Compilation Consistency Modulo Debug Information

Wang, Theodore Luo; Tian, Yongqiang; Dong, Yiwen; Xu, Zhenyang; Sun, Chengnian

doi:10.1145/3575693.3575740

Cited by 4 publications

(3 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(1) Csmith is adopted by a lot of compiler testing work [12,37,39] and has become the de facto default program generator in testing C compilers;…”

Section: Implementation and Evaluation Setupmentioning

confidence: 99%

“…In addition to optimization correctness, other issues in compilers such as incorrect debug information [17,39] and missed optimizations [37] have also been studied. Li et al [17] construct the so-called actionable programs to validate the debug information generated for optimized code.…”

Section: Related Workmentioning

confidence: 99%

“…Li et al [17] construct the so-called actionable programs to validate the debug information generated for optimized code. Dfusor [39] transforms a seed program into multiple variants and then uses them to find debug information inconsistencies. Dead [37] injects markers into dead regions of a program to find missed dead code eliminations in optimizing compilers.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

UBFuzz: Finding Bugs in Sanitizer Implementations

Li,

2024

Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems,

View full text Add to dashboard Cite

In this paper, we propose a testing framework for validating sanitizer implementations in compilers. Our core components are (1) a program generator specifically designed for producing programs containing undefined behavior (UB), and (2) a novel test oracle for sanitizer testing. The program generator employs Shadow Statement Insertion, a general and effective approach for introducing UB into a valid seed program. The generated UB programs are subsequently utilized for differential testing of multiple sanitizer implementations. Nevertheless, discrepant sanitizer reports may stem from either compiler optimization or sanitizer bugs. To accurately determine if a discrepancy is caused by sanitizer bugs, we introduce a new test oracle called crash-site mapping.We have incorporated our techniques into UBfuzz, a practical tool for testing sanitizers. Over a five-month testing period, UBfuzz successfully found 31 bugs in both GCC and LLVM sanitizers. These bugs reveal the serious false negative problems in sanitizers, where certain UBs in programs went unreported. This research paves the way for further investigation in this crucial area of study.CCS Concepts: • Software and its engineering → Compilers; • Security and privacy → Software and application security.

show abstract

“…(1) Csmith is adopted by a lot of compiler testing work [12,37,39] and has become the de facto default program generator in testing C compilers;…”

Section: Implementation and Evaluation Setupmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

UBFuzz: Finding Bugs in Sanitizer Implementations

Li,

2024

Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems,

View full text Add to dashboard Cite

show abstract

DTD: Comprehensive and Scalable Testing for Debuggers

Lu,

Liu,

Wang

et al. 2024

Proc. ACM Softw. Eng.

View full text Add to dashboard Cite

As a powerful tool for developers, interactive debuggers help locate and fix errors in software. By using debugging information included in binaries, debuggers can retrieve necessary program states about the program. Unlike printf-style debugging, debuggers allow for more flexible inspection and modification of program execution states. However, debuggers may incorrectly retrieve and interpret program execution, causing confusion and hindering the debugging process. Despite the wide usage of interactive debuggers, a scalable and comprehensive measurement of their functionality correctness does not exist yet. Existing works either fall short in scalability or focus more on the “compiler-side” defects instead of debugger bugs. To facilitate a better assessment of debugger correctness, we first propose and advocate a set of debugger testing criteria, covering both comprehensiveness (in terms of debug information covered) and scalability (in terms of testing overhead). Moreover, we design comparative experiments to show that fulfilling these criteria is not only theoretically appealing, but also brings major improvement to debugger testing. Furthermore, based on these criteria, we present DTD, a differential testing (DT) framework for detecting bugs in interactive debuggers. DTD compares the behaviors of two mainstream debuggers when processing an identical C executable — discrepancies indicate bugs in one of the two debuggers. DTD leverages a novel heuristic method to avoid the repetitive structures (e.g., loops) that exist in C programs, which facilitates DTD to achieve full debug information coverage efficiently. Moreover, we have also designed a Temporal Differential Filtering method to practically filter out the false positives caused by the uninitialized variables in common C programs. With these carefully designed techniques, DTD fulfills our proposed testing requirements and, therefore, achieves high scalability and testing comprehensiveness. For the first time, it offers large-scale testing for C debuggers to detect debugger behavior discrepancies when inspecting millions of program states. An empirical comparison shows that DTD finds 17× more error-triggering cases and detects 5× more bugs than the state-of-the-art debugger testing technique. We have used DTD to detect 13 bugs in the LLVM toolchain (Clang/LLDB) and 5 bugs in the GNU toolchain (GCC/GDB). One of our fixes has already landed in the latest LLDB development branch.

show abstract