Crellvm: verified credible compilation for LLVM

Kang, Jeehoon; Kim, Yoonseung; Song, Youngju; Lee, Jun-Young; Park, Sanghoon; Shin, Mark Dongyeon; Kim, Yonghyun; Cho, Sungkeun; Choi, Joonwon; Hur, Chung-Kil; Yi, Kwangkeun

doi:10.1145/3296979.3192377

Cited by 6 publications

(4 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We use random testing to induce crash bugs and we combine it with translation validation and symbolic execution based on formal Z3 semantics to detect semantic bugs using the same programs. This is a departure from prior compiler bug finding that relies almost exclusively on methods from either random testing [26,48] or formal methods [23,30,33].…”

Section: Lessons Learnedmentioning

confidence: 82%

Gauntlet: Finding Bugs in Compilers for Programmable Packet Processing

Ruffy,

Wang,

Sivaraman

2020

Preprint

View full text Add to dashboard Cite

Programmable packet-processing devices such as programmable switches and network interface cards are becoming mainstream. These devices are programmed in a domainspecific language such as P4, using a compiler to translate packet-processing programs into instructions for different targets. As networks with programmable devices become widespread, it is critical that these compilers are dependable.This paper considers the problem of finding bugs in compilers for packet processing in the context of P4 16 . We introduce domain-specific techniques to induce both abnormal termination of the compiler (crash bugs) and miscompilation (semantic bugs). We apply these techniques to (1) the opensource P4 compiler (P4C) infrastructure, which serves as a common base for different P4 back ends; (2) the P4 back end for the P4 reference software switch; and (3) the P4 back end for the Barefoot Tofino switch.Across the 3 platforms, over 4 months of bug finding, our tool Gauntlet detected 78 new and distinct bugs (47 crash and 31 semantic), which we confirmed with the respective compiler developers. 44 have been fixed (27 crash and 17 semantic); the remaining have been assigned to a developer. Our bug-finding efforts also led to 6 P4 specification changes. We have open sourced Gauntlet at https://github.com/p4gauntlet.

show abstract

Section: Lessons Learnedmentioning

confidence: 82%

Gauntlet: Finding Bugs in Compilers for Programmable Packet Processing

Ruffy,

Wang,

Sivaraman

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…Research on hyperproperties [9] and on relational verification [3] relates the behaviors of a single program on multiple inputs or of multiple programs on the same input. Typical problems studied include equivalence checking [28,34,51,54], information flow security [47], and verifying the correctness of code transformations [27]. Various logical formulations, such as Hoare-style partial equivalence [17], and techniques such as differential symbolic execution [52,54] have been explored.…”

Section: Related Workmentioning

confidence: 99%

Continuously reasoning about programs using differential Bayesian inference

Heo

Raghothaman

et al. 2019

Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

Programs often evolve by continuously integrating changes from multiple programmers. The effective adoption of program analysis tools in this continuous integration setting is hindered by the need to only report alarms relevant to a particular program change. We present a probabilistic framework, Drake, to apply program analyses to continuously evolving programs. Drake is applicable to a broad range of analyses that are based on deductive reasoning. The key insight underlying Drake is to compute a graph that concisely and precisely captures differences between the derivations of alarms produced by the given analysis on the program before and after the change. Performing Bayesian inference on the graph thereby enables to rank alarms by likelihood of relevance to the change. We evaluate Drake using SparrowÐa static analyzer that targets buffer-overrun, format-string, and integer-overflow errorsÐon a suite of ten widely-used C programs each comprising 13kś112k lines of code. Drake enables to discover all true bugs by inspecting only 30 alarms per benchmark on average, compared to 85 (3× more) alarms by the same ranking approach in batch mode, and 118 (4× more) alarms by a differential approach based on syntactic masking of alarms which also misses 4 of the 26 bugs overall. CCS Concepts • Software and its engineering → Automated static analysis; Software evolution; • Mathematics of computing → Bayesian networks.

show abstract

“…Examples include equivalence‐modulo‐inputs testing (EMI) [21–23], where equivalent programs are derived from an original programe by applying code mutations that, thanks to coverage analysis, are known to have no effect for particular inputs; the application of more general semantics‐preserving transformations to create families of equivalent programs [24‐26]; and generation of programs that are equivalent by construction [27]. Again, concurrency‐induced nondeterminism makes the assumption on which these methods depend unsustainable. Formal approaches have been used to verify the correctness of peephole optimizations in LLVM [28] and to certify that particular LLVM optimizations lead to generation of correct code [29], but these approaches only relate to sequential code optimizations. Ševčík et al [30] and Beringer et al [31] have both extended the CompCert verified compiler [32] to handle concurrent C. However, similar proofs about mainstream compilers would be infeasible. They could also be quite fragile, given that the interpretation of the C11 concurrency semantics is still not a completely settled matter [33,34].…”

Section: Introductionmentioning

confidence: 99%

“…Formal approaches have been used to verify the correctness of peephole optimizations in LLVM [28] and to certify that particular LLVM optimizations lead to generation of correct code [29], but these approaches only relate to sequential code optimizations.…”

Section: Introductionmentioning

confidence: 99%

High‐coverage metamorphic testing of concurrency support in C compilers

Windsor

Donaldson

Wickerson

2022

Software Testing Verif & Rel

View full text Add to dashboard Cite

SummaryWe present a technique and automated toolbox for randomized testing of C compilers. Unlike prior compiler‐testing approaches, we generate concurrent test cases in which threads communicate using fine‐grained atomic operations, and we study actual compiler implementations rather than abstract mappings. Our approach is (1) to generate test cases with precise oracles directly from an axiomatization of the C concurrency model; (2) to apply metamorphic fuzzing to each test case, aiming to amplify the coverage they are likely to achieve on compiler codebases; and (3) to execute each fuzzed test case extensively on a range of real machines. Our tool, C4, benefits compiler developers in two ways. First, test cases generated by C4 can achieve line coverage of parts of the LLVM C compiler that are reached by neither the LLVM test suite nor an existing (sequential) C fuzzer. This information can be used to guide further development of the LLVM test suite and can also shed light on where and how concurrency‐related compiler optimizations are implemented. Second, C4 can be used to gain confidence that a compiler implements concurrency correctly. As evidence of this, we show that C4 achieves high strong mutation coverage with respect to a set of concurrency‐related mutants derived from a recent version of LLVM and that it can find historic concurrency‐related bugs in GCC. As a by‐product of concurrency‐focused testing, C4 also revealed two previously unknown sequential compiler bugs in recent versions of GCC and the IBM XL compiler.

show abstract

Crellvm: verified credible compilation for LLVM

Cited by 6 publications

References 38 publications

Gauntlet: Finding Bugs in Compilers for Programmable Packet Processing

Gauntlet: Finding Bugs in Compilers for Programmable Packet Processing

Continuously reasoning about programs using differential Bayesian inference

High‐coverage metamorphic testing of concurrency support in C compilers

Contact Info

Product

Resources

About