BibTex format
@unpublished{Marcozzi:2019,
author = {Marcozzi, M and Tang, Q and Donaldson, A and Cadar, C},
title = {A systematic impact study for fuzzer-found compiler bugs},
url = {http://arxiv.org/abs/1902.09334v2},
year = {2019}
}
Publications
Citation
RIS format (EndNote, RefMan)
TY - UNPB
AB - Despite much recent interest in compiler fuzzing, the practical impact offuzzer-found miscompilations on real-world applications has barely beenassessed. We present the first quantitative and qualitative study of thetangible impact of fuzzer-found compiler bugs. We follow a novel methodologywhere the impact of a miscompilation bug is evaluated based on (1) whether thebug appears to trigger during compilation; (2) the extent to which generatedassembly code changes syntactically due to triggering of the bug; and (3) howlikely such changes are to cause runtime divergences during execution. Thestudy is conducted with respect to the compilation of more than 10 millionlines of C/C++ code from 309 Debian packages, using 12% of the historical andnow fixed miscompilation bugs found by four state-of-the-art fuzzers in theClang/LLVM compiler, as well as 18 other bugs found by the Alive formalverification tool or human users. The results show that almost half of thefuzzer-found bugs propagate to the generated binaries for some applications,but barely affect their syntax and only cause two failures in total whenrunning their regression test suites. Our manual analysis of a selection ofbugs suggests that these bugs cannot trigger on the packages considered in theanalysis, and that in general they affect only corner cases which have a lowprobability of occurring in practice. User-reported and Alive bugs do notexhibit a higher impact, with less frequently triggered bugs and one testfailure.
AU - Marcozzi,M
AU - Tang,Q
AU - Donaldson,A
AU - Cadar,C
PY - 2019///
TI - A systematic impact study for fuzzer-found compiler bugs
UR - http://arxiv.org/abs/1902.09334v2
UR - http://hdl.handle.net/10044/1/71472
ER -