RVISmith: Fuzzing Compilers for RVV Intrinsics

TL;DR

RVISmith is a specialized fuzzer designed to detect bugs in compilers for RVV SIMD intrinsics by generating diverse, well-defined C programs, leading to the discovery of previously unknown compiler bugs.

Contribution

The paper introduces RVISmith, a novel randomized fuzzer for RVV intrinsics that achieves high coverage and finds new compiler bugs through differential testing.

Findings

Achieves 11.5x higher intrinsic coverage than previous methods.

Detects 13 previously unknown bugs in GCC, LLVM, and XuanTie compilers.

Fixes for 3 bugs have been implemented by developers.

Abstract

Modern processors are equipped with single instruction multiple data (SIMD) instructions for fine-grained data parallelism. Compiler auto-vectorization techniques that target SIMD instructions face performance limitations due to insufficient information available at compile time, requiring programmers to manually manipulate SIMD instructions. SIMD intrinsics, a type of built-in function provided by modern compilers, enable programmers to manipulate SIMD instructions within high-level programming languages. Bugs in compilers for SIMD intrinsics can introduce potential threats to software security, producing unintended calculation results, data loss, program crashes, etc. To detect bugs in compilers for SIMD intrinsics, we propose RVISmith, a randomized fuzzer that generates well-defined C programs that include various invocation sequences of RVV (RISC-V Vector Extension) intrinsics. We design RVISmith to achieve the following objectives: (i) achieving high intrinsic coverage, (ii) improving sequence variety, and (iii) without known undefined behaviors. We implement RVISmith based on the ratified RVV intrinsic specification and evaluate our approach with three modern compilers: GCC, LLVM, and XuanTie. Experimental results show that RVISmith achieves 11.5 times higher intrinsic coverage than the state-of-the-art fuzzer for RVV intrinsics. By differential testing that compares results across different compilers, optimizations, and equivalent programs, we detect and report 13 previously unknown bugs of the three compilers under test to date. Of these bugs, 10 are confirmed and another 3 are fixed by the compiler developers.