This morning I reported the 200th bug found by our compiler testing tool. It is a new way to crash GCC. The failure-inducing input is not pretty so I won’t give it here, but it can be found in GCC’s bugzilla. Although the testing tool is now entirely developed by some excellent PhD students, I have remained the primary bug reporting person. It is basically grunt work but it keeps me technically involved with the project.
It took us about two years of real time and maybe three person-years of effort to find these 200 bugs. When will we reach 300? It’s not clear. On one hand, our testing tool is becoming extremely powerful and we are branching out into more target architectures. On the other hand, both GCC and LLVM have developed a significant degree of immunity to our tests. The co-evolution of the testing tool and the tested systems has been interesting to watch and I hope to write more about this at some point. In any case, at this point our tester is the bottleneck for reporting bugs in LLVM and GCC (for x86/x64 and for the most common compiler flags, at least). For most other compilers we have looked at, the bottleneck is either in creating good bug reports — this is time consuming — or in the compiler team’s ability (and sometimes, unfortunately, willingness) to fix the bugs that we report.
Our (generally) uncomplaining and silent partners in this effort are the compiler developers who fix the bugs that we report. I often watch the progress of each bug report as it is confirmed, discussed, and eventually fixed. Over the course of this project I’ve become very impressed with the kind of hacking talent the LLVM and GCC projects have attracted. Hopefully their effort, and ours, is well-spent and in the long run we will end up with several highly reliable open-source compilers.
Finally, I should add that we are exceptionally grateful to DARPA for funding this effort.