Bugs in compilers, which are critical infrastructure today, can have outsized negative impacts. Mutational fuzzers aid compiler bug detection by systematically mutating compiler inputs, i.e., programs. Their effectiveness depends on the quality of the mutators used. Yet, no prior work used compiler bug histories as a source of mutators. We propose IssueMut, the first approach for extracting compiler fuzzing mutators from bug histories. Our insight is that bug reports contain hints about program elements that induced compiler bugs; they can guide fuzzers towards similar bugs. IssueMut uses an automated method to mine mutators from bug reports and retrofit such mutators into existing mutational compiler fuzzers. Using IssueMut, we mine 587 mutators from 1760 GCC and LLVM bug reports. Then, we run IssueMut on these compilers, with all their test inputs as seed corpora. We find that "bug history" mutators are effective: they find new bugs that a state-of-the-art mutational compiler fuzzer misses-28 in GCC and 37 in LLVM. Of these, 60 were confirmed or fixed, validating our idea that bug histories have rich information that compiler fuzzers should leverage.

翻译：编译器作为当今关键基础设施，其存在的缺陷可能产生超乎寻常的负面影响。变异式模糊测试工具通过系统化地变异编译器输入（即程序）来辅助检测编译器缺陷，其有效性取决于所用变异算子的质量。然而，现有研究从未将编译器缺陷历史作为变异算子的来源。我们提出IssueMut——首个从缺陷历史中提取编译器模糊测试变异算子的方法。我们的核心洞见在于：缺陷报告包含引发编译器缺陷的程序元素线索，这些线索能引导模糊测试工具发现类似缺陷。IssueMut采用自动化方法从缺陷报告中挖掘变异算子，并将此类算子适配到现有的变异式编译器模糊测试工具中。通过IssueMut，我们从1760份GCC和LLVM缺陷报告中挖掘出587个变异算子。随后，我们以这些编译器的所有测试输入作为初始语料库运行IssueMut。实验表明，“缺陷历史”变异算子具有显著效果：它们发现了当前最先进的变异式编译器模糊测试工具未能检测到的新缺陷——GCC中28个，LLVM中37个。其中60个缺陷已获确认或修复，这验证了我们的观点：缺陷历史蕴含丰富信息，编译器模糊测试工具应当加以利用。