Static CrossVersion Compiler Validation Chris Hawblitzel Shuvendu K Lahiri Microsoft Research Kshama Pawar Hammad Hashmi Sedar Gokbulut Lakshan Fernando Dave Detlefs Scott ID: 784984
Download The PPT/PDF document "Will You Still Compile Me Tomorrow" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Will You Still Compile Me Tomorrow?Static Cross-Version Compiler Validation
Chris Hawblitzel, Shuvendu K.
Lahiri
(Microsoft Research)
Kshama
Pawar, Hammad Hashmi, Sedar Gokbulut, Lakshan Fernando, Dave Detlefs,
Scott
Wadsworth
(Microsoft CLR Test Team)
Slide2Finding compiler bugs+ high automation- limited coverage
+ covers all inputs
- false alarms
+ covers all programs
- not automated
Compiler
Source program
Assembly code
Test
input
Testing
Output
Compiler
Source program
Assembly code
Automated theorem
prover
Validation
Compiler
Interactive theorem
prover
Verification
Slide3Cross-version validationCompiler
version 4.0
Source program
Assembly code
Automated theorem
prover
Compiler
version 4.5
Source program
Assembly code
mov
EAX, EDX
and
EAX, 255
push
EAX
mov
EDX, 0x100000
call WriteInternalFlag2
ret
push
ESI
mov
ESI, EDXand ESI
, 255push ESImov EDX, 0x100000call WriteInternalFlag2pop ESIret
compare similar code
fewer false alarms
Slide4Validation across various dimensions
x86
ARM
ARM
+optimizations
v1
v2
v3
Versions
x
86
+optimizations
v4
Assembly code
Assembly code
Assembly code
Assembly code
Assembly code
Assembly code
Slide5Tools: SymDiff, Boogie, Z3
Compiler
version 4.0
Source program
Assembly code
Boogie program verifier
Compiler
version 4.5
Source program
Assembly code
...
push ESI
...
Z3
automated theorem
prover
SymDiff
equivalence verifier
...
Mem
:=
Store4(...
esi
...);
esp
:= SUB(
esp
,
imm
(4
));
...
Boogie
program
Boogie
program
Combined Boogie program
Verification
condition
Slide6Encoding assembly languageEncode one method at a timecalls are uninterpretedinlining not yet supported
Our encoding is not
entirely
sound
mathematical integers vs. 32-bit vectorsZ3 supports both, but reasoning about integers is fastern
on-aliasing assumptionsdisjoint regions for stack, heap, static dataFloating point, switch tables, etc.Complex instructionsrep stosb:
i. edx
i edx+ecx
Mem[i] == al
Slide7Month-to-month results (ARM)
Slide8Cross-architecture, optimization
Slide9Fault injection (ARM)
Slide10Counterexample tracesHelps user find where program execution diverged
Used by automated root cause analysis
Slide11Root cause analysis
Slide12Bucketing
Based on root cause analysis
Users write bucket descriptions
Slide13ConclusionsSome statistics:methods analyzed: > 500,000
n
ew bugs found:
12
false alarm rate, month-to-month versions: 2.2%false alarm rate, opt vs. unopt, ARM vs x86: >
20%speed: 13 seconds per methodSources of false alarms:aliasing, run-time system calls, embedded addresses, ...
Counterexample traces, root cause analysis essential