This document presents a typed assembly language called SIF for checking non-interference properties of assembly programs. SIF includes pseudo-instructions like cpush and cjmp that impose a stack discipline on the control flow to simulate block structures lost during compilation. The document defines the syntax and type system of SIF, which uses security types and a program counter label to prevent explicit and implicit information flows. Well-typed SIF programs are proved to satisfy non-interference when assembled to untyped machine code.
This document discusses various topics related to C programming language including hardware components, algorithms, flowcharts, programming concepts like variables, data types, operators, functions etc. It provides examples of C code to find even or odd number, a program to calculate area and perimeter of a circle. It also explains the different steps involved in program development like problem statement, analysis, design, implementation, compilation and execution.
This document discusses various topics related to C programming language including hardware components, algorithms, flowcharts, programming concepts like variables, data types, operators, functions etc. It provides examples of C code and explains the steps involved in program development like problem statement, analysis, design, implementation, compilation and execution. Key terms related to C like keywords, tokens, constants and conversion specifiers are also defined.
Computer architecture is made up of two main components the Instruct.docxbrownliecarmella
Computer architecture is made up of two main components the Instruction Set Architecture (ISA) and the RTL model for the CPU.
In this class, we will have two software projects that will help in your understanding of the ISA and RTL model for the CPU.
The projects can be done in any software language that you chose to use.
The first project is the creation of an assembler.
The assembler will be use for you to write assembly language programs that will be executed on the CPU you will design in project #2.
The CPU we will be using is based on the DLX design.
What is an assembler?
All computer software goes through a set of applications to create an executable file that can be used by the end user.
The first program a programmer will used is a high level language program (C, C++, etc.).
The programmer writes in a very high level abstract environment writing code such as:
For(x=0; x< 10; x++)
A[x] = x;
The high level language allows the programmer to write his program without knowing how the ISA and hardware architecture functions.
The language hides all the hardware from the programmer.
At some point, the source code needs to be transfer to a language that takes into account the ISA and hardware architecture.
The complier is the next step in the development process.
The complier will take in high-level source code and translate the program into assembly language.
Assembly language is the ISA for a computer.
Assembly is the instructions that the computer can perform.
The compiler will do the following:
C language:
c = a + b;
Assembly:
load r1, a
Load r2,b
Add r3,r1,r2
Store r3,c
The last part of the development process is taking the assembly code created by the complier and transferring into machine code that the computer will execute.
A computer is not able to run written language such as ADD r1,r2,r3.
The computer runs a program by reading data stored in memory.
The memory does not the store the command ADD r1,r2,r3 but store machine code.
Machine code is the binary representation of an assembly language instruction.
The DLX Machine code
All the information for the DLX machine code and assembly instructions can be found in the handouts given in class. Each of the DLX instruction is 32-bits in length.
Each part of the instruction is assigned a set of bits in the instruction.
DLX break down the instructions into three different types R,I, and J.
R-type instruction
An example of the R-type instruction is ADD rd, rs1, rs2
The instruction is 32-bits in length:
Bits 31-26 is the opcode. The opcode tell the CPU what instruction it is doing
Bits 25-21 is the rs1
Bits 20-16 is the rs2
Bits 15-11 is the rd
Bits 10-0 is the funct.
Funct tells what type of ALU operation is being conducted.
I-type instruction
Ex ADDI rs1,rs2,immm
Bits 31-26 is the opcode
Bits 25-21 is rs1
Bits 20-16 is rs2
Bits 15-0 is immediate.
The immediate value is the constant value to use in the instruction
J-type instruction
Ex J address
Bits ...
Compiler Design lab manual for Computer Engineering .pdfkalpana Manudhane
Compiler Design can be divided into two parts: analysis and synthesis. The analysis part breaks up the source program into constituent pieces and imposes a grammatical structure on them. The synthesis part constructs the desired target program from the intermediate representation and the information in the symbol table. If we examine the compilation process in more detail, we see that it operates as a sequence of phases-lexical analysis, syntax & semantic analysis, intermediate code generation, code optimization & code generation, each of which transforms one representation of the source program to another.
Practical of Compiler Design Lab for Computer Science & Engineering are divided into two parts- i) implementation using programming language and ii) implementation using tools. In first part, practical can be performed in any programming language such as C language or Python. C language is always preferred. C is the middle level language combining low-level hardware controlling ability and high level programming capabilities. It is the procedural language focusing on functions and pointers.
To implement phases of compiler, various tools are available in Linux system. Lex tool is lexical analyzer generator whereas YACC tool is parser generator. Recent versions of Lex and YACC tools are Flex and Bison respectively. Recently windows version of these tools is available. Flex Windows (Lex and Yacc) contains the GNU Win 32 Ports of Flex and Bison, which are Lex and Yacc Compilers respectively, and are used for generating tokens and parsers.
The document discusses code generation in compilers. It covers topics like instruction selection, register allocation, basic blocks, peephole optimizations, and global register allocation. The final phase of a compiler is code generation, which takes an intermediate representation and symbol table and produces target code. Key tasks include instruction selection, register allocation and assignment, and instruction ordering.
The document discusses code generation in compilers. It covers topics like instruction selection, register allocation, basic blocks, peephole optimizations, and global register allocation. The final phase of a compiler is code generation, which takes an intermediate representation and symbol table and produces target code. Key tasks include instruction selection, register allocation and assignment, and instruction ordering.
The document discusses various C programming concepts like algorithms, flowcharts, tokens, data types, operators, functions, and hardware components of a computer. It includes questions and answers on these topics. Key points covered are definition of algorithm and flowchart, different types of tokens in C, differences between while and do-while loops, definition of software and its types, and examples of standard header files.
This document provides an overview of how compilers work by summarizing their main components and processes. It explains that a compiler translates a program written in a high-level language into an equivalent program in a lower-level language. The compilation process involves two main stages - analysis and synthesis. Analysis breaks down the source code and generates an intermediate representation, while synthesis constructs the target program from that representation. Key phases in each stage, such as lexical analysis, parsing, code generation and optimization, are also outlined.
This document discusses various topics related to C programming language including hardware components, algorithms, flowcharts, programming concepts like variables, data types, operators, functions etc. It provides examples of C code to find even or odd number, a program to calculate area and perimeter of a circle. It also explains the different steps involved in program development like problem statement, analysis, design, implementation, compilation and execution.
This document discusses various topics related to C programming language including hardware components, algorithms, flowcharts, programming concepts like variables, data types, operators, functions etc. It provides examples of C code and explains the steps involved in program development like problem statement, analysis, design, implementation, compilation and execution. Key terms related to C like keywords, tokens, constants and conversion specifiers are also defined.
Computer architecture is made up of two main components the Instruct.docxbrownliecarmella
Computer architecture is made up of two main components the Instruction Set Architecture (ISA) and the RTL model for the CPU.
In this class, we will have two software projects that will help in your understanding of the ISA and RTL model for the CPU.
The projects can be done in any software language that you chose to use.
The first project is the creation of an assembler.
The assembler will be use for you to write assembly language programs that will be executed on the CPU you will design in project #2.
The CPU we will be using is based on the DLX design.
What is an assembler?
All computer software goes through a set of applications to create an executable file that can be used by the end user.
The first program a programmer will used is a high level language program (C, C++, etc.).
The programmer writes in a very high level abstract environment writing code such as:
For(x=0; x< 10; x++)
A[x] = x;
The high level language allows the programmer to write his program without knowing how the ISA and hardware architecture functions.
The language hides all the hardware from the programmer.
At some point, the source code needs to be transfer to a language that takes into account the ISA and hardware architecture.
The complier is the next step in the development process.
The complier will take in high-level source code and translate the program into assembly language.
Assembly language is the ISA for a computer.
Assembly is the instructions that the computer can perform.
The compiler will do the following:
C language:
c = a + b;
Assembly:
load r1, a
Load r2,b
Add r3,r1,r2
Store r3,c
The last part of the development process is taking the assembly code created by the complier and transferring into machine code that the computer will execute.
A computer is not able to run written language such as ADD r1,r2,r3.
The computer runs a program by reading data stored in memory.
The memory does not the store the command ADD r1,r2,r3 but store machine code.
Machine code is the binary representation of an assembly language instruction.
The DLX Machine code
All the information for the DLX machine code and assembly instructions can be found in the handouts given in class. Each of the DLX instruction is 32-bits in length.
Each part of the instruction is assigned a set of bits in the instruction.
DLX break down the instructions into three different types R,I, and J.
R-type instruction
An example of the R-type instruction is ADD rd, rs1, rs2
The instruction is 32-bits in length:
Bits 31-26 is the opcode. The opcode tell the CPU what instruction it is doing
Bits 25-21 is the rs1
Bits 20-16 is the rs2
Bits 15-11 is the rd
Bits 10-0 is the funct.
Funct tells what type of ALU operation is being conducted.
I-type instruction
Ex ADDI rs1,rs2,immm
Bits 31-26 is the opcode
Bits 25-21 is rs1
Bits 20-16 is rs2
Bits 15-0 is immediate.
The immediate value is the constant value to use in the instruction
J-type instruction
Ex J address
Bits ...
Compiler Design lab manual for Computer Engineering .pdfkalpana Manudhane
Compiler Design can be divided into two parts: analysis and synthesis. The analysis part breaks up the source program into constituent pieces and imposes a grammatical structure on them. The synthesis part constructs the desired target program from the intermediate representation and the information in the symbol table. If we examine the compilation process in more detail, we see that it operates as a sequence of phases-lexical analysis, syntax & semantic analysis, intermediate code generation, code optimization & code generation, each of which transforms one representation of the source program to another.
Practical of Compiler Design Lab for Computer Science & Engineering are divided into two parts- i) implementation using programming language and ii) implementation using tools. In first part, practical can be performed in any programming language such as C language or Python. C language is always preferred. C is the middle level language combining low-level hardware controlling ability and high level programming capabilities. It is the procedural language focusing on functions and pointers.
To implement phases of compiler, various tools are available in Linux system. Lex tool is lexical analyzer generator whereas YACC tool is parser generator. Recent versions of Lex and YACC tools are Flex and Bison respectively. Recently windows version of these tools is available. Flex Windows (Lex and Yacc) contains the GNU Win 32 Ports of Flex and Bison, which are Lex and Yacc Compilers respectively, and are used for generating tokens and parsers.
The document discusses code generation in compilers. It covers topics like instruction selection, register allocation, basic blocks, peephole optimizations, and global register allocation. The final phase of a compiler is code generation, which takes an intermediate representation and symbol table and produces target code. Key tasks include instruction selection, register allocation and assignment, and instruction ordering.
The document discusses code generation in compilers. It covers topics like instruction selection, register allocation, basic blocks, peephole optimizations, and global register allocation. The final phase of a compiler is code generation, which takes an intermediate representation and symbol table and produces target code. Key tasks include instruction selection, register allocation and assignment, and instruction ordering.
The document discusses various C programming concepts like algorithms, flowcharts, tokens, data types, operators, functions, and hardware components of a computer. It includes questions and answers on these topics. Key points covered are definition of algorithm and flowchart, different types of tokens in C, differences between while and do-while loops, definition of software and its types, and examples of standard header files.
This document provides an overview of how compilers work by summarizing their main components and processes. It explains that a compiler translates a program written in a high-level language into an equivalent program in a lower-level language. The compilation process involves two main stages - analysis and synthesis. Analysis breaks down the source code and generates an intermediate representation, while synthesis constructs the target program from that representation. Key phases in each stage, such as lexical analysis, parsing, code generation and optimization, are also outlined.
The document describes an implementation of an LDPC decoder for IEEE 802.11n wireless networks using Vivado High-Level Synthesis. It implemented the decoder as a C program using Vivado HLS directives to optimize parallelism and throughput. The implementation achieved throughputs of over 1 Gbps and error correction performance comparable to an RTL implementation but with higher productivity due to the higher level of abstraction of C compared to RTL.
The document discusses various aspects of computer hardware and software. It begins by listing the main hardware components of a computer like the keyboard, mouse, monitor, and printer. It then discusses the internal components like the CPU, RAM, and different storage areas. The document also covers computer languages from machine language to assembly language to high-level languages. It provides examples of algorithms, flowcharts, and programs in C language. Finally, it discusses key concepts in C programming like data types, operators, functions, and translation of programs.
This document provides an overview of the C programming language. It begins with an outline of topics covered, then defines C as a structured, high-level, machine-independent language that follows a top-down approach. The document traces the history and evolution of C from earlier languages like ALGOL and BCPL. It describes key features of C like portability, speed, and simplicity. It also explains the roles of compilers and linkers and includes flowcharts, sample programs, and discussions of variables, data types, operators, and control statements in C like if/else statements and switch cases.
This document discusses various techniques for lossless data compression, including run-length coding, Huffman coding, adaptive Huffman coding, arithmetic coding, and Shannon-Fano coding. It provides details on how each technique works, such as assigning shorter codes to more frequent symbols in Huffman coding and dynamically updating codes based on the data stream in adaptive Huffman coding. The document also discusses the importance of compression techniques for reducing the number of bits needed to store or transmit data.
This document provides an overview of the C programming language. It discusses the features of C including that it is simple, versatile, supports separate compilation of functions, and can be used for systems programming. It also covers C data types like integers, floating-point numbers, and how they are represented. Additional topics include variable names, comments, input/output functions like printf() and scanf(), and conventions for writing readable C code. The document serves as an introduction to key concepts in C programming.
This document provides an overview of the C programming language. It discusses various features of C like it being a simple, versatile language that allows for separate compilation of functions. It also covers different data types in C like integer, floating-point, characters, and arrays. Examples are given to illustrate how integers of different sizes like char, short, int, long are represented. The document also discusses floating-point number representation according to the IEEE 754 standard. Finally, it briefly introduces common input/output functions in C like printf() and scanf() and covers coding conventions.
This document provides an overview of the C programming language. It discusses the features of C including that it is simple, versatile, supports separate compilation of functions, and can be used for systems programming. It also covers C data types like integers, floating-point numbers, and how they are represented. Additional topics include variable names, comments, input/output functions like printf() and scanf(), and conventions for writing readable C code. The document serves as an introduction to programming in C.
This document provides an overview of high-level languages, assembly language, and machine language. It discusses how a processor executes high-level language statements and that assembly language is machine-specific while high-level languages are machine-independent. It also describes data representation in memory and registers, how assembly language instructions work at a basic level, and examples of assembly language programs and their machine code representations.
This document provides an introduction and overview of the C programming language. It discusses what a computer is and how programming languages work. It introduces machine language and high-level languages like C. Key aspects of C are explained, including data types, variables, operators, functions, and basic syntax. Examples of simple C programs are provided.
Design and Implementation of LZW Data Compression Algorithmijistjournal
LZW is dictionary based algorithm, which is lossless in nature and incorporated as the standard of the consultative committee on International telegraphy and telephony, which is implemented in this paper. Here, the designed dictionary is based on content addressable memory (CAM) array. Furthermore, the code for each character is available in the dictionary which utilizes less number of bits (5 bits) than its ASCII code. In this paper, LZW data compression algorithm is implemented by finite state machine, thus the text data can be effectively compressed. Accurate simulation results are obtained using Xilinx tools which show an improvement in lossless data compression scheme by reducing storage space to 60.25% and increasing the compression rate by 30.3%.
Design and Implementation of LZW Data Compression Algorithmijistjournal
LZW is dictionary based algorithm, which is lossless in nature and incorporated as the standard of the consultative committee on International telegraphy and telephony, which is implemented in this paper. Here, the designed dictionary is based on content addressable memory (CAM) array. Furthermore, the code for each character is available in the dictionary which utilizes less number of bits (5 bits) than its ASCII code. In this paper, LZW data compression algorithm is implemented by finite state machine, thus the text data can be effectively compressed. Accurate simulation results are obtained using Xilinx tools which show an improvement in lossless data compression scheme by reducing storage space to 60.25% and increasing the compression rate by 30.3%.
The document discusses code generation which involves mapping intermediate code to machine code. It describes three key issues in code generator design: instruction selection which determines the best machine instructions to use, register allocation which assigns variables to registers, and evaluation order which determines the order of instructions. The document outlines three algorithms for code generation that involve partitioning code into basic blocks, performing intra-block optimizations, and code selection and assignment.
This is A Crash Course in C,in which we have discusse whole c programming only in 3 parts.This is first part of C Tutorials From Basic to Advance in which we have discussed-
Introduction
C vs C++
Translator
Compilation process
Header file
Keyword
Identifiers
Constant
String
Operators
Data types
Qualifiers
Basic Program
Typeconversion
typecasting
please like comment & Subscribe!
If anybody have some questions regarding my videos please tell me at
E-mail-- iamsameer1997@gmail.com
Facebook: https://www.facebook.com/mdsamir.shaikh.948
The document discusses the structure and process of a compiler. It has two major phases - the front-end and back-end. The front-end performs analysis of the source code by recognizing legal/illegal programs, understanding semantics, and producing an intermediate representation. The back-end translates the intermediate representation into target code. The general structure includes lexical analysis, syntax analysis, semantic analysis, code generation and optimization phases.
The document discusses intermediate code generation in compilers. It describes how compilers generate an intermediate representation from the abstract syntax tree that is machine independent and allows for optimizations. One popular intermediate representation is three-address code, where each statement contains at most three operands. This code is then represented using structures like quadruples and triples to store the operator and operands for code generation and rearranging during optimizations. Static single assignment form is also covered, which assigns unique names to variables to facilitate optimizations.
Software is built in layers of abstraction from the hardware level (kernel) to the operating system level to user applications. Programs are written in programming languages and compiled into machine-readable code. Software is developed using techniques like modularization with functions and separation into multiple source files. Key concepts include variables, conditionals, loops, functions, and organizing code across files with headers.
The document provides an introduction to the C programming language. It discusses the structure of a C program including documentation, preprocessor directives, header files, and function definitions. It also describes various math and trigonometric functions available in the standard library like sqrt, pow, sin, cos, and log. The rest of the document outlines the steps to compile and execute a C program and defines key concepts like variables, constants, and data types in C.
This document discusses Reed-Solomon error correcting codes. It begins with an introduction to Reed-Solomon codes and their use in communication and data storage. It then provides details on Reed-Solomon encoding and decoding. The decoding process involves calculating syndromes, finding error locations using the Chien search algorithm, and determining error values using Forney's algorithm. Extensions of the inversionless Massey-Berlekamp algorithm are also described, which can compute the error locator and evaluator polynomials simultaneously without field inversions.
An important aspect of a program, apart from its ability to solve the problem, is its maintainability. A program has to undergo frequent changes in its lifetime because of the change in the problems to be solved. If a program is not written in a manner that allows incorporating changes easily, after a while, it may become useless altogether.
One way to bring some discipline into programming practices is structured programming. It is a way of creating programs that ensures high quality of maintainability, reusability, amenability to easy debugging and readability.
GOTO
C is a general-purpose programming language developed in the 1970s. It was created by Dennis Ritchie at Bell Labs to be used for the Unix operating system. Some key features of C include it being a mid-level language, supporting structured programming, having a rich standard library, and allowing for pointers and recursion. A simple "Hello World" program in C prints a message using printf and waits for input with getch. C supports various data types, operators, control structures like if/else and loops, functions, arrays, and pointers.
To what extent is Shylock the villain of the play? - GCSE English .... Shylock - Victim or Villain? - GCSE English - Marked by Teachers.com. Shylock- Villain or Victim? - GCSE English - Marked by Teachers.com.
Essay On Swami Vivekananda In English | Swami Vivekananda Essay In .... Paragraph on Swami Vivekananda [100, 150, 200, 250 Words]. Short Essay on Swami Vivekananda. Essay on Swami Vivekanand | Swami Vivekananda : Essay, Biography .... Short Biography of Swami Vivekananda | PDF | Swami Vivekananda .... Swami Vivekananda Essay | Essay on Swami Vivekananda in English for .... Essay on Swami Vivekananda | Swami Vivekananda Essay for Students and .... Essay on Swami Vivekananda for Students in 1000 Words. 412 words essay on swami vivekananda. Easy Essay On Swami Vivekananda || Paragraph On Swami Vivekananda .... Essay on Swami Vivekananda in English - YouTube. Essay on swami vivekananda in english || vivekananda essay in english .... Swami Vivekananda On India - VivekaVani. Swami Vivekananda Essay & Biography : 10 Interesting Facts And Famous .... Interesting Essay on Swami Vivekananda in English for Kids - FREE PDF .... Essay on Swami Vivekananda-700+Words - Education and Career.
More Related Content
Similar to A Typed Assembly Language for Non-interference.pdf
The document describes an implementation of an LDPC decoder for IEEE 802.11n wireless networks using Vivado High-Level Synthesis. It implemented the decoder as a C program using Vivado HLS directives to optimize parallelism and throughput. The implementation achieved throughputs of over 1 Gbps and error correction performance comparable to an RTL implementation but with higher productivity due to the higher level of abstraction of C compared to RTL.
The document discusses various aspects of computer hardware and software. It begins by listing the main hardware components of a computer like the keyboard, mouse, monitor, and printer. It then discusses the internal components like the CPU, RAM, and different storage areas. The document also covers computer languages from machine language to assembly language to high-level languages. It provides examples of algorithms, flowcharts, and programs in C language. Finally, it discusses key concepts in C programming like data types, operators, functions, and translation of programs.
This document provides an overview of the C programming language. It begins with an outline of topics covered, then defines C as a structured, high-level, machine-independent language that follows a top-down approach. The document traces the history and evolution of C from earlier languages like ALGOL and BCPL. It describes key features of C like portability, speed, and simplicity. It also explains the roles of compilers and linkers and includes flowcharts, sample programs, and discussions of variables, data types, operators, and control statements in C like if/else statements and switch cases.
This document discusses various techniques for lossless data compression, including run-length coding, Huffman coding, adaptive Huffman coding, arithmetic coding, and Shannon-Fano coding. It provides details on how each technique works, such as assigning shorter codes to more frequent symbols in Huffman coding and dynamically updating codes based on the data stream in adaptive Huffman coding. The document also discusses the importance of compression techniques for reducing the number of bits needed to store or transmit data.
This document provides an overview of the C programming language. It discusses the features of C including that it is simple, versatile, supports separate compilation of functions, and can be used for systems programming. It also covers C data types like integers, floating-point numbers, and how they are represented. Additional topics include variable names, comments, input/output functions like printf() and scanf(), and conventions for writing readable C code. The document serves as an introduction to key concepts in C programming.
This document provides an overview of the C programming language. It discusses various features of C like it being a simple, versatile language that allows for separate compilation of functions. It also covers different data types in C like integer, floating-point, characters, and arrays. Examples are given to illustrate how integers of different sizes like char, short, int, long are represented. The document also discusses floating-point number representation according to the IEEE 754 standard. Finally, it briefly introduces common input/output functions in C like printf() and scanf() and covers coding conventions.
This document provides an overview of the C programming language. It discusses the features of C including that it is simple, versatile, supports separate compilation of functions, and can be used for systems programming. It also covers C data types like integers, floating-point numbers, and how they are represented. Additional topics include variable names, comments, input/output functions like printf() and scanf(), and conventions for writing readable C code. The document serves as an introduction to programming in C.
This document provides an overview of high-level languages, assembly language, and machine language. It discusses how a processor executes high-level language statements and that assembly language is machine-specific while high-level languages are machine-independent. It also describes data representation in memory and registers, how assembly language instructions work at a basic level, and examples of assembly language programs and their machine code representations.
This document provides an introduction and overview of the C programming language. It discusses what a computer is and how programming languages work. It introduces machine language and high-level languages like C. Key aspects of C are explained, including data types, variables, operators, functions, and basic syntax. Examples of simple C programs are provided.
Design and Implementation of LZW Data Compression Algorithmijistjournal
LZW is dictionary based algorithm, which is lossless in nature and incorporated as the standard of the consultative committee on International telegraphy and telephony, which is implemented in this paper. Here, the designed dictionary is based on content addressable memory (CAM) array. Furthermore, the code for each character is available in the dictionary which utilizes less number of bits (5 bits) than its ASCII code. In this paper, LZW data compression algorithm is implemented by finite state machine, thus the text data can be effectively compressed. Accurate simulation results are obtained using Xilinx tools which show an improvement in lossless data compression scheme by reducing storage space to 60.25% and increasing the compression rate by 30.3%.
Design and Implementation of LZW Data Compression Algorithmijistjournal
LZW is dictionary based algorithm, which is lossless in nature and incorporated as the standard of the consultative committee on International telegraphy and telephony, which is implemented in this paper. Here, the designed dictionary is based on content addressable memory (CAM) array. Furthermore, the code for each character is available in the dictionary which utilizes less number of bits (5 bits) than its ASCII code. In this paper, LZW data compression algorithm is implemented by finite state machine, thus the text data can be effectively compressed. Accurate simulation results are obtained using Xilinx tools which show an improvement in lossless data compression scheme by reducing storage space to 60.25% and increasing the compression rate by 30.3%.
The document discusses code generation which involves mapping intermediate code to machine code. It describes three key issues in code generator design: instruction selection which determines the best machine instructions to use, register allocation which assigns variables to registers, and evaluation order which determines the order of instructions. The document outlines three algorithms for code generation that involve partitioning code into basic blocks, performing intra-block optimizations, and code selection and assignment.
This is A Crash Course in C,in which we have discusse whole c programming only in 3 parts.This is first part of C Tutorials From Basic to Advance in which we have discussed-
Introduction
C vs C++
Translator
Compilation process
Header file
Keyword
Identifiers
Constant
String
Operators
Data types
Qualifiers
Basic Program
Typeconversion
typecasting
please like comment & Subscribe!
If anybody have some questions regarding my videos please tell me at
E-mail-- iamsameer1997@gmail.com
Facebook: https://www.facebook.com/mdsamir.shaikh.948
The document discusses the structure and process of a compiler. It has two major phases - the front-end and back-end. The front-end performs analysis of the source code by recognizing legal/illegal programs, understanding semantics, and producing an intermediate representation. The back-end translates the intermediate representation into target code. The general structure includes lexical analysis, syntax analysis, semantic analysis, code generation and optimization phases.
The document discusses intermediate code generation in compilers. It describes how compilers generate an intermediate representation from the abstract syntax tree that is machine independent and allows for optimizations. One popular intermediate representation is three-address code, where each statement contains at most three operands. This code is then represented using structures like quadruples and triples to store the operator and operands for code generation and rearranging during optimizations. Static single assignment form is also covered, which assigns unique names to variables to facilitate optimizations.
Software is built in layers of abstraction from the hardware level (kernel) to the operating system level to user applications. Programs are written in programming languages and compiled into machine-readable code. Software is developed using techniques like modularization with functions and separation into multiple source files. Key concepts include variables, conditionals, loops, functions, and organizing code across files with headers.
The document provides an introduction to the C programming language. It discusses the structure of a C program including documentation, preprocessor directives, header files, and function definitions. It also describes various math and trigonometric functions available in the standard library like sqrt, pow, sin, cos, and log. The rest of the document outlines the steps to compile and execute a C program and defines key concepts like variables, constants, and data types in C.
This document discusses Reed-Solomon error correcting codes. It begins with an introduction to Reed-Solomon codes and their use in communication and data storage. It then provides details on Reed-Solomon encoding and decoding. The decoding process involves calculating syndromes, finding error locations using the Chien search algorithm, and determining error values using Forney's algorithm. Extensions of the inversionless Massey-Berlekamp algorithm are also described, which can compute the error locator and evaluator polynomials simultaneously without field inversions.
An important aspect of a program, apart from its ability to solve the problem, is its maintainability. A program has to undergo frequent changes in its lifetime because of the change in the problems to be solved. If a program is not written in a manner that allows incorporating changes easily, after a while, it may become useless altogether.
One way to bring some discipline into programming practices is structured programming. It is a way of creating programs that ensures high quality of maintainability, reusability, amenability to easy debugging and readability.
GOTO
C is a general-purpose programming language developed in the 1970s. It was created by Dennis Ritchie at Bell Labs to be used for the Unix operating system. Some key features of C include it being a mid-level language, supporting structured programming, having a rich standard library, and allowing for pointers and recursion. A simple "Hello World" program in C prints a message using printf and waits for input with getch. C supports various data types, operators, control structures like if/else and loops, functions, arrays, and pointers.
Similar to A Typed Assembly Language for Non-interference.pdf (20)
To what extent is Shylock the villain of the play? - GCSE English .... Shylock - Victim or Villain? - GCSE English - Marked by Teachers.com. Shylock- Villain or Victim? - GCSE English - Marked by Teachers.com.
Essay On Swami Vivekananda In English | Swami Vivekananda Essay In .... Paragraph on Swami Vivekananda [100, 150, 200, 250 Words]. Short Essay on Swami Vivekananda. Essay on Swami Vivekanand | Swami Vivekananda : Essay, Biography .... Short Biography of Swami Vivekananda | PDF | Swami Vivekananda .... Swami Vivekananda Essay | Essay on Swami Vivekananda in English for .... Essay on Swami Vivekananda | Swami Vivekananda Essay for Students and .... Essay on Swami Vivekananda for Students in 1000 Words. 412 words essay on swami vivekananda. Easy Essay On Swami Vivekananda || Paragraph On Swami Vivekananda .... Essay on Swami Vivekananda in English - YouTube. Essay on swami vivekananda in english || vivekananda essay in english .... Swami Vivekananda On India - VivekaVani. Swami Vivekananda Essay & Biography : 10 Interesting Facts And Famous .... Interesting Essay on Swami Vivekananda in English for Kids - FREE PDF .... Essay on Swami Vivekananda-700+Words - Education and Career.
Evaluation Essay - 9+ Examples, Format, Pdf | Examples. How to Write an Evaluation Essay: Examples and Format. FREE 7+ Evaluation Essay Samples in MS Word | PDF. Examples Of An Evaluation Essay – Telegraph. Expert Tips on How To Write a Thoughtful Evaluation Essay | YourDictionary. Evaluation Essay Sample | Master Template. 019 Critical Evaluation Essay Example ~ Thatsnotus. Evaluation Essay Example | Template Business. FREE 16+ Sample Essay Templates in PDF. PPT - Evaluation Essay PowerPoint Presentation, free download - ID:2158184. Critical Evaluation Essay Example. Evaluation of an essay, Evaluative Essay: Examples, Format .... What Is an Evaluation Essay? Simple Examples To Guide You | YourDictionary. Evaluation Essay - Example & How To Write | Pro Essay Help. Evaluation Essay Example Using Effective Reasoning. Expert Advice on How to Write a Successful Evaluative Essay. 002 Evaluation Essays Free Pdf Format Download Justifying An Student .... Evaluation Essay Sample | Master of Template Document. 003 Essay Example Critical Evaluation ~ Thatsnotus. Writing an evaluation essay. How do you write a evaluation essay?. 2022 .... How to Write an Evaluation Essay: Step-by-Step Guide Evaluation Essay Samples Evaluation Essay Samples
Science Essay | Essay on Science for Students and Children in English .... How to write a science essay Year 1. Effective Ways to Write Science Essay | AllAssignmentHelp.com. 011 Essay Example Science Topics For 6th Graders Buses Or Cars .... Analytical Essay: Good science essay topics.
Essay on Environment Protection (1000+ words) - EnglishGrammarSoft. Write a short essay on How To Protect The Environment | Essay on .... Papers & Essays: Environment preservation essay professional writers .... 【How to】 Protect Environment Essay In English. Global Environmental Protection Essay | Legal Studies - Year 12 HSC .... 003 An Essay On Environmental Pollution Example Environment Helping Th .... Environmental Protection Essay | Essay on Save Environment for Students .... Environment Protection Essay - Study-Phi. Global Environmental Protection Essay. | Year 12 HSC - Legal Studies .... Business paper: Essay about environment protection. 001 Environmental Issues Essay Image17 ~ Thatsnotus. Environmental Protection Essay Example for Free - 1071 Words | EssayPay. Safeguarding Our Home: Environmental Responsibility Free Essay Example. How to protect Environment essay | Essay writing on environment .... Importance of Environmental Protection Essay | Pollution | Global Warming. Save The Environment Essay. Protecting the environment 1 .docx - Protecting the environment Essay .... People are not paying attention to environmental protection. What is .... Different Aspects of Environmental Protection Essay Example .... Importance of Environment Essay | Essay on Importance of Environment .... Ways To Protect The Environment Essay - How We Can Protect The .... Essay about environment. Environment Essay Guided Discovery | Environmentalism | Natural Environment. College essay: Essay environmental protection. Environmental essay - inhisstepsmo.web.fc2.com. Save environment essay. Environment Essay: Example, Sample, Writing Help ️ BookWormLab. 023 Save Environment The Essay For Kids ~ Thatsnotus. Write an essay on "How to Protect the Environment"||"How to Protect the .... Short Essay About Environmental Conservation | Sea | Pollution.
The document provides instructions for using the HelpWriting.net service to have writing assignments completed. It outlines a 5-step process: 1) Create an account with an email and password; 2) Complete a form with assignment details and deadline; 3) Review bids from writers and choose one; 4) Review the completed paper and authorize payment; 5) Request revisions until satisfied. It emphasizes the site's guarantee of original, high-quality work or a full refund.
Courts PLC began expanding internationally in the 1960s. It was established in Singapore in 1974 and Malaysia in 1987. In the early 2000s, Courts PLC went bankrupt and its subsidiaries were sold to repay debts. Courts Asia Limited is now a leading Southeast Asian retailer of furniture, appliances, and IT products. Unlike normal retailers, Courts Asia earns most of its income through financing purchases rather than direct sales.
The Great Depression had a major impact on American homes in the 1930s, which are remembered as extremely difficult times financially for many families. During this era, the economic crisis caused by the stock market crash in 1929 led to widespread poverty and hardship for homeowners across the country. Resources were scarce as unemployment rose sharply, leaving many struggling just to afford basic necessities like food, clothing and shelter.
The document provides instructions for requesting and completing an assignment writing request on the HelpWriting.net website. It outlines a 5 step process: 1) Create an account, 2) Complete an order form providing instructions, sources and deadline, 3) Review bids from writers and select one, 4) Review the completed paper and authorize payment, 5) Request revisions to ensure satisfaction and receive a refund if plagiarized.
Critical Appraisal Example 2020-2022 - Fill And SignYasmine Anino
The document provides instructions for requesting and completing an assignment writing request on the HelpWriting.net platform. It outlines a 5-step process: 1) Create an account with a password and email; 2) Complete a 10-minute order form with instructions, sources, and deadline; 3) Review bids from writers and select one; 4) Review the completed paper and authorize payment; 5) Request revisions to ensure satisfaction, with a full refund option for plagiarized work. The process aims to match clients with qualified writers and provide original, high-quality content through revisions.
The document discusses the steps to request writing assistance from HelpWriting.net. It involves creating an account, completing a 10-minute order form providing instructions and deadlines, and choosing a writer based on their bid, qualifications, and reviews. The customer can then request revisions until satisfied with the paper. HelpWriting.net promises original, high-quality content and refunds for plagiarized work.
Superhero Writing Worksheet By Jill KatherinYasmine Anino
The document discusses the humanitarian crisis in Aleppo, Syria resulting from the ongoing civil war between government and anti-government rebel forces. The city is divided between western areas controlled by the Assad government and eastern areas controlled by rebels. Frequent air and chemical attacks have left civilians in constant fear and taken a massive toll, with nearly 470,000 lives lost directly or indirectly over five years of conflict. The Assad government is accused of using terrorist tactics against its own people.
Printable Writing Paper Vintage Christmas Holly BYasmine Anino
The document provides instructions for creating an account and submitting assignment requests on the HelpWriting.net website. It outlines a 5-step process: 1) Create an account with a password and email. 2) Complete a form with assignment details. 3) Review bids from writers and select one. 4) Review the completed paper and authorize payment. 5) Request revisions until satisfied. The purpose is to guide users through obtaining writing help services, ensuring their needs and expectations are met.
The document provides instructions for creating an account and submitting an assignment request on the website HelpWriting.net. It describes a 4-step process: 1) Create an account with an email and password. 2) Complete a form with assignment details and deadline. 3) Review bids from writers and select one. 4) Review the completed paper and authorize payment or request revisions. It emphasizes that the site offers revisions, original content, and refunds for plagiarized work.
Position Paper Mun Examples - Position PaperYasmine Anino
The document provides instructions for creating an account and submitting a request for an assignment writing service on the HelpWriting.net website. It outlines a 5-step process: 1) Create an account with an email and password. 2) Complete a form with assignment details, sources, and deadline. 3) Review bids from writers and choose one. 4) Review the completed paper and authorize payment. 5) Request revisions to ensure satisfaction, and the company guarantees original, high-quality work or a full refund.
Hook C Lead C Attention Grabber Beginning An EssYasmine Anino
Here is a SWOT analysis for Walgreens:
Strengths:
- Large retail pharmacy chain with over 9,000 locations across the US
- Strong brand recognition and reputation for quality services
- Expansive product selection including pharmacy, health and wellness products
- Growing e-commerce business and online ordering capabilities
- Strategic partnerships and acquisitions that expand service offerings
Weaknesses:
- Heavy reliance on prescription drug sales makes it vulnerable to reimbursement changes
- Faces increasing competition from online retailers and discount stores
- Higher costs than some competitors due to larger store footprint
- Transitioning to more healthcare services presents operational challenges
Opportunities:
- Expanding into healthcare services
Princess Themed Writing Paper Teaching ResourcesYasmine Anino
The document provides instructions for requesting writing assistance from HelpWriting.net. It outlines a 5-step process: 1) Create an account with a password and email. 2) Complete a 10-minute order form providing instructions, sources, and deadline. 3) Review bids from writers and select one based on qualifications. 4) Review the completed paper and authorize payment. 5) Request revisions to ensure satisfaction, with a full refund option for plagiarized work. The service utilizes a bidding system and promises original, high-quality content.
How To Write Essays Faster - CIPD Students HelpYasmine Anino
The document analyzes William Blake's poems "The Tyger" and "The Lamb" by explaining that "The Tyger" questions the creator of the tiger to determine if they are demonic or godlike, while focusing on the character's reaction rather than the tiger itself, with the character inquiring about the location of the creator. In contrast, "The Lamb" presents a gentle, innocent lamb and focuses on its relationship with its creator to represent the innocence of Christianity. The two poems contrast to illustrate Blake's exploration of the relationship between humanity and divinity.
Research Paper Step By Step Jfk Research Paper Outline ResearcYasmine Anino
This documentary analyzes Mark Twain's complex life in depth. It addresses questions about how interesting and significant his life truly was by showing the immense hardships and successes he endured. These included financial struggles early in his career, contemplating suicide, and the death of his daughter while traveling. The documentary provides needed context for understanding elements of his famous work Huckleberry Finn that seem racist by highlighting the difficulties of his upbringing and life experiences before widespread fame.
Gender and Mental Health - Counselling and Family Therapy Applications and In...PsychoTech Services
A proprietary approach developed by bringing together the best of learning theories from Psychology, design principles from the world of visualization, and pedagogical methods from over a decade of training experience, that enables you to: Learn better, faster!
How to Setup Default Value for a Field in Odoo 17Celine George
In Odoo, we can set a default value for a field during the creation of a record for a model. We have many methods in odoo for setting a default value to the field.
Temple of Asclepius in Thrace. Excavation resultsKrassimira Luka
The temple and the sanctuary around were dedicated to Asklepios Zmidrenus. This name has been known since 1875 when an inscription dedicated to him was discovered in Rome. The inscription is dated in 227 AD and was left by soldiers originating from the city of Philippopolis (modern Plovdiv).
How to Download & Install Module From the Odoo App Store in Odoo 17Celine George
Custom modules offer the flexibility to extend Odoo's capabilities, address unique requirements, and optimize workflows to align seamlessly with your organization's processes. By leveraging custom modules, businesses can unlock greater efficiency, productivity, and innovation, empowering them to stay competitive in today's dynamic market landscape. In this tutorial, we'll guide you step by step on how to easily download and install modules from the Odoo App Store.
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...TechSoup
Whether you're new to SEO or looking to refine your existing strategies, this webinar will provide you with actionable insights and practical tips to elevate your nonprofit's online presence.
How to Manage Reception Report in Odoo 17Celine George
A business may deal with both sales and purchases occasionally. They buy things from vendors and then sell them to their customers. Such dealings can be confusing at times. Because multiple clients may inquire about the same product at the same time, after purchasing those products, customers must be assigned to them. Odoo has a tool called Reception Report that can be used to complete this assignment. By enabling this, a reception report comes automatically after confirming a receipt, from which we can assign products to orders.
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...EduSkills OECD
Andreas Schleicher, Director of Education and Skills at the OECD presents at the launch of PISA 2022 Volume III - Creative Minds, Creative Schools on 18 June 2024.
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...
A Typed Assembly Language for Non-interference.pdf
1. A Typed Assembly Language for Non-Interference
Ricardo Medel1
, Adriana Compagnoni1
, and Eduardo Bonelli2
1
Stevens Institute of Technology, Hoboken NJ 07030, USA,
2
LIFIA, Fac. de Informática, Univ. Nac. de La Plata, Argentina
{rmedel,abc}@cs.stevens.edu
eduardo@sol.info.unlp.edu.ar
Abstract. Non-interference is a desirable property of systems in a multilevel se-
curity architecture, stating that confidential information is not disclosed in public
output. The challenge of studying information flow for assembly languages is
that the control flow constructs that guide the analysis in high-level languages
are not present. To address this problem, we define a typed assembly language
that uses pseudo-instructions to impose a stack discipline on the control flow of
programs. We develop a type system for checking that assembly programs enjoy
non-interference and its proof of soundness.
1 Introduction
The confi dentiality of information handled by computing systems is of paramount im-
portance. However, standard perimeter security mechanisms such as access control
or digital signatures fail to address the enforcement of information-fl
ow policies. On
the other hand, language-based strategies offer a promising approach to information
fl
ow security. In this paper, we study confi dentiality for an assembly language using a
language-based approach to security via type-theory.
In a multilevel security architecture information can range from having low (pub-
lic) to high (confi dential) security level. Information fl
ow analysis studies whether an
attacker can obtain information about the confi dential data by observing the output of
the system. The non-interference property states that any two executions of the same
program, where only the high-level inputs differ in both executions, does not exhibit
any observable difference in the program’s output.
In this paper we defi ne SIF, a typed assembly language for secure information fl
ow
analysis with security types. This language contains two pseudo-instructions,cpush L
and cjmp L, for handling a stack of code labels indicating the program points where
different branches of code converge, and the type system enforces a stack policy on
those code labels. Our development culminates with a proof that well-typed SIF pro-
grams are assembled to untyped machine code that satisfy non-interference.
The type system of SIF detects explicit illegal fl
ows as well as implicit illegal fl
ows
arising from the control structure of a program. Other covert channels such as those
based on termination, timing, and power consumption, are outside the scope of this
paper.
2. 2 SIF, A Typed Assembly Language
In information fl
ow analysis, a security level is associated with the program counter (pc)
at each program execution point. This security level is used to detect implicit informa-
tion fl
ow from high-level values to low-level values. Moreover, control fl
ow analysis is
crucial in allowing this security level to decrease where there is no risk of illicit fl
ow of
information.
Consider the example in Figure 1(a), where x has high security level and z has low
security level. Notice that y cannot have low security level, since information about x
can be retrieved from y, violating the non-interference property. Since the execution
path depends on the value stored in the high-security variable x, entering the branches
of the if-then-else changes the security level of the pc to high, indicating that
only high-level variables can be updated. On the other hand, since z is modifi ed after
both branches, there is no leaking of information from either y or x to z. Therefore, the
security level of the pc can be safely lowered.
Sec. level of pc
low if x=0
high then y:=1
high else y:=2
low z:=3
(a) High-level program
L1 : bnz r1, L2 % if x6=0 goto L2
move r2 ← 1 % y:= 1
jmp L3
L2 : move r2 ← 2 % y:= 2
L3 : move r3 ← 3 % z:= 3
(b) Assembly program
Fig. 1. Example of implicit illegal information flow.
A standard compilation of this example to assembly language may produce the code
shown in Figure 1(b). Note that the block structure of the if-then-else is lost, and
it is not clear where it is safe to lower the security level of the pc. We address this
problem by including in our assembly language a stack of code labels accessed by two
pseudo-instructions, cpush L and cjmp L, to simulate the block structure of high-
level languages.
The instruction cpush L pushes L onto the stack while cjmp L fi rst pops L from
the stack if L is already at the top, and then jumps to the instruction labelled by L. The
extra label information in cjmp L allows us to statically control that the intended label
is removed, thereby preventing ill structured code.
The SIF code for the example in Figure 1(a) is shown below. The code at L1 pushes
the label L3 onto the stack. The code at L3 corresponds to the instructions following the
if-then-else in the source code. Observe that the code at L3 can only be executed
once, because the instruction cjmp L3 at the end of the code pointed to by L1 (then
branch), or at the end of L2 (else branch), removes the top of the stack and jumps to
the code pointed to by L3. At this point it is safe to lower the security level of the pc,
since updating the low-security register r3 does not leak any information about r1.
3. L1 : {r0 : int⊥
, r1 : int⊤
, r2 : int⊤
, r3 : int⊥
, pc : ⊥} k ǫ
cpush L3 % set junction point L3
bnz r1, L2 % if x6= 0 goto L2
arithi r2 ← r0 + 1 % y:= 1, with r0=0
cjmp L3
L2 : {r0 : int⊥
, r2 : int⊤
, r3 : int⊥
, pc : ⊤} k L3 · ǫ
arithi r2 ← r0 + 2 % y:= 2
cjmp L3
L3 : {r0 : int⊥
, r3 : int⊥
, pc : ⊥} k ǫ
arithi r3 ← r0 + 3 % z:= 3
halt
eof
Moreover, as in HBAL [1], the type-checking of the program is separated from the
verifi cation of the safety of the machine confi guration where the program is assembled.
Thus, following the schema shown below, a type-checker can verify if a program is safe
for execution on any safe memory confi guration, and the runtime environment only
needs to check that the initial machine confi guration is safe before each run.
Eval
No
Unsafe Code
Typechecker
Unsafe Memory.
No
Yes Yes
Compiler Assembler Is machine safe?
The assembler removes cpush L and translates cjmp L into jmp L, an ordinary
unconditional jump, leaving no trace of these pseudo-instructions in the executable code
(See the defi nition of the assembly function Asm(−) in section 2.4).
2.1 The Type System
We assume given a lattice Lsec of security labels [8], with an ordering relation ⊑, least
(⊥) and greatest (⊤) elements, and join (⊔) and meet (⊓) operations. These labels assign
security levels to elements of the language through types. The type expressions of SIF
are given by the following grammar:
security labels l ∈ Lsec
security types σ ::= ωl
word types ω ::= int | [τ]
memory location types τ ::= σ × . . . × σ | code
Security types (σ) are word types annotated with a security label. The expression
LABL(σ) returns the security label of a security type σ. A word type (ω) is either an
integer type (int) or a pointer to a memory location type ([τ]). Memory location types
(τ) are tuples of security types, or a special type code. We use τ[c], with c a positive
4. integer, to refer to the cth
word type of the product type τ. Since the type code indicates
the type of an assembly instruction, our system distinguishes code from data.
A context (Γ k Λ) contains a register context Γ and a junction points stack Λ. A
junction points stack (Λ) is a stack of code labels, each representing the convergence
point of a fork in the control fl
ow of a program. The empty stack is denoted by ǫ. A
register context Γ contains type information about registers, mapping them to security
types. We assume a fi nite set of registers {r0, . . . , rn}, with two dedicated registers: r0,
that always holds zero, and pc, the program counter.
We write Dom(Γ) for the domain of the register context Γ. The empty context is
denoted by {}. The register context obtained by eliminating from Γ all pairs with r as
fi rst component be denoted by Γ/r, while Γ, Γ′
denotes the union of register contexts
with disjoint domains. We use Γ, r : σ as a shorthand for Γ, {r : σ}, and Γ[r := σ] as
a shorthand for Γ/r, {r : σ}.
Since the program counter is always a pointer to code, we usually write pc : l
instead of pc : [code]l
, and Γ(pc) = l if pc : l ∈ Γ.
2.2 Syntax of SIF Programs
A program (P) is a sequence of instructions and code labels ended by the directive
eof. SIF has standard assembly language instructions such as arithmetic operations,
conditional branching, load, and store, plus pseudo-instructions cpush and cjmp to
handle the stack of code labels.
program P ::= eof | L; P | p; P
instructions p ::= halt | jmp L | bnz r, L
| load r ← r[c] | store r[c] ← r
| arith r ← r ⊙ r | arithi r ← r ⊙ i
| cpush L | cjmp L
operations ⊙ ::= + | − | ∗ | /
We use c to indicate an offset, and i to indicate integer literals. We assume an infi nite
enumerable set of code labels. Intuitively, the instruction cpush L pushes the junction
point represented by the code label L onto the stack, while the instruction cjmp L
behaves as a pop and a jump. If L is at the top of the stack, it pops L and then jumps to
the instruction labeled L.
2.3 Typing Rules
A signature (Σ) is a mapping assigning contexts to labels. The context Σ(L) contains
the typing assumptions for the registers in the program point pointed to by the label L.
The judgment Γ k Λ ⊢Σ P is a typing judgment for a SIF program P, with signature
Σ, in a context Γ k Λ. We say that a program P is well-typed if Ctxt(P) ⊢Σ P, where
Ctxt(P) is the partial function defi ned as: Ctxt(L; P) = Σ(L), Ctxt(eof) = {} k ǫ.
The typing rules for SIF programs, shown in Figures 2 and 3, are designed to prevent
illegal fl
ows of information. The directive eof is treated as a halt instruction. So,
rules T Eof and T Halt ensure that the stack is empty.
5. Γ′
⊆ Γ l ⊑ l′
ST RegBank
(Γ, pc : l k Λ) ≤ (Γ ′
, pc : l′
k Λ)
Ctxt(P) ⊢Σ P
T Halt
Γ k ǫ ⊢Σ halt ; P
T Eof
Γ k ǫ ⊢Σ eof
(Γ k Λ) ≤ Σ(L) Σ(L) ⊢Σ P
T Label
Γ k Λ ⊢Σ L; P
(Γ k Λ) ≤ Σ(L) Ctxt(P) ⊢Σ P
T Jmp
Γ k Λ ⊢Σ jmp L; P
(Γ, r : intl′
, pc : l ⊔ l′
k Λ) ≤ Σ(L) Γ, r : intl′
, pc : l ⊔ l′
k Λ ⊢Σ P
T CondBrnch
Γ, r : intl′
, pc : l k Λ ⊢Σ bnz r, L; P
Fig. 2. Subtyping for contexts and typing rules for programs (1st
part).
Rule T Label requires that the current context be compatible with the context ex-
pected at the position of the label, as defi ned in the signature (Σ) of the program. Jumps
and conditional jumps are typed by rules T Jmp and T CondBrnch. In both rules the
current context has to be compatible with the context expected at the destination code.
In T CondBrnch, both the code pointed to by L and the remaining program P are con-
sidered destinations of the jump included in this operation. In order to avoid implicit
fl
ows of information, the security level of the pc in the destination code should not
be lower than the current security level and the security level of the register (r) that
controls the branching.
In T Arith the security level of the source registers and the pc should not exceed the
security level of the target register to avoid explicit fl
ows of information. The security
level of rd can actually be lowered to refl
ect its new contents, but, to avoid implicit in-
formation fl
ows, it cannot be lowered beyond the level of the pc. Similarly for T Arithi,
T Load and T Store. In T Load, an additional condition establishes that the security
level of the pointer to the heap has to be lower than or equal to the security level of the
word to be read.
The rule T Cpush controls whether cpush L can add the code label L to the stack.
Since L is going to be consumed by a cjmp L instruction, its security level should not
be lower than the current level of the pc. The cjmp L instruction jumps to the junction
point pointed to by label L. Furthermore, to prevent ill structured programs the rule
T Cjmp forces the code label L to be at the top of the stack, and the current context
has to be compatible with the one expected at the destination code. However, since a
cjmp instruction allows the security level to be lowered, there are no conditions on its
security level.
6. Γ(rd) = ωld rd, rs, rt 6= pc
Γ(rs) = intls
l ⊔ ls ⊔ lt ⊑ ld
Γ(rt) = intlt
Γ, pc : l k Λ ⊢Σ P
T Arith
Γ, pc : l k Λ ⊢Σ arith rd ← rs ⊙ rt; P
rd, rs 6= pc
Γ(rd) = ωld l ⊔ ls ⊑ ld
Γ(rs) = intls
Γ, pc : l k Λ ⊢Σ P
T Arithi
Γ, pc : l k Λ ⊢Σ arithi rd ← rs ⊙ i; P
Γ(rs) = [τ]ls
rd, rs 6= pc
Γ(rd) = ωld l ⊔ ls ⊑ lc ⊑ ld
τ[c] = ωlc
c Γ, pc : l k Λ ⊢Σ P
T Load
Γ, pc : l k Λ ⊢Σ load rd ← rs[c]; P
Γ(rd) = [τ]ld rd, rs 6= pc
Γ(rs) = τ[c] = ωls
l ⊔ ld ⊑ ls
τ is code-free Γ, pc : l k Λ ⊢Σ P
T Store
Γ, pc : l k Λ ⊢Σ store rd[c] ← rs; P
l ⊑ Σ(L)(pc) Γ, pc : l k L · Λ ⊢Σ P
T Cpush
Γ, pc : l k Λ ⊢Σ cpush L; P
Σ(L) = Γ ′
k Λ Γ′
/pc ⊆ Γ/pc Ctxt(P) ⊢Σ P
T Cjmp
Γ k L · Λ ⊢Σ cjmp L; P
Fig. 3. Typing rules for programs (2nd
part).
2.4 Type Soundness of SIF
In this section we defi ne a semantics for the untyped assembly instructions operating on
a machine model, we give an interpretation for SIF types which captures the way types
are implemented in memory, and fi nally we prove that the execution of a well-typed
SIF program modifi es a type-safe confi guration into another type-safe confi guration.
Let Reg = {0, 1, . . ., Rmax} be the register indices, with two dedicated registers:
R(0) = 0, and R(pc) is the program counter. Let Loc ⊆ Z be the set of memory lo-
cations on our machine, Wrd be the set of machine words that can stand for integers or
locations, and Code be the set of machine words which can stand for machine instruc-
tions. To simplify the presentation, we assume that Wrd is disjoint from Code; so, our
model keeps code separate from data.
A machine configuration M is a pair (H, R) where H : Loc ⇁ Wrd ⊎ Code is
a partial function defi ning a heap confi guration, and R : Reg → Wrd is a register
confi guration.
Given a program P, a machine assembled for P is a machine confi guration which
contains a representation of the assembly program, with machine instructions stored
7. in some designated contiguous portion of the heap. Supposing P = p1; . . . ; pn, the
assembly process defi nes a function PAdr : 1, . . . , n → Loc which gives the destination
location for the code when assembling the typed instruction pu, where 1 ≤ u ≤ n. For
each of the locations ℓ where P is stored, H(ℓ) ∈ Code. The assembly process also
defi nes the function LAdr(L), which assigns to each label in P the heap location where
the code pointed to by the label was assembled.
Given a machine confi guration M = (H, R), we defi ne a machine transition rela-
tion M −→ M′
, as follows: First, M′
differs from M by incrementing R(pc) according
to the length of the instruction in H(R(pc)); then, the transformation given in the table
below is applied to obtain the new heap H′
, or register bank R′
. The operations on r0
have no effect.
jmp L R′
= R[pc := LAdr(L)]
bnz r, L R′
=
R, if R(r) = 0
R[pc := LAdr(L)], otherwise
arith rd ← rs ⊙ rt R′
= R[rd := R(rs) ⊙ R(rt)]
arithi rd ← rs ⊙ i R′
= R[rd := R(rs) ⊙ i]
load rd ← rs[c] R′
= R[rd := H(R(rs) + c)]
store rd[c] ← rs H′
= H[R(rd) + c := R(rs)]
Asm(pu) stands for the sequence of untyped machine instructions which is the result
of assembling a typed assembly instruction pu:
Asm(L) = ǫ Asm(eof ) = halt
Asm(cpush L) = ǫ Asm(cjmp L) = jmp L
Asm(pu) = pu, otherwise
Notice that the sequence has at most one instruction. We write M
Asm(pu)
−→ M′
, if M
executes to M′
through the instructions in Asm(pu), by zero or one transitions in M.
The refl
exive and transitive closure of this relation is defi ned by the following rules.
Refl
M =⇒ M
M1
Asm(pu)
−→ M2
Incl
M1 =⇒ M2
M1 =⇒ M2 M2 =⇒ M3
Trans
M1 =⇒ M3
2.5 Imposing Types on the Model
A heap context ψ is a function that maps heap locations to security types. A heap
context contains type information about the heap locations required to type the registers.
Dom(ψ) denotes the domain of the heap context ψ. The empty context is denoted by
{}. We write ψ[ℓ := τ] for the heap context resulting from updating ψ with ℓ : τ.
Two heap contexts ψ and ψ′
are compatible, denoted compat(ψ, ψ′
), if for all ℓ ∈
Dom(ψ)∩Dom(ψ′
), ψ(ℓ) = ψ′
(ℓ). The following rules assign types to heap locations:
8. H(ℓ) ∈ Code
T HLocCode
H; {ℓ : code} |= ℓ : code hloc
H(ℓ) ∈ Wrd
T HLocInt
H; {ℓ : intl
} |= ℓ : intl
hloc
H(ℓ) ∈ Wrd compat(ψ, {ℓ : [τ]l
}) H; ψ |= H(ℓ) : τ hloc
T HLocPtr
H; ψ ∪ {ℓ : [τ]l
} |= ℓ : [τ]l
hloc
compat(ψ, ψ′
) H; ψ |= ℓ : τ hloc
W HLoc
H; ψ ∪ ψ′
|= ℓ : τ hloc
mi = size(σ0) + . . . + size(σi−1)
H; ψ |= ℓ + mi : σi hloc for all 0 ≤ i ≤ n
T HLocProd
H; ψ |= ℓ : σ0 × . . . × σn hloc
In order to defi ne the notion of satisfi ability of contexts by machine confi gurations,
we need to defi ne a satisfi ability relation for registers.
r 6= pc
T RegInt
M |={} r : intl
reg
H; ψ |= R(r) : τ hloc
T RegPtr
(H, R) |=ψ r : [τ]l
reg
(H, R) |=ψ r : σ reg compat(ψ, ψ′
)
W Reg
(H, R) |=ψ∪ψ′ r : σ reg
A machine confi guration M satisfies a typing assignment Γ with a heap typing con-
text ψ (written M |=ψ Γ) if and only if for each register ri ∈ Dom(Γ), M satisfi es the
typing statement M |=ψi ri : Γ(ri) reg, the heap contexts ψi are pairwise compatible,
and ψ = ∪∀iψi.
A machine confi guration M = (H, R) is in final state if H(R(pc)) = halt . We
defi ne an approximationto the execution of a typed program P = p1; . . . ; pn by relating
the execution of the code locations in the machine M with the control paths in the
program by means of the relation pu pv, which holds between pairs of instructions
indexed by the set:
{(i, i + 1) | pi 6= jmp, cjmp, and i < n}
∪
{(i, j + 1) | pi = jmp L, bnz r, L, or cjmp L, and pj = L}.
We use pu
∗
pv to denote the refl
exive and transitive closure of p u pv.
2.6 Type Soundness
In this section we show that our type system ensures that the reduction rules preserve
type safety. The soundness results imply that if the initial memory satisfi es the initial
typing assumptions of the program, then each memory confi guration reachable from the
initial memory satisfi es the typing assumptions of its current instruction.
The typing assumptions of each instruction of a program can be obtained from
the initial context by the typechecking process. The derivation Ctxt(P) ⊢Σ P
9. of a well-typed program P = p1; . . . pu; . . . ; pn determines a sequence of contexts
Γ1 k Λ1, . . . , Γn k Λn from sub-derivations of the form Γu k Λu ⊢Σ pu; pu+1; . . . ; pn.
A machine confi guration is considered type-safe if it satisfi es the typing assump-
tions of its current instruction. Given a well-typed program P = p1; . . . pu; . . . ; pn and
a heap context ψ, we say M = (H, R) is type safe at u for P with ψ if M is assembled
for P; R(pc) = PAdr(u); and M |=ψ Γu.
We prove two meta-theoretic results Progress and Subject Reduction. Progress (The-
orem 1) establishes that a non-fi nal-state type safe machine can always progress to a
new machine by executing a well-typed instruction, and Subject Reduction (Theorem 2)
establishes that if a type safe machine progresses to another machine, the resulting ma-
chine is also type safe.
Theorem 1 (Progress). Suppose a well-typed program P = p1; . . . pu; . . . ; pn and a
machine configuration M type safe at u. Then there exists M′
such that M
Asm(pu)
−→ M′
,
or M is in fi nal state.
Theorem 2 (Subject Reduction). Suppose P = p1; . . . pu; . . . ; pn is a well-typed pro-
gram and (H, R) is a machine configuration type safe at u, and (H, R)
Asm(pu)
−→ M′
.
Then there exists pv ∈ P such that pu pv and M′
is type safe at v.
The proof of this theorem proceeds by case analysis on the current instruction pu,
analyzing each of the possible instructions that follow pu, based on the defi nition of
program transitions. See the companion technical report [13] for details.
3 Non-Interference
Given an arbitrary (but fi xed) security level ζ of an observer, non-interference states
that computed low-security values (⊑ ζ) should not be affected by high-security input
values (6⊑ ζ). In order to prove that a program P satisfi es non-interference one must
show that any two terminating executions fi red from indistinguishable (from the point
of view of the observer) machine confi gurations yield indistinguishable confi gurations
of the same security observation level.
In order to establish what it means for machine confi gurations to be indistinguish-
able from an observer’s point of view whose security level is ζ, we defi ne a ζ-indistingui-
shability relation for machine confi gurations.
The following defi nitions assume a given security level ζ, two machine confi gura-
tions M1 = (H1, R1) and M2 = (H2, R2), two heap contexts ψ1 and ψ2, and two
register contexts Γ1 and Γ2, such that M1 |=ψ1 Γ1 and M2 |=ψ2 Γ2.
Two register banks are ζ-indistinguishable if the observable registers in one bank are
also observable in the other, and the contents of these registers are also ζ-indistinguisha-
ble.
10. Definition 1 (ζ-indistinguishability of register banks). Two register banks R1 and
R2 are ζ-indistinguishable, written ✄H1:ψ1,H2:ψ2 R1 : Γ1 ≈ζ R2 : Γ2 regBank, if for
all r ∈ Dom∪(Γ1, Γ2)3
, with r 6= pc:
LABL(Γ1(r)) ⊑ ζ or LABL(Γ2(r)) ⊑ ζ implies
8
<
:
r ∈ Dom∩(R1, R2, Γ1, Γ2),
Γ1(r) = Γ2(r), and
✄H1:ψ1,H2:ψ2 R1(r) ≈ζ R2(r) : Γ1(r) val
Two word values v1 and v2 of type ωl
are considered ζ-indistinguishable, written
✄H1:ψ1,H2:ψ2 v1 ≈ζ v2 : ωl
val, if l ⊑ ζ implies that both values are equal. In case of
pointers to heap locations, the locations have to be also ζ-indistinguishable.
Two heap values ℓ1 and ℓ2 of type τ are considered ζ-indistinguishable, written
✄H1:ψ1,H2:ψ2 ℓ1 ≈ζ ℓ2 : τ hval, if ℓ1 ∈ H1, ℓ2 ∈ H2, and either the type τ is code and
ℓ1 = ℓ2, or τ = σ1 × . . . × σn and each pair of offset locations ℓ1 + mi and ℓ2 + mi
(with mi as in rule T HLocProd) are ζ-indistinguishable, or τ is a word type with a
security label l and l ⊑ ζ implies that both values are equal.
LowAxiom
✄Σǫ ≈ζ ǫ Low
Σ(L)(pc) ⊑ ζ ✄Σ Λ1 ≈ζ Λ2 Low
LowLow
✄ΣL · Λ1 ≈ζ L · Λ2 Low
Σ(L1)(pc) 6⊑ ζ Σ(L2)(pc) 6⊑ ζ ✄Σ Λ1 ≈ζ Λ2 Low
LowHigh
✄ΣL1 · Λ1 ≈ζ L2 · Λ2 cstackLow
✄ΣΛ1 ≈ζ Λ2 Low
HighAxiom
✄ΣΛ1 ≈ζ Λ2 High
Σ(L)(pc) 6⊑ ζ ✄Σ Λ1 ≈ζ Λ2 High
HighLeft
✄ΣL · Λ1 ≈ζ Λ2 High
Σ(L)(pc) 6⊑ ζ ✄Σ Λ1 ≈ζ Λ2 High
HighRight
✄ΣΛ1 ≈ζ L · Λ2 High
Fig. 4. ζ-indistinguishability of junction points stacks.
The proof of our main result, the Non-Interference Theorem 3, requires two notions
of indistinguishability of stacks (Low and High). If one execution of a program branches
on a condition while the other does not, the junction points stacks may differ in each
of the paths followed by the executions. If the security level of the pc is low in one
execution, then it has to be low in the other execution as well, and the executions must be
identical. The fi rst three rules of Figure 4 defi ne the relation of low-indistinguishability
for stacks. In low-security executions the associated stacks mus be of the same size, and
each code label in the stack of the fi rst execution must be indistinguishable from that of
the corresponding element in the second one.
If the security level of the pc of one of the two executions is high, then the other
one must be high too. The executions are likely to be running different instructions, and
3
We use Dom⊕(A1, . . . , An) as an abbreviation for Dom(A1) ⊕ . . . ⊕ Dom(An).
11. thus the associated stacks may have different sizes. However, we need to ensure that
both executions follow branches of the same condition. This is done by requiring that
both associated stacks have a common (low-indistinguishable) sub-stack. The second
three rules of Figure 4 defi ne the relation of high-indistinguishability for stacks. Also
note that, as imposed by the typing rules, the code labels added to the stack associated
to high-security branches are of high-security level.
Finally, we defi ne the relation of indistinguishability of two machine con from the
point of view of an observer of level ζ.
Definition 2. Two machine configurations M1 = (H1, R1) and M2 = (H2, R2) are
ζ-indistinguishable, denoted by the judgment
✄P M1 : Γ1, Λ1, ψ1 ≈ζ M2 : Γ2, Λ2, ψ2 mConfig,
if and only if
1. M1 |=ψ1 Γ1 and M2 |=ψ2 Γ2,
2. M1 and M2 are assembled for P at the same addresses,
3. ✄H1:ψ1,H2:ψ2 R1 : Γ1 ≈ζ R2 : Γ2 regBank, and
4. either
(a) Γ1(pc) = Γ2(pc) ⊑ ζ and R1(pc) = R2(pc) and ✄ΣΛ1 ≈ζ Λ2 Low, or
(b) Γ1(pc) 6⊑ ζ and Γ2(pc) 6⊑ ζ and ✄ΣΛ1 ≈ζ Λ2 High.
Note that both machine confi gurations must be consistent with their corresponding
typing assignments, and they must be executing the code resulting from assembling P.
We may now state the non-interference theorem establishing that starting from two
indistinguishable machine confi gurations assembled for the same program P, if each
execution terminates, the resulting machine confi gurations remain indistinguishable.
In the following theorem and lemmas, for any instruction pi in a well-typed program
P = p1; . . . ; pn, the context Γi k Λi is obtained from the judment Γi k Λi ⊢Σ pi; pn,
which is derived by a sub-derivation of Ctxt(P) ⊢Σ P.
Theorem 3 (Non-Interference). Let P = p1; . . . ; pn be a well-typed program, M1 =
(H1, R1) and M2 = (H2, R2) be machine configurations such that both are type safe
at 1 for P with ψ and
✄P M1 : Γ1, ǫ, ψ ≈ζ M2 : Γ1, ǫ, ψ mConfig.
If M1 =⇒ M′
1 and M2 =⇒ M′
2, with M′
1 and M′
2 in fi nal state, then
✄P M′
1 : Γv, ǫ, ψ1 ≈ζ M′
2 : Γw, ǫ, ψ2 mConfig.
The technical challenge that lies in the proof of this theorem is that the ζ-indistin-
guishability of confi gurations holds after each transition step. The proof is developed in
two stages. First it is proved that two ζ-indistinguishable confi gurations that have a low
(and identical) level for the pc can reduce in a lock step fashion in a manner invariant
to the ζ-indistinguishability property. This is stated by the following lemma.
12. Lemma 1 (Low-PC Step). Let P = p1; . . . ; pn be a well-typed program, such that pv1
and pv2 are in P, M1 = (H1, R1) and M2 = (H2, R2) be machine configurations.
Suppose
1. M1 is type safe at v1 and M2 is type safe at v2, for P with ψ1 and ψ2, respectively,
2. ✄P M1 : Γv1 , Λv1 , ψ1 ≈ζ M2 : Γv2 , Λv2 , ψ2 mConfig,
3. Γv1 (pc) ⊑ ζ and Γv2 (pc) ⊑ ζ,
4. M1
Asm(pv1 )
−→ M′
1, and
5. there exists pw1 in P such that pv1 pw1 , and M′
1 is type safe at w1 with ψ3.
Then, there exists a configuration M′
2 such that:
(a) M2
Asm(pv2 )
−→ M′
2,
(b) there exists pw2 in P such that pv2 pw2 , and M′
2 is type safe at w2 with ψ4, and
(c) ✄P M′
1 : Γw1 , Λw2 , ψ3 ≈ζ M′
2 : Γw2 , Λw2 , ψ4 mConfig.
When the level of the pc is low, the programs execute the same instructions (with
possibly different heap and register bank). They may be seen to be synchronized and
each reduction step made by one is emulated with a reduction of the same instruction
by the other. The resulting machines must be ζ-indistinguishable.
However, a conditional branch (bnz) may cause the execution to fork on a high
value. As a consequence, both of their pc become high and we must provide proof that
there are some ζ-indistinguishable machines to which they reduce. Then, the second
stage of the proof consists of showing that every reduction step of one execution whose
pc has a high-security level can be met with a number of reduction steps (possibly
none) from the other execution such that they reach indistinguishable confi gurations.
The High-PC Step Lemma states such result.
Lemma 2 (High-PC Step). Let P = p1; . . . ; pn be a well-typed program, such that pv1
and pv2 are in P, and M1 = (H1, R1) and M2 = (H2, R2) be machine configurations.
Suppose
1. M1 is type safe at v1 and M2 is type safe at v2, for P with ψ1 and ψ2, respectively.
2. ✄P M1 : Γv1 , Λv1 , ψ1 ≈ζ M2 : Γv2 , Λv2 , ψ2 mConfig,
3. Γv1 (pc) 6⊑ ζ and Γv2 (pc) 6⊑ ζ,
4. M1
Asm(pv1 )
−→ M′
1, and
5. there exists pw1 in P such that pv1 pw1 and M′
1 is type safe at w1 with ψ3.
Then, either the configuration M2 diverges or there exists a machine configuration M′
2
such that
(a) M2 =⇒ M′
2,
(b) there exists pw2 in P such that pv2
∗
pw2 and M′
2 is type safe at w2 with ψ4, and
(c) ✄P M′
1 : Γw1 , Λw1 , ψ3 ≈ζ M′
2 : Γw2 , Λw2 , ψ4 mConfig.
13. The main technical diffi culty here is the proof of the case when one execution does
a cjmp instruction that lowers the pc level. In this case, the other execution should,
in a number of steps, also reduce its pc level accordingly. This is guaranteed by two
facts. First, high-indistinguishable stacks share a sub-stack whose top is the label to
the junction point where the pc level is reduced and both executions converge. Second,
well-typed programs reach fi nal states only with an empty stack, having visited all the
labels indicated by the junction point stack.
4 Related Work
Information fl
ow analysis has been an active research area in the past three decades [18].
Pioneering work by Bell and LaPadula [4], Feiertag et al. [9], Denning and Denning [8,
7], Neumann et al. [17], and Biba [5] set the basis of multilevel security by defi ning
a model of information fl
ow where subjects and objects have a security level from a
lattice of security levels. Such a lattice is instrumental in representing a security policy
where a subject cannot read objects of level higher than its level, and it cannot write
objects at levels lower than its own level.
The notion of non-interference was fi rst introduced by Goguen and Meseguer [10],
and there has been a signifi cant amount of research on type systems for confi dentiality
for high-level languages including Volpano and Smith [20], and Banerjee and Nau-
mann [2]. Type systems for low-level languages have been an active subject of study
for several years now, including TAL [14], STAL [15], DTAL [21], Alias Types [19],
and HBAL [1].
In his PhD thesis [16], Necula already suggests information fl
ow analysis as an open
research area at the assembly language level. Zdancewic and Myers [22] present a low-
level, secure calculus with ordered linear continuations. An earlier version of our type
system was inspired by that work. However, we discovered that in a typed assembly
language it is enough to have a junction point stack instead of mimicking ordered lin-
ear continuations. Moreover, their language has an if-then-else constructor that
guides the information fl
ow analysis, while SIF has pseudo-instructions (cpush L
and cjmp L) for the same purpose. However, while the if-then-else constructor
remains part of their language after typechecking, cpush and cjmp are eliminated.
Barthe et al. [3] defi ne a JVM-like low-level language with a heap and an operand
stack. The type system is parameterized by control dependence regions, and it is as-
sumed that there exist functions that obtain such regions. In contrast, SIF allows such
regions to be expressed in the language by using code labels and its well-formedness to
be verifi ed during type-checking.Crary et al. [6] defi ne a low-level calculus for informa-
tion fl
ow analysis, however, their calculus has the structuring construct if-then-else,
unlike SIF that uses typed pseudo-instructions that are assembled to standard machine
instructions.
5 Conclusions and Future Work
We defi ned SIF, a typed assembly language for secure information fl
ow analysis. Be-
sides the standard features, such as heap and register bank, SIF introduces a stack of
14. code labels in order to simulate at the assembly level the block structure of high-level
languages. The type system guarantees that well-typed programs assembled on type-
safe machine confi gurations satisfy the non-interference property: for a security level
ζ, if two type-safe machine confi guration are ζ-indistinguishable, then the resulting
machine confi gurations after execution are also ζ-indistinguishable.
An alternative to our approach is to have a list of the program points where the secu-
rity level of the pc can be lowered safely. This option delegates the security analysis of
where the pc level can be safely lowered to a previous step (that may use, for example,
a function to calculate control dependence regions [12]). This delegation introduces a
new trusted structure into the type system. Our type system, however, does not need to
trust the well-formation of such a list. Moreover, even the signature (Σ) attached to SIF
programs is untrusted in our setting, since, as we explained in section 2.3, its informa-
tion about the security level of the pc is checked in the rules for cpush and cjmp in
order to prevent illegal information fl
ows.
Currently we are implementing the type system proposed in this paper. We already
developed a compiling function from a very simple high-level imperative programming
language to SIF and the typechecker for SIF programs. We intend to make the software
available upon completion of the system.
We are also developing a version of our language that includes a runtime stack,
in order to defi ne a stack-based compilation function from a more complex high-level
language to SIF.
Acknowledgments: We are grateful to Pablo Garralda, Healfdene Goguen, David Nau-
mann, and Alejandro Russo for enlightening discussions and comments on previous
drafts. We want to thank Nicholas Egebo and Haifan Lu, two undergraduate students
at Stevens, for their help with the implementation of SIF. This work was partially sup-
ported by the NSF project CAREER: A formally verified environment for the production
of secure software – #0093362 and the Stevens Technogenesis Fund.
References
1. David Aspinall and Adriana B. Compagnoni. Heap bounded assembly language. Journal of
Automated Reasoning, Special Issue on Proof-Carrying Code, 31(3-4):261–302, 2003.
2. A. Banerjee and D. Naumann. Secure information flow and pointer confinement in a java-
like language. In Proceedings of Fifteenth IEEE Computer Security Foundations - CSFW,
pages 253–267, June 2002.
3. G. Barthe, A. Basu, and T. Rezk. Security types preserving compilation. In Proceedings of
VMCAI’04, volume 2937 of Lecture Notes in Computer Science. Springer-Verlag, 2004.
4. D. Bell and L. LaPadula. Secure computer systems: Mathematical foundations and model.
Technical Report Technical Report MTR 2547 v2, MITRE, November 1973.
5. K. Biba. Integrity considerations for secure computer systems. Technical Report ESD-TR-
76-372, USAF Electronic Systems Division, Bedford, MA, April 1977.
6. Karl Crary, Aleksey Kliger, and Frank Pfenning. A monadic analysis of information flow
security with mutable state. Technical Report CMU-CS-03-164, Carnegie Mellon University,
September 2003.
7. D. E. Denning and P. J. Denning. Certification of programs for secure information flow.
Communications of the ACM, 20(7):504–513, July 1977.
15. 8. Dorothy E. Denning. A lattice model of secure information flow. Communications of the
ACM, 19(5):236–242, May 1976.
9. R. J. Feiertag, K. N. Levitt, and L. Robinson. Proving multilevel security of a system design.
In 6th ACM Symp. Operating System Principles, pages 57–65, November 1977.
10. J. A. Goguen and J. Meseguer. Security policy and security models. In Proceedings of the
Symposium on Security and Privacy, pages 11–20. IEEE Press, 1982.
11. Daniel Hedin and David Sands. Timing aware information flow security for a javacard-like
bytecode. In Proceedings of BYTECODE, ETAPS’05, to appear, 2005.
12. Xavier Leroy. Java bytecode verification: an overview. In G. Berry, H. Comon, and A. Finkel,
editors, Proceedings of CAV’01, volume 2102, pages 265–285. Springer-Verlag, 2001.
13. Ricardo Medel, Adriana Compagnoni, and Eduardo Bonelli. A typed
assembly language for secure information flow analysis. http://
www.cs.stevens.edu/˜rmedel/hbal/publications/sifTechReport.ps,
2005.
14. G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to Typed Assembly Lan-
guage. ACM Transactions on Programming Languages and Systems, 21(3):528–569, May
1999.
15. Greg Morrisett, Karl Crary, Neal Glew, and David Walker. Stack-based typed assembly
language. In Second International Workshop on Types in Compilation, pages 95–117, Ky-
oto, March 1998. Published in Xavier Leroy and Atsushi Ohori, editors, Lecture Notes in
Computer Science, volume 1473, pages 28-52. Springer-Verlag, 1998.
16. George Necula. Compiling with Proofs. PhD thesis, Carnegie Mellon University, September
1998.
17. Peter G. Neumman, Richard J. Feiertag, Karl N. Levitt, and Lawrence Robinson. Software
development and proofs of multi-level security. In Proceedings of the 2nd International Con-
ference on Software Engineering, pages 421–428. IEEE Computer Society, October 1976.
18. A. Sabelfeld and A. Myers. Language-based information-flow security. IEEE Journal on
Selected Areas in Communications, 21(1), 2003.
19. Frederick Smith, David Walker, and Greg Morrisett. Alias types. In Gert Smolka, edi-
tor, Ninth European Symposium on Programming, volume 1782 of LNCS, pages 366–381.
Springer-Verlag, April 2000.
20. Dennis M. Volpano and Geoffrey Smith. A type-based approach to program security. In
TAPSOFT, pages 607–621, 1997.
21. Hongwei Xi and Robert Harper. A dependently typed assembly language. Technical Report
OGI-CSE-99-008, Oregon Graduate Institute of Science and Technology, July 1999.
22. S. Zdancewic and A. Myers. Secure information flow via linear continuations. Higher Order
and Symbolic Computation, 15(2–3), 2002.