ICST 2023
Sun 16 - Thu 20 April 2023 Dublin, Ireland
Tue 18 Apr 2023 11:00 - 11:20 at Pearse suite - Session 9: Fuzzing Chair(s): Xavier Devroey

We report on our experience at Google of deploying a variety of coverage-guided and black-box fuzzing techinques to identify functional, robustness and security-related bugs in a number of compilers for two graphics shading languages: the WebGPU Shading Language (WGSL) and Standard Portable Intermediate Representation (SPIR-V). We discuss our experience deploying grey-box fuzzing via libFuzzer on ClusterFuzz and OSS-Fuzz using (a) libFuzzer’s built-in mutators, (b) a number of custom mutators based on regular expression matching and principled program transforamtion, and (c) a custom mutator for WGSL that leverages existing mutation-based tooling for SPIR-V together with tools for translating SPIR-V into WGSL. We also describe our experience deploying several black box fuzzers on ClusterFuzz, including two that are based on new randomized program genetors for WGSL that we implemented as part of this work, which we have also used in a more targeted fashion for end-to-end testing of implementations of WebGPU from Google and Mozilla.

Throughout, we focus on issues that we believe may generalise to other deployments of fuzzing, including: tradeoffs between the engineering effort required to create and deploy each fuzzer and the nature and number of bugs they have uncovered; time wasted due to false alarms arising due to fuzzer misconfiguration or defects in the fuzzers themselves; cases where fuzzing has informed the design of the language associated with the compilers being fuzzed; and the difficulty of writing fuzzers that respect pragmatic assumptions made by the software under test.

Tue 18 Apr

Displayed time zone: Dublin change

11:00 - 12:30
Session 9: FuzzingPrevious Editions / Posters / Industry / Research Papers at Pearse suite
Chair(s): Xavier Devroey University of Namur
11:00
20m
Talk
Industrial Deployment of Compiler Fuzzing Techniques for Two GPU Shading Languages
Industry
Alastair F. Donaldson Imperial College London, Ben Clayton Google, Ryan Harrison Google, Hasan Mohsin Imperial College London, David Neto Google, Vasyl Teliman National Technical University of Ukraine, Hana Watson Imperial College London
11:20
20m
Talk
Metamorphic Fuzzing of C++ Libraries
Previous Editions
Andrei Lascu Imperial College London, Alastair F. Donaldson Imperial College London, Tobias Grosser University of Edinburgh, Torsten Hoefler ETH Zurich
DOI
11:40
20m
Talk
Android Fuzzing: Balancing User-Inputs and Intents
Research Papers
Michael Auer University of Passau, Andreas Stahlbauer University of Passau, Gordon Fraser University of Passau
12:00
20m
Talk
Homo in Machina: Improving Fuzz Testing Coverage via Compartment Analysis
Research Papers
Joshua Bundt Northeastern University, Andrew Fasano Northeastern University, Brendan Dolan-Gavitt New York University, William Robertson Northeastern University, USA, Tim Leek MIT Lincoln Laboratory
12:20
5m
Talk
Poster: BugOSS: A Regression Bug Benchmark for Empirical Study of Regression Fuzzing Techniques
Posters
Jeewoong Kim Handong Global University, Shin Hong Handong Global University