research-article

An equivalence-preserving CPS translation via multi-language semantics

Authors:

Matthias BlumeAuthors Info & Claims

ACM SIGPLAN Notices, Volume 46, Issue 9

Pages 431 - 444

https://doi.org/10.1145/2034574.2034830

Published: 19 September 2011 Publication History

Abstract

Language-based security relies on the assumption that all potential attacks follow the rules of the language in question. When programs are compiled into a different language, this is true only if the translation process preserves observational equivalence.

To prove that a translation preserves equivalence, one must show that if two program fragments cannot be distinguished by any source context, then their translations cannot be distinguished by any target context. Informally, target contexts must be no more powerful than source contexts, i.e., for every target context there exists a source context that "behaves the same." This seems to amount to being able to "back-translate" arbitrary target terms. However, that is simply not viable for practical compilers where the target language is lower-level and, thus, contains expressions that have no source equivalent.

In this paper, we give a CPS translation from a less expressive source language (STLC) to a more expressive target language (System F) and prove that the translation preserves observational equivalence. The key to our equivalence-preserving compilation is the choice of the right type translation: a source type σ mandates a set of behaviors and we must ensure that its translation σ⁺ mandates semantically equivalent behaviors at the target level. Based on this type translation, we demonstrate how to prove that for every target term of type σ⁺, there exists an equivalent source term of type σ- even when sub-terms of the target term are not necessarily "back-translatable" themselves. A key novelty of our proof, resulting in a pleasant proof structure, is that it leverages a multi-language semantics where source and target terms may interoperate.

Supplementary Material

MP4 File (_talk14.mp4)

Download
61.66 MB

References

[1]

M. Abadi. Protection in programming-language translations. In International Colloquium on Automata, Languages and Programming (ICALP), pages 868--883, 1998.

Digital Library

[2]

S. Abramsky, R. Jagadeesan, and P. Malacaria. Full abstraction for PCF. Inf. Comput., 163 (2): 409--470, 2000.

Digital Library

[3]

A. Ahmed. Step-indexed syntactic logical relations for recursive and quantified types. In European Symposium on Programming (ESOP), pages 69--83, Mar. 2006.

Digital Library

[4]

A. Ahmed and M. Blume. Typed closure conversion preserves observational equivalence. In International Conference on Functional Programming (ICFP), Victoria, British Columbia, Canada, pages 157--168, Sept. 2008.

Digital Library

[5]

A. Ahmed and M. Blume. An equivalence-preserving CPS translation via multi-language semantics (technical appendix). Available at http://www.cs.indiana.edu/~amal/papers/epc/, July 2011.

Digital Library

[6]

A. Ahmed, D. Dreyer, and A. Rossberg. State-dependent representation independence. In ACM Symposium on Principles of Programming Languages (POPL), Savannah, Georgia, Jan. 2009.

Digital Library

[7]

A. W. Appel. Compiling with Continuations. Cambridge University Press, 1992.

Digital Library

[8]

N. Benton and C.-K. Hur. Biorthogonality, step-indexing and compiler correctness. In International Conference on Functional Programming (ICFP), Edinburgh, Scotland, Sept. 2009.

Digital Library

[9]

N. Benton and C.-K. Hur. Realizability and compositional compiler correctness for a polymorphic language. Technical Report MSR-TR-2010-62, Microsoft Research, Apr. 2010.

[10]

J. Berdine. Linear and affine typing of continuation-passing style. Technical Report RR-04-04, Queen Mary, Univ. of London, Jan. 2004.

[11]

Berdine, O'Hearn, Reddy, and Thielecke}berdine02:lincpsJ. Berdine, P. O'Hearn, U. Reddy, and H. Thielecke. Linear continuation-passing. Higher Order Symbol. Comput., 15 (2--3): 181--208, 2002\natexlaba.

Digital Library

[12]

J. Berdine, P. O'Hearn, and H. Thielecke. Extracting the range of cps from affine typing: Extended abstract. In Workshop on Linear Logic, 2002.

[13]

M. Berger, K. Honda, and N. Yoshida. Sequentiality and the π-calculus. In Typed Lambda Calculi and Applications (TLCA), Krakow, Poland, pages 29--45, 2001.

Digital Library

[14]

M. Berger, K. Honda, and N. Yoshida. Genericity and the π-calculus. In Proceedings of the 6th International conference on Foundations of Software Science and Computation Structures and joint European conference on Theory and practice of software, FOSSACS'03/ETAPS'03, pages 103--119, 2003.

Digital Library

[15]

M. Berger, K. Honda, and N. Yoshida. Genericity and the π-calculus. Acta Informatica, 42: 83--141, November 2005.

Digital Library

[16]

R. Cartwright and M. Felleisen. Observable sequentiality and full abstraction. In ACM Symposium on Principles of Programming Languages (POPL), Albuquerque, New Mexico, pages 328--342, 1992.

Digital Library

[17]

A. Chlipala. A certified type-preserving compiler from lambda calculus to assembly language. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), San Diego, California, June 2007.

Digital Library

[18]

O. Danvy. Back to direct style. Science of Computer Programming, 22 (3): 183--195, 1994.

Digital Library

[19]

A. Filinski. Representing monads. In ACM Symposium on Principles of Programming Languages (POPL), Portland, Oregon, Jan. 1994.

Digital Library

[20]

R. Harper and M. Lillibridge. Explicit polymorphism and CPS conversion. In POPL '93, pages 206--219, 1993.

Digital Library

[21]

M. Hasegawa. Linearly used effects: Monadic and CPS transformations into the linear lambda calculus. In International Symposium on Functional and Logic Programming (FLOPS), Aizu, Japan, pages 167--182, 2002.

Digital Library

[22]

K. Honda and N. Yoshida. A uniform type structure for secure information flow. In ACM Symposium on Principles of Programming Languages (POPL), Portland, Oregon, Jan. 2002.

Digital Library

[23]

K. Honda, N. Yoshida, and M. Berger. Control in the π-calculus. In Fourth ACM-SIGPLAN Continuations Workshop (CW '04), Jan. 2004.

[24]

J. M. E. Hyland and C. H. L. Ong. On full abstraction for PCF: I, II, and III. Information and Computation, 163 (2): 285--408, 2000.

Digital Library

[25]

A. Jeffrey. A fully abstract semantics for a concurrent functional language with monadic types. In IEEE Symposium on Logic in Computer Science (LICS), San Diego, California, 1995.

Digital Library

[26]

A. Kennedy. Securing the .NET programming model. Theoretical Computer Science, 364 (3): 311--317, 2006.

Digital Library

[27]

A. Kennedy. Compiling with continuations, continued. In International Conference on Functional Programming (ICFP), Freiburg, Germany, Oct. 2007.

Digital Library

[28]

D. A. Kranz, R. A. Kelsey, J. A. Rees, P. Hudak, and J. Philbin. ORBIT: an optimizing compiler for Scheme. In Proceedings of the ACM Symposium on Compiler Construction, pages 219--233, June 1986.

Digital Library

[29]

J. Laird. Game semantics and linear CPS interpretation. Theor. Comput. Sci., 333 (1--2): 199--224, 2005.

Digital Library

[30]

I. A. Mason and C. L. Talcott. Equivalence in functional languages with effects. J. Functional Programming, 1 (3): 287--327, 1991.

[31]

J. Matthews and R. B. Findler. Operational semantics for multi-language programs. In ACM Symposium on Principles of Programming Languages (POPL), Nice, France, pages 3--10, Jan. 2007.

Digital Library

[32]

A. Meyer and J. G. Riecke. Continuations may be unreasonable. In Conf. on LISP and functional programming, LFP '88, pages 63--71, 1988.

Digital Library

[33]

A. R. Meyer and K. Sieber. Towards fully abstract semantics for local variables. In ACM Symposium on Principles of Programming Languages (POPL), San Diego, California, pages 191--203, 1988.

Digital Library

[34]

A. R. Meyer and M. Wand. Continuation semantics in typed lambda-calculi. In R. Parikh, editor, Logics of Programs (Brooklyn, June, 1985), volume 193 of Lecture Notes in Computer Science, pages 219--224. Springer-Verlag, 1985.

Digital Library

[35]

R. Milner. Fully abstract models of typed lambda calculi. Theoretical Computer Science, 4 (1), 1977.

[36]

G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to typed assembly language. ACM Transactions on Programming Languages and Systems, 21 (3): 527--568, May 1999.

Digital Library

[37]

A. Nanevski, A. Ahmed, G. Morrisett, and L. Birkedal. Abstract predicates and mutable adts in hoare type theory. In European Symposium on Programming (ESOP), pages 189--204, Mar. 2007.

Digital Library

[38]

A. M. Pitts. Typed operational reasoning. In B. C. Pierce, editor, Advanced Topics in Types and Programming Languages. MIT Press, 2005.

[39]

G. D. Plotkin. LCF considered as a programming language. Theoretical Computer Science, 5: 223--255, 1977.

[40]

J. C. Reynolds. Types, abstraction, and parametric polymorphism. Information Processing, pages 513--523, 1983.

[41]

J. Riecke and R. Viswanathan. Isolating side effects in sequential languages. In ACM Symposium on Principles of Programming Languages (POPL), San Francisco, California, Jan. 1995.

Digital Library

[42]

J. G. Riecke. Fully abstract translations between functional languages. In ACM Symposium on Principles of Programming Languages (POPL), Orlando, Florida, pages 245--254, 1991.

Digital Library

[43]

A. Sabry and M. Felleisen. Reasoning about programs in continuation-passing style. In Conf. on LISP and functional programming, LFP '92, 1992.

Digital Library

[44]

S. B. Sanjabi and C.-H. L. Ong. Fully abstract semantics of additive aspects by translation. In Proceedings of the 6th international conference on Aspect-oriented software development (AOSD), pages 135--148, 2007.

Digital Library

[45]

Z. Shao and A. W. Appel. A type-based compiler for Standard ML. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), La Jolla, California, pages 116--129. ACM Press, 1995.

Digital Library

[46]

N. Shikuma and A. Igarashi. Proving noninterference by a fully complete translation to the simply typed lambda-calculus. Logical Methods in Computer Science, 4 (3:10): 1--31, 2008.

[47]

G. L. Steele. RABBIT: A compiler for SCHEME. Technical Report AI-TR-474, MIT, May 1978.

[48]

H. Thielecke. From control effects to typed continuation passing. In ACM Symposium on Principles of Programming Languages (POPL), New Orleans, Louisiana, 2003.

Digital Library

[49]

H. Thielecke. Answer type polymorphism in call-by-name continuation passing. In European Symposium on Programming (ESOP), Mar. 2004.

[50]

P. Wadler. Theorems for free! In ACM Symposium on Functional Programming Languages and Computer Architecture (FPCA), Sept. 1989.

Digital Library

[51]

S. Zdancewic and A. C. Myers. Secure information flow and CPS. In European Symposium on Programming (ESOP), pages 46--61, Apr. 2001.

Digital Library

Cited By

Torrens POrchard DVasconcellos C(2024)On the Operational Theory of the CPS-Calculus: Towards a Theoretical Foundation for IRsProceedings of the ACM on Programming Languages10.1145/36746308:ICFP(147-176)Online publication date: 21-Aug-2024
https://dl.acm.org/doi/10.1145/3674630
Buro SCrole RMastroeni I(2023)On multi-language abstraction: Towards a static analysis of multi-language programsFormal Methods in System Design10.1007/s10703-022-00405-8Online publication date: 28-Mar-2023
https://doi.org/10.1007/s10703-022-00405-8
El-Korashy ABlanco RThibault JDurier AGarg DHriţcu C(2022)SecurePtrs: Proving Secure Compilation with Data-Flow Back-Translation and Turn-Taking Simulation2022 IEEE 35th Computer Security Foundations Symposium (CSF)10.1109/CSF54842.2022.9919680(64-79)Online publication date: Aug-2022
https://doi.org/10.1109/CSF54842.2022.9919680
Show More Cited By

Index Terms

An equivalence-preserving CPS translation via multi-language semantics
1. Software and its engineering
  1. Software notations and tools
    1. Formal language definitions
      1. Semantics
2. Theory of computation
  1. Semantics and reasoning
    1. Program semantics

Recommendations

An equivalence-preserving CPS translation via multi-language semantics
ICFP '11: Proceedings of the 16th ACM SIGPLAN international conference on Functional programming

Language-based security relies on the assumption that all potential attacks follow the rules of the language in question. When programs are compiled into a different language, this is true only if the translation process preserves observational ...
Fully abstract compilation via universal embedding
ICFP '16

A fully abstract compiler guarantees that two source components are observationally equivalent in the source language if and only if their translations are observationally equivalent in the target. Full abstraction implies the translation is secure: ...
Fully abstract compilation via universal embedding
ICFP 2016: Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming

A fully abstract compiler guarantees that two source components are observationally equivalent in the source language if and only if their translations are observationally equivalent in the target. Full abstraction implies the translation is secure: ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 46, Issue 9

ICFP '11

September 2011

456 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/2034574

Issue’s Table of Contents

ICFP '11: Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
September 2011
470 pages
ISBN:9781450308656
DOI:10.1145/2034773
General Chairs:
Manuel Chakravarty
University of New South Wales, Australia
,
Zhenjiang Hu
National Institute of Informatics, Japan
,
Program Chair:
Olivier Danvy
Aarhus University, Denmark

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 September 2011

Published in SIGPLAN Volume 46, Issue 9

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

61
Total Citations
View Citations
347
Total Downloads

Downloads (Last 12 months)19
Downloads (Last 6 weeks)2

Reflects downloads up to 10 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Torrens POrchard DVasconcellos C(2024)On the Operational Theory of the CPS-Calculus: Towards a Theoretical Foundation for IRsProceedings of the ACM on Programming Languages10.1145/36746308:ICFP(147-176)Online publication date: 21-Aug-2024
https://dl.acm.org/doi/10.1145/3674630
Buro SCrole RMastroeni I(2023)On multi-language abstraction: Towards a static analysis of multi-language programsFormal Methods in System Design10.1007/s10703-022-00405-8Online publication date: 28-Mar-2023
https://doi.org/10.1007/s10703-022-00405-8
El-Korashy ABlanco RThibault JDurier AGarg DHriţcu C(2022)SecurePtrs: Proving Secure Compilation with Data-Flow Back-Translation and Turn-Taking Simulation2022 IEEE 35th Computer Security Foundations Symposium (CSF)10.1109/CSF54842.2022.9919680(64-79)Online publication date: Aug-2022
https://doi.org/10.1109/CSF54842.2022.9919680
Rioux NZdancewic S(2020)Computation focusingProceedings of the ACM on Programming Languages10.1145/34089774:ICFP(1-27)Online publication date: 3-Aug-2020
https://dl.acm.org/doi/10.1145/3408977
Buro SCrole RMastroeni I(2020)On Multi-language AbstractionStatic Analysis10.1007/978-3-030-65474-0_14(310-332)Online publication date: 18-Nov-2020
https://dl.acm.org/doi/10.1007/978-3-030-65474-0_14
Buro SMastroeni I(2019)On the Multi-Language ConstructionProgramming Languages and Systems10.1007/978-3-030-17184-1_11(293-321)Online publication date: 6-Apr-2019
https://doi.org/10.1007/978-3-030-17184-1_11
Patrignani MGarg D(2017)Secure Compilation and Hyperproperty Preservation2017 IEEE 30th Computer Security Foundations Symposium (CSF)10.1109/CSF.2017.13(392-404)Online publication date: Aug-2017
https://doi.org/10.1109/CSF.2017.13
Patrignani MDevriese DPiessens F(2016)On Modular and Fully-Abstract Compilation2016 IEEE 29th Computer Security Foundations Symposium (CSF)10.1109/CSF.2016.9(17-30)Online publication date: Jun-2016
https://doi.org/10.1109/CSF.2016.9
Patrignani MAgten PStrackx RJacobs BClarke DPiessens F(2015)Secure Compilation to Protected Module ArchitecturesACM Transactions on Programming Languages and Systems10.1145/269950337:2(1-50)Online publication date: 16-Apr-2015
https://dl.acm.org/doi/10.1145/2699503
(2015)Fully abstract trace semantics for protected module architecturesComputer Languages, Systems and Structures10.1016/j.cl.2015.03.00242:C(22-45)Online publication date: 1-Jul-2015
https://dl.acm.org/doi/10.1016/j.cl.2015.03.002
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents