This patch set adds a big set of manual and auto-generated test cases validating BPF verifier's register bounds tracking and deduction logic. See details in the last patch. To make this approach work, BPF verifier's logic needed a bunch of improvements to handle some cases that previously were not covered. This had no implications as to correctness of verifier logic, but it was incomplete enough to cause significant disagreements with alternative implementation of register bounds logic that tests in this patch set implement. So we need BPF verifier logic improvements to make all the tests pass. This is a first part of work with the end goal intended to extend register bounds logic to cover range vs range comparisons, which will be submitted later assuming changes in this patch set land. See individual patches for details. v3->v4: - improvements to reg_bounds tester (progress report, split 32-bit and 64-bit ranges, fix various verbosity output issues, etc); v2->v3: - fix a subtle little-endianness assumption inside parge_reg_state() (CI); v1->v2: - fix compilation when building selftests with llvm-16 toolchain (CI). Andrii Nakryiko (7): bpf: improve JEQ/JNE branch taken logic bpf: derive smin/smax from umin/max bounds bpf: enhance subregister bounds deduction logic bpf: improve deduction of 64-bit bounds from 32-bit bounds bpf: try harder to deduce register bounds from different numeric domains bpf: drop knowledge-losing __reg_combine_{32,64}_into_{64,32} logic selftests/bpf: BPF register range bounds tester kernel/bpf/verifier.c | 175 +- .../selftests/bpf/prog_tests/reg_bounds.c | 1756 +++++++++++++++++ 2 files changed, 1879 insertions(+), 52 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/reg_bounds.c -- 2.34.1