Compiler fuzzing suffers from insufficient semantic guidance in mutation operators, limiting detection of subtle, semantics-related bugs. Method: We propose IssueMut, the first approach to systematically leverage historical compiler bug reports as a source of mutation operators. By automatically mining patterns from 1,760 GCC and LLVM bug reports, IssueMut extracts 587 semantics-aware mutation rules—encoding common erroneous program element patterns (e.g., syntactic combinations, type mismatches)—and integrates them into existing fuzzing frameworks to guide seed mutation. Contribution/Results: IssueMut discovers 28 new vulnerabilities in GCC and 37 in LLVM; 60 have been confirmed or patched. The results demonstrate that distilling semantic knowledge from historical defects significantly enhances fuzzing efficacy for semantics-driven compiler bugs.

Bugs in compilers, which are critical infrastructure today, can have outsized negative impacts. Mutational fuzzers aid compiler bug detection by systematically mutating compiler inputs, i.e., programs. Their effectiveness depends on the quality of the mutators used. Yet, no prior work used compiler bug histories as a source of mutators. We propose IssueMut, the first approach for extracting compiler fuzzing mutators from bug histories. Our insight is that bug reports contain hints about program elements that induced compiler bugs; they can guide fuzzers towards similar bugs. IssueMut uses an automated method to mine mutators from bug reports and retrofit such mutators into existing mutational compiler fuzzers. Using IssueMut, we mine 587 mutators from 1760 GCC and LLVM bug reports. Then, we run IssueMut on these compilers, with all their test inputs as seed corpora. We find that "bug history" mutators are effective: they find new bugs that a state-of-the-art mutational compiler fuzzer misses-28 in GCC and 37 in LLVM. Of these, 60 were confirmed or fixed, validating our idea that bug histories have rich information that compiler fuzzers should leverage.