A physical simulation engine (PSE) is a software system that simulates physical environments and objects. Modern PSEs feature both forward and backward simulations, where the forward phase predicts the behavior of a simulated system, and the backward phase provides gradients (guidance) for learning-based control tasks, such as a robot arm learning to fetch items. This way, modern PSEs show promising support for learning-based control methods. To date, PSEs have been largely used in various high-profitable, commercial applications, such as games, movies, virtual reality (VR), and robotics. Despite the prosperous development and usage of PSEs by academia and industrial manufacturers such as Google and NVIDIA, PSEs may produce incorrect simulations, which may lead to negative results, from poor user experience in entertainment to accidents in robotics-involved manufacturing and surgical operations.
This paper introduces PHYFU, a fuzzing framework designed specifically for PSEs to uncover errors in both forward and backward simulation phases. PHYFU mutates initial states and asserts if the PSE under test behaves consistently with respect to basic Physics Laws (PLs). We further use feedback-driven test input scheduling to guide and accelerate the search for errors. Our study of four PSEs covers mainstream industrial vendors (Google and NVIDIA) as well as academic products. We successfully uncover over 5K error-triggering inputs that generate incorrect simulation results spanning across the whole software stack of PSEs.
Thu 14 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
15:30 - 17:00 | FuzzingNIER Track / Journal-first Papers / Research Papers / Tool Demonstrations at Plenary Room 2 Chair(s): Lars Grunske Humboldt-Universität zu Berlin | ||
15:30 12mTalk | Fine-Grained Coverage-Based Fuzzing Journal-first Papers Wei-Cheng Wu University of Southern California, USA, Bernard Nongpoh CEA LIST, University Paris-Saclay, Marwan Nour CEA, LIST, Université Paris Saclay, Michaël Marcozzi CEA, LIST, Université Paris Saclay, Sébastien Bardin CEA LIST, University Paris-Saclay, Christophe Hauser Dartmouth College Link to publication File Attached | ||
15:42 12mTalk | MLIRSmith: Random Program Generation for Fuzzing MLIR Compiler Infrastructure Research Papers Haoyu Wang College of Intelligence and Computing, Tianjin University, Junjie Chen Tianjin University, Chuyue Xie College of Intelligence and Computing, Tianjin University, Shuang Liu Tianjin University, Zan Wang Tianjin University, Qingchao Shen Tianjin University, Yingquan Zhao Tianjin University Pre-print File Attached | ||
15:54 12mTalk | Thunderkaller: Profiling and Improving the Performance of Syzkaller Research Papers Yang Lan Institute for Network Science and Cyberspace of Tsinghua University, Di Jin Brown University, Zhun Wang Institute for Network Science and Cyberspace of Tsinghua University, Wende Tan Tsinghua University, Zheyu Ma Tsinghua University, Chao Zhang Tsinghua University File Attached | ||
16:06 12mTalk | PHYFU: Fuzzing Modern Physics Simulation Engines Research Papers Dongwei Xiao Hong Kong University of Science and Technology, Zhibo Liu Hong Kong University of Science and Technology, Shuai Wang Hong Kong University of Science and Technology Link to publication DOI | ||
16:18 12mTalk | NaturalFuzz: Natural Input Generation for Big Data Analytics Research Papers Ahmad Humayun Virginia Tech, Yaoxuan Wu UCLA, Miryung Kim University of California at Los Angeles, USA, Muhammad Ali Gulzar Virginia Tech File Attached | ||
16:30 12mTalk | SpecFuzzer: A Tool for Inferring Class Specifications via Grammar-based Fuzzing Tool Demonstrations Facundo Molina IMDEA Software Institute, Marcelo d'Amorim North Carolina State University, Nazareno Aguirre University of Rio Cuarto and CONICET, Argentina Pre-print Media Attached File Attached | ||
16:42 12mTalk | Scalable Industrial Control System Analysis via XAI-based Gray-Box Fuzzing NIER Track Justin Kur Oakland University, Jingshu Chen Oakland University, Jun Huang City University of Hong Kong | ||