UB-aware interpreter for LLVM debugging

This tool is developed to save my life when debugging LLVM. Unlike lli, this interpreter is UB-aware, which means it will check immediate undefined behaviors during the execution and handle poison values properly. It is designed to be a debugging tool, so it is not optimized for performance. alive-exec should be a drop-in replacement of this tool. But it is slow and easy to get stuck in my experience. So this tool is designed to be more friendly to csmith and creduce.

We have suffered from incorrect poison-generating/UB-implying annotations in LLVM for a long time. The most common mistake is that we forget to drop annotations after replacing one of its operands in place. In most cases, this kind of bugs will not be caught by end-to-end tests or real-world applications. But they will finally emerge when we do some aggressive optimizations with these incorrect annotations. With this interpreter, we can easily find out the incorrect annotations handling and fix them.

Here is an incomplete list of this kind of bugs:

• llvm/llvm-project#115976
• llvm/llvm-project#115890
• llvm/llvm-project#114879
• llvm/llvm-project#113997
• llvm/llvm-project#112666
• llvm/llvm-project#112476
• llvm/llvm-project#112356
• llvm/llvm-project#112350
• llvm/llvm-project#112078
• llvm/llvm-project#112076
• llvm/llvm-project#112068
• llvm/llvm-project#111934
• llvm/llvm-project#99436
• llvm/llvm-project#91691
• llvm/llvm-project#91178
• llvm/llvm-project#91127
• llvm/llvm-project#90380
• llvm/llvm-project#87042
• llvm/llvm-project#85536
• llvm/llvm-project#78621

git clone https://github.com/dtcxzyw/llvm-ub-aware-interpreter
cd llvm-ub-aware-interpreter
mkdir -p build && cd build
cmake .. -GNinja -DCMAKE_BUILD_TYPE=Release -DLLVM_DIR=/path/to/llvm/lib/cmake/llvm
cmake --build . -j
./llubi test.ll [--verbose]

• Undef values are not supported as we will eventually remove undef from LLVM in the future. In llubi, they are treated as zero values.
• FFI is not supported. Currently it only supports printf("%d", x) for csmith.

• TBAA support
• lifetime/invariant support
• Fine-grained UB check control
• Turn it into a library
• Per-pass UB-aware testing
• EMI-based fuzzing
• EMI-based test reduction