|
 ABSTRACT
The Microsoft .NET Framework is a new computing architecture designed to support a variety of distributed applications and web-based services. .NET software components are typically distributed in an object-oriented intermediate language, Microsoft IL, executed by the Microsoft Common Language Runtime. To allow convenient multi-language working, IL supports a wide variety of high-level language constructs, including class-based objects, inheritance, garbage collection, and a security mechanism based on type safe execution.This paper precisely describes the type system for a substantial fragment of IL that includes several novel features: certain objects may be allocated either on the heap or on the stack; those on the stack may be boxed onto the heap, and those on the heap may be unboxed onto the stack; methods may receive arguments and return results via typed pointers, which can reference both the stack and the heap, including the interiors of objects on the heap. We present a formal semantics for the fragment. Our typing rules determine well-typed IL instruction sequences that can be assembled and executed. Of particular interest are rules to ensure no pointer into the stack outlives its target. Our main theorem asserts type safety, that well-typed programs in our IL fragment do not lead to untrapped execution errors.Our main theorem does not directly apply to the product. Still, the formal system of this paper is an abstraction of informal and executable specifications we wrote for the full product during its development. Our informal specification became the basis of the product team's working specification of type-checking. The process of writing this specification, deploying the executable specification as a test oracle, and applying theorem proving techniques, helped us identify several security critical bugs during development.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
AC96
|
|
| |
ASU86
|
Alfred V. Aho , Ravi Sethi , Jeffrey D. Ullman, Compilers: principles, techniques, and tools, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1986
|
| |
Car97
|
L. Cardelli. Type systems. In A.B. Tucker, editor, The Computer Science and Engineering Handbook, chapter 103, pages 2208-2236. CRC Press, 1997.
|
| |
Coh89
|
|
| |
DE97
|
S. Drossopoulou and S. Eisenbach. Java is type safe-probably. In Proceedings ECOOP'97, June 1997.
|
| |
FKR+00
|
|
 |
FM00
|
|
| |
GHL99
|
|
| |
GS00
|
A.D. Gordon and D. Syme. Typing a multilanguage intermediate code. Technical Report MSR-TR-2000-106, Microsoft Research, 2000.
|
| |
HW00
|
A. Hejlsberg and S. Wiltamuth. C# Language Reference. Available at http:/ /msdn.microsoft.com/vstudio/nextgen/ technology/csharpintro.asp, 2000.
|
| |
IPW99
|
Atshushi Igarashi , Benjamin Pierce , Philip Wadler, Featherwieght Java: a minimal core calculus for Java and GJ, Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, p.132-146, November 01-05, 1999, Denver, Colorado, United States
|
| |
Jon99
|
M.P. Jones. Typing Haskell in Haskell. In Proceedings Haskell Workshop, Paris, 1999. Available at http://www.cse.ogi.edu/~mpj/thih.
|
| |
Ler92
|
|
| |
MCGW98
|
|
| |
Mic00
|
Microsoft Corporation. Microsoft IL Assembly Programmer's Reference Manual, July 2000. Part of the NET Framework Software Development Kit, distributed on CD at the Microsoft Professional Developers Conference, Orlando, Florida, July 11-14, 2000.
|
| |
MTHM97
|
|
| |
MWCG99
|
|
| |
Nec97
|
|
| |
Nor98
|
M. Norrish. C formalised in HOL. PhD thesis, University of Cambridge, 1998.
|
| |
PG92
|
|
| |
PHH+93
|
S. Peyton Jones, C. Hall, K. Hammond, W. Partain, and P. Wadler. The Glasgow Haskell compiler: a technical overview. In Proceedings UK Joint Framework for Information Technology (JFIT) Technical Conference, pages 249-257. 1993.
|
| |
PL91
|
|
| |
PW92
|
S. Peyton Jones and P. Wadler. A static semantics for Haskell. Unpublished draft, Department of Computing Science, University of Glasgow. Available at http:// research.microsoft.com/users/simonpj, 1992.
|
| |
Qia99
|
|
| |
SA98
|
|
| |
Sha97
|
Z. Shao. An overview of the FLINT/ML compiler. In Proc. 1997 ACM SIGPLAN Workshop on Types in Compilation (TIC'97), Amsterdam, The Netherlands, June 1997.
|
| |
Sym98
|
D. Syme. Declarative Theorem Proving for Operational Semantics. PhD thesis, University of Cambridge, 1998.
|
| |
Sym99
|
|
| |
TMC+96
|
D. Tarditi , G. Morrisett , P. Cheng , C. Stone , R. Harper , P. Lee, TIL: a type-directed optimizing compiler for ML, Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation, p.181-192, May 21-24, 1996, Philadelphia, Pennsylvania, United States
|
| |
TT97
|
|
| |
Van96
|
|
| |
vN99
|
|
| |
Yel99
|
|
CITED BY 19
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Bor-Yuh Evan Chang , Adam Chlipala , George C. Necula , Robert R. Schneck, Type-based verification of sssembly language for compiler debugging, Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation, p.91-102, January 10-10, 2005, Long Beach, California, USA
|
|
|
Bor-Yuh Evan Chang , Adam Chlipala , George C. Necula , Robert R. Schneck, The open verifier framework for foundational verifiers, Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation, p.1-12, January 10-10, 2005, Long Beach, California, USA
|
|
|
|
|
|
Levon Stepanian , Angela Demke Brown , Allan Kielstra , Gita Koblents , Kevin Stoodley, Inlining java native calls at runtime, Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, June 11-12, 2005, Chicago, IL, USA
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
F.4