300 likes | 308 Views
Implementing TALT. William Lovas with Karl Crary. Grid Computing. Low-cost supercomputing using idle cycles of Internet-connected PCs Cray X1 supercomputer: $8.4 million Pentium 4, 2.2 GHz: $699 (with rebate!) Getting everyone else’s PCs to do your work for you: priceless. Grid Computing.
E N D
Implementing TALT William Lovas with Karl Crary ALADDIN REU Symposium 2003
Grid Computing • Low-cost supercomputing using idle cycles of Internet-connected PCs • Cray X1 supercomputer: $8.4 million • Pentium 4, 2.2 GHz: $699 (with rebate!) • Getting everyone else’s PCs to do your work for you: priceless ALADDIN REU Symposium 2003
Grid Computing PCs on The Internet Developer ALADDIN REU Symposium 2003
Grid Computing • SETI@Home project at Berkeley • scanning radio signals for signs of intelligence • Folding@Home project at Stanford • studying diseases related to protein folding • distributed.net • cracking encryption algorithms since 1997 ALADDIN REU Symposium 2003
Grid Computing • Very powerful: distributed.net, 22 hours to brute force 1 DES key out of 256 (= over 72 quadrillion!) • distributed.net equivalent to 160,000 Pentium II 266 MHz PCs ALADDIN REU Symposium 2003
Grid Computing • Few examples, because grid computing depends on users’ trust in the code they run • ConCert Project: to develop a framework for trustless grid computing ALADDIN REU Symposium 2003
Roadmap • Motivation: check! • Methodology of TALT: the “how” and “why” • A taste of TALT: to whet your appetite • My work on TALT: what I accomplished, what I learned ALADDIN REU Symposium 2003
Establishing Safety • How can we verify that code is safe? • High-level languages use type systems… • Why can’t low-level languages, too? ALADDIN REU Symposium 2003
Typed Assembly Language • Formalizes a subset of x86 instruction set • Adds a type system that demonstrates safety • Idea: employ powerful tools from type theory to tame the assembly language beast! • subtyping, polymorphism ALADDIN REU Symposium 2003
TALT -- TAL Two • Refines and extends the ideas from TAL • Establishes a framework for future type systems • One type system won’t meet everyone’s needs “Two type systems good => Four type systems better!” -- Benjamin C. Pierce ALADDIN REU Symposium 2003
Trusted Twelf proof checker … and meta-theorem prover Safety policy (SP) safe machine states, safe transitions Runtime Untrusted Code Type system (TS) Safety proof (TS(p) => SP(p)) Machine-checkable, via Twelf How TALT works ALADDIN REU Symposium 2003
How TALT works code type system Twelf type system safety proof safety policy code runtime ALADDIN REU Symposium 2003
A taste of TALT • Many interesting ideas, let’s talk about 3: • Register file subtyping • Universal polymorphism • Sized kinds white lies ahead! ALADDIN REU Symposium 2003
A taste of TALT Register file subtyping ALADDIN REU Symposium 2003
A taste of TALT • Register file type looks like • { r0: t0, r1: t1, … rn: tn } • Suppose a code-block expects: • { eax: int, ebx: int } • Okay if register file actually has type: • { eax: int, ebx: int, ecx: int } • Because of register file subtyping! ALADDIN REU Symposium 2003
A taste of TALT Universal polymorphism ALADDIN REU Symposium 2003
A taste of TALT • Suppose a function f leaves the stack unchanged • Stack pointer stored in register esp • How does a calling function know? • f has a type polymorphic in esp! • Just like SML: - fun id x = x; val id = fn : 'a -> 'a ALADDIN REU Symposium 2003
A taste of TALT Sized kinds ALADDIN REU Symposium 2003
A taste of TALT • Kinds: the “types of types” • In TALT, the kind of a type specifies the size of that type’s values • A 4-byte word has type B4, which has kind T4 • Pair of words has type B4*B4, which has kind T8 • Typing rules know the sizes of operands • Essential for complex addressing modes ALADDIN REU Symposium 2003
My work on TALT • Implementation of infrastructure • Runtime • Certificate generator • “Assembler” • Creation of new code as well as simplification/extension of existing code ALADDIN REU Symposium 2003
Runtime implementation • Runtime provides primitive operations, like malloc, exit, return • Works directly with machine code, so written in C, with some x86 assembly • Great care taken to adhere to specification: runtime is trusted! ALADDIN REU Symposium 2003
Certificate Generation • TALT binary looks like this: magic number machine code code certificate ALADDIN REU Symposium 2003
Certificate Generation • Certificate generator generates: magic number machine code code certificate ALADDIN REU Symposium 2003
Certificate Generation • When I arrived… • Certificate was a typing derivation in the TALT type system • Partially implemented and buggy derivation generator • Discovery: typing derivation too big to use as a practical certificate ALADDIN REU Symposium 2003
Certificate Generation • And now… • Certificate is an XTALT program, in a notation that Twelf understands • Certificate generator is 97% complete (and hopefully not buggy!) • Code is much simpler • Type system is a little simpler, too ALADDIN REU Symposium 2003
“Assembler” • Next step: translate XTALT programs into straight x86 assembly • Assembly can be run through a standard assembler to produce machine code ALADDIN REU Symposium 2003
“Assembler” • Now we also have: magic number machine code code certificate ALADDIN REU Symposium 2003
“Assembler” • Then, only have to put the pieces together to produce TALT binaries! ALADDIN REU Symposium 2003
Summary • Implemented TALT runtime in C, assembly • Implemented certificate generator in SML • Simplified typing rules • Simplified code • Hope to implement “assembler” by next week • Very close to a working system! ALADDIN REU Symposium 2003
Summary • Didn’t “discover” anything new, but … • Learned a lot about type theory, and … • Hacked on some interesting code! Questions? ALADDIN REU Symposium 2003