A Fuzzer for the Toy Optimizer
3 days ago
- #fuzzing
- #program-correctness
- #optimization
- Optimizers are difficult to implement correctly, often missing corner cases.
- A fuzzer was developed to automatically catch bugs in optimizers, requiring a correctness oracle to detect meaningful issues.
- Random programs are generated using APIs, with operations like load, store, and escape to simulate real-world usage.
- The verifier checks invariants by comparing heap states between optimized and un-optimized programs under different aliasing conditions.
- An interpreter tracks heap states and escaped values to ensure program correctness post-optimization.
- Testing revealed that the optimizer correctly handles previously identified bug scenarios, demonstrating its robustness.
- Commenting out key optimization logic quickly exposes bugs, proving the fuzzer's effectiveness in identifying issues.
- Feedback suggests the equivalence definition may need adjustment for optimizations like allocation removal.