Fully-abstract compilation by approximate back-translation

A compiler is fully-abstract if the compilation from source language programs to target language programs reflects and preserves behavioural equivalence. Such compilers have important security benefits, as they limit the power of an attacker interacting with the program in the target language to that of an attacker interacting with the program in the source language. Proving compiler full-abstraction is, however, rather complicated. A common proof technique is based on the back-translation of target-level program contexts to behaviourally-equivalent source-level contexts. However, constructing such a back-translation is problematic when the source language is not strong enough to embed an encoding of the target language. For instance, when compiling from the simply-typed λ-calculus (λτ) to the untyped λ-calculus (λu), the lack of recursive types in λτ prevents such a back-translation. We propose a general and elegant solution for this problem. The key insight is that it suffices to construct an approximate back-translation. The approximation is only accurate up to a certain number of steps and conservative beyond that, in the sense that the context generated by the back-translation may diverge when the original would not, but not vice versa. Based on this insight, we describe a general technique for proving compiler full-abstraction and demonstrate it on a compiler from λτ to λu . The proof uses asymmetric cross-language logical relations and makes innovative use of step-indexing to express the relation between a context and its approximate back-translation. We believe this proof technique can scale to challenging settings and enable simpler, more scalable proofs of compiler full-abstraction.

[1]  Atsushi Igarashi,et al.  Proving Noninterference by a Fully Complete Translation to the Simply Typed lambda-Calculus , 2006, ASIAN.

[2]  Lars Birkedal,et al.  The impact of higher-order state and control effects on local relational reasoning , 2012, J. Funct. Program..

[3]  Dana S. Scott,et al.  Data Types as Lattices , 1976, SIAM J. Comput..

[4]  John C. Mitchell On Abstraction and the Expressive Power of Programming Languages , 1991, Sci. Comput. Program..

[5]  Benjamin C. Pierce,et al.  Types and programming languages: the next generation , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[6]  Matthias Blume,et al.  Typed closure conversion preserves observational equivalence , 2008, ICFP.

[7]  Amal Ahmed,et al.  Verifying an Open Compiler Using Multi-language Semantics , 2014, ESOP.

[8]  Robert Bruce Findler,et al.  Operational semantics for multi-language programs , 2009 .

[9]  Georg Neis,et al.  Non-parametric parametricity , 2009, ICFP.

[10]  Amal Ahmed,et al.  Noninterference for free , 2015, ICFP.

[11]  Daniele Gorla,et al.  Full abstraction for expressiveness: history, myths and facts † , 2014, Mathematical Structures in Computer Science.

[12]  Chung-Kil Hur,et al.  Realizability and Compositional Compiler Correctness for a Polymorphic Language , 2010 .

[13]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[14]  Pierre-Louis Curien,et al.  A Semantic Characterization of Full Abstraction for Typed Lambda Calculi , 1984, FOCS.

[15]  Frank Piessens,et al.  Secure Compilation to Modern Processors , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[16]  Chung-Kil Hur,et al.  Pilsner: a compositionally verified compiler for a higher-order imperative language , 2015, ICFP.

[17]  G.D. Plotkin,et al.  LCF Considered as a Programming Language , 1977, Theor. Comput. Sci..

[18]  Andrew Kennedy Securing the .NET programming model , 2006, Theor. Comput. Sci..

[19]  Gordon D. Plotkin,et al.  An ideal model for recursive polymorphic types , 1984, Inf. Control..

[20]  Steve Zdancewic,et al.  Translating dependency into parametricity , 2004, ICFP '04.

[21]  Chung-Kil Hur,et al.  A kripke logical relation between ML and assembly , 2011, POPL '11.

[22]  Chung-Kil Hur,et al.  Biorthogonality, step-indexing and compiler correctness , 2009, ICFP.

[23]  Dominique Devriese,et al.  Fully-abstract compilation by approximate back-translation: Technical appendix , 2015 .

[24]  Amal Ahmed,et al.  Parametric Polymorphism through Run-Time Sealing or, Theorems for Low, Low Prices! , 2008, ESOP.

[25]  Chung-Kil Hur,et al.  The marriage of bisimulations and Kripke logical relations , 2012, POPL '12.

[26]  Andrew M. Pitts,et al.  A Fully Abstract Translation between a Lambda-Calculus with Reference Types and Standard ML , 1995, TLCA.

[27]  Martín Abadi,et al.  On Protection by Layout Randomization , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[28]  Benjamin C. Pierce,et al.  A bisimulation for dynamic sealing , 2004, Theor. Comput. Sci..

[29]  Martín Abadi,et al.  Protection in Programming-Language Translations , 1998, ICALP.

[30]  Guy McCusker,et al.  Full Abstraction By Translation , 1996 .

[31]  Marco Patrignani,et al.  The Tome of Secure Compilation: Fully Abstract Compilation to Protected Modules Architectures ; Het boek van veilige compilatie: Volledig abstracte compilatie naar beschermende modulearchitecturen , 2015 .

[32]  Dan Grossman,et al.  TALx86: A Realistic Typed Assembly Language∗ , 1999 .

[33]  John C. Mitchell On Abstraction and the Expressive Power of Programming Languages , 1993, Sci. Comput. Program..

[34]  Marco Patrignani,et al.  Secure Compilation to Protected Module Architectures , 2015, TOPL.

[35]  Juan Chen,et al.  Fully abstract compilation to JavaScript , 2013, POPL.

[36]  S. F. Smith,et al.  The coverage of operational semantics , 1999 .

[37]  Julian Rathke,et al.  Local Memory via Layout Randomization , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[38]  A. Edalat,et al.  Advances in theory and formal methods of computing : proceedings of the third Imperial College workshop, Christ Church, Oxford, 1-3 April 1996 , 1996 .

[39]  Matthias Blume,et al.  An equivalence-preserving CPS translation via multi-language semantics , 2011, ICFP '11.

[40]  Jon G. Riecke,et al.  Fully abstract translations between functional languages , 1991, POPL '91.

[41]  Joachim Parrow General conditions for full abstraction , 2016, Math. Struct. Comput. Sci..