Abstract
Compiler correctness is, in its simplest form, defined as the inclusion of the set of traces of the compiled program into the set of traces of the original program, which is equivalent to the preservation of all trace properties. Here traces collect, for instance, the externally observable events of each execution. This definition requires, however, the set of traces of the source and target languages to be exactly the same, which is not the case when the languages are far apart or when observations are fine-grained. To overcome this issue, we study a generalized compiler correctness definition, which uses source and target traces drawn from potentially different sets and connected by an arbitrary relation. We set out to understand what guarantees this generalized compiler correctness definition gives us when instantiated with a non-trivial relation on traces. When this trace relation is not equality, it is no longer possible to preserve the trace properties of the source program unchanged. Instead, we provide a generic characterization of the target trace property ensured by correctly compiling a program that satisfies a given source property, and dually, of the source trace property one is required to show in order to obtain a certain target property for the compiled code. We show that this view on compiler correctness can naturally account for undefined behavior, resource exhaustion, different source and target values, side-channels, and various abstraction mismatches. Finally, we show that the same generalization also applies to many secure compilation definitions, which characterize the protection of a compiled program against linked adversarial code.
Chapter PDF
Similar content being viewed by others
References
M. Abadi, A. Banerjee, N. Heintze, and J. G. Riecke. A core calculus of dependency. POPL, 1999.
C. Abate, R. Blanco, D. Garg, C. Hriţcu, M. Patrignani, and J. Thibault. Journey beyond full abstraction: Exploring robust property preservation for secure compilation. CSF, 2019.
A. Ahmed, D. Garg, C. Hriţcu, and F. Piessens. Secure compilation (Dagstuhl Seminar 18201). Dagstuhl Reports, 8(5), 2018.
A. Anand, A. Appel, G. Morrisett, Z. Paraskevopoulou, R. Pollack, O. S. Belanger, M. Sozeau, and M. Weaver. CertiCoq: A verified compiler for Coq. CoqPL Workshop, 2017.
K. Backhouse and R. Backhouse. Safety of abstract interpretations for free, via logical relations and Galois connections. Science of Computer Programming, 51(1–2), 2004.
G. Barthe, B. Grégoire, and V. Laporte. Secure compilation of side-channel countermeasures: the case of cryptographic “constant-time”. CSF, 2018.
L. Beringer, G. Stewart, R. Dockins, and A. W. Appel. Verified compilation for shared-memory C. ESOP, 2014.
F. Besson, S. Blazy, and P. Wilke. A verified CompCert front-end for a memory model supporting pointer arithmetic and uninitialised data. Journal of Automated Reasoning, 62(4), 2019.
S. Boldo, J. Jourdan, X. Leroy, and G. Melquiond. Verified compilation of floating-point computations. Journal of Automated Reasoning, 54(2), 2015.
M. Busi, P. Degano, and L. Galletta. Translation validation for security properties. CoRR, abs/1901.05082, 2019.
Q. Cao, L. Beringer, S. Gruetter, J. Dodds, and A. W. Appel. VST-Floyd: A separation logic tool to verify correctness of C programs. Journal of Automated Reasoning, 61(1–4), 2018.
Q. Carbonneaux, J. Hoffmann, T. Ramananandro, and Z. Shao. End-to-end verification of stack-space bounds for C programs. PLDI, 2014.
C. Cimpanu. Microsoft: 70 percent of all security bugs are memory safety issues. ZDNet, 2019.
M. R. Clarkson and F. B. Schneider. Hyperproperties. JCS, 18(6), 2010.
P. Cousot. Constructive design of a hierarchy of semantics of a transition system by abstract interpretation. TCS, 277(1–2), 2002.
P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. POPL, 1977.
V. D’Silva, M. Payer, and D. X. Song. The correctness-security gap in compiler optimization. S&P Workshops, 2015.
J. Engelfriet. Determinacy implies (observation equivalence = trace equivalence). TCS, 36, 1985.
R. Focardi and R. Gorrieri. A taxonomy of security properties for process algebras. JCS, 3(1), 1995.
P. H. Gardiner, C. E. Martin, and O. De Moor. An algebraic construction of predicate transformers. Science of Computer Programming, 22(1-2), 1994.
R. Giacobazzi and I. Mastroeni. Abstract non-interference: a unifying framework for weakening information-flow. ACM Transactions on Privacy and Security, 21(2), 2018.
J. A. Goguen and J. Meseguer. Security policies and security models. S&P, 1982.
R. Gu, Z. Shao, J. Kim, X. N. Wu, J. Koenig, V. Sjöberg, H. Chen, D. Costanzo, and T. Ramananandro. Certified concurrent abstraction layers. PLDI, 2018.
I. Haller, Y. Jeon, H. Peng, M. Payer, C. Giuffrida, H. Bos, and E. van der Kouwe. TypeSan: Practical type confusion detection. CCS, 2016.
Heartbleed. The Heartbleed bug. http://heartbleed.com/, 2014.
C. Hriţcu, D. Chisnall, D. Garg, and M. Payer. Secure compilation. SIGPLAN PL Perspectives Blog, 2019.
C. Hur and D. Dreyer. A Kripke logical relation between ML and assembly. POPL, 2011.
A. Jeffrey and J. Rathke. Java Jr: Fully abstract trace semantics for a core Java language. ESOP, 2005.
J. Kang, C. Hur, W. Mansky, D. Garbuzov, S. Zdancewic, and V. Vafeiadis. A formal C memory model supporting integer-pointer casts. PLDI, 2015.
J. Kang, Y. Kim, C.-K. Hur, D. Dreyer, and V. Vafeiadis. Lightweight verification of separate compilation. POPL, 2016.
L. Lamport and F. B. Schneider. Formal foundation for specification and verification. In Distributed Systems: Methods and Tools for Specification, An Advanced Course, 1984.
C. Lattner. What every C programmer should know about undefined behavior #1/3. LLVM Project Blog, 2011.
X. Leroy. Formal verification of a realistic compiler. CACM, 52(7), 2009.
X. Leroy. A formally verified compiler back-end. JAR, 43(4), 2009.
X. Leroy. The formal verification of compilers (DeepSpec Summer School 2017), 2017.
I. Mastroeni and M. Pasqua. Verifying bounded subset-closed hyperproperties. SAS, 2018.
J. McCarthy and J. Painter. Correctness of a compiler for arithmetic expressions. Mathematical Aspects Of Computer Science 1, 19 of Proceedings of Symposia in Applied Mathematics, 1967.
A. Melton, D. A. Schmidt, and G. E. Strecker. Galois connections and computer science applications. In Proceedings of a Tutorial and Workshop on Category Theory and Computer Programming, 1986.
Milner, R.: A Calculus of Communicating Systems. Springer-Verlag, Berlin, Heidelberg (1982).
R. Milner and R. Weyhrauch. Proving compiler correctness in a mechanized logic. In Proceedings of 7th Annual Machine Intelligence Workshop, volume 7 of Machine Intelligence, 1972.
F. L. Morris. Advice on structuring compilers and proving them correct. POPL, 1973.
E. Mullen, D. Zuniga, Z. Tatlock, and D. Grossman. Verified peephole optimizations for CompCert. PLDI, 2016.
D. A. Naumann. A categorical model for higher order imperative programming. Mathematical Structures in Computer Science, 8(4), 1998.
D. A. Naumann and M. Ngo. Whither specifications as programs. In International Symposium on Unifying Theories of Programming. Springer, 2019.
G. Neis, C. Hur, J. Kaiser, C. McLaughlin, D. Dreyer, and V. Vafeiadis. Pilsner: a compositionally verified compiler for a higher-order imperative language. ICFP, 2015.
M. Pasqua and I. Mastroeni. On topologies for (hyper)properties. CEUR, 2017.
M. Patrignani. Why should anyone use colours? or, syntax highlighting beyond code snippets, 2020.
M. Patrignani and D. Clarke. Fully abstract trace semantics for protected module architectures. Computer Languages, Systems & Structures, 42, 2015.
M. Patrignani and D. Garg. Secure compilation and hyperproperty preservation. CSF, 2017.
M. Patrignani and D. Garg. Robustly safe compilation. ESOP, 2019.
D. Patterson and A. Ahmed. The next 700 compiler correctness theorems (functional pearl). PACMPL, 3(ICFP), 2019.
T. Ramananandro, Z. Shao, S. Weng, J. Koenig, and Y. Fu. A compositional semantics for verified separate compilation and linking. CPP, 2015.
J. Regehr. A guide to undefined behavior in C and C++, part 3. Embedded in Academia blog, 2010.
A. Sabelfeld and D. Sands. Dimensions and principles of declassification. CSFW, 2005.
A. Sabry and P. Wadler. A reflection on call-by-value. ACM Transactions on Programming Languages and Systems, 19(6), 1997.
J. Sevcík, V. Vafeiadis, F. Z. Nardelli, S. Jagannathan, and P. Sewell. CompCertTSO: A verified compiler for relaxed-memory concurrency. J. ACM, 60(3), 2013.
G. Stewart, L. Beringer, S. Cuellar, and A. W. Appel. Compositional CompCert. POPL, 2015.
Y. K. Tan, M. O. Myreen, R. Kumar, A. Fox, S. Owens, and M. Norrish. The verified CakeML compiler backend. Journal of Functional Programming, 29, 2019.
X. Wang, H. Chen, A. Cheung, Z. Jia, N. Zeldovich, and M. F. Kaashoek. Undefined behavior: What happened to my code? APSYS, 2012.
X. Wang, N. Zeldovich, M. F. Kaashoek, and A. Solar-Lezama. Towards optimization-safe systems: Analyzing the impact of undefined behavior. SOSP, 2013.
Y. Wang, P. Wilke, and Z. Shao. An abstract stack based approach to verified compositional compilation to machine code. PACMPL, 3(POPL), 2019.
L. Xia, Y. Zakowski, P. He, C. Hur, G. Malecha, B. C. Pierce, and S. Zdancewic. Interaction trees: representing recursive and impure programs in Coq. PACMPL, 4(POPL), 2020.
A. Zakinthinos and E. S. Lee. A general theory of security properties. S&P, 1997.
J. Zhao, S. Nagarakatte, M. M. K. Martin, and S. Zdancewic. Formalizing the LLVM intermediate representation for verified program transformations. POPL, 2012.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2020 The Author(s)
About this paper
Cite this paper
Abate, C. et al. (2020). Trace-Relating Compiler Correctness and Secure Compilation. In: Müller, P. (eds) Programming Languages and Systems. ESOP 2020. Lecture Notes in Computer Science(), vol 12075. Springer, Cham. https://doi.org/10.1007/978-3-030-44914-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-44914-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44913-1
Online ISBN: 978-3-030-44914-8
eBook Packages: Computer ScienceComputer Science (R0)