- The scheme we've been talking about so far is about cutting out
computations that satisfy the inputs necessary for seeing a compiler
bug. But compiler bugs also have an output side, which is necessary
to observe that the bug happened. In Csmith there's the checksum code
for example. By printing the values of variables in buggy and
not-buggy executions, C-Reduce can search for the first program point
where some variable takes on the wrong value. In this case the
generated code becomes:
{ int tmp = expr1;
static int _creduce_checked = 0;
if (!_creduce_checked) {
if (tmp != reference_value) abort();
_creduce_checked = 1;
}
x = foo(tmp, expr2);}
Thus, we can also shorten the output side of compiler bugs. It
remains to be seen if C-Reduce will tend to just remove this code,
instead of removing the code that follows it. There may be a way to
convince it to do the right thing, such as requiring that an
interesting program contains an abort() call.