Who’s debugging the debuggers? exposing debug information bugs in optimized binaries
- 17 April 2021
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
Abstract
Despite the advancements in software testing, bugs still plague deployed software and result in crashes in production. When debugging issues —sometimes caused by “heisenbugs”— there is the need to interpret core dumps and reproduce the issue offline on the same binary deployed. This requires the entire toolchain (compiler, linker, debugger) to correctly generate and use debug information. Little attention has been devoted to checking that such information is correctly preserved by modern toolchains’ optimization stages. This is particularly important as managing debug information in optimized production binaries is non-trivial, often leading to toolchain bugs that may hinder post-deployment debugging efforts. In this paper, we present Debug2, a framework to find debug information bugs in modern toolchains. Our framework feeds random source programs to the target toolchain and surgically compares the debugging behavior of their optimized/unoptimized binary variants. Such differential analysis allows Debug2 to check invariants at each debugging step and detect bugs from invariant violations. Our invariants are based on the (in)consistency of common debug entities, such as source lines, stack frames, and function arguments. We show that, while simple, this strategy yields powerful cross-toolchain and cross-language invariants, which can pinpoint several bugs in modern toolchains. We have used Debug2 to find 23 bugs in the LLVM toolchain (clang/lldb), 8 bugs in the GNU toolchain (GCC/gdb), and 3 in the Rust toolchain (rustc/lldb)—with 14 bugs already fixed by the developers.Keywords
Funding Information
- H2020 Research and Innovation (786669)
- AXA Research Fund (AXA Postdoctoral Fellowship Di Luna)
- PNRM (Safe)
- Sapienza Università di Roma (RM11916B75A3293D)
This publication has 17 references indexed in Scilit:
- Proceedings of the 25th International Symposium on Software Testing and AnalysisPublished by Association for Computing Machinery (ACM) ,2016
- The Correctness-Security Gap in Compiler OptimizationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Compiler validation via equivalence modulo inputsACM SIGPLAN Notices, 2014
- Which compiler optimization options should I use for detecting data races in multithreaded programs?Published by Institute of Electrical and Electronics Engineers (IEEE) ,2013
- Test-case reduction for C compiler bugsPublished by Association for Computing Machinery (ACM) ,2012
- Finding and understanding bugs in C compilersPublished by Association for Computing Machinery (ACM) ,2011
- Comparison checkingACM SIGSOFT Software Engineering Notes, 1999
- Source-level debugging of scalar optimized codePublished by Association for Computing Machinery (ACM) ,1996
- Debugging of globally optimized programs using data flow analysisPublished by Association for Computing Machinery (ACM) ,1994
- A new approach to debugging optimized codeACM SIGPLAN Notices, 1992