CuFuzz: Hardening CUDA Programs through Transformation and Fuzzing
Saurabh Singh, Ruobing Han, Jaewon Lee, Seonjin Na, Yonghae Kim, Taesoo Kim, Hyesoon Kim
TL;DR
CuFuzz tackles GPU memory-safety testing by translating CUDA programs to CPU-executable code, enabling the reuse of mature CPU fuzzing tools like AFL++ and AddressSanitizer. It introduces PREX and AXIPrune, two compiler-runtime optimizations, and uses a PREX-informed PACT transformation to map GPU parallelism to CPU threads while preserving memory-access semantics. Through GMSBench and 14 CUDA benchmarks, CuFuzz uncovers 122 unique memory-safety issues and achieves substantial throughput improvements, up to around 32-fold on average and up to notable gains on affine-access kernels. The work demonstrates that end-to-end GPU fuzzing via translation is practical and scalable, providing a foundation for more secure and reliable GPU-accelerated applications.
Abstract
GPUs have gained significant popularity over the past decade, extending beyond their original role in graphics rendering. This evolution has brought GPU security and reliability to the forefront of concerns. Prior research has shown that CUDA's lack of memory safety can lead to serious vulnerabilities. While fuzzing is effective for finding such bugs on CPUs, equivalent tools for GPUs are lacking due to architectural differences and lack of built-in error detection. In this paper, we propose CuFuzz, a novel compiler-runtime co-design solution to extend state-of-the-art CPU fuzzing tools to GPU programs. CuFuzz transforms GPU programs into CPU programs using compiler IR-level transformations to enable effective fuzz testing. To the best of our knowledge, CuFuzz is the first mechanism to bring fuzzing support to CUDA, addressing a critical gap in GPU security research. By leveraging CPU memory error detectors such as Address Sanitizer, CuFuzz aims to uncover memory safety bugs and related correctness vulnerabilities in CUDA code, enhancing the security and reliability of GPU-accelerated applications. To ensure high fuzzing throughput, we introduce two compiler-runtime co-optimizations tailored for GPU code: Partial Representative Execution (PREX) and Access-Index Preserving Pruning (AXIPrune), achieving average throughput improvements of 32x with PREX and an additional 33% gain with AXIPrune on top of PREX-optimized code. Together, these optimizations can yield up to a 224.31x speedup. In our fuzzing campaigns, CuFuzz uncovered 122 security vulnerabilities in widely used benchmarks.
