Abstract extensionality: on the properties of incomplete abstract interpretations

In this paper we generalise the notion of extensional (functional) equivalence of programs to abstract equivalences induced by abstract interpretations. The standard notion of extensional equivalence is recovered as the special case, induced by the concrete interpretation. Some properties of the extensional equivalence, such as the one spelled out in Rice’s theorem, lift to the abstract equivalences in suitably generalised forms. On the other hand, the generalised framework gives rise to interesting and important new properties, and allows refined, non-extensional analyses. In particular, since programs turn out to be extensionally equivalent if and only if they are equivalent just for the concrete interpretation, it follows that any non-trivial abstract interpretation uncovers some intensional aspect of programs. This striking result is also effective, in the sense that it allows constructing, for any non-trivial abstraction, a pair of programs that are extensionally equivalent, but have different abstract semantics. The construction is based on the fact that abstract interpretations are always sound, but that they can be made incomplete through suitable code transformations. To construct these transformations, we introduce a novel technique for building incompleteness cliques of extensionally equivalent yet abstractly distinguishable programs: They are built together with abstract interpretations that produce false alarms. While programs are forced into incompleteness cliques using both control-flow and data-flow transformations, the main result follows from limitations of data-flow transformations with respect to control-flow ones. A further consequence is that the class of incomplete programs for a non-trivial abstraction is Turing complete. The obtained results also shed a new light on the relation between the techniques of code obfuscation and the precision in program analysis.

[1]  Roberto Giacobazzi,et al.  Hiding Information in Completeness Holes: New Perspectives in Code Obfuscation and Watermarking , 2008, 2008 Sixth IEEE International Conference on Software Engineering and Formal Methods.

[2]  Roberto Giacobazzi,et al.  Semantic-Based Code Obfuscation by Abstract Interpretation , 2005, ICALP.

[3]  Christian S. Collberg,et al.  Surreptitious Software - Obfuscation, Watermarking, and Tamperproofing for Software Protection , 2009, Addison-Wesley Software Security Series.

[4]  D. C. Cooper,et al.  Theory of Recursive Functions and Effective Computability , 1969, The Mathematical Gazette.

[5]  Roberto Giacobazzi,et al.  Obfuscation by partial evaluation of distorted interpreters , 2012, PEPM '12.

[6]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2012, JACM.

[7]  Andrea Asperti,et al.  The intensional content of Rice's theorem , 2008, POPL '08.

[8]  Clark Thomborson,et al.  Manufacturing cheap, resilient, and stealthy opaque constructs , 1998, POPL '98.

[9]  H. Rice Classes of recursively enumerable sets and their decision problems , 1953 .

[10]  Yoshihiko Futamura,et al.  Partial Evaluation of Computation Process--An Approach to a Compiler-Compiler , 1999, High. Order Symb. Comput..

[11]  Roberto Giacobazzi,et al.  Making abstract interpretations complete , 2000, JACM.

[12]  Samson Abramsky,et al.  Intensionality, Definability and Computation , 2017, Johan van Benthem on Logic and Information Dynamics.

[13]  Eran Yahav,et al.  Abstract Semantic Differencing for Numerical Programs , 2013, SAS.

[14]  Stephen Drape,et al.  Specifying Imperative Data Obfuscations , 2007, ISC.

[15]  Stephen Drape,et al.  A Survey of Control-Flow Obfuscations , 2006, ICISS.

[16]  Roberto Giacobazzi,et al.  Semantics-based code obfuscation by abstract interpretation , 2009, J. Comput. Secur..

[17]  Arnaud Venet,et al.  Abstract Cofibered Domains: Application to the Alias Analysis of Untyped Programs , 1996, SAS.

[18]  Roberto Giacobazzi,et al.  Making Abstract Interpretation Incomplete: Modeling the Potency of Obfuscation , 2012, SAS.

[19]  Neil D. Jones,et al.  Transformation by interpreter specialisation , 2004, Sci. Comput. Program..

[20]  Neil D. Jones,et al.  Computational complexity via programming languages: constant factors do matter , 2000, Acta Informatica.

[21]  Roberto Bruni,et al.  Code obfuscation against abstraction refinement attacks , 2018, Formal Aspects of Computing.

[22]  Patrick Cousot,et al.  Abstract interpretation: past, present and future , 2014, CSL-LICS.

[23]  Roberto Giacobazzi,et al.  Analyzing Program Analyses , 2015, POPL.

[24]  G. A. Kavvos On the Semantics of Intensionality , 2016, FoSSaCS.

[25]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[26]  Francesco Logozzo,et al.  Refining Abstract Interpretation-Based Static Analyses with Hints , 2009, APLAS.

[27]  Roberto Giacobazzi,et al.  Program Analysis Is Harder Than Verification: A Computability Perspective , 2018, CAV.

[28]  Ugo Dal Lago A Short Introduction to Implicit Computational Complexity , 2010, ESSLLI.

[29]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[30]  Glynn Winskel,et al.  The formal semantics of programming languages - an introduction , 1993, Foundation of computing series.

[31]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[32]  Roberto Giacobazzi,et al.  Making abstract models complete † , 2014, Mathematical Structures in Computer Science.