检索结果-内蒙古大学图书馆

arXiv 2025年

作者： Ma, Haoyang Donaldson, Alastair F. Shen, Qingchao Tian, Yongqiang Chen, Junjie Cheung, Shing-Chi

Random program generators often exhibit opportunism: they generate programs without a specific focus within the vast search space defined by the programming language. This opportunistic behavior hinders the effective generation of programs that trigger bugs in compilers and analyzers, even when such programs closely resemble those generated. To address this limitation, we propose bounded exhaustive random program generation, a novel method that focuses the search space of program generation with the aim of more quickly identifying bug-triggering programs. Our approach comprises two stages: 1) generating random program templates, which are incomplete test programs containing bug-related placeholders, and 2) conducting a bounded exhaustive enumeration of valid values for each placeholder within these templates. To ensure efficiency, we maintain a solvable constraint set during the template generation phase and then methodically explore all possible values of placeholders within these constraints during the exhaustive enumeration phase. We have implemented this approach for Solidity, a popular smart contract language for the Ethereum blockchain, in a tool named Erwin. Based on a recent study of Solidity compiler bugs, the placeholders used by Erwin relate to language features commonly associated with compiler bugs. Erwin has successfully identified 23 previously unknown bugs across two Solidity compilers, solc and solang, and one Solidity static analyzer, slither. Evaluation results demonstrate that Erwin outperforms state-of-the-art Solidity fuzzers in bug detection and complements developer-written test suites by covering 4,582 edges and 14,737 lines of the solc compiler that were missed by solc’s unit tests. © 2025, CC BY-NC-SA.

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

Preservation of Speculative Constant-Time by Compilation

引用

Proceedings of the ACM on programming Languages 2025年第POPL期9卷 1293-1325页

作者： Arranz Olmos, Santiago Barthe, Gilles Blatter, Lionel Grégoire, Benjamin Laporte, Vincent MPI-SP Bochum Germany IMDEA Software Institute Madrid Spain Inria Sophia Antipolis France Université de Lorraine Nancy France Inria Nancy France

compilers often weaken or even discard software-based countermeasures commonly used to protect programs against side-channel attacks;worse, they may also introduce vulnerabilities that attackers can exploit. The solution to this problem is to develop compilers that preserve such countermeasures. Prior work establishes that (a mildly modified version of) the CompCert and Jasmin formally verified compilers preserve constant-time, an information flow policy that ensures that programs are protected against timing side-channel attacks. However, nothing is known about preservation of speculative constant-time, a strengthening of the constant-time policy that ensures that programs are protected against Spectre-v1 attacks. We first show that preservation of speculative constant-time fails in practice by providing examples of secure programs whose compilation is not speculative constant-time using GCC (GCC -O0 and GCC -O1) and Jasmin. Then, we define a proof-of-concept compiler that distills some of the critical passes of the Jasmin compiler and use the Coq proof assistant to prove that it preserves speculative constant-time. Finally, we patch the Jasmin speculative constant-time type checker and demonstrate that all cryptographic implementations written in Jasmin can be fixed with minimal impact. © 2025 Owner/Author.

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

SNIP: Speculative Execution and Non-Interference Preservation for Compiler Transformations

引用

Proceedings of the ACM on programming Languages 2025年第POPL期9卷 1506-1535页

作者： Van Der Wall, Sören Meyer, Roland TU Braunschweig Braunschweig Germany

We address the problem of preserving non-interference across compiler transformations under speculative semantics. We develop a proof method that ensures the preservation uniformly across all source programs. The basis of our proof method is a new form of simulation relation. It operates over directives that model the attacker's control over the micro-architectural state, and it accounts for the fact that the compiler transformation may change the influence of the micro-architectural state on the execution (and hence the directives). Using our proof method, we show the correctness of dead code elimination. When we tried to prove register allocation correct, we identified a previously unknown weakness that introduces violations to non-interference. We have confirmed the weakness for a mainstream compiler on code from the libsodium cryptographic library. To reclaim security once more, we develop a novel static analysis that operates on a product of source program and register-allocated program. Using the analysis, we present an automated fix to existing register allocation implementations. We prove the correctness of the fixed register allocations with our proof method. © 2025 Owner/Author.

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

On BIOCHAM Symbolic Computation Pipeline for Compiling Mathematical Functions into Biochemistry

引用

ACM Communications in Computer Algebra 2025年第2期58卷 15-22页

作者： Fages, François Hemery, Mathieu Soliman, Sylvain EPI Lifeware Inria Saclay Palaiseau France

Chemical Reaction Networks (CRNs) are a standard formalism used in chemistry and biology to model complex molecular interaction systems. In the perspective of systems biology, they are a central tool to analyze the high-level functions of the cell in terms of their low-level molecular interactions. In the perspective of synthetic biology, they constitute a target programming language to implement in chemistry new functions either in vitro, in artificial vesicles, or in living cells. In this paper, we describe the CRN synthesis tool part of our CRN modeling and analysis software BIOCHAM (Biochemical Abstract Machine). This compiler transforms any elementary (resp. algebraic) real function into a formal finite CRN to compute it (resp. with absolute functional robustness), through a pipeline of symbolic computation steps, among which quadratization optimization plays a key role to restrict to elementary reactions with at most two reactants and a minimum number of molecular species. © 2025 Copyright is held by the owner/author(s).

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

Certified Knowledge Compilation with Application to Formally Verified Model Counting

引用

Journal of Artificial Intelligence Research 2025年 82卷 2057-2099页

作者： Bryant, Randal E. Nawrocki, Wojciech Avigad, Jeremy Heule, Marijn J.H. Carnegie Mellon University PittsburghPA United States

Computing many useful properties of Boolean formulas, such as their weighted or unweighted model count, is intractable on general representations. It can become tractable when formulas are expressed in a special form, such as the decision decomposable negation normal form (decision-DNNF). Knowledge compilation is the process of converting a formula into such a form. Unfortunately existing knowledge compilers provide no guarantee that their output correctly represents the original formula, and therefore they cannot validate a model count, or any other computed value. We present Partitioned-Operation Graphs (POGs), a form that can encode all of the representations used by existing knowledge compilers. We have designed CPOG, a framework that can express proofs of equivalence between a POG and a Boolean formula in conjunctive normal form (CNF). We have developed a program that generates POG representations from decision-DNNF graphs produced by the state-of-the-art knowledge compiler D4, as well as checkable CPOG proofs certifying that the output POGs are equivalent to the input CNF formulas. Our toolchain for generating and verifying POGs scales to all but the largest graphs produced by D4 for formulas from a recent model counting competition. Additionally, we have developed a formally verified CPOG checker and model counter for POGs in the Lean 4 proof assistant. In doing so, we proved the soundness of our proof framework. These programs comprise the first formally verified toolchain for weighted and unweighted model counting. ©2025 The Authors.

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

Probabilistic program analysis for parallelizing compilers

引用

6th International Conference on High Performance Computing for Computational Science (VECPAR 2005)

作者： Forsythe, IM Milligan, P Sage, PP Queens Univ Belfast Sch Comp Sci Belfast BT9 5HN Antrim North Ireland

ISBN: (纸本)3540254242

Parallelizing compilers have difficulty analysing and optimising complex code. To address this, some analysis may be delayed until run-time, and techniques such as speculative execution used. Furthermore, to enhance performance, a feedback loop may be setup between the compile time and run-time analysis systems, as in iterative compilation. To extend this, it is proposed that the run-time analysis collects information about the values of variables not already determined, and estimates a probability measure for the sampled values. These measures may be used to guide optimisations in further analyses of the program. To address the problem of variables with measures as values, this paper also presents an outline of a novel combination of previous probabilistic denotational semantics models, applied to a simple imperative language.

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

Compute, but Verify: Efficient Multiparty Computation over Authenticated Inputs 30th

Compute, but Verify: Efficient Multiparty Computation over A...

引用

30th International Conference on the Theory and Application of Cryptology and Information Security

作者： Dutta, Moumita Ganesh, Chaya Patranabis, Sikhar Singh, Nitin Indian Inst Sci Bangalore Karnataka India IBM Res Bangalore Karnataka India

ISBN: (纸本)9789819609376;9789819609383

Traditional notions of secure multiparty computation (MPC) allow mutually distrusting parties to jointly compute a function over their private inputs, but typically do not specify how these inputs are chosen. Motivated by real-world applications where corrupt inputs could adversely impact privacy and operational legitimacy, we consider a notion of authenticated MPC where the inputs are authenticated (for instance, signed using a digital signature) by some certification authority. We propose a generic and efficient compiler that transforms any linear secret sharing based honest-majority MPC protocol into one with input authentication. Our compiler achieves an ideal notion of authenticated MPC equipped with stronger and more desirable security guarantees than those considered in prior works, while incurring significantly lower computational costs and competitive communication overheads when compared to existing solutions. In particular, we entirely avoid the (potentially expensive) protocol-specific techniques and pre-processing requirements that are inherent to these solutions. For certain corruption thresholds, our compiler additionally preserves the stronger identifiable abort security of the underlying MPC protocol. No existing solution for authenticated MPC achieves this regardless of the corruption threshold. Along the way, we make several technical contributions that are of independent interest. This includes the notion of distributed proofs of knowledge and concrete realizations of the same for several relations of interest, such as proving knowledge of many popularly used digital signature schemes, and proving knowledge of opening of a Pedersen commitment.

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

Type-Preserving Flat Closure Optimization

引用

Proceedings of the ACM on programming Languages 2025年第OOPSLA1期9卷 649-675页

作者： Geller, Adam T. Bocirnea, Sean Gould, Chester J.F. Koronkevich, Paulette Bowman, William J. University of British Columbia Canada

Type-preserving compilation seeks to make intent as much as a part of compilation as computation. Specifications of intent in the form of types are preserved and exploited during compilation and linking, alongside the mere computation of a program. This provides lightweight guarantees for compilation, optimization, and linking. Unfortunately, type-preserving compilation typically interferes with important optimizations. In this paper, we study typed closure representation and optimization. We analyze limitations in prior typed closure conversion representations, and the requirements of many important closure optimizations. We design a new typed closure representation in our Flat-Closure Calculus (FCC) that admits all these optimizations, prove type safety and subject reduction of FCC, prove type preservation from an existing closure converted IR to FCC, and implement common closure optimizations for FCC. © 2025 Copyright held by the owner/author(s).

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

Polymorphism with Typed Holes 25th

Polymorphism with Typed Holes

引用

25th International Symposium on Trends in Functional programming

作者： Chen, Adam Porter, Thomas Omar, Cyrus Stevens Inst Technol Hoboken NJ 07030 USA Univ Michigan Ann Arbor MI USA

ISBN: (纸本)9783031745577;9783031745584

Live programming environments aim to provide rapid and continuous feedback to developers, but this can be challenging when a program is incomplete. Hazel is a live programming environment that aims to solve this problem by using expression and type holes to stand for missing terms or mark erroneous terms. Hazel is based on the Hazelnut Live calculus presented in prior work. This paper starts by presenting Polymorphic Hazelnut Live, an extension of Hazelnut Live to support explicit System F-style polymorphism. We show, with mechanized proofs in Agda, that this extended system satisfies the key metatheoretic properties necessary for live programming with typed holes. We compare the type system of Polymorphic Hazelnut Live to other systems that combine gradual typing (i.e. the theory of type holes) with polymorphism, discussing subtleties related to parametricity and the gradual guarantee. Finally, we present a method to integrate a form of implicit type application into the Hazel architecture. We propose a system in which the programmer may omit explicit type applications, and the editor (rather than downstream tools like a typechecker or compiler) implicitly inserts and fills them, allowing the user to see and override these implicit type applications as needed.

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

Carapace: Static–Dynamic Information Flow Control in Rust

引用

Proceedings of the ACM on programming Languages 2025年第OOPSLA1期9卷 364-392页

作者： Beardsley, Vincent Xiong, Chris Lamba, Ada Bond, Michael D. Ohio State University United States

Fine-grained information flow control (IFC) ensures confidentiality and integrity at the programming language level by ensuring that high-secrecy values do not affect low-secrecy values and that low-integrity values do not affect high-integrity values. However, prior support for fine-grained IFC is impractical: It either analyzes programs using whole-program static analysis, detecting false IFC violations;or it extends the language and compiler, thwarting adoption. Recent work called Cocoon demonstrates how to provide fine-grained IFC for Rust programs without modifying the language or compiler, but it is limited to static secrecy labels, and its case studies are limited. This paper introduces an approach called Carapace that employs Cocoon’s core approach and supports both static and dynamic IFC and supports both secrecy and integrity. We demonstrate Carapace using three case studies involving real applications and comprehensive security policies. An evaluation shows that applications can be retrofitted to use Carapace with relatively few changes, while incurring negligible run-time overhead in most cases. Carapace advances the state of the art by being the first hybrid static–dynamic IFC that works with an off-the-shelf language—Rust—and its unmodified compiler. © 2025 Copyright held by the owner/author(s).

关键词： program compilers

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：