Bugs in compilers, which are critical infrastructure today, can have outsized negative impacts. Mutational fuzzers aid compiler bug detection by systematically mutating compiler inputs, i.e., programs. Their effectiveness depends on the quality of the mutators used. Yet, no prior work used compiler bug histories as a source of mutators.

We propose IssueMut, the first approach for extracting compiler fuzzing mutators from bug histories. Our insight is that bug reports contain hints about program elements that induced compiler bugs; they can guide fuzzers towards similar bugs. IssueMut uses an automated method to mine mutators from bug reports and retrofit such mutators into existing mutational compiler fuzzers.

Using IssueMut, we mine 587 mutators from 1760 GCC and LLVM bug reports. Then, we run IssueMut on these compilers, with all their test inputs as seed corpora. We find that “bug history” mutators are effective: they find new bugs that a state-of-the-art mutational compiler fuzzer misses-25 in GCC and 27 in LLVM. Out of the 65 bugs we reported, 60 were confirmed or fixed, validating our idea that bug histories have rich information that compiler fuzzers should leverage.