Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/dtcxzyw/llvm-ub-aware-interpreter

UB-aware interpreter for LLVM debugging
https://github.com/dtcxzyw/llvm-ub-aware-interpreter

llvm llvm-ir

Last synced: 23 days ago
JSON representation

UB-aware interpreter for LLVM debugging

Host: GitHub
URL: https://github.com/dtcxzyw/llvm-ub-aware-interpreter
Owner: dtcxzyw
License: apache-2.0
Created: 2024-11-11T06:41:09.000Z (3 months ago)
Default Branch: main
Last Pushed: 2025-01-11T09:14:45.000Z (29 days ago)
Last Synced: 2025-01-11T10:24:34.306Z (29 days ago)
Topics: llvm, llvm-ir
Language: C++
Homepage: https://llvm.org/docs/LangRef.html
Size: 655 KB
Stars: 20
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# llvm-ub-aware-interpreter (llubi)
UB-aware interpreter for LLVM debugging

## Introduction

This tool is developed to save my life when debugging LLVM. Unlike lli, this interpreter is UB-aware, which means it will check immediate undefined behaviors during the execution and handle poison values properly. It is designed to be a debugging tool, so it is not optimized for performance. [alive-exec](https://github.com/AliveToolkit/alive2) should be a drop-in replacement of this tool. But it is slow and easy to get stuck in my experience. So this tool is designed to be more friendly to csmith and creduce.

## Motivation

We have suffered from incorrect poison-generating/UB-implying annotations in LLVM for a long time. The most common mistake is that we forget to drop annotations after replacing one of its operands in place. In most cases, this kind of bugs will not be caught by end-to-end tests or real-world applications. But they will finally emerge when we do some aggressive optimizations with these incorrect annotations. With this interpreter, we can easily find out the incorrect annotations handling and fix them.

Here is an incomplete list of this kind of bugs:
+ https://github.com/llvm/llvm-project/issues/115976
+ https://github.com/llvm/llvm-project/issues/115890
+ https://github.com/llvm/llvm-project/issues/114879
+ https://github.com/llvm/llvm-project/issues/113997
+ https://github.com/llvm/llvm-project/issues/112666
+ https://github.com/llvm/llvm-project/issues/112476
+ https://github.com/llvm/llvm-project/issues/112356
+ https://github.com/llvm/llvm-project/issues/112350
+ https://github.com/llvm/llvm-project/issues/112078
+ https://github.com/llvm/llvm-project/issues/112076
+ https://github.com/llvm/llvm-project/issues/112068
+ https://github.com/llvm/llvm-project/issues/111934
+ https://github.com/llvm/llvm-project/issues/99436
+ https://github.com/llvm/llvm-project/issues/91691
+ https://github.com/llvm/llvm-project/issues/91178
+ https://github.com/llvm/llvm-project/issues/91127
+ https://github.com/llvm/llvm-project/issues/90380
+ https://github.com/llvm/llvm-project/issues/87042
+ https://github.com/llvm/llvm-project/issues/85536
+ https://github.com/llvm/llvm-project/issues/78621

## Getting Started

```
git clone https://github.com/dtcxzyw/llvm-ub-aware-interpreter
cd llvm-ub-aware-interpreter
mkdir -p build && cd build
cmake .. -GNinja -DCMAKE_BUILD_TYPE=Release -DLLVM_DIR=/path/to/llvm/lib/cmake/llvm
cmake --build . -j
./llubi test.ll [--verbose]
```

## Automatic UB-Free Test Case Reduction for Middle-End Miscompilation Bugs

test.sh:
```
#!/usr/bin/bash

MAX_STEPS=1000000
a=$( --max-steps $MAX_STEPS --reduce-mode $1)
if [ $? -ne 0 ]; then
exit 1
fi
$1 -o $1.tmp
if [ $? -ne 0 ]; then
exit 1
fi
b=$( --max-steps $MAX_STEPS --reduce-mode $1.tmp)
if [ $? -ne 0 ]; then
rm $1.tmp
exit 0
fi
if [[ $a == $b ]]; then
rm $1.tmp
exit 1
fi
rm $1.tmp
exit 0
```

Usage:
```
clang -O3 -Xclang -disable-llvm-passes -emit-llvm -S test.c -o test.ll
llvm-reduce --test=test.sh --ir-passes="function(sroa,instcombine,gvn,simplifycfg,infer-address-spaces),inline" test.ll
```

## Fuzzing with Csmith
```
python3 csmith.py [emi]
```
If `emi` is set, it will enable the EMI-based mutation. For more details, please refer to [Compiler validation via equivalence modulo inputs, PLDI'21](https://dl.acm.org/doi/10.1145/2594291.2594334).

## Notes
+ Undef values are not supported as we will eventually remove undef from LLVM in the future. In llubi, they are treated as zero values.
+ FFI is not supported. Currently it only supports ```printf("%d", x)``` for csmith.

## TODO
- [ ] TBAA support
- [ ] lifetime/invariant support
- [ ] Fine-grained UB check control