co compiler er fuzzi zzing g ho how much does it matter
play

Co Compiler er Fuzzi zzing: g: Ho How Much Does It Matter? - PDF document

Dec 04, 2022 •197 likes •317 views

Co Compiler er Fuzzi zzing: g: Ho How Much Does It Matter? Michal Marcozzi, Qiyi Tang, Cristian Cadar, Alastair Donaldson 10th South of England Regional Programming Language Seminar (S-REPLS 10) Bi Birk rkbeck, , Un University of of

  1. Co Compiler er Fuzzi zzing: g: Ho How Much Does It Matter? Michaël Marcozzi, Qiyi Tang, Cristian Cadar, Alastair Donaldson 10th South of England Regional Programming Language Seminar (S-REPLS 10) Bi Birk rkbeck, , Un University of of L Lon ondon on, 18 18 Se September 2018 2018 Outline Outline 1. About compiler fuzzing 2. Measuring the impact of a compiler bug 3. Impact of compiler bugs found by fuzzing: ongoing study 4. Preliminary conclusion 2

  2. Outline Outline 1. About compiler fuzzing 2. Measuring the impact of a compiler bug 3. Impact of compiler bugs found by fuzzing: ongoing study 4. Preliminary conclusion 3 Com Compilers • Core component of software development toolchain • Often relied on with some kind of blind confidence • But vulnerable to all issues affecting software, including bugs : per month per month 4 [Sun et al., ISSTA’16]

  3. Com Compiler bugs • Consequence of a compiler bug: • Compiler crash : • Assertion violation, internal error, segfault, timeout, RAM exhaustion… • Moderate severity: does not affect the compiled app at production time • Wrong-code generation : • The compiler silently emits target code not semantically equivalent to source • Critical severity: can go unnoticed until the compiled app misbehaves in production • Main rationale for extensive compiler verification ! • Approaches to extensive compiler verification: formal proof and fuzzing 5 Compiler fuzzing (1/2) Com • Automated random testing of compilers • Recently attracted much research , following CSmith tool [Yang et al., PLDI’11] • Researchers found solutions to common test automation challenges : • Input generation: create bug-triggering input programs for compilers • Oracle production: detect when wrong-code generation occurs • Test reduction: find the minimal miscompiled part of a program 6

  4. Compiler fuzzing (2/2) Com • Fuzzers reported many bugs in mainstream open-source C/C++ compilers: • Csmith [Yang et al., PLDI’11] : 400+ bugs in GCC/LLVM • EMI [Le et al., PLDI’14] : 1500+ bugs in GCC/LLVM • Orange [Nakamura et al., APCCAS’16] : 50+ bugs in GCC/LLVM • Yarpgen (Intel): 140+ bugs in GCC/LLVM • How much do these bugs make real apps fail in production? 2 threats to impact: • Fuzzers find bugs that occur when compiling artificial , randomly created apps • Miscompilations can be spotted when apps are tested and never reach production • Our goal : measure the actual impact of these bugs over real apps 7 Outline Outline 1. About compiler fuzzing 2. Measuring the impact of a compiler bug 3. Impact of compiler bugs found by fuzzing: ongoing study 4. Preliminary conclusion 8

  5. Outline Outline 1. About compiler fuzzing 2. Measuring the impact of a compiler bug 3. Impact of compiler bugs found by fuzzing: ongoing study 4. Preliminary conclusion 9 on (1/2) Bug impact estimation Bu • Bugs in open-source compilers are reported on compiler web site • A bug report typically contains: • Sample source code triggering bug • Discussion of priority and fix by compiler developers • SVN/Git revision number N fix where fix was applied and passed regression tests 10

  6. on (2/2) Bu Bug impact estimation • Given an app to compile, we consider 3 impact levels for a compiler bug : • Level 1: buggy compiler code is triggered (compiler dynamic time) • Level 2: faulty binary app code is generated (application static time) • Level 3: faulty binary code is spotted during app testing (application dynamic time) • Trusting the fix proposed by compiler developers, we have: • At N fix -1, the bad buggy compiler • At N fix , the good fixed compiler • We use good and bad compilers to estimate the bug level for an app 11 Es Estim timating ting le level l 1 im impa pact LLVM bug #26323 Warning? Cop 12

  7. Es Estim timating ting le level l 2 im impa pact Mismatch? 13 Es Estim timating ting le level l 3 im impa pact Mismatch? 14

  8. Outline Outline 1. About compiler fuzzing 2. Measuring the impact of a compiler bug 3. Impact of compiler bugs found by fuzzing: ongoing study 4. Preliminary conclusion 15 Outline Outline 1. About compiler fuzzing 2. Measuring the impact of a compiler bug 3. Impact of compiler bugs found by fuzzing: ongoing study 4. Preliminary conclusion 16

  9. Com Compiler bugs sampling For each (fuzzer, compiler) pair, we picked 15 high-priority bugs: • Triggering wrong-code generation • Can be easily reproduced on a at most 10 years old x86/Linux config • Confirmed by compiler developers and ranked at least P3/normal • Fix provided in isolation of other code changes GCC LLVM Csmith (fuzzer) 15 15 EMI (fuzzer) 15 15 Orange (fuzzer) 15 all (6) Intel Yarpgen (fuzzer) 15 all (4) Alive (model-checking) n.a. all (8) User-reported 15 15 TOTAL 75 63 17 Ap Application samp mpling • 79 applications for a total of 3.6M lines of code (and more to come) • Part of the Ubuntu Minimal Linux distribution: • C or C++ only • Can be compiled with most recent versions of GCC/LLVM • System utilities, network protocols, DBMS, compression, text processing… • Examples : SQLite, Coreutils, Bzip2, Bash… 18

  10. Ong Ongoing s ing study tudy • Measure bug impact level for each of the 10,902 (bug, application) pairs Ø Evaluate fuzzers ability to find bugs impacting real code (level 1 & 2) Ø Compare this ability: • Between each of the four fuzzers • Between the fuzzer and the model-checking tool • Between using the fuzzers or considering user-reported bugs Ø Evaluate fuzzers ability to find bugs unseen by app test suites (level 2 ¬ 3) • Preliminary result : some bugs have level-2 impact for 47% of applications 19 Outline Outline 1. About compiler fuzzing 2. Measuring the impact of a compiler bug 3. Impact of compiler bugs found by fuzzing: ongoing study 4. Preliminary conclusion 20

  11. Outline Outline 1. About compiler fuzzing 2. Measuring the impact of a compiler bug 3. Impact of compiler bugs found by fuzzing: ongoing study 4. Preliminary conclusion 21 Pr Preliminary co conclusion • Hard to have a proper conclusion without full results • Nice to remember that: • Compilers are full of bugs (hundreds are fixed every month) • These bugs can make your app fail even if code is correct and no compiler warning • Future news about this project on our group website : https://srg.doc.ic.ac.uk • My personal website : www.marcozzi.net 22

Recommend

Subject Matter Compiler-based code improvement techniques > Sometimes called

Subject Matter Compiler-based code improvement techniques > Sometimes called

C OMP 512 This is C OMP 512 Advanced Compiler Construction Subject Matter Compiler-based code improvement techniques > Sometimes called optimization Analysis required to support them > No vector or multiprocessor

438 views • 20 slides
Compiler Fuzzing: How Much Does It Matter? Michal Marcozzi* Qiyi Tang* Alastair F.

Compiler Fuzzing: How Much Does It Matter? Michal Marcozzi* Qiyi Tang* Alastair F.

Compiler Fuzzing: How Much Does It Matter? Michal Marcozzi* Qiyi Tang* Alastair F. Donaldson Cristian Cadar * The presented experimental study has been carried out equally by M. Marcozzi and Q. Tang. Outline 1. Context: compiler

684 views • 45 slides
Chapter Front matter Course Script INF 5110: Compiler con- struction INF5110, spring 2019

Chapter Front matter Course Script INF 5110: Compiler con- struction INF5110, spring 2019

1 Front matter 1 Chapter Front matter Course Script INF 5110: Compiler con- struction INF5110, spring 2019 Martin Steffen Contents ii Contents 1 Front matter 1 2 Main matter 1 3 Grammars 2 3.1 Targets . . . . . . . . . . . . .

688 views • 34 slides
Compiler Fuzzing: How Much Does It Matter? ~ research published at the SPLASH19 OOPSLA

Compiler Fuzzing: How Much Does It Matter? ~ research published at the SPLASH19 OOPSLA

Sminaire VERIMAG Grenoble, 21/02/2020 Compiler Fuzzing: How Much Does It Matter? ~ research published at the SPLASH19 OOPSLA conference ~ *Michal Marcozzi 1 *Qiyi Tang 2 Alastair F. Donaldson 3,1 Cristian Cadar 1 * The presented experimental

894 views • 73 slides
11/8/2012 The Structure of a Compiler (2) The Structure of a Compiler (1) Any compiler must

11/8/2012 The Structure of a Compiler (2) The Structure of a Compiler (1) Any compiler must

11/8/2012 The Structure of a Compiler (2) The Structure of a Compiler (1) Any compiler must perform two major tasks Sourc rce Progra ram Tokens Syntactic Semantic Scanner Parser Structure re Routines (Chara racter r St Stre

690 views • 22 slides
Compiler Construction Chapter 11 1 Compiler Construction Compiler Construction A New Compiler

Compiler Construction Chapter 11 1 Compiler Construction Compiler Construction A New Compiler

Compiler Construction Chapter 11 1 Compiler Construction Compiler Construction A New Compiler Perhaps a new source language Perhaps a new target for an existing compiler Perhaps both 2 Compiler Construction Compiler Construction

661 views • 18 slides
ATMOSPHERIC COMPOSITION CHANGE AT HIGH ELEVATIONS Sandro Fuzzi Institute of Atmospheric Sciences

ATMOSPHERIC COMPOSITION CHANGE AT HIGH ELEVATIONS Sandro Fuzzi Institute of Atmospheric Sciences

ATMOSPHERIC COMPOSITION CHANGE AT HIGH ELEVATIONS Sandro Fuzzi Institute of Atmospheric Sciences and Climate National Research Council Bologna, Italy Atmospheric change, Atmospheric change, environment, climate environment, climate

645 views • 27 slides
The Nature of Matter 1 12/6/16 Matter & Energy Matter Matter is the "stuff"

The Nature of Matter 1 12/6/16 Matter & Energy Matter Matter is the "stuff"

12/6/16 The Nature of Matter 1 12/6/16 Matter & Energy Matter Matter is the "stuff" of the universe. Matter is anything that occupies space and has mass . Matter exists as a solid, liquid, gas, and plasma . Matter

595 views • 36 slides
252-210: Compiler Design 1.1 Simple compiler model 1.2

252-210: Compiler Design 1.1 Simple compiler model 1.2

252-210: Compiler Design 1.1 Simple compiler model 1.2 Admin issues Thomas R. Gross Computer Science Department ETH Zurich, Switzerland 1.1

1.27k views • 46 slides
Chemistry Chemistry is the science of matter and the changes it undergoes What is matter? (as

Chemistry Chemistry is the science of matter and the changes it undergoes What is matter? (as

Chemistry Chemistry is the science of matter and the changes it undergoes What is matter? (as it is related to biology) Matter Matter is anything that takes up space and has mass All living and nonliving matter is composed of

382 views • 13 slides
The Properties of Matter Basic Concepts All objects are made up of matter Matter is

The Properties of Matter Basic Concepts All objects are made up of matter Matter is

The Properties of Matter Basic Concepts All objects are made up of matter Matter is anything that takes up space and has mass Properties are the specific characteristics that describe matter Matter can be identified using its

335 views • 9 slides
Introduction to YACC Some slides borrowed from Louden YACC Yet Another Compiler Compiler

Introduction to YACC Some slides borrowed from Louden YACC Yet Another Compiler Compiler

Introduction to YACC Some slides borrowed from Louden YACC Yet Another Compiler Compiler Written by Steve Johnson at Bell Labs (1975) Bison: Gnu version by Corbett and Stallman (1985) Takes a grammar and produces a parser

975 views • 61 slides
Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi and Alix Trieu IFIP WG 1.9/2.15, 2015-07-16 1 Background: verifying a compiler Compiler + proof that the compiler does not introduce bugs

553 views • 24 slides
Should you Rust in embedded yet? Who am I? Simonas Kazlauskas; Member of the Rust compiler team;

Should you Rust in embedded yet? Who am I? Simonas Kazlauskas; Member of the Rust compiler team;

Should you Rust in embedded yet? Who am I? Simonas Kazlauskas; Member of the Rust compiler team; Day job: fjrmware for electricity meters; kazlauskas.me; @nagisa on GitHub, @simukis on Twitter. Why does embedded matter? Embedded is virtually

382 views • 16 slides
Multicore debugging from a SW compiler perspective Marco Roodzant, marco@ace.nl ACE Associated

Multicore debugging from a SW compiler perspective Marco Roodzant, marco@ace.nl ACE Associated

MAD2013 Multicore debugging from a SW compiler perspective Marco Roodzant, marco@ace.nl ACE Associated Compiler Experts Amsterdam, The Netherlands Products and services for professional compiler developers www.ace.nl version Presentation

272 views • 10 slides
Concepts Introduced in Chapter 9 introduction to compiler optimizations basic blocks and

Concepts Introduced in Chapter 9 introduction to compiler optimizations basic blocks and

Concepts Introduced in Chapter 9 introduction to compiler optimizations basic blocks and control flow graphs local optimizations global optimizations 1 EECS 665 Compiler Construction Compiler Optimizations Compiler

454 views • 24 slides
Compiler Construction Lecture 19: Code Generation V (Compiler Backend) Winter Semester 2018/19

Compiler Construction Lecture 19: Code Generation V (Compiler Backend) Winter Semester 2018/19

Compiler Construction Lecture 19: Code Generation V (Compiler Backend) Winter Semester 2018/19 Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ws-1819/cc/ The Compiler Backend

1.27k views • 59 slides
Compiler Construction Lecture 2: Compiler Structure and Lexical Analysis 2020-01-10 Michael

Compiler Construction Lecture 2: Compiler Structure and Lexical Analysis 2020-01-10 Michael

Compiler Construction Lecture 2: Compiler Structure and Lexical Analysis 2020-01-10 Michael Engel Includes material by Jan Christian Meyer .org Theoretical and practical exercises TA: Lahiru Rasnayake Six problem sets, one every

867 views • 30 slides
CSE 401: Introduction to Compiler Construction Course Outline Goals: Compiler front-ends:

CSE 401: Introduction to Compiler Construction Course Outline Goals: Compiler front-ends:

CSE 401: Introduction to Compiler Construction Course Outline Goals: Compiler front-ends: lexical analysis (scanning): characters tokens learn principles & practice of language implementation syntactic analysis (parsing):

660 views • 11 slides
Page 1 Linker Operation Linker Operation Classify all program symbols as either: A strong

Page 1 Linker Operation Linker Operation Classify all program symbols as either: A strong

Assignment for Tues Last Time Read Getting the Least out of Your C Looked at ColdFire and ARM in depth Compiler linked to course web page Today m.c a.c Compiler Compiler Tools and toolchains for embedded m.o a.o

279 views • 6 slides
1 Specifying Grammar with JavaCUP Abstract Syntax Tree for Memory Layout Example JavaCUP example

1 Specifying Grammar with JavaCUP Abstract Syntax Tree for Memory Layout Example JavaCUP example

CS 453: Compiler Construction Review Structure of the MiniJava Compiler Analysis Synthesis Phases of the compiler lexicographical analysis, or scanning (regular expressions) character stream syntactic analysis, or parsing (context

505 views • 4 slides
Matter and Energy Chapter 1: Introduction to Matter Matter Volume Mass Weight Atom Molecule

Matter and Energy Chapter 1: Introduction to Matter Matter Volume Mass Weight Atom Molecule

Matter and Energy Notes.notebook Matter and Energy Chapter 1: Introduction to Matter Matter Volume Mass Weight Atom Molecule Element Compound Mixture States of Matter Solid Liquid Gas 1 Matter and Energy Notes.notebook Matter and

974 views • 73 slides
Optimierende Compiler Aufbau GIMPLE IR Uberblick uber die GNU Compiler Collection gcc

Optimierende Compiler Aufbau GIMPLE IR Uberblick uber die GNU Compiler Collection gcc

OC A. Koch Compile-Flu Optimierende Compiler Aufbau GIMPLE IR Uberblick uber die GNU Compiler Collection gcc RTL IR Optimierung Andreas Koch FG Eingebettete Systeme und ihre Anwendungen Informatik, TU Darmstadt

2.19k views • 180 slides
AI Compiler @ Alibaba Xiaoyong Liu Presenting the work of many people PAI (Platform of AI)

AI Compiler @ Alibaba Xiaoyong Liu Presenting the work of many people PAI (Platform of AI)

AI Compiler @ Alibaba Xiaoyong Liu Presenting the work of many people PAI (Platform of AI) Alibaba Cloud Intelligence AI Compiler Stack PAI PAI EAS PAI Tensorflow PAI Blade AI Compiler High Performance libraries TVM PAI TAO CPU

1.97k views • 21 slides

More recommend