  \begin{tabular}{@ {}c@ {}}
  \LARGE Compilers and \\[-2mm] 
  \LARGE Formal Languages (10)\\[3mm] 

  Email:  christian.urban at
  Office: N7.07 (North Wing, Bush House)
  Slides: KEATS (also home work is there)



Using a compiler, how can you mount the perfect attack against a system?



What is a \alert{perfect} attack?

\item you can potentially completely take over a target system
\item your attack is (nearly) undetectable
\item the victim has (almost) no chance to recover



  login (src)
  login (bin)

  my compiler (src)

  V1.00

  V1.01
  V1.01

  Hacking Compilers 
  \begin{tabular}{c@ {}}
  \footnotesize Ken Thompson\\[-1.8mm]
  \footnotesize Turing Award, 1983\\
  \begin{tabular}{l@ {\hspace{1mm}}p{8cm}}
  & Ken Thompson showed how to hide a Trojan Horse in a 
  compiler \textcolor{red}{without} leaving any traces in the source code.\\[2mm]
  & No amount of source level verification will protect 
  you from such Thompson-hacks.\\[2mm]


  \item[1)] Assume you ship the compiler as binary and also with sources.
  \item[2)] Make the compiler aware when it compiles itself.
  \item[3)] Add the Trojan horse.
  \item[4)] Compile.
  \item[5)] Delete Trojan horse from the sources of the compiler.
  \item[6)] Go on holiday for the rest of your life. ;o)\\[-7mm]\mbox{}


Compilers \& Boeings 777

First flight in 1994. They want to achieve triple redundancy in hardware

They compile 1 Ada program to\medskip

\item Intel 80486
\item Motorola 68040 (old Macintosh's)
\item AMD 29050 (RISC chips used often in laser printers)

using 3 independent compilers.\bigskip\pause

\small Airbus uses C and static analysers. Recently started using CompCert.



How many strings are in \bl{$L(a^*)$}? 

  \bl{$[]$} &  \bl{$a$} &  \bl{$aa$} & \bl{$aaa$} & \bl{$aaaa$} & \ldots\\
  \bl{0}  &  \bl{1} &  \bl{2}  & \bl{3}   & \bl{4}  & \ldots    



\Large\bf There are more problems, than there are

There must be a problem for which there is no program.


If \bl{$A \subseteq B$} then \bl{$A$} has fewer or equal elements 
than \bl{$B$}\bigskip\bigskip

\bl{$A \subseteq B$} and \bl{$B \subseteq A$}\bigskip

then \bl{$A = B$}

  Newton vs Feynman
  \includegraphics[scale=0.2]{../pics/newton.jpg} &
  classical physics & quantum physics

  The Goal of the Talk
  \item show you that something very unintuitive happens with very large sets	
  \item convince you that there are more {\bf problems} than {\bf programs}

     \bl{$B$ $=$ $\{$  
     \bl{$A$ $=$ $\{$  
       for \bl{$=$} has to be a {\bf one-to-one} mapping
        has to be a {\bf one-to-one} mapping};




\bl{$|A|$} $\dn$ ``how many elements''\bigskip\\

\bl{$A \subseteq B  \Rightarrow |A| \leq |B|$}\bigskip\\\pause

if there is an injective function \bl{$f: A \rightarrow B$} then \bl{$|A| \leq |B|$}\

\bl{\large$\forall x y.\; f(x) = f(y) \Rightarrow x = y$}


     $A$ $=$ $\{$  
     $B$ $=$ $\{$  
      then \bl{$|A|$ \alert{$=$} $|B|$}
\frametitle{Natural Numbers}

\bl{$\mathbb{N}$} \bl{$\dn$} \bl{$\{0, 1, 2, 3, .......\}$}\bigskip\pause 

\bl{$A$} is \alert{countable} iff \bl{$|A| \leq |\mathbb{N}|$}


\frametitle{First Question}

\bl{$|\mathbb{N} - \{0\}|   \;\;\;\alert{?}\;\;\;  |\mathbb{N}| $}\bigskip\bigskip 

\bl{$\geq$} or \bl{$\leq$} or \bl{$=$} ?

\bl{$x$ $\mapsto$ $x + 1$},\\  \bl{$|\mathbb{N} - \{0\}|$ $=$  


\bl{$|\mathbb{N} - \{0, 1\}|   \;\;\;\alert{?}\;\;\;  |\mathbb{N}| $}\bigskip\pause 

\bl{$|\mathbb{N} - \mathbb{O}|   \;\;\;\alert{?}\;\;\;  |\mathbb{N}| $}\bigskip\bigskip

\bl{$\mathbb{O}$} $\dn$ odd numbers\quad   \bl{$\{1,3,5......\}$}\\ \pause
\bl{$\mathbb{E}$} $\dn$ even numbers\quad   \bl{$\{0,2,4......\}$}\\


\bl{$|\mathbb{N} \cup \mathbb{-N}|   \;\;\;\alert{?}\;\;\;  |\mathbb{N}| $}\bigskip\bigskip

\bl{$\mathbb{\phantom{-}N}$} $\dn$ positive numbers\quad   \bl{$\{0,1,2,3,......\}$}\\
\bl{$\mathbb{-N}$} $\dn$ negative numbers\quad   \bl{$\{0,-1,-2,-3,......\}$}\\


\bl{$A$} is \alert{countable} if there exists an injective \bl{$f : A \rightarrow \mathbb{N}$}\bigskip

\bl{$A$} is \alert{uncountable} if there does not exist an injective \bl{$f : A \rightarrow \mathbb{N}$}\bigskip\bigskip 

countable:  \bl{$|A| \leq |\mathbb{N}|$}\\
uncountable:  \bl{$|A| > |\mathbb{N}|$}\pause\bigskip

Does there exist such an \bl{$A$} ?


  Hilbert's Hotel


  \item \ldots has as many rooms as there are natural numbers

 \begin{tabular}{c}Real Numbers between\\[-2mm] 0 and 1\end{tabular}

  \Large\bl{$|\mathbb{N}| < |R|$}


 The Set of Problems


  \large \bl{|Progs| $=$ $|\mathbb{N}|$ $<$ |Probs|}


\frametitle{Halting Problem}

Assume a program \bl{$H$} that decides for all programs \bl{$A$} and all 
input data \bl{$D$} whether\bigskip

\item \bl{$H(A, D) \dn 1$} iff \bl{$A(D)$} terminates
\item \bl{$H(A, D) \dn 0$} otherwise


\frametitle{Halting Problem (2)}

Given such a program \bl{$H$} define the following program \bl{$C$}:
for all programs \bl{$A$}\bigskip

\item \bl{$C(A) \dn 0$} iff \bl{$H(A, A) = 0$} 
\item \bl{$C(A) \dn$ loops} otherwise



\bl{$H(C, C)$} is either \bl{$0$} or \bl{$1$}.

\item \bl{$H(C, C) = 1$} $\stackrel{\text{def}\,H}{\Rightarrow}$ \bl{$C(C)\downarrow$} $\stackrel{\text{def}\,C}{\Rightarrow}$ \bl{$H(C, C)=0$} 
\item \bl{$H(C, C) = 0$} $\stackrel{\text{def}\,H}{\Rightarrow}$ \bl{$C(C)$} loops $\stackrel{\text{def}\,C}{\Rightarrow}$\\ 
\hspace{7cm}\bl{$H(C, C)=1$} 

Contradiction in both cases. So \bl{$H$} cannot exist.


  \frametitle{Take Home Points}
  \item there are sets that are more infinite than others\bigskip
  \item even  with the most powerful computer we can imagine, there 
  are problems that cannot be solved by any program\bigskip\bigskip
  \item in CS we actually hit quite often such problems (halting problem)


