Skip to content

Fuzzing infrastructure for cache simulator #32

Description

@AveryClapp

Feature Description

Automated fuzzing to find bugs, edge cases, and crashes in the cache simulator.

Fuzzing Targets

  1. Trace parser - Malformed trace files
  2. Cache logic - Edge cases (evictions, coherence)
  3. Config parser - Invalid JSON configs
  4. LLVM pass - Pathological LLVM IR

Tools

  • libFuzzer (LLVM integrated)
  • AFL++ (American Fuzzy Lop)
  • AddressSanitizer (ASan) for memory bugs
  • UndefinedBehaviorSanitizer (UBSan)

Implementation

# Build with fuzzing enabled
cmake -DFUZZ=ON ..
ninja fuzz-trace-parser

# Run fuzzer
./fuzz-trace-parser -max_len=10000 -timeout=10

Fuzz Targets

  • Trace parser (invalid addresses, malformed lines)
  • Cache operations (overflow, underflow)
  • Config parser (JSON fuzzing)
  • Multi-core coherence (race conditions)

CI Integration

  • Run fuzzing for 10 minutes on every PR
  • Store corpus in git (test/fuzz-corpus/)
  • Report crashes as build failures

Files

  • backend/cache-simulator/fuzz/ (new directory)
  • backend/cache-simulator/fuzz/fuzz_trace_parser.cpp
  • backend/cache-simulator/fuzz/fuzz_cache_ops.cpp

References

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions