A physical simulation engine (PSE) is a software system that simulates physical environments and objects. Modern PSEs feature both forward and backward simulations, where the forward phase predicts the behavior of a simulated system, and the backward phase provides gradients (guidance) for learning-based control tasks, such as a robot arm learning to fetch items. This way, modern PSEs show promising support for learning-based control methods. To date, PSEs have been largely used in various high-profitable, commercial applications, such as games, movies, virtual reality (VR), and robotics. Despite the prosperous development and usage of PSEs by academia and industrial manufacturers such as Google and NVIDIA, PSEs may produce incorrect simulations, which may lead to negative results, from poor user experience in entertainment to accidents in robotics-involved manufacturing and surgical operations. This paper introduces PHYFU, a fuzzing framework designed specifically for PSEs to uncover errors in both forward and backward simulation phases. PHYFU mutates initial states and asserts if the PSE under test behaves consistently with respect to basic Physics Laws (PLs). We further use feedback-driven test input scheduling to guide and accelerate the search for errors. Our study of four PSEs covers mainstream industrial vendors (Google and NVIDIA) as well as academic products. We successfully uncover over 5K error-triggering inputs that generate incorrect simulation results spanning across the whole software stack of PSEs.

翻译：物理仿真引擎是一种模拟物理环境与物体的软件系统。现代物理仿真引擎具备正向与反向两种仿真模式：正向阶段预测被仿真系统的行为，反向阶段则为基于学习的控制任务（例如机械臂学习抓取物品）提供梯度（引导信号）。由此，现代物理仿真引擎为基于学习的控制方法展现出良好的支持能力。迄今为止，物理仿真引擎已广泛应用于游戏、影视、虚拟现实（VR）和机器人等高利润商业领域。尽管学术界及Google、NVIDIA等工业制造商对物理仿真引擎进行了蓬勃发展与应用，但物理仿真引擎仍可能产生不正确的仿真结果，从而导致从娱乐领域的不良用户体验，到涉及机器人的制造业与手术操作中的事故等负面后果。本文提出PHYFU——一个专为物理仿真引擎设计的模糊测试框架，旨在发现其正向与反向仿真阶段中的错误。PHYFU通过变异初始状态，并断言被测物理仿真引擎的行为是否与基本物理定律保持一致。我们进一步采用反馈驱动的测试输入调度策略，以引导并加速错误搜索过程。我们对四款物理仿真引擎的研究覆盖了主流工业厂商（Google与NVIDIA）以及学术产品。我们成功发现了超过5000个触发错误的输入，这些输入会产生横跨物理仿真引擎整个软件栈的错误仿真结果。