[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [creduce-dev] reduction using dynamic information

To: creduce-dev@flux.utah.edu
Subject: Re: [creduce-dev] reduction using dynamic information
From: Yang Chen <chenyang@cs.utah.edu>
Date: Thu, 14 Jul 2016 00:16:42 -0700
In-reply-to: <8a3f1225-48bb-6136-8cfe-5ac9ef072340@cs.utah.edu>
List-archive: </listarchives/creduce-dev>
List-help: <mailto:creduce-dev-request@flux.utah.edu?subject=help>
List-id: C-Reduce Development Mailing List <creduce-dev.flux.utah.edu>
List-post: <mailto:creduce-dev@flux.utah.edu>
List-subscribe: <http://www.flux.utah.edu/mailman/listinfo/creduce-dev>, <mailto:creduce-dev-request@flux.utah.edu?subject=subscribe>
List-unsubscribe: <http://www.flux.utah.edu/mailman/options/creduce-dev>, <mailto:creduce-dev-request@flux.utah.edu?subject=unsubscribe>
References: <c2f2e338-0307-dbac-62a5-69aa43019e83@cs.utah.edu> <4159858a31373a16b0f990aae33575d7@cs.utah.edu> <20877fe5-a7d6-dac2-8e4d-7b48d9fadbf0@cs.utah.edu> <f6f8539e9154f5cddd320afe615361d5@cs.utah.edu> <8a3f1225-48bb-6136-8cfe-5ac9ef072340@cs.utah.edu>
User-agent: Roundcube Webmail/1.1.4

On 2016-07-13 16:56, John Regehr wrote:

- The scheme we've been talking about so far is about cutting out
computations that satisfy the inputs necessary for seeing a compiler
bug.  But compiler bugs also have an output side, which is necessary
to observe that the bug happened.  In Csmith there's the checksum code
for example.  By printing the values of variables in buggy and
not-buggy executions, C-Reduce can search for the first program point
where some variable takes on the wrong value.  In this case the
generated code becomes:

{ int tmp = expr1;
  static int _creduce_checked = 0;
  if (!_creduce_checked) {
     if (tmp != reference_value) abort();
     _creduce_checked = 1;
  }
  x = foo(tmp, expr2);}

Thus, we can also shorten the output side of compiler bugs.  It
remains to be seen if C-Reduce will tend to just remove this code,
instead of removing the code that follows it.  There may be a way to
convince it to do the right thing, such as requiring that an
interesting program contains an abort() call.

Yes, I think we can implement this. My concern is that searching onlythe first program point where a wrong value is taken might not alwayslead to optimal output. For example, we may get a smaller reducedprogram by keeping the second failing point. In other words, we couldlose other search paths if we only focus on the first failing point.

On the other hand, this early-abort strategy could serve as a trade-offbetween reduction speed and reduction rate. More importantly, we willnever know if we don't give it a shot :)


- Yang

Follow-Ups:
- Re: [creduce-dev] reduction using dynamic information
  - From: John Regehr <regehr@cs.utah.edu>

References:
- [creduce-dev] reduction using dynamic information
  - From: John Regehr <regehr@cs.utah.edu>
- Re: [creduce-dev] reduction using dynamic information
  - From: Yang Chen <chenyang@cs.utah.edu>
- Re: [creduce-dev] reduction using dynamic information
  - From: John Regehr <regehr@cs.utah.edu>
- Re: [creduce-dev] reduction using dynamic information
  - From: Yang Chen <chenyang@cs.utah.edu>
- Re: [creduce-dev] reduction using dynamic information
  - From: John Regehr <regehr@cs.utah.edu>

Prev by Date: Re: [creduce-dev] reduction using dynamic information
Next by Date: Re: [creduce-dev] reduction using dynamic information
Previous by thread: Re: [creduce-dev] reduction using dynamic information
Next by thread: Re: [creduce-dev] reduction using dynamic information
Index(es):
- Date
- Thread