Compilers are a key part of our computing infrastructure and any bugs can have serious consequences on the reliability and security of current and future software. In this tutorial, we will introduce both fundamental concepts and practical tools in the area of compiler fuzzing, with a particular focus on the C language.

We will start by introducing the challenges of compiler fuzzing, including those arising due to undefined behavior and the lack of specified test oracles, and then we will present some of the key developments in the area, such as Csmith and EMI, but also more recent work such as CsmithEdge and GrayC. The tutorial will also discuss other topics directly relevant to compiler fuzzing, in particular the challenges of reporting compiler bugs and the impact of fuzzer-found bugs.

The tutorial will be given as a lecture accompanied by practical demonstrations.

Note for participants: Please download the Docker image associated with this tutorial here.

Cristian Cadar is Professor of Software Reliability in the Department of Computing at Imperial College London, where he leads the Software Reliability Group, working on automatic techniques for increasing the reliability and security of software systems. Cristian’s research has been recognised by several prestigious awards, including the EuroSys Jochen Liedtke Award, the HVC Award, the BCS Roger Needham Award, the ACM SIGOPS Hall of Fame Award, and the ACM CCS Test of Time Award. He also received an ERC Consolidator Grant and an EPSRC Early-Career Fellowship. Many of the research techniques he co-authored have been open-sourced and used by several groups in both academia and industry. In particular, he is co-author and the principal maintainer of the KLEE symbolic execution system, a popular system with a large user base. Cristian has a PhD in Computer Science from Stanford University, and undergraduate and Master’s degrees from the Massachusetts Institute of Technology.