Proj CMI Paper Reading: Finding and understanding bugs in C compilers
Abstract
Motivation
“Compilers should be correct.”
Motivating Example-未定义行为
int foo(){signed char x = 1; unsigned char y = 255; return x < y;}
该函数在ubuntu patched版本下会返回1,而正常逻辑应该是0。
为此本文: Generates “random” C programs
- Covers a large subset of C
- Avoids undefined behaviors
- Avoids unspecified behaviors
生成目标:
- Well-formed and single meaning programs
- Maximize Expressiveness
Included & Excluded
Included
- Function definitions
- Global and local variable definitions
- Control flow (if-else, function calls, for, return, break, continue, goto)
- Signed and unsigned integers
- Arithmetic, logical, and bitwise operations
- struct: nested and bitwidth fields
- Arrays of and pointers to all supported types
- const and volatile
Excluded
- Strings
- Dynamic memory allocation
- floating-point types
- unions
- recursion
- function pointers
效果
- 3 years, 325 bug reports, All compilers had bugs: crashed or generated wrong code
