Compiler Verification Revisited

  • Wolfgang Goerigk
Part of the Advances in Formal Methods book series (ADFM, volume 4)


This case study mainly focuses on the execution of programs. In particular we study the execution of compiler machine programs on an abstract machine that we implement in ACL2. But this article also presents a security-related motivation for compiler verification and in particular for binary compiler implementation verification. We will prove that source level verification is not sufficient to guarantee compiler correctness. For this, we will adopt the scenario of a well-known attack to Unix operating system programs due to intruded Trojan Horses in compiler executables. Such a compiler will pass nearly every test: state of the art compiler validation, the bootstrap test, and any amount of source code inspection and verification. But for all that, it nevertheless might eventually cause a catastrophe. We will show such a program in detail; it is surprisingly easy to construct such a program. In that, we share a common experience with Ken Thompson, who initially documented this kind of attack in 1984 in his Turing Award Lecture [106].


Bootstrap Test Source Language Instruction Sequence Machine Program Target Machine 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer Science+Business Media New York 2000

Authors and Affiliations

  • Wolfgang Goerigk
    • 1
  1. 1.Institut für Informatik und Praktische Mathematik, Christian-AlbrechtsUniversität zu KielGermany

Personalised recommendations