Equality-based Approach

Program Expression Graph

referentially transparent: the value of an expression depends only on the value of its constituent expression, without side-effects

complete: no need to maintain any additional representation such as CFG

E-Graph

E-class: equivalence class in the graph

Equality Exploration

Repeatedly apply rewriting rules (equivalence axioms), until finding a fixed point e-graph, which represents all equivalent graph equivalent to the initial graph given a set of rewriting rules.

Use E-graph to check the equivalence of PEGs

Loop in PEG

Loop in equality checking

Normalized value-graph

Normalized value-graph

Strength: effective

Weakness: normalizing rule partially depends on optimization, only few passes are considered, such as global-value numbering and sparse-conditional constant propagation

Symbolic-execution-based Approach

Gauntlet: validation for P4

Simple in nature as programs: no pointer, no loop

TVI: first validator for C

Alive2: nondeterministic execution

To consider UB (undefined behavior) in LLVM:

• Undef: any value of a type. undef & 1 has two results.
• Poison: special value, like NaN. poison & 1 is poison
• True UB: division by zero

How? from equivalence to refinement