Developing a bug-free compiler is difficult; modern optimizing compilers are among the most complex software systems humans build. Fuzzing is one way to identify subtle compiler bugs that are hard to find with human-constructed tests. Grammar-based fuzzing, however, requires a grammar for a compiler’s input language, and can miss bugs induced by code that does not actually satisfy the grammar the compiler should accept. Grammar-based fuzzing also seldom uses advanced modern fuzzing techniques based on coverage feedback. However, modern mutation-based fuzzers are often ineffective for testing compilers because most inputs they generate do not even come close to getting past the parsing stage of compilation. This paper introduces a technique for taking a modern mutation-based fuzzer (AFL in our case, but the method is general) and augmenting it with operators taken from mutation testing, and program splicing. We conduct a controlled study to show that our hybrid approaches significantly improve fuzzing effectiveness qualitatively (consistently finding unique bugs that baseline approaches do not) and quantitatively (typically finding more unique bugs in the same time span, despite fewer program executions). Our easy-to-apply approach has allowed us to report more than 100 confirmed and fixed bugs in production compilers, and found a bug in the Solidity compiler that earned a security bounty.
Wed 6 AprDisplayed time zone: Eastern Time (US & Canada) change
12:00 - 12:45 | Session 5: Safety and CorrectnessCC Research Papers at CC Virtual Room Chair(s): Sorav Bansal IIT Delhi and CompilerAI Labs | ||
12:00 15mPaper | BinPointer: Towards Precise, Sound, and Scalable Binary-Level Pointer Analysis CC Research Papers Sun Hyoung Kim The Pennsylvania State University, Dongrui Zeng The Pennsylvania State University, Cong Sun Xidian University, Gang (Gary) Tan Pennsylvania State University DOI | ||
12:15 15mPaper | Cape: Compiler-Aided Program Transformation for HTM-Based Cache Side-Channel Defense CC Research Papers Rui Zhang Ohio State University, Michael D. Bond Ohio State University, USA, Yinqian Zhang Southern University of Science and Technology DOI | ||
12:30 15mPaper | Making No-fuss Compiler Fuzzing Effective CC Research Papers Alex Groce Northern Arizona University, Rijnard van Tonder Sourcegraph, Goutamkumar Tulajappa Kalburgi Northern Arizona University, Claire Le Goues Carnegie Mellon University DOI |