tim Burrell of microsoft’s secure Windows Initiative describing the Phoenix compiler and automated vulnerability finding
at the eusec West conference, may 2008, London, u.K.
recommendations:
Enable the creation of compiler research centers. There are few large
compiler research groups anywhere in
the world today. At universities, such
groups typically consist of a senior researcher and a few students, and their
projects tend to be short term, usually
only as long as a Ph.D. project. Meanwhile, the few industrial groups studying advanced compiler technology tend
to focus on near-term solutions, even
as the compilers, the programs they
translate and analyze, and the target execution environments have increased in
complexity. The result is that too much
of today’s compiler research focuses on
narrow problems, ignoring the opportunity to develop revolutionary strategies requiring long-term commitment
for their development and evaluation.
In those areas of compiler research
seeing diminishing returns today from
incremental approaches (such as program analysis and optimization), researchers must attempt radical new solutions that are likely to be lengthy and
involved. The compiler research community (university and industry) must
work together to develop a few large
projects or centers where long-term
research projects with the support of a
stable staff are carried out. Industry and
funding agencies must work together to
stimulate and create opportunities for
the initiation of these centers. Joint in-dustry/government funding must support the ongoing evolution and maintenance of the software.
Create significant university/industry/
government partnerships for the development of infrastructure and the gathering
of benchmarks while funding individual
projects at universities and other research
centers. Implementation and experimentation are central to the compiler
area. New techniques and tools, as well
as new implementations of known approaches, can be meaningfully evaluated only after they are incorporated
into industrial-strength compiler infrastructures with state-of-the-art optimizations and code-generation strategies. The absence of widely accepted
compiler research platforms has hindered research efforts in compiler
technology, design of new programming languages, and development of
optimizations for new machine architectures. The development of complete
compilers requires an immense effort
typically beyond the ability of a single
research group. Source code is now
available for the GNU compiler and for
other compilers developed by industry (such as IBM’s Java Jikes compiler,
Intel’s Open Research Compiler, and
Microsoft’s Phoenix framework). They
may yet evolve into the desired infrastructure, but none currently meets all
the needs of the community.
Experimental studies require
benchmarks that are representative
of the most important applications at
the time of the evaluation, meaning
the process of gathering representative
programs is a permanent process. Numerous efforts have sought to gather
benchmarks, but the collections tend
to be limited and are often complicated by doubts as to how representative
they truly are. A serious difficulty is that
many widely used programs are proprietary. In domains where open source
applications might represent proprietary software, it would suffice for the
purpose of evaluating compilers to
make use of open source versions that
66 CommunICatIons of the aCm | feBRuaRY 2009 | vol. 52 | No. 2
outperform their proprietary counterparts; representative input data sets
must accompany any set of benchmarks. Also desirable is a description
of the algorithms and data structures
to enable research in new programming languages and extensions that
may be better suited for expressing the
computation.
Federal agencies and industry must
collaborate to establish the necessary
funding opportunities and incentives
that will move compiler specialists at
universities and industry to address the
research infrastructure and benchmark
challenges. Funding opportunities
should also be made available for smaller academic studies and development
efforts. The computer science community has achieved notable success in
developing novel compiler infrastructures, including: compiler front-end
development; program-analysis frameworks for research in compilers; verification tools, security applications, and
software-engineering tools; and virtual-machine frameworks for both mainstream and special-purpose languages.
Even if the GNU and industry-developed
compilers were a useful infrastructure
for research, development of new robust, easy-to-use infrastructures by the
researchers who need them are critical
for future advances. Not only is it important to support such research projects,
the research community must recognize their academic merit.
Develop methodologies and repositories that enable the comparison of methods and reproducibility of results. The
reproducibility of results is critical for
comparing the strategies, machines,
languages, and problem domains. Too
much of the information available to-
Photogra Ph by ryo hirosa Wa