Debootstrap** without Archeology: Stacked Implementations in Camlboot
Authors:
Nathanaëlle Courant,
Julien Lepiller,
Gabriel Scherer
Abstract:
Context: It is common for programming languages that their reference implementation is implemented in the language itself. This requires a "bootstrap": a copy of a previous version of the implementation is provided along with the sources, to be able to run the implementation itself. Those bootstrap files are opaque binaries; they could contain bugs, or even malicious changes that could reproduce t…
▽ More
Context: It is common for programming languages that their reference implementation is implemented in the language itself. This requires a "bootstrap": a copy of a previous version of the implementation is provided along with the sources, to be able to run the implementation itself. Those bootstrap files are opaque binaries; they could contain bugs, or even malicious changes that could reproduce themselves when running the source version of the language implementation -- this is called the "trusting trust attack". For this reason, a collective project called Bootstrappable was launched in 2016 to remove those bootstraps, providing alternative build paths that do not rely on opaque binaries.
Inquiry: Debootstrap** generally combines a mix of two approaches. The "archaeological" approach works by locating old versions of systems, or legacy alternative implementations, that do not need the bootstrap, and by preserving or restoring the ability to run them. The "tailored" approach re-implements a new, non-bootstrapped implementation of the system to debootstrap. Currently, the "tailored" approach is dominant for low-level system components (C, coreutils), and the "archaeological" approach is dominant among the few higher-level languages that were debootstrapped.
Approach: We advocate for the benefits of "tailored" debootstrap** implementations of high-level languages. The new implementation needs not be production-ready, it suffices that it is able to run the reference implementation correctly. We argue that this is feasible with a reasonable development effort, with several side benefits besides debootstrap**.
Knowledge: We propose a specific design of composing/stacking several implementations: a reference interpreter for the language of interest, implemented in a small subset of the language, and a compiler for this small subset (in another language). Develo** a reference interpreter is valuable independently of debootstrap**: it may help clarify the language semantics, and can be reused for other purposes such as differential testing of the other implementations.
Grounding: We present Camlboot, our project to debootstrap the OCaml compiler, version 4.07. Once we converged on this final design, the last version of Camlboot took about a person-month of implementation effort, demonstrating feasibility. Using diverse double-compilation, we were able to prove the absence of trusting trust attack in the existing bootstrap of the standard OCaml implementation.
Importance: To our knowledge, this document is the first scholarly discussion of "tailored" debootstrap** for high-level programming languages. Debootstrap** is an interesting problem which recently grew an active community of free software contributors, but so far the interactions with the programming-language research community have been minimal. We share our experience on Camlboot, trying to highlight aspects that are of interest to other language designers and implementors; we hope to foster stronger ties between the Bootstrappable project and relevant academic communities. In particular, the debootstrap** experience has been an interesting reflection on OCaml design and implementation, and we hope that other language implementors would find it equally valuable.
△ Less
Submitted 18 February, 2022;
originally announced February 2022.
Optimal Covid-19 Pool Testing with a priori Information
Authors:
Marc Beunardeau,
Éric Brier,
Noémie Cartier,
Aisling Connolly,
Nathanaël Courant,
Rémi Géraud-Stewart,
David Naccache,
Ofer Yifrach-Stav
Abstract:
As humanity struggles to contain the global Covid-19 infection, prophylactic actions are grandly slowed down by the shortage of testing kits. Governments have taken several measures to work around this shortage: the FDA has become more liberal on the approval of Covid-19 tests in the US. In the UK emergency measures allowed to increase the daily number of locally produced test kits to 100,000. Chi…
▽ More
As humanity struggles to contain the global Covid-19 infection, prophylactic actions are grandly slowed down by the shortage of testing kits. Governments have taken several measures to work around this shortage: the FDA has become more liberal on the approval of Covid-19 tests in the US. In the UK emergency measures allowed to increase the daily number of locally produced test kits to 100,000. China has recently launched a massive test manufacturing program. However, all those efforts are very insufficient and many poor countries are still under threat. A popular method for reducing the number of tests consists in pooling samples, i.e. mixing patient samples and testing the mixed samples once. If all the samples are negative, pooling succeeds at a unitary cost. However, if a single sample is positive, failure does not indicate which patient is infected. This paper describes how to optimally detect infected patients in pools, i.e. using a minimal number of tests to precisely identify them, given the a priori probabilities that each of the patients is healthy. Those probabilities can be estimated using questionnaires, supervised machine learning or clinical examinations. The resulting algorithms, which can be interpreted as informed divide-and-conquer strategies, are non-intuitive and quite surprising. They are patent-free. Co-authors are listed in alphabetical order.
△ Less
Submitted 11 May, 2020; v1 submitted 6 May, 2020;
originally announced May 2020.