{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T08:42:46Z","timestamp":1780994566271,"version":"3.54.1"},"reference-count":68,"publisher":"Association for Computing Machinery (ACM)","issue":"PLDI","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Program. Lang."],"published-print":{"date-parts":[[2025,6,10]]},"abstract":"<jats:p>Incorrect compiler optimizations can lead to unintended program behavior and security vulnerabilities. However, the enormous size and complexity of modern compilers make it challenging to ensure the correctness of optimizations. The problem becomes more severe as compiler engineers continuously add new optimizations to improve performance and support new language features. In this paper, we propose Optimuzz, a framework to effectively detect incorrect optimization bugs in such continuously changing compilers. The key idea is to combine two complementary techniques: directed grey-box fuzzing and translation validation. We design a novel optimization-directed fuzzing framework that efficiently generates input programs to trigger specific compiler optimizations. Optimuzz then use existing translation validation tools to verify the correctness of the optimizations on the input programs. We instantiate our approach for two major compilers, LLVM and TurboFan. The results show that Optimuzz can effectively detect miscompilation bugs in these compilers compared to the state-of-the-art tools. We also applied Optimuzz to the latest version of LLVM and discovered 55 new miscompilation bugs.<\/jats:p>","DOI":"10.1145\/3729275","type":"journal-article","created":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T16:02:27Z","timestamp":1749830547000},"page":"627-650","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Optimization-Directed Compiler Fuzzing for Continuous Translation Validation"],"prefix":"10.1145","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-1927-5077","authenticated-orcid":false,"given":"Jaeseong","family":"Kwon","sequence":"first","affiliation":[{"name":"KAIST, Daejeon, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-5099-9526","authenticated-orcid":false,"given":"Bongjun","family":"Jang","sequence":"additional","affiliation":[{"name":"KAIST, Daejeon, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8152-9330","authenticated-orcid":false,"given":"Juneyoung","family":"Lee","sequence":"additional","affiliation":[{"name":"AWS, Austin, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2671-0142","authenticated-orcid":false,"given":"Kihong","family":"Heo","sequence":"additional","affiliation":[{"name":"KAIST, Daejeon, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2025,6,13]]},"reference":[{"key":"e_1_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560624"},{"key":"e_1_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134020"},{"key":"e_1_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978428"},{"key":"e_1_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243849"},{"key":"e_1_2_2_5_1","unstructured":"Chromium. 2021. Issue 1195650. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=1195650"},{"key":"e_1_2_2_6_1","unstructured":"Chromium. 2021. Issue 1198705. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=1198705"},{"key":"e_1_2_2_7_1","unstructured":"Chromium. 2021. Issue 1199345. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=1199345"},{"key":"e_1_2_2_8_1","unstructured":"Chromium. 2021. Issue 1200490. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=1200490"},{"key":"e_1_2_2_9_1","unstructured":"Chromium. 2021. Issue 1234764. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=1234764"},{"key":"e_1_2_2_10_1","unstructured":"Chromium. 2021. Issue 1234770. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=1234770"},{"key":"e_1_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510197"},{"key":"e_1_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598130"},{"key":"e_1_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/CGO57630.2024.10444854"},{"key":"e_1_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3397372"},{"key":"e_1_2_2_15_1","unstructured":"Google. 2008. Mjsunit. https:\/\/chromium.googlesource.com\/v8\/v8\/+\/master\/test\/mjsunit\/"},{"key":"e_1_2_2_16_1","unstructured":"Google. 2008. V8. https:\/\/v8.dev"},{"key":"e_1_2_2_17_1","volume-title":"FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities. In Network and Distributed System Security Symposium (NDSS).","author":"Gro\u00df Samuel","year":"2023","unstructured":"Samuel Gro\u00df, Simon Koch, Lukas Bernhard, Thorsten Holz, and Martin Johns. 2023. FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities. In Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23263"},{"key":"e_1_2_2_19_1","volume-title":"Proceedings of the USENIX Security Symposium (Security).","author":"Holler Christian","year":"2012","unstructured":"Christian Holler, Kim Herzig, and Andreas Zeller. 2012. Fuzzing with Code Fragments. In Proceedings of the USENIX Security Symposium (Security)."},{"key":"e_1_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833751"},{"key":"e_1_2_2_21_1","volume-title":"Proceedings of the USENIX Security Symposium (Security).","author":"Kim Tae Eun","year":"2023","unstructured":"Tae Eun Kim, Jaeseung Choi, Kihong Heo, and Sang Kil Cha. 2023. DAFL: Directed Grey-Box Fuzzing Guided by Data Dependency. In Proceedings of the USENIX Security Symposium (Security)."},{"key":"e_1_2_2_22_1","doi-asserted-by":"publisher","unstructured":"Jaeseong Kwon Bongjun Jang Juneyoung Lee and Kihong Heo. 2025. Optimization-Directed Compiler Fuzzing for Continuous Translation Validation. https:\/\/doi.org\/10.5281\/zenodo.15037303 10.5281\/zenodo.15037303","DOI":"10.5281\/zenodo.15037303"},{"key":"e_1_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639189"},{"key":"e_1_2_2_24_1","volume-title":"LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In International Symposium on Code Generation and Optimization.","author":"Lattner C.","unstructured":"C. Lattner and V. Adve. 2004. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In International Symposium on Code Generation and Optimization."},{"key":"e_1_2_2_25_1","volume-title":"Proceedings of the USENIX Security Symposium (Security), Srdjan Capkun and Franziska Roesner (Eds.).","author":"Lee Suyoung","year":"2020","unstructured":"Suyoung Lee, HyungSeok Han, Sang Kil Cha, and Sooel Son. 2020. Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer. In Proceedings of the USENIX Security Symposium (Security), Srdjan Capkun and Franziska Roesner (Eds.)."},{"key":"e_1_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3617232.3624874"},{"key":"e_1_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3656386"},{"key":"e_1_2_2_28_1","volume-title":"FLUX: Finding Bugs with LLVM IR Based Unit Test Crossovers. In International Conference on Automated Software Engineering (ASE).","author":"Liu Eric","year":"2023","unstructured":"Eric Liu, Shengjie Xu, and David Lie. 2023. FLUX: Finding Bugs with LLVM IR Based Unit Test Crossovers. In International Conference on Automated Software Engineering (ASE)."},{"key":"e_1_2_2_29_1","unstructured":"Liu Eric. 2024. FLUX Unit Test Suite. https:\/\/github.com\/ericliuu\/flux\/blob\/main\/scripts\/collect_unittest_functions.py"},{"key":"e_1_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3428264"},{"key":"e_1_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3591295"},{"key":"e_1_2_2_32_1","unstructured":"LLVM. 2016. LLVM InstCombine Unit Test Suite. https:\/\/github.com\/llvm\/llvm-project\/tree\/main\/llvm\/test\/Transforms\/InstCombine"},{"key":"e_1_2_2_33_1","unstructured":"LLVM. 2022. Issue 55291. https:\/\/github.com\/llvm\/llvm-project\/issues\/55291"},{"key":"e_1_2_2_34_1","unstructured":"LLVM. 2022. Issue 57357. https:\/\/github.com\/llvm\/llvm-project\/issues\/57357"},{"key":"e_1_2_2_35_1","unstructured":"LLVM. 2022. Issue 57683. https:\/\/github.com\/llvm\/llvm-project\/issues\/57683"},{"key":"e_1_2_2_36_1","unstructured":"LLVM. 2022. Issue 58977. https:\/\/github.com\/llvm\/llvm-project\/issues\/58977"},{"key":"e_1_2_2_37_1","unstructured":"LLVM. 2022. Issue 59279. https:\/\/github.com\/llvm\/llvm-project\/issues\/59279"},{"key":"e_1_2_2_38_1","unstructured":"LLVM. 2022. Issue 59301. https:\/\/github.com\/llvm\/llvm-project\/issues\/59301"},{"key":"e_1_2_2_39_1","unstructured":"LLVM. 2023. Issue 59836. https:\/\/github.com\/llvm\/llvm-project\/issues\/59301"},{"key":"e_1_2_2_40_1","unstructured":"LLVM. 2023. Issue 61312. https:\/\/github.com\/llvm\/llvm-project\/issues\/61312"},{"key":"e_1_2_2_41_1","unstructured":"LLVM. 2023. Issue 62401. https:\/\/github.com\/llvm\/llvm-project\/issues\/62401"},{"key":"e_1_2_2_42_1","unstructured":"LLVM. 2023. Issue 62901. https:\/\/github.com\/llvm\/llvm-project\/issues\/62901"},{"key":"e_1_2_2_43_1","unstructured":"LLVM. 2023. Issue 63327. https:\/\/github.com\/llvm\/llvm-project\/issues\/63327"},{"key":"e_1_2_2_44_1","unstructured":"LLVM. 2023. Issue 64339. https:\/\/github.com\/llvm\/llvm-project\/issues\/64339"},{"key":"e_1_2_2_45_1","unstructured":"LLVM. 2023. Issue 70470. https:\/\/github.com\/llvm\/llvm-project\/issues\/70470"},{"key":"e_1_2_2_46_1","unstructured":"LLVM. 2023. Issue 72911. https:\/\/github.com\/llvm\/llvm-project\/issues\/72911"},{"key":"e_1_2_2_47_1","unstructured":"LLVM. 2023. Issue 74890. https:\/\/github.com\/llvm\/llvm-project\/issues\/74890"},{"key":"e_1_2_2_48_1","unstructured":"LLVM. 2023. Issue 75437. https:\/\/github.com\/llvm\/llvm-project\/issues\/75437"},{"key":"e_1_2_2_49_1","unstructured":"LLVM. 2023. Issue 76441. https:\/\/github.com\/llvm\/llvm-project\/issues\/76441"},{"key":"e_1_2_2_50_1","unstructured":"LLVM. 2024. Issue 84025. https:\/\/github.com\/llvm\/llvm-project\/issues\/84025"},{"key":"e_1_2_2_51_1","unstructured":"LLVM. 2024. Issue 89390. https:\/\/github.com\/llvm\/llvm-project\/issues\/89390"},{"key":"e_1_2_2_52_1","unstructured":"LLVM. 2024. Issue 89516. https:\/\/github.com\/llvm\/llvm-project\/issues\/89519"},{"key":"e_1_2_2_53_1","unstructured":"LLVM. 2024. Issue 89669. https:\/\/github.com\/llvm\/llvm-project\/issues\/89669"},{"key":"e_1_2_2_54_1","unstructured":"LLVM. 2024. Issue 91417. https:\/\/github.com\/llvm\/llvm-project\/issues\/91417"},{"key":"e_1_2_2_55_1","unstructured":"LLVM. 2024. Issue 98753. https:\/\/github.com\/llvm\/llvm-project\/issues\/98753"},{"key":"e_1_2_2_56_1","unstructured":"LLVM. 2024. Issue 98838. https:\/\/github.com\/llvm\/llvm-project\/issues\/98838"},{"key":"e_1_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3453483.3454030"},{"key":"e_1_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/349299.349314"},{"key":"e_1_2_2_59_1","volume-title":"Proceedings of the 43rd International Conference on Software Engineering (ICSE).","author":"Park Jihyeok","year":"2021","unstructured":"Jihyeok Park, Seungmin An, Dongjun Youn, Gyeongwon Kim, and Sukyoung Ryu. 2021. JEST: N+1-Version Differential Testing of Both JavaScript Engines and Specification. Proceedings of the 43rd International Conference on Software Engineering (ICSE)."},{"key":"e_1_2_2_60_1","volume-title":"Fuzzing JavaScript Engines with Aspect-preserving Mutation. In IEEE Symposium on Security and Privacy (SP). IEEE.","author":"Park Soyeon","year":"2020","unstructured":"Soyeon Park, Wen Xu, Insu Yun, Daehee Jang, and Taesoo Kim. 2020. Fuzzing JavaScript Engines with Aspect-preserving Mutation. In IEEE Symposium on Security and Privacy (SP). IEEE."},{"key":"e_1_2_2_61_1","volume-title":"Translation Validation. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS).","author":"Pnueli A.","unstructured":"A. Pnueli, M. Siegel, and E. Singerman. 1998. Translation Validation. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS)."},{"key":"e_1_2_2_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/2983990.2984038"},{"key":"e_1_2_2_63_1","volume-title":"FuzzJIT: Oracle-enhanced Fuzzing for JavaScript Engine JIT Compiler. In USENIX Security Symposium (Security).","author":"Wang Junjie","year":"2023","unstructured":"Junjie Wang, Xiaoning Du Zhiyi Zhang, Shuang Liu, and Junjie Chen. 2023. FuzzJIT: Oracle-enhanced Fuzzing for JavaScript Engine JIT Compiler. In USENIX Security Symposium (Security)."},{"key":"e_1_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00017"},{"key":"e_1_2_2_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/3689736"},{"key":"e_1_2_2_66_1","volume-title":"Finding and Understanding Bugs in C Compilers. In ACM SIGPLAN International Conference on ProgrammingLanguage Design and Implementation (PLDI).","author":"Yang Xuejun","year":"2011","unstructured":"Xuejun Yang, Yang Chen, Eric Eide, and John Regehr. 2011. Finding and Understanding Bugs in C Compilers. In ACM SIGPLAN International Conference on ProgrammingLanguage Design and Implementation (PLDI)."},{"key":"e_1_2_2_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.988498"},{"key":"e_1_2_2_68_1","volume-title":"An Empirical Study of Optimization Bugs in GCC and LLVM. Journal of Systems and Software, 174","author":"Zhou Zhide","year":"2021","unstructured":"Zhide Zhou, Zhilei Ren, Guojun Gao, and He Jiang. 2021. An Empirical Study of Optimization Bugs in GCC and LLVM. Journal of Systems and Software, 174 (2021)."}],"container-title":["Proceedings of the ACM on Programming Languages"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3729275","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,16]],"date-time":"2025-07-16T06:07:54Z","timestamp":1752646074000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3729275"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,10]]},"references-count":68,"journal-issue":{"issue":"PLDI","published-print":{"date-parts":[[2025,6,10]]}},"alternative-id":["10.1145\/3729275"],"URL":"https:\/\/doi.org\/10.1145\/3729275","relation":{},"ISSN":["2475-1421"],"issn-type":[{"value":"2475-1421","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,6,10]]},"assertion":[{"value":"2024-11-15","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-03-06","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-06-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}