ACM Conferences

Alex Groce, Rijnard Van Tonder, Goutamkumar Tulajappa Kalburgi, Claire Le Goues

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Developing a bug-free compiler is difficult; modern optimizing compilers are among the most complex software systems humans build. Fuzzing is one way to identify subtle compiler bugs that are hard to find with human-constructed tests. Grammar-based fuzzing, however, requires a grammar for a compiler's input language, and can miss bugs induced by code that does not actually satisfy the grammar the compiler should accept. Grammar-based fuzzing also seldom uses advanced modern fuzzing techniques based on coverage feedback. However, modern mutation-based fuzzers are often ineffective for testing compilers because most inputs they generate do not even come close to getting past the parsing stage of compilation. This paper introduces a technique for taking a modern mutation-based fuzzer (AFL in our case, but the method is general) and augmenting it with operators taken from mutation testing, and program splicing. We conduct a controlled study to show that our hybrid approaches significantly improve fuzzing effectiveness qualitatively (consistently finding unique bugs that baseline approaches do not) and quantitatively (typically finding more unique bugs in the same time span, despite fewer program executions). Our easy-To-Apply approach has allowed us to report more than 100 confirmed and fixed bugs in production compilers, and found a bug in the Solidity compiler that earned a security bounty.

Original languageEnglish (US)
Title of host publicationCC 2022 - Proceedings of the 31st ACM SIGPLAN International Conference on Compiler Construction
EditorsBernhard Egger, Aaron Smith
PublisherAssociation for Computing Machinery, Inc
Pages194-204
Number of pages11
ISBN (Electronic)9781450391832
DOIs
StatePublished - Sep 19 2022
Event31st ACM SIGPLAN International Conference on Compiler Construction, CC 2022 - Virtual, Online, Korea, Republic of
Duration: Apr 2 2022Apr 3 2022

Publication series

NameCC 2022 - Proceedings of the 31st ACM SIGPLAN International Conference on Compiler Construction

Conference

Conference31st ACM SIGPLAN International Conference on Compiler Construction, CC 2022
Country/TerritoryKorea, Republic of
CityVirtual, Online
Period4/2/224/3/22

Keywords

  • compiler development
  • fuzzing
  • mutation testing

ASJC Scopus subject areas

  • Hardware and Architecture
  • Signal Processing
  • Software

Fingerprint

Dive into the research topics of 'ACM Conferences'. Together they form a unique fingerprint.

Cite this