sayzard1h ago

Practical Formal Verification for MLIR Programs

이 논문은 MLIR 프로그램의 변환 최적화가 올바르게 수행되었는지 형식적으로 검증하는 방법을 제안한다. 변환 전후 프로그램 쌍의 의미적 동등성을 계산하는 하이브리드 구체-상징적 해석 방식을 도입하여, 프로그램 구현 세부사항에 크게 의존하지 않고 선형 시간 내에 동등성을 증명할 수 있다. 이를 위해 MLIR의 의미 있는 부분집합에 대한 검증기를 개발하고, AMD의 MLIR-AIR 및 MLIR-AIE 툴체인과 표준 mlir-opt에 대해 수백 개 벤치마크 변종을 검증한 결과를 보고한다. 이 연구는 MLIR 기반 컴파일러 최적화의 신뢰성 확보에 실질적 기여를 한다.

https://arxiv.org/abs/2605.01124

#mlir #formalverification #compileroptimization #programanalysis #symbolicexecution

Practical Formal Verification for MLIR Programs

Optimizing compilers have become a cornerstone for high-performance program generation in research and industry. Optimizations, including those implemented manually by a user and those target-specific and non-target-specific, are used to transform programs to achieve good performance. Although these optimizations are necessary for performance, assessing their correctness has remained a major challenge; the risk of incorrect code being deployed increases with unproven optimization flows. In this work, we target the formal verification of correctness of a transformed program by computing whether a pair of programs are semantically equivalent, one being a transformed version of the other. We restrict the class of programs supported to enable a hybrid concrete-symbolic interpretation approach to equivalence, which in turn is mostly agnostic to how the programs are implemented (syntax, schedule, storage, etc.). This approach can show equivalence in linear time with respect to the operations executed by the programs. We develop a verifier for a meaningful subset of MLIR, and report on the verification of the AMD MLIR-AIR and MLIR-AIE toolchains, as well as the standard mlir-opt on hundreds of benchmarks variants.

arXiv.org
Hacker NewsApr 21

My practitioner view of program analysis

https://sawyer.dev/posts/practitioner-program-analysis/

#HackerNews #programanalysis #practitioner #viewpoint #softwaredevelopment #techinsights #codingbestpractices #developercommunity

rory sawyer

anton00bOct 29, 2025

I am happy to share that our paper deepSURF has been accepted to IEEE S&P 2026!

This effort was led by my student George Androutsopoulos (https://www.linkedin.com/in/gandrout/).

deepSURF combines the use of program analysis and LLMs to uncover memory safety bugs in Rust’s unsafe code.

You can check out the code and the paper here:

https://github.com/purseclab/deepSURF

https://arxiv.org/abs/2506.15648

#Rust #Security #ProgramAnalysis #LLM #Fuzzing #Purdue

JP LehrSep 4, 2025

Yesterday we published the next recording from the #LLVM #Meetup #Darmstadt

Alexander Hueck - Opaque Pointers and Debug Info [LLVM Meetup Darmstadt March 2023]
https://youtu.be/bQIxgYMmWn4

Go check it out to learn a bit more about #DebugInfo and #OpaquePointers in the light of a #Typechecker for #MPI programs

#HPC #ProgramAnalysis

Alexander Hueck - Opaque Pointers and Debug Info [LLVM Meetup Darmstadt March 2023]

YouTube
JP LehrAug 8, 2025

After quite a bit of work, I'm delighted that #MetaCG v0.8.0 just got released and I want to thank everybody who contributed to the project.

Check it out, star the repo and watch for more updates.
Get your copy at https://github.com/tudasc/MetaCG/releases/tag/v0.8.0

#HPC #llvm #clang #software #ProgramAnalysis

PLDI 2026Feb 15, 2024

SOAP 2024 is now accepting paper submissions! Submit your experiments, tools, ideas on program analysis by March 4th, 2024 (https://soap24.hotcrp.com).

More info here 👉 https://pldi24.sigplan.org/home/SOAP-2024 #SOAP2024 #CallForPapers #ProgramAnalysis
Co-located with #PLDI2024

SOAP 2024

ITSEC NewsSep 18, 2023
Security flaws in an SSO plugin for Caddy - By Maciej Domanski, Travis Peters, and David Pokora
We identified 10 security vulnerabili... https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ #dynamicanalysis #programanalysis #staticanalysis #mitigations #exploits #attacks #semgrep #audits #go
Security flaws in an SSO plugin for Caddy

By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity …

Trail of Bits Blog
Jesper Agdakx ♾️Jul 18, 2023

PhD position on Program Analysis for LLVM-IR and all its source languages: https://utwentecareers.nl/en/vacancies/1320/phd-position-on-program-analysis-for-llvm-ir-and-all-its-source-languages/

#PhD #ProgramAnalysis

PhD position on Program Analysis for LLVM-IR and all its source languages - Looking for a job that matters?

With the omnipresence of software, our lives and income depend crucially on the quality of software: software failures can cause planes to crash, emergency service to be unreachable, and companies to lose millions of dollars (because of missed business op…

Werken bij
Show threadaegilopsFeb 2, 2023

@joxean I usually think of "sound" in SAST as "no false negatives" (for what you are modelling, of course).

Now wrap your head around what a "soundy" analysis is...

#ProgramAnalysis #SoundAnalysis #soundy #SAST

JP LehrJan 12, 2023

I'm happy to share that I just released #MetaCG version 0.5.0 \o/

Besides a number of important bug fixes, we have *finally* reworked some internals that gave us a great performance improvement. For several use cases from minutes to seconds.
Thank you so much to everybody who contributed.

If your curious, check it out at https://github.com/tudasc/MetaCG

#HPC #ProgramAnalysis #CallGraph #TUDaSC

GitHub - tudasc/MetaCG: MetaCG offers an annotated whole program call-graph tool for Clang/LLVM.

MetaCG offers an annotated whole program call-graph tool for Clang/LLVM. - tudasc/MetaCG

GitHub