Feature Description
Automated fuzzing to find bugs, edge cases, and crashes in the cache simulator.
Fuzzing Targets
- Trace parser - Malformed trace files
- Cache logic - Edge cases (evictions, coherence)
- Config parser - Invalid JSON configs
- LLVM pass - Pathological LLVM IR
Tools
- libFuzzer (LLVM integrated)
- AFL++ (American Fuzzy Lop)
- AddressSanitizer (ASan) for memory bugs
- UndefinedBehaviorSanitizer (UBSan)
Implementation
# Build with fuzzing enabled
cmake -DFUZZ=ON ..
ninja fuzz-trace-parser
# Run fuzzer
./fuzz-trace-parser -max_len=10000 -timeout=10
Fuzz Targets
CI Integration
- Run fuzzing for 10 minutes on every PR
- Store corpus in git (test/fuzz-corpus/)
- Report crashes as build failures
Files
backend/cache-simulator/fuzz/ (new directory)
backend/cache-simulator/fuzz/fuzz_trace_parser.cpp
backend/cache-simulator/fuzz/fuzz_cache_ops.cpp
References
Feature Description
Automated fuzzing to find bugs, edge cases, and crashes in the cache simulator.
Fuzzing Targets
Tools
Implementation
Fuzz Targets
CI Integration
Files
backend/cache-simulator/fuzz/(new directory)backend/cache-simulator/fuzz/fuzz_trace_parser.cppbackend/cache-simulator/fuzz/fuzz_cache_ops.cppReferences