Reconciling optimization with secure compilation

Software protections against side-channel and physical attacks are essential to the development of secure applications. Such meaningful at machine code or micro-architectural level, but they typically do not carry observable semantics source level. This renders them susceptible miscompilation, security engineers embed input/output side-effects prevent optimizing compilers from altering them. Yet these error-prone compiler-dependent. The current practice involves analyzing generated make sure privacy properties still enforced. These may also be too expensive in fine-grained such as control-flow integrity. We introduce observations program state that intrinsic correct execution protections, along with means specify preserve across compilation flow. complement semantics-preservation contract compilers. an opacification mechanism enforce a partial ordering observations. approach is compatible production compiler does incur any modification its optimization passes. validate effectiveness performance our on range benchmarks, expressing applications terms made specific points.