Author: regehr

  • Safe, Efficient, and Portable Rotate in C/C++

    Rotating a computer integer is just like shifting, except that when a bit falls off one end of the register, it is used to fill the vacated bit position at the other end. Rotate is used in encryption and decryption, so we want it to be fast. The obvious C/C++ code for left rotate is:…

  • Integer Undefined Behaviors in Open Source Crypto Libraries

    Crypto libraries should be beyond reproach. This post investigates integer-related undefined behaviors found in crypto code written in C/C++. Undefined behavior (UB) is bad because according to the standards, it destroys the meaning of any program that executes it. In practice, over the last decade compilers have become pretty smart about exploiting integer undefined behaviors…

  • A New Compiler Fuzzing Paper

    Google Scholar’s recommendation engine has turned out to be a great resource for learning about new papers. Recently this paper about compiler fuzzing turned up in my feed and I was hooked after noticing that they claim to find a lot more compiler bugs during a 12-hour fuzzing run than Csmith can find. The work…

  • Producing Good Software From Academia

    Writing and maintaining good software from academia isn’t easy. I’ve been thinking about this because last week my student Yang Chen defended his thesis. While I’m of course very happy for him, I’m also depressed since Yang’s departure will somewhat decimate the capacity of my group to rapidly produce good code. Yang looked over my…

  • Trust, But Verify

    CompCert is an optimizing C compiler whose output provably has the same semantics as its input, at least when the input programs are conforming. Of course this high-level view sweeps a huge number of details under the rug. If we want to gain confidence in CompCert’s correctness we’ll need to either dig into these details…

  • Sometimes Compilers are Cute

    regehr@john-home ~ $ clang -Os -S -o – foo.c foo1: movb %sil, %cl roll %cl, %edi movl %edi, %eax ret foo2: movb %sil, %cl rorl %cl, %edi movl %edi, %eax ret foo3: bswapl %edi movl %edi, %eax ret foo4: bswapl %edi movl %edi, %eax ret regehr@john-home ~ $ gcc -Os -S -o – foo.c foo1:…

  • Irreducible Test Cases

    Automated test case reduction is a search-based procedure for taking a large input that triggers a bug and turning it into a smaller input that triggers the same bug. I won’t go into the whole rationale for reducers but in general, for given bug, we always prefer to trigger it using a test case that…

  • Any Way You Want

    Sometimes computer scientists get carried away making shiny new things and we forget that these things will eventually need to be used by human beings. My favorite story along these lines came from an invited conference talk by an architect of the cell processor, which was shiny and new at the time — this was around…

  • A Few Panoramas

    In the early 2000s, decent digital cameras were new and I was obsessed with stitching photos into panoramas. At the time the software sucked and doing a good job was a lot of work. However, I assembled plenty of them and figured out how to get them printed and my house is somewhat littered with…

  • Fuzzer Puzzle

    A recent post on the CERT/CC blog says: … BFF 2.7 and FOE 2.1 do have an optional feature that in our testing drastically increases the number of uniquely-crashing test cases: crasher recycling. When enabled, the frameworks will add [a] uniquely-crashing test case back into the pool of seed files for further fuzzing. When crashing…