run time type checking of whole programs
play

Run-time type checking of whole programs and other stories . - PowerPoint PPT Presentation

Jun 16, 2023 •22 likes •572 views

Run-time type checking of whole programs and other stories . Stephen Kell stephen.kell@cl.cam.ac.uk Computer Laboratory University of Cambridge libcrunch . . . p.1/44 Wanted (naive version): check this! if (obj > type == OBJ

  1. Run-time type checking of whole programs and other stories . Stephen Kell stephen.kell@cl.cam.ac.uk Computer Laboratory University of Cambridge libcrunch . . . – p.1/44

  2. Wanted (naive version): check this! if (obj − > type == OBJ COMMIT) { if (process commit(walker, ( struct commit ∗ )obj)) return − 1; return 0; } libcrunch . . . – p.2/44

  3. Wanted (naive version): check this! if (obj − > type == OBJ COMMIT) { if (process commit(walker, (struct commit ∗ )obj)) return − 1; տ ր return 0; CHECK this } (at run time) libcrunch . . . – p.2/44

  4. Wanted (naive version): check this! if (obj − > type == OBJ COMMIT) { if (process commit(walker, (struct commit ∗ )obj)) return − 1; տ ր return 0; CHECK this } (at run time) But also wanted: � binary-compatible � source-compatible � reasonable performance � avoid being C-specific!* * mostly... libcrunch . . . – p.2/44

  5. Wanted (naive version): check this! if (obj − > type == OBJ COMMIT) { if (process commit(walker, (struct commit ∗ )obj)) return − 1; տ ր return 0; CHECK this } (at run time) But also wanted: � binary-compatible � source-compatible � reasonable performance � avoid being C-specific!* * mostly... ... in fact, a general-purpose “dynamic” run-time (ask me) libcrunch . . . – p.2/44

  6. The main part of this talk in one slide I describe libcrunch , which is � an infrastructure for run-time type checking � encodes type checks as assertions over reified data types � per-language front-ends (C; C ++ , Fortran, ...) � support idiomatic unsafe code, unmodified* � target: safe assuming memory safety � no binary interface changes (* but sometimes out-of-band guidance helps) libcrunch . . . – p.3/44

  7. Why care about unsafe languages? � fine control of resource utilisation � talk directly to operating system � talk directly to hardware � freedom to { simulate, violate } abstractions � re-use existing code (a huge investment) � unsafe is the “hard / general” case libcrunch . . . – p.4/44

  8. What is “type-correctness”? “Type” means “data type” � instantiate = allocate � concerns storage � “correct”: reads and writes respect allocated data type � cf. memory- correct (spatial, temporal) Languages can be “safe”; programs can be “correct” libcrunch . . . – p.5/44

  9. The user’s eye view � $ crunchcc -o myprog ... # + other front-ends libcrunch . . . – p.6/44

  10. The user’s eye view � $ crunchcc -o myprog ... # + other front-ends � $ ./myprog # runs normally libcrunch . . . – p.6/44

  11. The user’s eye view � $ crunchcc -o myprog ... # + other front-ends � $ ./myprog # runs normally � $ LD PRELOAD=libcrunch.so ./myprog # does checks libcrunch . . . – p.6/44

  12. The user’s eye view � $ crunchcc -o myprog ... # + other front-ends � $ ./myprog # runs normally � $ LD PRELOAD=libcrunch.so ./myprog # does checks � myprog: Failed is a internal(0x5a1220, 0x413560 a.k.a. "uint$32") at 0x40dade, allocation was a heap block of int$32 originating at 0x40daa1 libcrunch . . . – p.6/44

  13. How it works for C code, in a nutshell if (obj − > type == OBJ COMMIT) { if (process commit(walker, ( struct commit ∗ )obj)) return − 1; return 0; } libcrunch . . . – p.7/44

  14. How it works for C code, in a nutshell if (obj − > type == OBJ COMMIT) { if (process commit(walker, (assert( is a (obj, ” struct commit”)), ( struct commit ∗ )obj))) return − 1; return 0; } libcrunch . . . – p.7/44

  15. How it works for C code, in a nutshell if (obj − > type == OBJ COMMIT) { if (process commit(walker, (assert( is a (obj, ” struct commit”)), ( struct commit ∗ )obj))) return − 1; return 0; } Want a runtime with magical powers � tracking allocations � with type info � efficiently � → fast is a() function libcrunch . . . – p.7/44

  16. What does a C compiler not check? int a = 1; char ∗ b = ...; void f( double ); f(a); // okay −− compiler adds conversion b = a; // not okay −− compiler tells us // not okay −− compiler tells us f(b); f ( ∗ ( double ∗ )b); // depends... Want to check what the compiler punts on � use of pointers (“distant” accesses) � also (rarer): unions, varargs functions libcrunch . . . – p.8/44

  17. Memory-correctness vs type-correctness (1) Pointer-y things checked by existing tools � spatial m-c – bounds (SoftBound, Asan) � temporal 1 m-c – use-after-free (CETS, Asan) � temporal 2 m-c – initializedness (Memcheck, Msan) � nothing to do with types! Slow! � metadata per { value, pointer } � check on use libcrunch . . . – p.9/44

  18. Memory-correctness vs type-correctness (1) Pointer-y things checked by existing tools � spatial m-c – bounds (SoftBound, Asan) � temporal 1 m-c – use-after-free (CETS, Asan) � temporal 2 m-c – initializedness (Memcheck, Msan) � nothing to do with types! Slow! Faster: � metadata per { value, pointer } allocation � check on use create // a check over object metadata... guards creation of the pointer (assert( is a (obj, ” struct commit”)), ( struct commit ∗ )obj) libcrunch . . . – p.9/44

  19. Memory-correctness vs type-correctness (2) For now, assume memory-correct execution � “also use one of those other tools” Then do only the additional checks s.t. � all memory accesses respect memory’s allocated type ... which, for C, can be done by maintaining an invariant: � every live pointer respects its contract (pointee type) � must also check unsafe loads/stores not via pointers � unions, varargs libcrunch . . . – p.10/44

  20. What data type is being malloc() ’d? � ... guess from use of sizeof � dump typed allocation sites from compiler � guessing is moderately clever � e.g. malloc(sizeof (Blah) + n * sizeof (Foo)) source tree ... main.c widget.c util.c ... main.i widget.i util.i .allocs .allocs .allocs CIL-based compiler front-end dump allocation sites (dumpallocs) libcrunch . . . – p.11/44 instrument pointer casts

  21. Non-difficulties ���������� ���������������� ��� ��� ������������� ��� ��� ������������� ���������������� ��� � �� ���������������� �������� � � � � structure “subtyping” via containment � function pointers (most of the time) � void pointers � char pointers � integer ↔ pointer casts � type-differing aliases � custom allocators, memory pools etc. libcrunch . . . – p.12/44

  22. Hierarchical model of allocations mmap(), sbrk() custom heap (e.g. libc malloc() custom malloc() Hotspot GC) obstack gslice (+ malloc) client code client code client code client code client code libcrunch . . . – p.13/44

  23. Somewhat difficult cases Solved: � opaque types � complex use of sizeof � structure “subtyping” via prefixing Give up: � avoidance of sizeof � address-taken union members � non-procedurally abstracted object allocation/re-use libcrunch . . . – p.14/44

  24. The remaining awkwards � alloca � unions � varargs � generic use of non-generic pointers ( void** , ...) � casts of function pointers to non-supertypes libcrunch . . . – p.15/44

  25. The remaining awkwards � alloca � unions � varargs � generic use of non-generic pointers ( void** , ...) � casts of function pointers to non-supertypes All solved/solvable with some extra instrumentation � supply our own alloca � instrument writes to unions � instrument calls via varargs lvalues; use own va arg � instrument writes through void** (check invariant!) � optionally instr. all indirect calls libcrunch . . . – p.15/44

  26. Idealised view of libcrunch toolchain debugging information deployed binaries (with data-type assertions) (with allocation site information) /bin/ /lib/ /lib/ /bin/foo .debug/ .debug/ .c .f .cc .java libxyz.so foo libxyz.so precompute unique data types /bin/ libcrunch .uniqtyp/ .so foo.so load, link and run (ld.so) program image heap_index 0xdeadbeef, “Widget”? __is_a uniqtypes true libcrunch . . . – p.16/44

  27. A model of data types: D WARF debugging info $ cc -g -o hello hello.c && readelf -wi hello | column <b>:TAG_compile_unit <7ae>:TAG_pointer_type AT_language : 1 (ANSI C) AT_byte_size: 8 AT_name : hello.c AT_type : <0x2af> AT_low_pc : 0x4004f4 <76c>:TAG_subprogram AT_high_pc : 0x400514 AT_name : main <c5>: TAG_base_type AT_type : <0xc5> AT_byte_size : 4 AT_low_pc : 0x4004f4 AT_encoding : 5 (signed) AT_high_pc : 0x400514 AT_name : int <791>: TAG_formal_parameter <2af>:TAG_pointer_type AT_name : argc AT_byte_size: 8 AT_type : <0xc5> AT_type : <0x2b5> AT_location : fbreg - 20 <2b5>:TAG_base_type <79f>: TAG_formal_parameter AT_byte_size: 1 AT_name : argv AT_encoding : 6 (char) AT_type : <0x7ae> AT_name : char AT_location : fbreg - 32 libcrunch . . . – p.17/44

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Type checking COMP 520 Fall 2010 Type checking (2) The type checker has severals tasks:

Type checking COMP 520 Fall 2010 Type checking (2) The type checker has severals tasks:

COMP 520 Fall 2010 Type checking (1) Type checking COMP 520 Fall 2010 Type checking (2) The type checker has severals tasks: determine the types of all expressions; check that values and variables are used correctly; and resolve

631 views • 30 slides
Preemptive type checking in dynamically typed programs Neville Grech, Julian Rathke, Bernd

Preemptive type checking in dynamically typed programs Neville Grech, Julian Rathke, Bernd

Preemptive type checking in dynamically typed programs Neville Grech, Julian Rathke, Bernd Fischer n.grech@ecs.soton.ac.uk Dynamically-typed languages Principal type of a variable is mutated through assignments: def plus2(a): if

1.47k views • 109 slides
Type Checking General properties of type systems Types in programming languages

Type Checking General properties of type systems Types in programming languages

Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Static Checking (Cont.) Refers to

896 views • 10 slides
Type Reconstruction and Polymorphism 1 Type Checking and Type Reconstruction We now come to the

Type Reconstruction and Polymorphism 1 Type Checking and Type Reconstruction We now come to the

Type Reconstruction and Polymorphism 1 Type Checking and Type Reconstruction We now come to the question of type checking and type reconstruction. Given , t and T , check whether t : T Type checking: Given and t , find a type T

518 views • 28 slides
Dynamically checking type-correctness of whole programs (work newly in-progress). Stephen Kell

Dynamically checking type-correctness of whole programs (work newly in-progress). Stephen Kell

Dynamically checking type-correctness of whole programs (work newly in-progress). Stephen Kell stephen.kell@cl.cam.ac.uk Computer Laboratory University of Cambridge libcrunch . . . p.1/22 Wanted (naive version): check this! if (obj

281 views • 26 slides
Higher-Order Model Checking III: Reducing Model Checking to Type Inference IV: Applications:

Higher-Order Model Checking III: Reducing Model Checking to Type Inference IV: Applications:

Higher-Order Model Checking III: Reducing Model Checking to Type Inference IV: Applications: Verifying Higher-order Functional Programs Luke Ong University of Oxford http://www.cs.ox.ac.uk/people/luke.ong/personal/ http://mjolnir.cs.ox.ac.uk

856 views • 26 slides
Type Checking Grammar Rule Semantic Rule var-decl id : type-exp Insert (id.name, type-exp .

Type Checking Grammar Rule Semantic Rule var-decl id : type-exp Insert (id.name, type-exp .

Type Checking Grammar Rule Semantic Rule var-decl id : type-exp Insert (id.name, type-exp . type ) type-exp int type-exp . type := integer type-exp bool type-exp . type := boolean type-exp 1 array type-exp 1 . type := [num] of

613 views • 7 slides
Last time Introduced type inference can write type-safe programs without writing CS 611

Last time Introduced type inference can write type-safe programs without writing CS 611

Last time Introduced type inference can write type-safe programs without writing CS 611 down types explicitly Advanced Programming Languages useful for higher-order functions because types are large, obscure code Andrew Myers

393 views • 3 slides
Hindley-Milner Type Checking Automatic Type Inference What can be inferred about type of f or x

Hindley-Milner Type Checking Automatic Type Inference What can be inferred about type of f or x

CSE340 Principles of Programming Languages Hindley-Milner Type Checking Automatic Type Inference What can be inferred about type of f or x from this definition? f(x) = x Automatic Type Inference f(x) = x f is a function that takes a single

1.31k views • 73 slides
Type checking and normalisation James Chapman - University of Nottingham My thesis Type

Type checking and normalisation James Chapman - University of Nottingham My thesis Type

Type checking and normalisation James Chapman - University of Nottingham My thesis Type checking in Haskell Epigram language - McBride/McKinna Big-step normalisation for simple types, formalised in Agda Big-step normalisation for

978 views • 36 slides
Run-Time Assertion Checking and Monitoring Java Programs Envisage Bertinoro Summer School June

Run-Time Assertion Checking and Monitoring Java Programs Envisage Bertinoro Summer School June

Run-Time Assertion Checking and Monitoring Java Programs Envisage Bertinoro Summer School June 2014 June 19, 2014 Your Lecturers Today Frank en Stijn What This Talk Is All About Formal Methods in Practice: Theorie ist, wenn man alles weiss

764 views • 40 slides
Incremental Type-Checking for Metaprograms Weiyu Miao Weiyu Miao 1 / 20 Introduction to

Incremental Type-Checking for Metaprograms Weiyu Miao Weiyu Miao 1 / 20 Introduction to

Incremental Type-Checking for Metaprograms Weiyu Miao Weiyu Miao 1 / 20 Introduction to Metaprogramming Metaprogramming is a programming technique for generating and manipulating other programs. MetaML, MetaOCaml, Haskell Templates, C++

556 views • 20 slides
Chapter 4: Type Checking Aarne Ranta Slides for the book Implementing Programming Languages.

Chapter 4: Type Checking Aarne Ranta Slides for the book Implementing Programming Languages.

Chapter 4: Type Checking Aarne Ranta Slides for the book Implementing Programming Languages. An Introduction to Compilers and Interpreters, College Publications, 2012. Checking that a program makes sense Traditional notions of type

1.04k views • 68 slides
INF5110 Compiler Construction Types and type checking Spring 2016 1 / 43 Outline 1. Types

INF5110 Compiler Construction Types and type checking Spring 2016 1 / 43 Outline 1. Types

INF5110 Compiler Construction Types and type checking Spring 2016 1 / 43 Outline 1. Types and type checking Intro Various types and their representation Equality of types Type checking 2 / 43 Outline 1. Types and type checking Intro

1.11k views • 43 slides
Operational Aspects of Type Systems Inter-Derivable Semantics of Type Checking and Gradual Types

Operational Aspects of Type Systems Inter-Derivable Semantics of Type Checking and Gradual Types

Operational Aspects of Type Systems Inter-Derivable Semantics of Type Checking and Gradual Types for Object Ownership Ilya Sergey 14 November 2012 Types A type - is a set of data instances and operations on them true , false boolean =

1.27k views • 86 slides
Type checking privacy policies in the

Type checking privacy policies in the

Type checking privacy policies in the -calculus Anna Philippou University of Cyprus Joint work with Dimitrios

572 views • 28 slides
Languages are in the Eye of the Beholder Clemens Szyperski Development Manager in Data Platform

Languages are in the Eye of the Beholder Clemens Szyperski Development Manager in Data Platform

Languages are in the Eye of the Beholder Clemens Szyperski Development Manager in Data Platform Group Wirth 80 Symposium, ETH Zrich, February 2014 Driving your own car, anyone? Having a chauffeur was more than a luxury. It was a

667 views • 29 slides
Depth Perception Deep Blue See April 5, 2020 PSYCH 4041 / 6014 Overview Cue Theory

Depth Perception Deep Blue See April 5, 2020 PSYCH 4041 / 6014 Overview Cue Theory

Depth Perception Deep Blue See April 5, 2020 PSYCH 4041 / 6014 Overview Cue Theory Monocular Cues Binocular Cues Neural Basis Interaction of Cues April 5, 2020 PSYCH 4041 / 6014 Cue Theory We learn to associate a cue (or

637 views • 44 slides
What we wish people knew more about when working with R Peter Dalgaard Dept. of Biostatistics

What we wish people knew more about when working with R Peter Dalgaard Dept. of Biostatistics

Faculty of Health Sciences What we wish people knew more about when working with R Peter Dalgaard Dept. of Biostatistics University of Copenhagen Background R has entered the mainstream, and a great many research projects in statistics

1.04k views • 90 slides
Laziness needed. A thunk is a piece of code that performs a Laziness delayed computation. #2

Laziness needed. A thunk is a piece of code that performs a Laziness delayed computation. #2

One-Slide Summary Building an interpreter is a fundamental idea in computing. Eval and Apply are mutually recursive . The most complicated parts of meval are the handling of function abstraction (lambda) and function application. The

266 views • 7 slides
Physics 2D Lecture Slides Lecture 26: Mar 3 nd Vivek Sharma UCSD Physics Measurement

Physics 2D Lecture Slides Lecture 26: Mar 3 nd Vivek Sharma UCSD Physics Measurement

Confirmed: 2D Final Exam: Thursday 18 th March 11:30-2:30 PM WLH 2005 Course Review 14 th March 10am WLH 2005 (TBC) Physics 2D Lecture Slides Lecture 26: Mar 3 nd Vivek Sharma UCSD Physics Measurement Expectation: Statistics Lesson

168 views • 16 slides
Gravity related spontaneous decoherence: from Wheeler-Bekenstein-Hawking to optomechanics Lajos

Gravity related spontaneous decoherence: from Wheeler-Bekenstein-Hawking to optomechanics Lajos

Gravity related spontaneous decoherence: from Wheeler-Bekenstein-Hawking to optomechanics Lajos Di osi Wigner Center, Budapest 27 March 2014, Erice Acknowledgements go to: Hungarian Scientific Research Fund under Grant No. 75129 EU COST

335 views • 16 slides
Acceleration Data Structures for Ray Tracing Most slides are taken from Fredo Durand Extra rays

Acceleration Data Structures for Ray Tracing Most slides are taken from Fredo Durand Extra rays

Acceleration Data Structures for Ray Tracing Most slides are taken from Fredo Durand Extra rays needed for these effects: Distribution Ray Tracing Soft shadows Anti-aliasing (getting rid of jaggies) g (g g j gg ) Glossy

913 views • 56 slides
An Architecture for Seamless Mobility in Spontaneous Wireless Mesh Networks Franck Rousseau, Yan

An Architecture for Seamless Mobility in Spontaneous Wireless Mesh Networks Franck Rousseau, Yan

An Architecture for Seamless Mobility in Spontaneous Wireless Mesh Networks Franck Rousseau, Yan Grunenberger, Vincent Untz, Eryk Schiller, Paul Starzetz, Fabrice Theoleyre, Martin Heusse, Olivier Alphand, Andrzej Duda LIG - Grenoble Informatics

456 views • 13 slides

More recommend