UBfuzz: Finding Bugs in Sanitizer Implementations
CoRR(2024)
摘要
In this paper, we propose a testing framework for validating sanitizer
implementations in compilers. Our core components are (1) a program generator
specifically designed for producing programs containing undefined behavior
(UB), and (2) a novel test oracle for sanitizer testing. The program generator
employs Shadow Statement Insertion, a general and effective approach for
introducing UB into a valid seed program. The generated UB programs are
subsequently utilized for differential testing of multiple sanitizer
implementations. Nevertheless, discrepant sanitizer reports may stem from
either compiler optimization or sanitizer bugs. To accurately determine if a
discrepancy is caused by sanitizer bugs, we introduce a new test oracle called
crash-site mapping. We have incorporated our techniques into UBfuzz, a
practical tool for testing sanitizers. Over a five-month testing period, UBfuzz
successfully found 31 bugs in both GCC and LLVM sanitizers. These bugs reveal
the serious false negative problems in sanitizers, where certain UBs in
programs went unreported. This research paves the way for further investigation
in this crucial area of study.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要