An equivalence-preserving CPS translation via multi-language semantics

Language-based security relies on the assumption that all potential attacks follow the rules of the language in question. When programs are compiled into a different language, this is true only if the translation process preserves observational equivalence. To prove that a translation preserves equivalence, one must show that if two program fragments cannot be distinguished by any source context, then their translations cannot be distinguished by any target context. Informally, target contexts must be no more powerful than source contexts, i.e., for every target context there exists a source context that "behaves the same." This seems to amount to being able to "back-translate" arbitrary target terms. However, that is simply not viable for practical compilers where the target language is lower-level and, thus, contains expressions that have no source equivalent. In this paper, we give a CPS translation from a less expressive source language (STLC) to a more expressive target language (System F) and prove that the translation preserves observational equivalence. The key to our equivalence-preserving compilation is the choice of the right type translation: a source type σ mandates a set of behaviors and we must ensure that its translation σ+ mandates semantically equivalent behaviors at the target level. Based on this type translation, we demonstrate how to prove that for every target term of type σ+, there exists an equivalent source term of type σ- even when sub-terms of the target term are not necessarily "back-translatable" themselves. A key novelty of our proof, resulting in a pleasant proof structure, is that it leverages a multi-language semantics where source and target terms may interoperate.

[1]  Albert R. Meyer,et al.  Towards fully abstract semantics for local variables , 1988, POPL '88.

[2]  James Laird Game semantics and linear CPS interpretation , 2005, Theor. Comput. Sci..

[3]  Jon G. Riecke,et al.  Fully abstract translations between functional languages , 1991, POPL '91.

[4]  Matthias Felleisen,et al.  Observable sequentiality and full abstraction , 1992, POPL '92.

[5]  Martín Abadi,et al.  Protection in Programming-Language Translations , 1998, ICALP.

[6]  Hayo Thielecke,et al.  Answer Type Polymorphism in Call-by-Name Continuation Passing , 2004, ESOP.

[7]  Matthias Blume,et al.  Typed closure conversion preserves observational equivalence , 2008, ICFP.

[8]  Ramesh Viswanathan,et al.  Isolating side effects in sequential languages , 1995, POPL '95.

[9]  Josh Berdine,et al.  Linear and Affine Typing of Continuation-Passing Style , 2013 .

[10]  Nobuko Yoshida,et al.  Genericity and the π-calculus , 2005, Acta Informatica.

[11]  Andrew W. Appel,et al.  Compiling with Continuations , 1991 .

[12]  Philip Wadler,et al.  Theorems for free! , 1989, FPCA.

[13]  Josh Berdine Extracting the Range of cps from Affine Typing , 2002 .

[14]  Hayo Thielecke,et al.  From control effects to typed continuation passing , 2003, POPL '03.

[15]  C.-H. Luke Ong,et al.  On Full Abstraction for PCF: I, II, and III , 2000, Inf. Comput..

[16]  Kohei Honda,et al.  Sequentiality and the π-Calculus , 2001 .

[17]  Chung-Kil Hur,et al.  Biorthogonality, step-indexing and compiler correctness , 2009, ICFP.

[18]  Amr Sabry,et al.  Reasoning about programs in continuation-passing style , 1992, LFP '92.

[19]  Nobuko Yoshida,et al.  A uniform type structure for secure information flow , 2002, POPL '02.

[20]  G.D. Plotkin,et al.  LCF Considered as a Programming Language , 1977, Theor. Comput. Sci..

[21]  Paul Hudak,et al.  ORBIT: an optimizing compiler for scheme , 1986, SIGPLAN '86.

[22]  Andrew Kennedy Securing the .NET programming model , 2006, Theor. Comput. Sci..

[23]  Chung-Kil Hur,et al.  Realizability and Compositional Compiler Correctness for a Polymorphic Language , 2010 .

[24]  Andrew W. Appel,et al.  A type-based compiler for standard ML , 1995, PLDI '95.

[25]  Nobuko Yoshida,et al.  Sequentiality and the pi-Calculus , 2001, TLCA.

[26]  Albert R. Meyer,et al.  Continuations may be unreasonable , 1988, LISP and Functional Programming.

[27]  Robert Bruce Findler,et al.  Operational semantics for multi-language programs , 2007, POPL '07.

[28]  John C. Reynolds,et al.  Types, Abstraction and Parametric Polymorphism , 1983, IFIP Congress.

[29]  Andrew Kennedy,et al.  Compiling with continuations, continued , 2007, ICFP '07.

[30]  Mark Lillibridge,et al.  Explicit polymorphism and CPS conversion , 1993, POPL '93.

[31]  C.-H. Luke Ong,et al.  Fully abstract semantics of additive aspects by translation , 2007, AOSD.

[32]  David Walker,et al.  From System F to Typed Assembly Language (Extended Version) , 1997 .

[33]  Olivier Danvy,et al.  Back to Direct Style , 1992, Sci. Comput. Program..

[34]  Albert R. Meyer,et al.  Continuation Semantics in Typed Lambda-Calculi (Summary) , 1985, Logic of Programs.

[35]  Carolyn L. Talcott,et al.  1 Equivalence in Functional Languages with E ectsIan , 2007 .

[36]  Andrew C. Myers,et al.  Secure Information Flow and CPS , 2001, ESOP.

[37]  Alan Jeffrey,et al.  A fully abstract semantics for a concurrent functional language with monadic types , 1995, Proceedings of Tenth Annual IEEE Symposium on Logic in Computer Science.

[38]  Peter W. O'Hearn,et al.  Linear Continuation-Passing , 2002, High. Order Symb. Comput..

[39]  Adam Chlipala,et al.  A certified type-preserving compiler from lambda calculus to assembly language , 2007, PLDI '07.

[40]  Derek Dreyer,et al.  State-dependent representation independence , 2009, POPL '09.

[41]  Jr. Guy L. Steele,et al.  Rabbit: A Compiler for Scheme , 1978 .

[42]  Masahito Hasegawa Linearly Used Effects: Monadic and CPS Transformations into the Linear Lambda Calculus , 2001, APLAS.

[43]  Amal Ahmed,et al.  Step-Indexed Syntactic Logical Relations for Recursive and Quantified Types , 2006, ESOP.

[44]  Andrzej Filinski,et al.  Representing monads , 1994, POPL '94.

[45]  Atsushi Igarashi,et al.  Proving Noninterference by a Fully Complete Translation to the Simply Typed lambda-Calculus , 2006, ASIAN.

[46]  Robin Milner,et al.  Fully Abstract Models of Typed lambda-Calculi , 1977, Theor. Comput. Sci..

[47]  Lars Birkedal,et al.  Abstract Predicates and Mutable ADTs in Hoare Type Theory , 2007, ESOP.

[48]  Radha Jagadeesan,et al.  Full Abstraction for PCF , 1994, Inf. Comput..