Table of Contents
Fetching ...

CuFuzz: Hardening CUDA Programs through Transformation and Fuzzing

Saurabh Singh, Ruobing Han, Jaewon Lee, Seonjin Na, Yonghae Kim, Taesoo Kim, Hyesoon Kim

TL;DR

CuFuzz tackles GPU memory-safety testing by translating CUDA programs to CPU-executable code, enabling the reuse of mature CPU fuzzing tools like AFL++ and AddressSanitizer. It introduces PREX and AXIPrune, two compiler-runtime optimizations, and uses a PREX-informed PACT transformation to map GPU parallelism to CPU threads while preserving memory-access semantics. Through GMSBench and 14 CUDA benchmarks, CuFuzz uncovers 122 unique memory-safety issues and achieves substantial throughput improvements, up to around 32-fold on average and up to notable gains on affine-access kernels. The work demonstrates that end-to-end GPU fuzzing via translation is practical and scalable, providing a foundation for more secure and reliable GPU-accelerated applications.

Abstract

GPUs have gained significant popularity over the past decade, extending beyond their original role in graphics rendering. This evolution has brought GPU security and reliability to the forefront of concerns. Prior research has shown that CUDA's lack of memory safety can lead to serious vulnerabilities. While fuzzing is effective for finding such bugs on CPUs, equivalent tools for GPUs are lacking due to architectural differences and lack of built-in error detection. In this paper, we propose CuFuzz, a novel compiler-runtime co-design solution to extend state-of-the-art CPU fuzzing tools to GPU programs. CuFuzz transforms GPU programs into CPU programs using compiler IR-level transformations to enable effective fuzz testing. To the best of our knowledge, CuFuzz is the first mechanism to bring fuzzing support to CUDA, addressing a critical gap in GPU security research. By leveraging CPU memory error detectors such as Address Sanitizer, CuFuzz aims to uncover memory safety bugs and related correctness vulnerabilities in CUDA code, enhancing the security and reliability of GPU-accelerated applications. To ensure high fuzzing throughput, we introduce two compiler-runtime co-optimizations tailored for GPU code: Partial Representative Execution (PREX) and Access-Index Preserving Pruning (AXIPrune), achieving average throughput improvements of 32x with PREX and an additional 33% gain with AXIPrune on top of PREX-optimized code. Together, these optimizations can yield up to a 224.31x speedup. In our fuzzing campaigns, CuFuzz uncovered 122 security vulnerabilities in widely used benchmarks.

CuFuzz: Hardening CUDA Programs through Transformation and Fuzzing

TL;DR

CuFuzz tackles GPU memory-safety testing by translating CUDA programs to CPU-executable code, enabling the reuse of mature CPU fuzzing tools like AFL++ and AddressSanitizer. It introduces PREX and AXIPrune, two compiler-runtime optimizations, and uses a PREX-informed PACT transformation to map GPU parallelism to CPU threads while preserving memory-access semantics. Through GMSBench and 14 CUDA benchmarks, CuFuzz uncovers 122 unique memory-safety issues and achieves substantial throughput improvements, up to around 32-fold on average and up to notable gains on affine-access kernels. The work demonstrates that end-to-end GPU fuzzing via translation is practical and scalable, providing a foundation for more secure and reliable GPU-accelerated applications.

Abstract

GPUs have gained significant popularity over the past decade, extending beyond their original role in graphics rendering. This evolution has brought GPU security and reliability to the forefront of concerns. Prior research has shown that CUDA's lack of memory safety can lead to serious vulnerabilities. While fuzzing is effective for finding such bugs on CPUs, equivalent tools for GPUs are lacking due to architectural differences and lack of built-in error detection. In this paper, we propose CuFuzz, a novel compiler-runtime co-design solution to extend state-of-the-art CPU fuzzing tools to GPU programs. CuFuzz transforms GPU programs into CPU programs using compiler IR-level transformations to enable effective fuzz testing. To the best of our knowledge, CuFuzz is the first mechanism to bring fuzzing support to CUDA, addressing a critical gap in GPU security research. By leveraging CPU memory error detectors such as Address Sanitizer, CuFuzz aims to uncover memory safety bugs and related correctness vulnerabilities in CUDA code, enhancing the security and reliability of GPU-accelerated applications. To ensure high fuzzing throughput, we introduce two compiler-runtime co-optimizations tailored for GPU code: Partial Representative Execution (PREX) and Access-Index Preserving Pruning (AXIPrune), achieving average throughput improvements of 32x with PREX and an additional 33% gain with AXIPrune on top of PREX-optimized code. Together, these optimizations can yield up to a 224.31x speedup. In our fuzzing campaigns, CuFuzz uncovered 122 security vulnerabilities in widely used benchmarks.
Paper Structure (33 sections, 5 equations, 7 figures, 2 tables, 2 algorithms)

This paper contains 33 sections, 5 equations, 7 figures, 2 tables, 2 algorithms.

Figures (7)

  • Figure 1: AFL LLVM-Mode Workflow.
  • Figure 2: End-to-end CuFuzz workflow: Translating GPU programs via cuf-cc and fuzzing them with AFL++
  • Figure 3: CuFuzz Optimizations
  • Figure 4: Boundary threads in affine-access kernels
  • Figure 5: Access-Index Preserving Pruning (AXIPrune)
  • ...and 2 more figures