Interleaved Learning and Exploration: A Self-Adaptive Fuzz Testing Framework for MLIR

📅 2025-10-09
📈 Citations: 0
Influential: 0
📄 PDF

career value

170K/year
🤖 AI Summary
Existing MLIR compiler correctness testing suffers from insufficient test case diversity and low semantic validity. Method: This paper proposes the first adaptive fuzzing framework that integrates neural program generation with dynamic feedback-driven learning. It introduces perturbation-based sampling to enhance input diversity, employs syntax–semantics co-learning and a dual-path model optimization mechanism to autonomously generate high-quality, semantically valid test programs from minimal seeds, and iteratively refines the model via crash/non-crash feedback loops—overcoming inherent limitations of template- or rule-based approaches. Contribution/Results: Within 30 days, the framework discovers 80 previously unknown vulnerabilities; within 24 hours, it detects 53 bugs—more than 3.5× the best baseline. It achieves 28.2% code coverage, improving upon the state-of-the-art tool by 42%.

Technology Category

Application Category

📝 Abstract
MLIR (Multi-Level Intermediate Representation) has rapidly become a foundational technology for modern compiler frameworks, enabling extensibility across diverse domains. However, ensuring the correctness and robustness of MLIR itself remains challenging. Existing fuzzing approaches-based on manually crafted templates or rule-based mutations-struggle to generate sufficiently diverse and semantically valid test cases, making it difficult to expose subtle or deep-seated bugs within MLIR's complex and evolving code space. In this paper, we present FLEX, a novel self-adaptive fuzzing framework for MLIR. FLEX leverages neural networks for program generation, a perturbed sampling strategy to encourage diversity, and a feedback-driven augmentation loop that iteratively improves its model using both crashing and non-crashing test cases. Starting from a limited seed corpus, FLEX progressively learns valid syntax and semantics and autonomously produces high-quality test inputs. We evaluate FLEX on the upstream MLIR compiler against four state-of-the-art fuzzers. In a 30-day campaign, FLEX discovers 80 previously unknown bugs-including multiple new root causes and parser bugs-while in 24-hour fixed-revision comparisons, it detects 53 bugs (over 3.5x as many as the best baseline) and achieves 28.2% code coverage, outperforming the next-best tool by 42%. Ablation studies further confirm the critical role of both perturbed generation and diversity augmentation in FLEX's effectiveness.
Problem

Research questions and friction points this paper is trying to address.

Ensuring correctness of MLIR compiler framework
Generating diverse valid test cases for fuzzing
Detecting subtle bugs in complex MLIR code
Innovation

Methods, ideas, or system contributions that make the work stand out.

Neural networks generate MLIR programs
Perturbed sampling strategy enhances diversity
Feedback loop iteratively improves model quality
Z
Zeyu Sun
Institute of Software, Chinese Academy of Sciences, Beijing, China
Jingjing Liang
Jingjing Liang
Shanghai Key Laboratory of Trustworthy Computing, East China Normal University, Shanghai, China
W
Weiyi Wang
Institute of Software, Chinese Academy of Sciences, Beijing, China
Chenyao Suo
Chenyao Suo
Tianjin University
Software EngineeringSoftware TestingCompiler Testing
J
Junjie Chen
College of Intelligence and Computing, Tianjin University, Tianjin, China
F
Fanjiang Xu
Institute of Software, Chinese Academy of Sciences, Beijing, China