LWN.net Logo

Advertisement

Writers Wanted

Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Cross compiling compiler

Cross compiling compiler

Posted Apr 9, 2004 5:29 UTC (Fri) by libra (guest, #2515)
In reply to: Green Hills Software on free software in the military by allesfresser
Parent article: Green Hills Software on free software in the military

Althought I never tried it, I think that by using different compiler on different platforms and cross-compiling for one shall give at second iteration identical compiler codes no matter the original compiling platform.

If this can be shown it will prove that no secret code is in the compiler because it would mean otherwise that all compilers on all platforms are corrupt, and that is unpossible.

Maybe someone out here as a clue on that topic, or can explain why that idea could be wrong.

(Log in to post comments)

Cross compiling compiler

Posted Apr 9, 2004 6:29 UTC (Fri) by pynm0001 (guest, #18379) [Link]

I'm not sure exactly what you mean, so I'm going to give an example, and you can tell me whether it's right or wrong.

You're saying that if you have (say) Solaris CC on Pentium compiling for Sparc, and gcc on PowerPC compiling for Sparc, that the resulting object code for Sparc should be identical on both machines?

The answer would be no, unfortunately, unless a fluke occurred. If both compilers are good, they will produce equivalent code, but the code will almost certainly not be byte-for-byte equal.

However, even if the compilers produce byte-for-byte identical code, that doesn't mean that secret code in a compiler is impossible, because I could go and write a compiler later that adds secret code. The problem with your logic is that producing identical output for two compilers doesn't imply that all compilers on all platforms are either all corrupt or all clean.

Cross compiling compiler

Posted Apr 9, 2004 7:28 UTC (Fri) by baldrick (subscriber, #4123) [Link]

Probably what he means is that you bootstrap gcc using a non-gcc
compiler and also using gcc itself. If the final gcc you get is the same
in both cases then you can be pretty sure there is no Thompson trojan
lurking inside gcc. I understand that this is one of the reasons the gcc
developers work hard to make gcc compilable by a wide range of other
compilers.

Cross compiling compiler

Posted Apr 9, 2004 7:37 UTC (Fri) by pynm0001 (guest, #18379) [Link]

Ah, that's a good idea. Although I feel that my other argument about
equivalent code remains. A non-gcc compiler shouldn't produce the same
exact binary that gcc itself would, merely one which works the same.

Cross compiling compiler

Posted Apr 9, 2004 12:13 UTC (Fri) by libra (guest, #2515) [Link]

That's why I added the term iteration in my post. The idea is :

Compile GCC with compiler C_A on platform P_A for platform P
Compile GCC with compiler C_B on platform P_B for platform P
(with C_A != C_B and P_A != P_B but not necessary C_x != GCC or P_x != P)

Then on platform P you have GCC_A and GCC_B, they are certainly note binary equivalent, but functionally shall be. As the code has been audited, and two platforms/compiler were involved, we may assume that one of the two is not tainted. So now we do :

Compile GCC with GCC_A on P
Compile GCC with GCC_B on P

If both GCC_A and GCC_B are really functionally equivalent then the results shall now be binary identical (at that iteration, or maybe at the next one due to some cross compilation problems that may occur). If you can never reach an iteration where both results are stable and identical, then you have a problem, otherwise you nearly have the proof you want (unless all compiler of the world are tainted the same way, highly unlikely).

Note that for better results it shall be done with 3 or 4 different compiler. Also note that if you find a small binary difference at some point you may very well gain the key of the backdoor (in GCC or in C_x) by analyzing that difference, unless it is just a bug you would have to point out for the improvement of GCC.

Sorry not to have been clear the first time. Hope it is OK now.

Cross compiling compiler

Posted Apr 9, 2004 19:54 UTC (Fri) by pynm0001 (guest, #18379) [Link]

I see what you're saying now (I was up too late last night :-( ).
Indeed, it sounds like a very good idea, I can't see any flaws in the
logic.

Of course, we can't even apply that test to MSVC, so I guess Open Source
wins another security battle due to the other side's forfeit. :-)

Cross compiling compiler

Posted Apr 11, 2004 21:27 UTC (Sun) by flewellyn (subscriber, #5047) [Link]

This could only happen if the code-generating back-ends for all of the different compilers were identical. Unless the different compilers were derived from a common base, this is unlikely.

I think a better means of ensuring the security of a compiler is simply to examine its source code. Of course, with proprietary compilers (the type that Green Hills is pushing), you can't do that, so you just have to trust them. Which is what Green Hills is saying is the problem with free software...sounds like someone has their brain on backwards.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds