Mastodawn

Practical Formal Verification for MLIR Programs

이 논문은 MLIR 프로그램의 변환 최적화가 올바르게 수행되었는지 형식적으로 검증하는 방법을 제안한다. 변환 전후 프로그램 쌍의 의미적 동등성을 계산하는 하이브리드 구체-상징적 해석 방식을 도입하여, 프로그램 구현 세부사항에 크게 의존하지 않고 선형 시간 내에 동등성을 증명할 수 있다. 이를 위해 MLIR의 의미 있는 부분집합에 대한 검증기를 개발하고, AMD의 MLIR-AIR 및 MLIR-AIE 툴체인과 표준 mlir-opt에 대해 수백 개 벤치마크 변종을 검증한 결과를 보고한다. 이 연구는 MLIR 기반 컴파일러 최적화의 신뢰성 확보에 실질적 기여를 한다.

https://arxiv.org/abs/2605.01124

#mlir #formalverification #compileroptimization #programanalysis #symbolicexecution

Practical Formal Verification for MLIR Programs

Optimizing compilers have become a cornerstone for high-performance program generation in research and industry. Optimizations, including those implemented manually by a user and those target-specific and non-target-specific, are used to transform programs to achieve good performance. Although these optimizations are necessary for performance, assessing their correctness has remained a major challenge; the risk of incorrect code being deployed increases with unproven optimization flows. In this work, we target the formal verification of correctness of a transformed program by computing whether a pair of programs are semantically equivalent, one being a transformed version of the other. We restrict the class of programs supported to enable a hybrid concrete-symbolic interpretation approach to equivalence, which in turn is mostly agnostic to how the programs are implemented (syntax, schedule, storage, etc.). This approach can show equivalence in linear time with respect to the operations executed by the programs. We develop a verifier for a meaningful subset of MLIR, and report on the verification of the AMD MLIR-AIR and MLIR-AIE toolchains, as well as the standard mlir-opt on hundreds of benchmarks variants.

arXiv.org

catatonicprime Sep 12, 2025

Did a presentation today on #symbolicexecution and demo'd some of the fine work by #angr as well as some interesting results from the #vsharp team. Not totally sure how the talk went with the audience; but, I'm trying to decide if I want to make some changes & maybe I put in for the Cactus Con CFP which is currently open.

I think idea be interested in showing some reversing analyses like deobfuscating some obfuscated malware maybe? I'm not sure if my skill with some of these tools is quite there yet though.

Achim D. Brucker Jul 29, 2025

Still waiting for the call for paper for Tests and Proofs (TAP) conference? Wait no longer: we are thrilled to announce that TAP is now a track at FM 2026: https://conf.researchr.org/track/fm-2026/fm-2026-tap#Call-for-Papers

#FormalMethods #SoftwareTesting #Verification #Proof #SymbolicExecution #FM2026 #TAP2026

FM 2026 - Special Track on TAP (Tests and Proofs) - FM 2026

FM 2026 welcomes a special track for the TAP (Tests and Proofs) conference series.

hubertf Jul 19, 2025

After reading angr docs for the better part of the day, I was able to solve OverTheWire's Leviathan levels 1->2 and 6->7. Not 3->4 so far, but that's left for tomorrow. It's definitely an exciting journey!

Wanna join in? Read up at https://docs.angr.io/en/latest/ and drop me a line!

#ctf #cybersecurity #overthewire #leviathan #angr #symbolicexecution

angr documentation

Andreas Klopsch Feb 22, 2025

Symbolic Execution is powerful technique that explores all possible execution paths without actual inputs. An interesting display of this technique is below:

https://doar-e.github.io/blog/2014/10/11/taiming-a-wild-nanomite-protected-mips-binary-with-symbolic-execution-no-such-crackme/

#malware #reverseengineering #cybersecurity #infosec #symbolicexecution

Taming a wild nanomite-protected MIPS binary with symbolic execution: No Such Crackme

Michael Nov 9, 2023

Where are we on using #klee with #Rust for #symbolicexecution? (https://www.unwoundstack.com/blog/klee-and-rust.html)

Using Klee on Rust Programs

Survey of where we are in this effort

Ringzer0 Jul 21, 2023

💪 #ARM yourself with knowledge about #SymbolicExecution! Get hands-on experience with Jeremy Blackthorne's #training "Symbolic Execution with #angr on Real-World Targets", and learn how to perform symbolic and concolic execution with angr!

🎟️ https://ringzer0.training/trainings/symbolic-execution-with-angr.html

Ringzer0 - Symbolic Execution with angr on Real-World Targets

Symbolic execution is an incredibly powerful reversing technique, but it can also seem overwhelming to get into. Angr makes it simple, and it can be naturally integrated with your existing workflow. In this training, we cover how to use angr to do malware deobfuscation, find vulnerabilities, perform exploitation, and general RE.

Show thread

Joxean Koret (@matalaz)Jul 14, 2023

Also, #SymbolicExecution of even small #binaries is very slow and would only, probably, help for comparing binaries for the same (or compatible) architecture. And in order to compare binaries for the same architectures you have a myriad of different, not terribly slow, ways for doing #BinDiffing.

#BinaryDiffing

Joxean Koret (@matalaz)Jul 14, 2023

Dear everyone in the academia (and maybe elsewhere) doing #bindiffing research: #SymbolicExecution does not work for comparing different architectures, unless you are using as input for your symbolic execution tool *decompiled code*.

If you are using assembly or using an IR (Intermediate Representation) based on assembler (like Ghidra' p-code, IDA's microcode, LLVM's IR, etc), it will inevitably produce different outputs.

Your best IR for #diffing is pseudo-code, the #decompiler's output.

Ringzer0 Jul 8, 2023

🎟️ https://ringzer0.training/trainings/symbolic-execution-with-angr.html