Imperial College London
Portrait Picture

ProfessorAlastairDonaldson

Faculty of EngineeringDepartment of Computing

Professor of Programming Languages
 
 
 
//

Contact

 

+44 (0)20 7594 8266alastair.donaldson Website

 
 
//

Location

 

422Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@article{Marcozzi:2019:10.1145/3360581,
author = {Marcozzi, M and Tang, Q and Donaldson, A and Cadar, C},
doi = {10.1145/3360581},
journal = {Proceedings of the ACM on Programming Languages},
pages = {155:1--155:29},
title = {Compiler fuzzing: how much does it matter?},
url = {http://dx.doi.org/10.1145/3360581},
volume = {3},
year = {2019}
}
Download

RIS format (EndNote, RefMan)

TY  - JOUR
AB  - Despite much recent interest in randomised testing (fuzzing) of compilers, the practical impact of fuzzer-foundcompiler bugs on real-world applications has barely been assessed. We present the first quantitative andqualitative study of the tangible impact of miscompilation bugs in a mature compiler. We follow a rigorousmethodology where the bug impact over the compiled application is evaluated based on (1) whether the bugappears to trigger during compilation; (2) the extent to which generated assembly code changes syntacticallydue to triggering of the bug; and (3) whether such changes cause regression test suite failures, or whetherwe can manually find application inputs that trigger execution divergence due to such changes. The studyis conducted with respect to the compilation of more than 10 million lines of C/C++ code from 309 Debianpackages, using 12% of the historical and now fixed miscompilation bugs found by four state-of-the-art fuzzersin the Clang/LLVM compiler, as well as 18 bugs found by human users compiling real code or as a by-productof formal verification efforts. The results show that almost half of the fuzzer-found bugs propagate to thegenerated binaries for at least one package, in which case only a very small part of the binary is typicallyaffected, yet causing two failures when running the test suites of all the impacted packages. User-reportedand formal verification bugs do not exhibit a higher impact, with a lower rate of triggered bugs and one testfailure. The manual analysis of a selection of the syntactic changes caused by some of our bugs (fuzzer-foundand non fuzzer-found) in package assembly code, shows that either these changes have no semantic impact orthat they would require very specific runtime circumstances to trigger execution divergence.
AU  - Marcozzi,M
AU  - Tang,Q
AU  - Donaldson,A
AU  - Cadar,C
DO  - 10.1145/3360581
EP  - 1
PY  - 2019///
SN  - 2475-1421
SP  - 155
TI  - Compiler fuzzing: how much does it matter?
T2  - Proceedings of the ACM on Programming Languages
UR  - http://dx.doi.org/10.1145/3360581
UR  - https://dl.acm.org/doi/abs/10.1145/3360581
UR  - http://hdl.handle.net/10044/1/73175
VL  - 3
ER  -
Download