An important objective for low-level software security research is to develop techniques that make it harder to launch attacks that exploit implementation details of the system under attack. Baltopoulos and Gordon have summarized this as the principle of source-based reasoning for security: security properties of a software system should follow from review of the source code and its source-level semantics, and should not depend on details of the compiler or execution platform. Whether the principle holds - or to what degree - for a particular system depends on the attacker model. If an attacker can only provide input to the program under attack, then the principle holds for any safe programming language. However, for more powerful attackers...