FuzzBoost: Reinforcement Compiler Fuzzing

Xiaoting Li, Xiao Liu, Lingwei Chen, Rupesh Prajapati, Dinghao Wu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations

Abstract

Enforcing the correctness of compilers is important for the current computing systems. Fuzzing is an efficient way to find security vulnerabilities in software by repeatedly testing programs with enormous modified, or fuzzed input data. However, in the context of compilers, fuzzing is challenging because the inputs are pieces of code that are required to be both syntactically and semantically valid to pass front-end checks. Also, the fuzzed inputs are expected to be distinct enough to trigger abnormal crashes, memory leaks, or failing assertions that have not been detected before. In this paper, we formalize compiler fuzzing as a reinforcement learning problem and propose an automatic code synthesis framework called FuzzBoost to empower the input code mutations in the fuzzing process. In our learning system, we incorporate the deep Q-learning algorithm to perform multi-step code mutations in each training episode, and design a reward policy to assess the testing coverage information collected at runtime. By interacting with the system, the fuzzing agent learns to predict code mutation actions that maximizing the fuzzing rewards. We validate the effectiveness of our proposed approach and the preliminary evidence shows that our reinforcement fuzzing method can outperform the fuzzing baseline on production compilers. Our results also show that a pre-trained model can boost the fuzzing process for seed programs with similar patterns.

Original languageEnglish (US)
Title of host publicationInformation and Communications Security - 24th International Conference, ICICS 2022, Proceedings
EditorsCristina Alcaraz, Liqun Chen, Shujun Li, Pierangela Samarati
PublisherSpringer Science and Business Media Deutschland GmbH
Pages359-375
Number of pages17
ISBN (Print)9783031157769
DOIs
StatePublished - 2022
Event24th International Conference on Information and Communications Security, ICICS 2022 - Canterbury, United Kingdom
Duration: Sep 5 2022Sep 8 2022

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13407 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference24th International Conference on Information and Communications Security, ICICS 2022
Country/TerritoryUnited Kingdom
CityCanterbury
Period9/5/229/8/22

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'FuzzBoost: Reinforcement Compiler Fuzzing'. Together they form a unique fingerprint.

Cite this