Conflict-Driven Hybrid Verification: Fusing Static Taint Analysis with Dynamic E-graph-Based Equivalence Checking

Panigrahi et al. (2022) use static taint analysis to quantify information leakage post-optimization, whereas Yin et al. (2025) leverage e-graphs for functional equivalence checking of transformations. However, these approaches are largely siloed—one for security, one for program functionality. This research would synthesize the two: when a transformation is functionally equivalent (per HEC’s e-graph), but increases taint-flow or observable leakage (per Panigrahi et al.), the hybrid tool would flag the transformation as a “conflicting correct-but-insecure” change. This dual verification would be especially powerful in optimizing compilers for security-sensitive domains (e.g., cryptographic code), where both functional and non-functional correctness are critical. The novelty lies in operationalizing conflict between verification results to guide optimization decisions, potentially leading to a new class of “security-aware” optimizers.

References:

1. HEC: Equivalence Verification Checking for Code Transformation via Equality Saturation. Jiaqi Yin, Zhan Song, N. Agostini, Antonino Tumeo, Cunxi Yu (2025). USENIX Annual Technical Conference.
2. Quantifying Information Leakage for Security Verification of Compiler Optimizations. Priyanka Panigrahi, Abhik Paul, C. Karfa (2022). IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.