🤖 AI Summary
Existing MLIR compiler correctness testing suffers from insufficient test case diversity and low semantic validity. Method: This paper proposes the first adaptive fuzzing framework that integrates neural program generation with dynamic feedback-driven learning. It introduces perturbation-based sampling to enhance input diversity, employs syntax–semantics co-learning and a dual-path model optimization mechanism to autonomously generate high-quality, semantically valid test programs from minimal seeds, and iteratively refines the model via crash/non-crash feedback loops—overcoming inherent limitations of template- or rule-based approaches. Contribution/Results: Within 30 days, the framework discovers 80 previously unknown vulnerabilities; within 24 hours, it detects 53 bugs—more than 3.5× the best baseline. It achieves 28.2% code coverage, improving upon the state-of-the-art tool by 42%.
📝 Abstract
MLIR (Multi-Level Intermediate Representation) has rapidly become a foundational technology for modern compiler frameworks, enabling extensibility across diverse domains. However, ensuring the correctness and robustness of MLIR itself remains challenging. Existing fuzzing approaches-based on manually crafted templates or rule-based mutations-struggle to generate sufficiently diverse and semantically valid test cases, making it difficult to expose subtle or deep-seated bugs within MLIR's complex and evolving code space. In this paper, we present FLEX, a novel self-adaptive fuzzing framework for MLIR. FLEX leverages neural networks for program generation, a perturbed sampling strategy to encourage diversity, and a feedback-driven augmentation loop that iteratively improves its model using both crashing and non-crashing test cases. Starting from a limited seed corpus, FLEX progressively learns valid syntax and semantics and autonomously produces high-quality test inputs. We evaluate FLEX on the upstream MLIR compiler against four state-of-the-art fuzzers. In a 30-day campaign, FLEX discovers 80 previously unknown bugs-including multiple new root causes and parser bugs-while in 24-hour fixed-revision comparisons, it detects 53 bugs (over 3.5x as many as the best baseline) and achieves 28.2% code coverage, outperforming the next-best tool by 42%. Ablation studies further confirm the critical role of both perturbed generation and diversity augmentation in FLEX's effectiveness.