-
Trust, But Verify
CompCert is an optimizing C compiler whose output provably has the same semantics as its input, at least when the input programs are conforming. Of course this high-level view sweeps a huge number of details under the rug. If we want to gain confidence in CompCert’s correctness we’ll need to either dig into these details…
-
Sometimes Compilers are Cute
regehr@john-home ~ $ clang -Os -S -o – foo.c foo1: movb %sil, %cl roll %cl, %edi movl %edi, %eax ret foo2: movb %sil, %cl rorl %cl, %edi movl %edi, %eax ret foo3: bswapl %edi movl %edi, %eax ret foo4: bswapl %edi movl %edi, %eax ret regehr@john-home ~ $ gcc -Os -S -o – foo.c foo1:…
-
Irreducible Test Cases
Automated test case reduction is a search-based procedure for taking a large input that triggers a bug and turning it into a smaller input that triggers the same bug. I won’t go into the whole rationale for reducers but in general, for given bug, we always prefer to trigger it using a test case that…
-
Any Way You Want
Sometimes computer scientists get carried away making shiny new things and we forget that these things will eventually need to be used by human beings. My favorite story along these lines came from an invited conference talk by an architect of the cell processor, which was shiny and new at the time — this was around…
-
Fuzzer Puzzle
A recent post on the CERT/CC blog says: … BFF 2.7 and FOE 2.1 do have an optional feature that in our testing drastically increases the number of uniquely-crashing test cases: crasher recycling. When enabled, the frameworks will add [a] uniquely-crashing test case back into the pool of seed files for further fuzzing. When crashing…
-
Levels of Fuzzing
Differential Testing for Software is one of my favorite papers about software testing: it is one of the few pre-delta-debugging papers to describe automated test-case reduction and it contains many pieces of wisdom about software testing in general and random testing in particular. One of them outlines a hierarchy of test case generation strategies: For…
-
Guidelines for Research on Finding Bugs
There’s a lot of research being done on finding bugs in software systems. I do some of it myself. Finding bugs is attractive because it is a deep problem, because it’s probably useful work, and because — at least for some people — finding bugs is highly entertaining. This piece contains a few thoughts about…
-
Are Compilers Getting More or Less Reliable?
Earlier this summer, Miod Vallat of the OpenBSD project posted some thoughts about compiler reliability. His thesis is that in the good old days of GCC 2.5 through 2.7, the compiler pretty much just worked and you could trust it to emit correct code. Subsequently, the level of code churn in GCC increased for several…
-
Jay
Jay Lepreau died five years ago today; I wanted to share a few thoughts about him. In spring 2000 I had a year of school left. Sarah had graduated and gotten several job offers; Utah was one of them. This seemed like a bit of an odd choice for us except that Jay flew me…
-
Counting to 4 Billion Really Fast
Before teaching today I wrote a silly program to make sure that the bitwise complement of any 32-bit value is equal to one less than the two’s complement negation of that value: When the program terminated without any perceptible delay, I figured there was a bug, but nope: the code is good. It turns out…