当前位置:
X-MOL 学术
›
arXiv.cs.PL
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Trace-Relating Compiler Correctness and Secure Compilation
arXiv - CS - Programming Languages Pub Date : 2019-07-11 , DOI: arxiv-1907.05320 Carmine Abate, Roberto Blanco, Stefan Ciobaca, Adrien Durier, Deepak Garg, Catalin Hritcu, Marco Patrignani, \'Eric Tanter, J\'er\'emy Thibault
arXiv - CS - Programming Languages Pub Date : 2019-07-11 , DOI: arxiv-1907.05320 Carmine Abate, Roberto Blanco, Stefan Ciobaca, Adrien Durier, Deepak Garg, Catalin Hritcu, Marco Patrignani, \'Eric Tanter, J\'er\'emy Thibault
Compiler correctness is, in its simplest form, defined as the inclusion of
the set of traces of the compiled program into the set of traces of the
original program, which is equivalent to the preservation of all trace
properties. Here traces collect, for instance, the externally observable events
of each execution. This definition requires, however, the set of traces of the
source and target languages to be exactly the same, which is not the case when
the languages are far apart or when observations are fine-grained. To overcome
this issue, we study a generalized compiler correctness definition, which uses
source and target traces drawn from potentially different sets and connected by
an arbitrary relation. We set out to understand what guarantees this
generalized compiler correctness definition gives us when instantiated with a
non-trivial relation on traces. When this trace relation is not equality, it is
no longer possible to preserve the trace properties of the source program
unchanged. Instead, we provide a generic characterization of the target trace
property ensured by correctly compiling a program that satisfies a given source
property, and dually, of the source trace property one is required to show in
order to obtain a certain target property for the compiled code. We show that
this view on compiler correctness can naturally account for undefined behavior,
resource exhaustion, different source and target values, side-channels, and
various abstraction mismatches. Finally, we show that the same generalization
also applies to many secure compilation definitions, which characterize the
protection of a compiled program against linked adversarial code.
中文翻译:
与跟踪相关的编译器正确性和安全编译
编译器正确性,最简单的定义是将编译后的程序的踪迹集合包含在原始程序的踪迹集合中,相当于保留了所有的踪迹属性。例如,这里的跟踪收集每次执行的外部可观察事件。然而,这个定义要求源语言和目标语言的踪迹集完全相同,当语言相距甚远或观察是细粒度时,情况并非如此。为了克服这个问题,我们研究了一个广义的编译器正确性定义,它使用从可能不同的集合中提取并通过任意关系连接的源和目标跟踪。我们着手了解当使用跟踪上的非平凡关系实例化时,这个广义编译器正确性定义为我们提供了什么保证。当这种跟踪关系不相等时,就不能再保持源程序的跟踪属性不变。相反,我们提供了目标跟踪属性的通用特征,通过正确编译满足给定源属性的程序来确保,并且双重地,需要显示源跟踪属性以获得编译代码的某个目标属性. 我们表明,这种关于编译器正确性的观点可以自然地解释未定义的行为、资源耗尽、不同的源和目标值、侧通道和各种抽象不匹配。最后,
更新日期:2020-02-25
中文翻译:
与跟踪相关的编译器正确性和安全编译
编译器正确性,最简单的定义是将编译后的程序的踪迹集合包含在原始程序的踪迹集合中,相当于保留了所有的踪迹属性。例如,这里的跟踪收集每次执行的外部可观察事件。然而,这个定义要求源语言和目标语言的踪迹集完全相同,当语言相距甚远或观察是细粒度时,情况并非如此。为了克服这个问题,我们研究了一个广义的编译器正确性定义,它使用从可能不同的集合中提取并通过任意关系连接的源和目标跟踪。我们着手了解当使用跟踪上的非平凡关系实例化时,这个广义编译器正确性定义为我们提供了什么保证。当这种跟踪关系不相等时,就不能再保持源程序的跟踪属性不变。相反,我们提供了目标跟踪属性的通用特征,通过正确编译满足给定源属性的程序来确保,并且双重地,需要显示源跟踪属性以获得编译代码的某个目标属性. 我们表明,这种关于编译器正确性的观点可以自然地解释未定义的行为、资源耗尽、不同的源和目标值、侧通道和各种抽象不匹配。最后,