Trusting a Compiler
Here are several situations where a compiler might aid integrity and security:
- To compile source from a trusted programmer to improve security of TCB code.
- To compile code from an adversary that trusted code can safely call.
I cannot explain why we have not heard of exploits of compiler flaws.
Ultimate evil compiler?
What scenarios are there for trusting a compiler?
Most think that it means avoiding blunders such as Heartbleed where the source was naïve, not malicious.
What does it take to call a routine compiled separately from your code, by a compiler you trust, where the source was provided be an adversary?
You get to filter the compiler warning messages.
Certainly there is some new loader technology to be invented and implemented.
Java has addressed some of these questions.
They have gone farther than others, but not far enough I suspect.
What about space and time accountability?
No languages account for this.
Then there is the problem of getting all the world’s programmers to agree on one adequate language.
Rarely an object may be defined by a single compilation.
Some linking and loading problems disappear in that case.