I’m excited to share that we’ve had two papers accepted at upcoming conferences:
- Eric’s Paper on FLUX: Finding Bugs with LLVM IR Based Unit Test Crossovers, which shows how you can leverage unit tests in a compiler fuzzer to find deep bugs in the optimization passes will appear at ASE 2023 this year. This paper is particularly cool because it shows how to leverage deep developer knowledge and intuition that has been embedded in these unit tests to find new bugs. FLUX finds 28 new bugs in just 1 month of fuzzing, with 11 reported and 6 having been patched already by LLVM developers.
- John’s Paper on MIFP: Selective Fat-Pointer Bounds Compression for Accurate Bounds Checking, which improves on CHERI’s hardware-based bounds checking by using a compiler to selectively compress some pointers while leaving other uncompressed is able to simultaneously achieve improved performance and security will appear at RAID 2023. MIFP identifies which pointers will need better bounds checking precision from an uncompressed pointer representation, identifies all derived and related pointers, and expands those into their uncompressed format while leaving pointers that don’t need uncompressions as compressed. MIFP achieves the same security as uncompressed bounds on all pointers with a reduction of runtime overhead of 79% and a memory overhead reduction of 93%.
You can read more about both papers at the links above!