Verification, Security, And Miscompilation Defense
This page documents bounded production evidence for native verifier coverage,
compiler security, and miscompilation defense. It covers IR, machine, ABI,
relocation, volatile, and required-tail verifiers; differential execution;
fuzzing; translation validation; security-negative tests; release-blocking
miscompilation triage; and rollback rules.
Run the bounded gates with:
make native-optimizer-security-check
make native-miscompilation-check
These gates do not run the full release or self-host matrix. They validate the
source-owned verification and security evidence listed below.
Evidence Files
verification/native-security-schema.tsv;verification/native-verifier-policy.tsv;verification/native-differential-policy.tsv;verification/native-fuzz-policy.tsv;verification/native-translation-validation-policy.tsv;verification/native-security-threats.tsv;verification/native-verification-cases.tsv;verification/native-verification/fixtures/valid-native-verification-security.json;release/native-verifier-report.tsv;release/native-differential-report.tsv;release/native-fuzz-report.tsv;release/native-translation-validation-report.tsv;release/native-security-negative-report.tsv;release/native-miscompilation-triage-report.tsv;release/native-security-release-notes.html;perf/native-verification-benchmarks.tsv;compat/native-verification-security-contract.tsv;tools/native-verification-security-check.py.
Verifier Coverage
The verifier gate records coverage for:
- IR verifier;
- machine verifier;
- ABI verifier;
- relocation verifier;
- volatile verifier;
- required-tail verifier.
The verifier rejects missing or failing coverage:
NATIVE_VERIFY_COVERAGE
Differential Execution
Native optimized output is compared with VM, interpreter, and source-owned
reference paths. The comparison includes output, stderr class, and exit status.
The verifier rejects mismatches:
NATIVE_MISCOMPILATION_DIFFERENTIAL
Fuzzing
Bounded fuzz campaigns cover parser-to-IR, optimization transforms, machine
lowering, linker layout, volatile/MMIO, pointer operations, and
monomorphization.
The verifier rejects crashes, timeouts, undersized campaigns, and resource
budget failures:
NATIVE_SECURITY_FUZZ
Translation Validation
High-risk rewrites require proof evidence:
- bounds-check elimination;
- strictness-driven evaluation;
- tail-call conversion;
- dead-store elimination;
- volatile-sensitive passes.
The verifier rejects rewrites without accepted preservation evidence:
NATIVE_TRANSLATION_VALIDATION
Native Compiler Attack Surface
The native security gate covers compiler resource exhaustion, pathological
generics, adversarial link graphs, invalid object files, unsafe pointer misuse,
untrusted package inputs, and native optimized output miscompilation.
The verifier rejects:
NATIVE_SECURITY_RESOURCE
NATIVE_SECURITY_UNTRUSTED_INPUT
Triage And Rollback
Critical miscompilations are release-blocking and require rollback artifacts,
an owner, and triage evidence.
The verifier rejects incomplete triage:
NATIVE_MISCOMPILATION_TRIAGE
What This Does Not Overpromise
This page closes native performance Milestone 10 for bounded verification and
security evidence. It does not run final heavy release, self-host, or benchmark
matrices; those remain owned by the final roadmap milestones.