Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

DarthShader: Fuzzing WebGPU Shader Translators & Compilers

Lukas Bernhard, Nico Schiller, Moritz Schloegel, Nils Bars, Thorsten Holz

TL;DR

Web browsers expose GPUs via WebGPU, creating a security-sensitive path for untrusted shader inputs that bypasses tight sandboxing in some configurations. DarthShader introduces a dual-representation fuzzing framework that mutates WGSL shaders both at the Abstract Syntax Tree (AST) and an intermediate representation (IR), enabling generation and mutation with coverage guidance to exercise the full shader translation and back-end pipeline. In extensive evaluations across Chrome, Firefox, and Safari, it achieves higher branch coverage than state-of-the-art fuzzers and uncovers 39 bugs, with 15 CVEs assigned to vendor teams, demonstrating practical security impact. The work delivers a novel fully statically-typed IR generator, a complementary AST mutation layer, and end-to-end testing of shader tooling, with open-source code and evaluation artifacts to advance research on WebGPU security.

Abstract

A recent trend towards running more demanding web applications, such as video games or client-side LLMs, in the browser has led to the adoption of the WebGPU standard that provides a cross-platform API exposing the GPU to websites. This opens up a new attack surface: Untrusted web content is passed through to the GPU stack, which traditionally has been optimized for performance instead of security. Worsening the problem, most of WebGPU cannot be run in the tightly sandboxed process that manages other web content, which eases the attacker's path to compromising the client machine. Contrasting its importance, WebGPU shader processing has received surprisingly little attention from the automated testing community. Part of the reason is that shader translators expect highly structured and statically typed input, which renders typical fuzzing mutations ineffective. Complicating testing further, shader translation consists of a complex multi-step compilation pipeline, each stage presenting unique requirements and challenges. In this paper, we propose DarthShader, the first language fuzzer that combines mutators based on an intermediate representation with those using a more traditional abstract syntax tree. The key idea is that the individual stages of the shader compilation pipeline are susceptible to different classes of faults, requiring entirely different mutation strategies for thorough testing. By fuzzing the full pipeline, we ensure that we maintain a realistic attacker model. In an empirical evaluation, we show that our method outperforms the state-of-the-art fuzzers regarding code coverage. Furthermore, an extensive ablation study validates our key design. DarthShader found a total of 39 software faults in all modern browsers -- Chrome, Firefox, and Safari -- that prior work missed. For 15 of them, the Chrome team assigned a CVE, acknowledging the impact of our results.

DarthShader: Fuzzing WebGPU Shader Translators & Compilers

TL;DR

Web browsers expose GPUs via WebGPU, creating a security-sensitive path for untrusted shader inputs that bypasses tight sandboxing in some configurations. DarthShader introduces a dual-representation fuzzing framework that mutates WGSL shaders both at the Abstract Syntax Tree (AST) and an intermediate representation (IR), enabling generation and mutation with coverage guidance to exercise the full shader translation and back-end pipeline. In extensive evaluations across Chrome, Firefox, and Safari, it achieves higher branch coverage than state-of-the-art fuzzers and uncovers 39 bugs, with 15 CVEs assigned to vendor teams, demonstrating practical security impact. The work delivers a novel fully statically-typed IR generator, a complementary AST mutation layer, and end-to-end testing of shader tooling, with open-source code and evaluation artifacts to advance research on WebGPU security.

Abstract

A recent trend towards running more demanding web applications, such as video games or client-side LLMs, in the browser has led to the adoption of the WebGPU standard that provides a cross-platform API exposing the GPU to websites. This opens up a new attack surface: Untrusted web content is passed through to the GPU stack, which traditionally has been optimized for performance instead of security. Worsening the problem, most of WebGPU cannot be run in the tightly sandboxed process that manages other web content, which eases the attacker's path to compromising the client machine. Contrasting its importance, WebGPU shader processing has received surprisingly little attention from the automated testing community. Part of the reason is that shader translators expect highly structured and statically typed input, which renders typical fuzzing mutations ineffective. Complicating testing further, shader translation consists of a complex multi-step compilation pipeline, each stage presenting unique requirements and challenges. In this paper, we propose DarthShader, the first language fuzzer that combines mutators based on an intermediate representation with those using a more traditional abstract syntax tree. The key idea is that the individual stages of the shader compilation pipeline are susceptible to different classes of faults, requiring entirely different mutation strategies for thorough testing. By fuzzing the full pipeline, we ensure that we maintain a realistic attacker model. In an empirical evaluation, we show that our method outperforms the state-of-the-art fuzzers regarding code coverage. Furthermore, an extensive ablation study validates our key design. DarthShader found a total of 39 software faults in all modern browsers -- Chrome, Firefox, and Safari -- that prior work missed. For 15 of them, the Chrome team assigned a CVE, acknowledging the impact of our results.
Paper Structure (43 sections, 8 figures, 2 tables)

This paper contains 43 sections, 8 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Contributions
  3. Background
  4. Browser Sandboxing
  5. WebGPU
  6. WGSL & Shader Translation
  7. Language Fuzzing
  8. Design
  9. Language Representation
  10. Abstract Syntax Tree (AST)
  11. Intermediate Representation (IR)
  12. Dual Approach
  13. Key Components
  14. Generator ➋
  15. Mutations ➐
  16. ...and 28 more sections

Figures (8)

  • Figure 1: High-level overview of the multi-process model of Chrome with a focus on the components relevant for WebGPU and shader translation.
  • Figure 2: High-level overview of Darth-Shader, showing the relationship between fuzzer components and the SUT.
  • Figure 3: Multiple representations of a shader. (a) Source code, as processed by the browser. This format is amenable to byte-level mutations only. (b) An excerpt from the shader, parsed into an AST. This format supports tree-based mutations, such as swapping nodes. (c) The IR. This format facilitates domain-specific mutations, such as altering function prototypes.
  • Figure 4: Number of branches covered by running fuzzers over 24h on dxc, tint, and wgslc. Displayed are the median and the 60% interval of 10 repetitions. The dotted horizontal line shows the coverage inherent in the informed seeds corpus used by Darth-Shader, astfuzzer and regexfuzzer. The other fuzzers do not have access to the informed seeds.
  • Figure 5: Logarithmic plot showing the branches exclusively covered by Darth-Shader and its competitors. For naga line coverage is used (see \ref{['sec:eval-coverage']}). To allow a fair comparison, we separate the tools based on access to informed seeds. To derive this metric, we merged the coverage of ten repetitions per fuzzer on each target.
  • ...and 3 more figures