检索结果-内蒙古大学图书馆

arXiv 2025年

作者： Ma, Haoyang Donaldson, Alastair F. Shen, Qingchao Tian, Yongqiang Chen, Junjie Cheung, Shing-Chi

Random program generators often exhibit opportunism: they generate programs without a specific focus within the vast search space defined by the programming language. This opportunistic behavior hinders the effective generation of programs that trigger bugs in compilers and analyzers, even when such programs closely resemble those generated. To address this limitation, we propose bounded exhaustive random program generation, a novel method that focuses the search space of program generation with the aim of more quickly identifying bug-triggering programs. Our approach comprises two stages: 1) generating random program templates, which are incomplete test programs containing bug-related placeholders, and 2) conducting a bounded exhaustive enumeration of valid values for each placeholder within these templates. To ensure efficiency, we maintain a solvable constraint set during the template generation phase and then methodically explore all possible values of placeholders within these constraints during the exhaustive enumeration phase. We have implemented this approach for Solidity, a popular smart contract language for the Ethereum blockchain, in a tool named Erwin. Based on a recent study of Solidity compiler bugs, the placeholders used by Erwin relate to language features commonly associated with compiler bugs. Erwin has successfully identified 23 previously unknown bugs across two Solidity compilers, solc and solang, and one Solidity static analyzer, slither. Evaluation results demonstrate that Erwin outperforms state-of-the-art Solidity fuzzers in bug detection and complements developer-written test suites by covering 4,582 edges and 14,737 lines of the solc compiler that were missed by solc’s unit tests. © 2025, CC BY-NC-SA.

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

TenSet: A Large-scale program Performance Dataset for Learned Tensor compilers 35

TenSet: A Large-scale Program Performance Dataset for Learne...

引用

35th Conference on Neural Information Processing Systems - Track on Datasets and Benchmarks, NeurIPS Datasets and Benchmarks 2021

作者： Zheng, Lianmin Liu, Ruochen Shao, Junru Chen, Tianqi Gonzalez, Joseph E. Stoica, Ion Haj-Ali, Ameer UC Berkeley United States OctoML United States Carnegie Mellon University United States

Search-based tensor compilers can greatly accelerate the execution of machine learning models by generating high-performance tensor programs, such as matrix multiplications and convolutions. These compilers take a high-level mathematical expression as an input and search for the fastest low-level implementation. At the core of the search procedure is a cost model, which estimates the performance of different implementations to reduce the frequency of time-consuming on-device measurements. There has been a growing interest in using deep learning techniques to learn a cost model to ease the effort of building an analytical model. To realize the potential of such deep learning models, a standard dataset for pre-training and benchmarking learned cost models is necessary. However, this dataset is lacking. We introduce TenSet, a large-scale tensor program performance dataset. TenSet contains 52 million program performance records collected from 6 hardware platforms. We provide comprehensive studies on how to learn and evaluate the cost models, including data collection, model architectures, loss functions, transfer learning, and evaluation metrics. We also show that a cost model pre-trained on TenSet can accelerate the search time in the state-of-the-art tensor compiler by up to 10×. © 2021 Neural information processing systems foundation. All rights reserved.

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

Preservation of Speculative Constant-Time by Compilation

引用

Proceedings of the ACM on programming Languages 2025年第POPL期9卷 1293-1325页

作者： Arranz Olmos, Santiago Barthe, Gilles Blatter, Lionel Grégoire, Benjamin Laporte, Vincent MPI-SP Bochum Germany IMDEA Software Institute Madrid Spain Inria Sophia Antipolis France Université de Lorraine Nancy France Inria Nancy France

compilers often weaken or even discard software-based countermeasures commonly used to protect programs against side-channel attacks;worse, they may also introduce vulnerabilities that attackers can exploit. The solution to this problem is to develop compilers that preserve such countermeasures. Prior work establishes that (a mildly modified version of) the CompCert and Jasmin formally verified compilers preserve constant-time, an information flow policy that ensures that programs are protected against timing side-channel attacks. However, nothing is known about preservation of speculative constant-time, a strengthening of the constant-time policy that ensures that programs are protected against Spectre-v1 attacks. We first show that preservation of speculative constant-time fails in practice by providing examples of secure programs whose compilation is not speculative constant-time using GCC (GCC -O0 and GCC -O1) and Jasmin. Then, we define a proof-of-concept compiler that distills some of the critical passes of the Jasmin compiler and use the Coq proof assistant to prove that it preserves speculative constant-time. Finally, we patch the Jasmin speculative constant-time type checker and demonstrate that all cryptographic implementations written in Jasmin can be fixed with minimal impact. © 2025 Owner/Author.

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

SNIP: Speculative Execution and Non-Interference Preservation for Compiler Transformations

引用

Proceedings of the ACM on programming Languages 2025年第POPL期9卷 1506-1535页

作者： Van Der Wall, Sören Meyer, Roland TU Braunschweig Braunschweig Germany

We address the problem of preserving non-interference across compiler transformations under speculative semantics. We develop a proof method that ensures the preservation uniformly across all source programs. The basis of our proof method is a new form of simulation relation. It operates over directives that model the attacker's control over the micro-architectural state, and it accounts for the fact that the compiler transformation may change the influence of the micro-architectural state on the execution (and hence the directives). Using our proof method, we show the correctness of dead code elimination. When we tried to prove register allocation correct, we identified a previously unknown weakness that introduces violations to non-interference. We have confirmed the weakness for a mainstream compiler on code from the libsodium cryptographic library. To reclaim security once more, we develop a novel static analysis that operates on a product of source program and register-allocated program. Using the analysis, we present an automated fix to existing register allocation implementations. We prove the correctness of the fixed register allocations with our proof method. © 2025 Owner/Author.

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

On BIOCHAM Symbolic Computation Pipeline for Compiling Mathematical Functions into Biochemistry

引用

ACM Communications in Computer Algebra 2025年第2期58卷 15-22页

作者： Fages, François Hemery, Mathieu Soliman, Sylvain EPI Lifeware Inria Saclay Palaiseau France

Chemical Reaction Networks (CRNs) are a standard formalism used in chemistry and biology to model complex molecular interaction systems. In the perspective of systems biology, they are a central tool to analyze the high-level functions of the cell in terms of their low-level molecular interactions. In the perspective of synthetic biology, they constitute a target programming language to implement in chemistry new functions either in vitro, in artificial vesicles, or in living cells. In this paper, we describe the CRN synthesis tool part of our CRN modeling and analysis software BIOCHAM (Biochemical Abstract Machine). This compiler transforms any elementary (resp. algebraic) real function into a formal finite CRN to compute it (resp. with absolute functional robustness), through a pipeline of symbolic computation steps, among which quadratization optimization plays a key role to restrict to elementary reactions with at most two reactants and a minimum number of molecular species. © 2025 Copyright is held by the owner/author(s).

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

Certified Knowledge Compilation with Application to Formally Verified Model Counting

引用

JOURNAL OF ARTIFICIAL INTELLIGENCE RESEARCH 2025年 82卷 2057-2099页

作者： Bryant, Randal E. Nawrocki, Wojciech Avigad, Jeremy Heule, Marijn J. H. Carnegie Mellon Univ Pittsburgh PA 15213 USA

Computing many useful properties of Boolean formulas, such as their weighted or unweighted model count, is intractable on general representations. It can become tractable when formulas are expressed in a special form, such as the decision decomposable negation normal form (decision-DNNF). Knowledge compilation is the process of converting a formula into such a form. Unfortunately existing knowledge compilers provide no guarantee that their output correctly represents the original formula, and therefore they cannot validate a model count, or any other computed value. We present Partitioned-Operation Graphs (POGs), a form that can encode all of the representations used by existing knowledge compilers. We have designed CPOG, a framework that can express proofs of equivalence between a POG and a Boolean formula in conjunctive normal form (CNF). We have developed a program that generates POG representations from decision-DNNF graphs produced by the state-of-the-art knowledge compiler D4, as well as checkable CPOG proofs certifying that the output POGs are equivalent to the input CNF formulas. Our toolchain for generating and verifying POGs scales to all but the largest graphs produced by D4 for formulas from a recent model counting competition. Additionally, we have developed a formally verified CPOG checker and model counter for POGs in the Lean 4 proof assistant. In doing so, we proved the soundness of our proof framework. These programs comprise the first formally verified toolchain for weighted and unweighted model counting.

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

Call-by-Unboxed-Value

引用

Proceedings of the ACM on programming Languages 2024年第ICFP期8卷 845-879页

作者： Downen, Paul University of Massachusetts Lowell Lowell United States

Call-By-Push-Value has famously subsumed both call-by-name and call-by-value by decomposing programs along the axis of "values" versus "computations." Here, we introduce Call-By-Unboxed-Value which further decomposes programs along an orthogonal axis separating "atomic" versus "complex." As the name suggests, these two dimensions make it possible to express the representations of values as boxed or unboxed, so that functions pass unboxed values as inputs and outputs. More importantly, Call-By-Unboxed-Value allows for an unrestricted mixture of polymorphism and unboxed types, giving a foundation for studying compilation techniques for polymorphism based on representation irrelevance. In this regard, we use Call-By-Unboxed-Value to formalize representation polymorphism independently of types;for the first time compiling untyped representation-polymorphic code, while nonetheless preserving types all the way to the machine. © 2024 Copyright held by the owner/author(s).

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

METASAFE: Compiling for Protecting Smart Pointer Metadata to Ensure Safe Rust Integrity 33

METASAFE: Compiling for Protecting Smart Pointer Metadata to...

引用

33rd USENIX Security Symposium

作者： Kayondol, Martin Bang, Inyoung Kwak, Yeongjun Moon, Hyungon Paek, Yunheung Seoul Natl Univ ECE Seoul South Korea Seoul Natl Univ ISRC Seoul South Korea UNIST Ulsan South Korea

ISBN: (纸本)9781939133441

Rust is a programming language designed with a focus on memory safety. It introduces new concepts such as ownership and performs static bounds checks at compile time to ensure spatial and temporal memory safety. For memory operations or data types whose safety the compiler cannot prove at compile time, Rust either explicitly excludes such portions of the program, termed unsafe Rust, from static analysis, or it relies on runtime enforcement using smart pointers. Existing studies have shown that potential memory safety bugs in such unsafe Rust can bring down the entire program, proposing in-process isolation or compartmentalization as a remedy. However, in this study, we show that the safe Rust remains susceptible to memory safety bugs even with the proposed isolation applied. The smart pointers upon which safe Rust's memory safety is built rely on metadata often stored alongside program data, possibly within reach of attackers. Manipulating this metadata, an attacker can nullify safe Rust's memory safety checks dependent on it, causing memory access bugs and exploitation. In response to this issue, we propose METASAFE, a mechanism that safeguards smart pointer metadata from such attacks. METASAFE stores smart pointer metadata in a gated memory region where only a predefined set of metadata management functions can write, ensuring that each smart pointer update does not cause safe Rust's memory safety violation. We have implemented METASAFE by extending the official Rust compiler and evaluated it with a variety of micro- and application benchmarks. The overhead of METASAFE is found to be low;it incurs a 3.5% average overhead on the execution time of a web browser benchmarks.

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

Fully Secure MPC and zk-FLIOP over Rings: New Constructions, Improvements and Extensions 44th

Fully Secure MPC and zk-FLIOP over Rings: New Constructions,...

引用

44th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO)

作者： Dalskov, Anders Escudero, Daniel Nof, Ariel Partisia Aarhus Denmark JP Morgan AI Res New York NY USA JP Morgan AlgoCRYPT CoE New York NY USA Bar Ilan Univ Ramat Gan Israel

ISBN: (纸本)9783031683961;9783031683978

We revisit the question of the overhead to achieve full security (i.e., guaranteed output delivery) in secure multiparty computation (MPC). Recent works have closed the gap between full security and semi-honest security, by introducing protocols where the parties first compute the circuit using a semi-honest protocol and then run a verification step with sublinear communication in the circuit size. However, in these works the number of interaction rounds in the verification step is also sublinear in the circuit's size. Unlike communication, the round complexity of the semi-honest execution typically grows with the circuit's depth and not its size. Hence, for large but shallow circuits, this additional number of rounds incurs a significant overhead. Motivated by this gap, we make the following contributions: 1. We present a new MPC framework to obtain full security, compatible with effectively any ring, that has an additive communication overhead of only O(log |C|), where |C| is the number of multiplication gates in the circuit, and a constant number of additional rounds beyond the underlying semi-honest protocol. Our framework works with any linear secret sharing scheme and relies on a new to utilize the machinery of zero-knowledge fully linear interactive oracle proofs (zk-FLIOP) in a black-box way. We present several instantiations to the building blocks of our compiler, from which we derive concretely efficient protocols in different settings. 2. We present extensions to the zk-FLIOP primitive for very general settings. The first one is for proving statements over potentially non-commutative rings, where the only requirement is that the ring has a large enough set where (1) every element in the set commutes with every element in the ring, and (2) the difference between any two distinct elements is invertible. Our second zk-FLIOP extension is for proving statements over Galois Rings. For these rings, we present concrete improvements on the current state-of-the-art

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

Demo - MedGuard: Securing Medical IoT with compiler polymorphism 16

Demo - MedGuard: Securing Medical IoT with compiler polymorp...

引用

2024 International Workshop on Information Forensics and Security

作者： Santorinaios, Dimitris Kourtis, Michail Alexandros Santorinaiou, Anna Oikonomakis, George Zortenet Aigaleo Greece

ISBN: (纸本)9798350364439;9798350364422

In this paper, we introduce MedGuard, a novel compiler polymorphism technique designed to enhance the security of medical IoT devices. Medical IoT devices, including wearable medical devices (WMDs), are increasingly becoming targets for sophisticated cyber-attacks due to their critical role in healthcare settings. MedGuard aims to prevent the scalability of such attacks across similar devices by generating unique executable binaries from a combination of source code and random seeds. This technique not only strengthens individual device security but also incorporates future-ready mechanisms like detection traps. Our approach significantly raises the security posture of medical IoT ecosystems, safeguarding both hospital networks and patient home environments. This paper details the implementation, effectiveness, and potential future enhancements of MedGuard, demonstrating its crucial role in advancing medical IoT security.

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：