Software supply chain attacks are increasingly frequent and can be hard to guard against. Reproducible builds ensure that generated artifacts (executable programs) can be reliably created from their source code. However, the tools used by the build process are also vulnerable to supply chain attacks so a complete solution must also include reproducible builds for the various compilers used.

With this problem as our main motivation we explore the use of the widely available POSIX shell as the only trusted pre-built binary for the reproducible build process. We have developed \texttt{pnut}, a C to POSIX shell transpiler written in C that generates human-readable shell code. Because the compiler is self-applicable, it is possible to distribute a human-readable shell script implementing a C compiler that depends only on the existence of a POSIX compliant shell such as \texttt{bash}, \texttt{ksh}, \texttt{zsh}, etc. Together, \texttt{pnut} and the shell serve as the seed for a chain of builds that create increasingly capable compilers up to the most recent version of the GNU Compiler Collection (GCC) that is a convenient basis to build any other required tool in the toolchain. The end result is a complete build toolchain built only from a shell and human readable source files. We discuss the level of C language support needed to achieve our goal, the generation of portable POSIX shell code from C, and performance of the compiler and generated code.

Sun 20 Oct

Displayed time zone: Pacific Time (US & Canada) change

14:00 - 15:30
Software Language Design and Implementation ISLE at IBR East
Chair(s): L. Thomas van Binsbergen University of Amsterdam
14:00
30m
Talk
Concrete Syntax Metapatterns
SLE
Luka Miljak Delft University of Technology, Casper Bach Poulsen Delft University of Technology, Rosilde Corvino TNO-ESI
DOI
14:30
30m
Talk
Efficient Demand Evaluation of Fixed-Point Attributes Using Static Analysis
SLE
Idriss Riouak Department of Computer Science, Lund University, Sweden, Niklas Fors Lund University, Jesper Öqvist Cognibotics, Görel Hedin Lund University, Christoph Reichenbach Lund University
DOI Pre-print
15:00
30m
Talk
The Design of a Self-Compiling C Transpiler Targeting POSIX Shell
SLE
Laurent Huberdeau Université de Montréal, Cassandre Hamel Université de Montréal, Stefan Monnier Université de Montréal, Marc Feeley Université de Montréal
DOI