Using Dependent Types to Certify the Safety of Assembly Code

  • Matthew Harren
  • George C. Necula
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3672)


There are many source-level analyses or instrumentation tools that enforce various safety properties. In this paper we present an infrastructure that can be used to check independently that the assembly output of such tools has the desired safety properties. By working at assembly level we avoid the complications with unavailability of source code, with source-level parsing, and we certify the code that is actually deployed.

The novel feature of the framework is an extensible dependently-typed framework that supports type inference and mutation of dependent values in memory. The type system can be extended with new types as needed for the source-level tool that is certified. Using these dependent types, we are able to express the invariants enforced by CCured, a source-level instrumentation tool that guarantees type safety in legacy C programs. We can therefore check that the x86 assembly code resulting from compilation with CCured is in fact type-safe.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Necula, G.C., Condit, J., Harren, M., McPeak, S., Weimer, W.: CCured: Type-safe retrofitting of legacy software. ACM Transactions on Programming Languages and Systems 27 (2005)Google Scholar
  2. 2.
    Foster, J.S., Terauchi, T., Aiken, A.: Flow-Sensitive Type Qualifiers. In: Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation, Berlin, Germany, pp. 1–12 (2002)Google Scholar
  3. 3.
    Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proc. 7th USENIX Security Conference, San Antonio, Texas, pp. 63–78 (1998)Google Scholar
  4. 4.
    Morrisett, G., Walker, D., Crary, K., Glew, N.: From System F to typed assembly language. ACM Transactions on Programming Languages and Systems 21 (1999)Google Scholar
  5. 5.
    Xi, H., Harper, R.: Dependently Typed Assembly Language. In: The Sixth ACM SIGPLAN Int’l Conference on Functional Programming, Florence, pp. 169–180 (2001)Google Scholar
  6. 6.
    Chang, B.Y.E., Chlipala, A., Necula, G., Schneck, R.: Type-based verification of assembly language for compiler debugging. In: The 2nd ACM SIGPLAN Workshop on Types in Language Design and Implementation, pp. 91–102 (2005)Google Scholar
  7. 7.
    Hickey, J.: Formal objects in type theory using very dependent types. In: Proceedings of the 3rd International Workshop on Foundations of Object-Oriented Languages (1996)Google Scholar
  8. 8.
    Morrisett, G., Crary, K., Glew, N., Grossman, D., Samuels, R., Smith, F., Walker, D., Weirich, S., Zdancewic, S.: TALx86: A realistic typed assembly language. In: Proceedings of the 1999 ACM SIGPLAN Workshop on Compiler Support for System Software, pp. 25–35 (1999)Google Scholar
  9. 9.
    Morrisett, G., Crary, K., Glew, N., Walker, D.: Stack-based typed assembly language. In: Proceedings of the Second International Workshop on Types in Compilation, pp. 28–52. Springer, Heidelberg (1998)Google Scholar
  10. 10.
    Schneck, R.R.: Extensible Untrusted Code Verification. PhD thesis, University of California, Berkeley (2004)Google Scholar
  11. 11.
    Boehm, H.J., Weiser, M.: Garbage collection in an uncooperative environment. In: Software—Practice and Experience, pp. 807–820 (1988)Google Scholar
  12. 12.
    Colby, C., Crary, K., Harper, R., Lee, P., Pfenning, F.: Automated techniques for provably safe mobile code. Theor. Comput. Sci. 290, 1175–1199 (2003)MATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Necula, G.C.: Proof-carrying code. In: The 24th Annual ACM Symposium on Principles of Programming Languages, pp. 106–119. ACM, New York (1997)CrossRefGoogle Scholar
  14. 14.
    Colby, C., Lee, P., Necula, G.C., Blau, F., Plesko, M., Cline, K.: A certifying compiler for java. In: Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation, pp. 95–107. ACM Press, New York (2000)CrossRefGoogle Scholar
  15. 15.
    Crary, K., Vanderwaart, J.C.: An expressive, scalable type theory for certified code. In: Proceedings of the seventh ACM SIGPLAN international conference on Functional programming, pp. 191–205. ACM Press, New York (2002)CrossRefGoogle Scholar
  16. 16.
    Shao, Z., Saha, B., Trifonov, V., Papaspyrou, N.: A type system for certified binaries. In: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 217–232. ACM Press, New York (2002)CrossRefGoogle Scholar
  17. 17.
    Chang, B.Y.E., Chlipala, A., Necula, G.C., Schneck, R.R.: The Open Verifier framework for foundational verifiers. In: The 2nd ACM SIGPLAN Workshop on Types in Language Design and Implementation, pp. 1–12 (2005)Google Scholar
  18. 18.
    Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 binary executables. In: Duesterwald, E. (ed.) CC 2004. LNCS, vol. 2985, pp. 5–23. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Xi, H.: Imperative programming with dependent types. In: Proceedings of 15th IEEE Symposium on Logic in Computer Science, Santa Barbara, pp. 375–387 (2000)Google Scholar
  20. 20.
    Grossman, D.: Existential types for imperative languages. In: Proceedings of the 11th European Symposium on Programming Languages and Systems, pp. 21–35 (2002)Google Scholar
  21. 21.
    Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting Format String Vulnerabilities with Type Qualifiers. In: Proceedings of the 10th Usenix Security Symposium, Washington, D.C (2001)Google Scholar
  22. 22.
    Johnson, R., Wagner, D.: Finding user/kernel pointer bugs with type inference. In: Proceedings of the 13th USENIX Security Symposium (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Matthew Harren
    • 1
  • George C. Necula
    • 1
  1. 1.Computer Science DivisionUniversity of CaliforniaBerkeleyUSA

Personalised recommendations