Finding and understanding bugs in C compilers [pdf] (2011)

https://www.cse.unr.edu/~fredh/class/460/S2013/class/Papers/tanna.pdf

17•todsacerdoti•7mo ago

Comments

qualeed•7mo ago

(2011)

pfdietz•7mo ago

Ah, Csmith! A well known and much read paper which inspired a lot of work.

Differential testing of compilers via random generation of correct programs goes back a ways before this paper. For C, it's made more difficult by the need to avoid undefined behaviors in the generated code (which C is loaded with). So much of the work here was how to generate sufficiently diverse programs that still have defined behavior.

A follow on paper (from 2012) described creduce, the failing test input reducer than can be used with csmith. It's also useful for other purposes, and for languages other that C. Reducing the inputs requires preserving the condition that they are valid C without undefined behaviors.

https://users.cs.utah.edu/~regehr/papers/pldi12-preprint.pdf

anitil•7mo ago

Reading and learning about these is like peering in to a world of mystery. I know I'm looking at something interesting and important but it always sits just out of reach

pfdietz•7mo ago

The big question here is why is the approach so effective. Do random testing on a compiler that has never been subject to it and you will quickly find bugs, unless it's some extreme case like the compiler having been proved correct. Even CompCert, which had correctness guarantees, still had bugs that were outside the scope of those guarantees.

Back before this was realized compilers were a buggy mess and people just lived with it. Now, they're still buggy, but less so. Random testing with billions of inputs is practical now and tends to rapidly "mine out" significant chunks of potential bug space. One could view this as an example of the Bitter Lesson, where dumb search coupled with massive amounts of computing power solves a problem that had seemed to require more knowledge.

Anyone making a production quality compiler these days needs to be using high volume random testing.

anitil•7mo ago

> Anyone making a production quality compiler these days needs to be using high volume random testing

How is this done these days, do people just set up CI workflows for this or have dedicated machines running tests 24/7?

Postgres Message Queue (PGMQ)

Show HN: Django-rclone: Database and media backups for Django, powered by rclone

NY lawmakers proposed statewide data center moratorium

OpenClaw AI chatbots are running amok – these scientists are listening in

Show HN: AI agent forgets user preferences every session. This fixes it

Introduce the Vouch/Denouncement Contribution Model

Show HN: SSHcode – Always-On Claude Code/OpenCode over Tailscale and Hetzner

Microsoft appointed a quality czar. He has no direct reports and no budget

Multi-agent coordination on Claude Code: 8 production pain points and patterns

Washington Post CEO Will Lewis Steps Down After Stormy Tenure

DevXT – Building the Future with AI That Acts

A Minimal OpenClaw Built with the OpenCode SDK

The silent death of Good Code

The Internal Negotiation You Have When Your Heart Rate Gets Uncomfortable

Show HN: Glance – Fast CSV inspection for the terminal (SIMD-accelerated)

Busy for the Next Fifty to Sixty Bud

Imperative

Show HN: I decomposed 87 tasks to find where AI agents structurally collapse

I went back to Linux and it was a mistake

Octrafic – open-source AI-assisted API testing from the CLI

US Accuses China of Secret Nuclear Testing

Peacock. A New Programming Language

A postcard arrived: 'If you're reading this I'm dead, and I really liked you'

What to know about the software selloff

Show HN: Syntux – generative UI for websites, not agents

Microsoft appointed a quality czar. He has no direct reports and no budget

AI overlay that reads anything on your screen (invisible to screen capture)

Show HN: Seafloor, be up and running with OpenClaw in 20 seconds

Tesla turbine-inspired structure generates electricity using compressed air

State Department deleting 17 years of tweets (2009-2025); preservation needed

Postgres Message Queue (PGMQ)

Show HN: Django-rclone: Database and media backups for Django, powered by rclone

NY lawmakers proposed statewide data center moratorium

OpenClaw AI chatbots are running amok – these scientists are listening in

Show HN: AI agent forgets user preferences every session. This fixes it

Introduce the Vouch/Denouncement Contribution Model

Show HN: SSHcode – Always-On Claude Code/OpenCode over Tailscale and Hetzner

Microsoft appointed a quality czar. He has no direct reports and no budget

Multi-agent coordination on Claude Code: 8 production pain points and patterns

Washington Post CEO Will Lewis Steps Down After Stormy Tenure

DevXT – Building the Future with AI That Acts

A Minimal OpenClaw Built with the OpenCode SDK

The silent death of Good Code

The Internal Negotiation You Have When Your Heart Rate Gets Uncomfortable

Show HN: Glance – Fast CSV inspection for the terminal (SIMD-accelerated)

Busy for the Next Fifty to Sixty Bud

Imperative

Show HN: I decomposed 87 tasks to find where AI agents structurally collapse

I went back to Linux and it was a mistake

Octrafic – open-source AI-assisted API testing from the CLI

US Accuses China of Secret Nuclear Testing

Peacock. A New Programming Language

A postcard arrived: 'If you're reading this I'm dead, and I really liked you'

What to know about the software selloff

Show HN: Syntux – generative UI for websites, not agents

Microsoft appointed a quality czar. He has no direct reports and no budget

AI overlay that reads anything on your screen (invisible to screen capture)

Show HN: Seafloor, be up and running with OpenClaw in 20 seconds

Tesla turbine-inspired structure generates electricity using compressed air

State Department deleting 17 years of tweets (2009-2025); preservation needed

Finding and understanding bugs in C compilers [pdf] (2011)

Comments