HeadlinesBriefing favicon HeadlinesBriefing.com

Fuzzer Tests Toy Optimizer for Correctness Bugs

Hacker News •
×

A developer built a fuzzer to test a toy optimizer for correctness bugs, discovering that random program generation and heap verification can catch subtle optimization errors. The fuzzer generates random programs with loads, stores, and escapes, then verifies that optimized and unoptimized versions produce identical heap states under different aliasing conditions.

The approach uses an interpreter to track heap state as indexed by (object, offset) pairs, comparing results before and after optimization. By testing both aliasing and non-aliasing scenarios, the fuzzer can detect issues like incorrect store removal or stale load caching. The developer initially thought they'd found a bug, but realized their earlier manual analysis had already covered those cases.

When the core correctness check was disabled, the fuzzer immediately found an aliasing problem, demonstrating its effectiveness. The code uses Python's random module for generation and includes a test harness that runs thousands of programs. Extensions suggested include using Hypothesis for property-based testing and Z3 for program encoding instead of random interpretation.