.

[8]  Martín Abadi,et al.  A type system for Java bytecode subroutines , 1999, TOPL.

[9]  Tobias Nipkow,et al.  Machine-Checking the Java Specification: Proving Type-Safety , 1999, Formal Syntax and Semantics of Java.

[10]  Philip Wadler,et al.  Featherweight Java: a minimal core calculus for Java and GJ , 1999, OOPSLA '99.

[11]  Mark P. Jones,et al.  Typing Haskell in Haskell , 1999 .

[12]  David Walker,et al.  Stack-based typed assembly language , 1998, Journal of Functional Programming.

[13]  John Launchbury,et al.  Unboxed values as first class citizens , 1991 .

[14]  Luca Cardelli Type systems , 1996, CSUR.

[15]  A. Cohn The notion of proof in hardware verification , 1989 .

[16]  Philip Wadler,et al.  The Glasgow Haskell Compiler: a technical overview , 1993 .

[17]  Martín Abadi,et al.  A Theory of Objects , 1996, Monographs in Computer Science.

[18]  ScienceYale UniversityNew Haven An Overview of the Flint/ml Compiler , 1997 .

[19]  Don Syme,et al.  Proving Java Type Soundness , 1999, Formal Syntax and Semantics of Java.

[20]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[21]  Phillip M. Yelland,et al.  A compositional account of the Java virtual machine , 1999, POPL '99.

[22]  Simon L. Peyton Jones,et al.  Unboxed Values as First Class Citizens in a Non-Strict Functional Language , 1991, FPCA.

[23]  Donald Robert Syme Declarative theorem proving for operational semantics , 1999 .

[24]  Benjamin Goldberg,et al.  Escape analysis on lists , 1992, PLDI '92.

[25]  Andrew D. Gordon,et al.  Compilation and Equivalence of Imperative Objects , 1997 .

[26]  Xavier Leroy,et al.  Unboxed objects and polymorphic typing , 1992, POPL '92.

[27]  Andrew D. Gordon,et al.  Typing a multilanguage intermediate code , 2000 .

[28]  Carl A. Gunter,et al.  The machine-assisted proof of programming language properties , 1996 .

[29]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[30]  Mads Tofte,et al.  Region-based Memory Management , 1997, Inf. Comput..