颜林林
(2022-07-10 09:00):
#paper doi:10.1109/TR.2022.3171220 IEEE Transactions on Reliability, 2022, Detecting C++ Compiler Front-End Bugs via Grammar Mutation and Differential Testing. 这篇来自大连理工大学的文章,设计了一套名为CCoft的软件框架,用以自动识别C++编译器前端部分的bug。编译器的内部结构,通常按流程分为两部分,前端和后端,前端是从C++源代码识别语义、并将其转化为中间语言的阶段,后端则是根据中间语言生成机器代码的步骤。本文仅针对前端部分。本文的框架,首先将C++语法转换为一种结构化格式,然后使用“突变”的方式,来生成大批量的各种C++代码,其中包括符合语法的,也包括不符合语法的,目的是覆盖尽可能多的代码场景,用以挑战C++编译器,看编译器是否能够符合预期地进行处理。之后,将代码丢给编译器,根据编译器的输出信息,评判是否得到了正确处理,从而识别出一系列软件bug,包括:错误拒绝了合法代码、错误接受了不合法代码、代码语义处理错误、代码编译执行崩溃、代码编译时间过长而超时等。通过使用主流编译器GCC和Clang进行测试,在三个月内找到了136个编译器bug,对比市面上主流的工具,有大幅提升。
Detecting C++ Compiler Front-End Bugs via Grammar Mutation and Differential Testing
翻译
Abstract:
C++ is a widely used programming language and the C++ front-end is a critical part of a C++ compiler. Although many techniques have been proposed to test compilers, few studies are devoted to detecting bugs in C++ compiler. In this study, we take the first step to detect bugs in C++ compiler front-ends. To do so, two main challenges need to be addressed, namely, the acquisition of test programs that are more likely to trigger bugs in compiler front-ends and the bug identification from complicated compiler outputs. In this article, we propose a novel framework named Ccoft to detect bugs in C++ compiler front-ends. To address the first challenge, Ccoft implements a practical program generator. The generator first transforms C++ grammars into a flexible structured format and then utilizes an equal-chance selection (ECS) strategy to conduct structure-aware grammar mutation to generate diverse C++ programs. Next, Ccoft employs a set of differential testing strategies to identify various kinds of bugs in C++ compiler front-ends by comparing complex outputs emitted by C++ compilers, thus tackling the second challenge. Empirical evaluation results over two mainstream compilers (i.e., GCC and Clang) show that Ccoft greatly improves two state-of-the-art approaches (i.e., Dharma and Grammarinator) by 135% and 111% in terms of the numbers of detected bugs, respectively. By running Ccoft for three months, we have successfully reported 136 bugs for two C++ compilers, of which 78 (57 confirmed, assigned, or fixed) for GCC and 58 (10 confirmed or fixed) for Clang.
翻译