OpenCL programs typically employ complex storage models and diverse data types as well as manifest various memory access patterns, which make it challenging to detect the performance problems effectively. However, few research efforts have been dedicated to cope with this challenge so far. In this paper, we introduce CVFuzz, a domain-independent tool that can effectively detect and locate algorithmic complexity vulnerabilities in OpenCL kernels. The key enabling idea is leveraging automatically generated pathological inputs to trigger the worst-case behavior during the execution of OpenCL kernels. Our approach takes advantage of the metrics such as code coverage and run time to guide the generation of inputs that can slow down the execution of a given OpenCL kernel. We evaluate CVFuzz on more than 250 real-world OpenCL kernels. The evaluation results demonstrate that the inputs generated by CVFuzz are effective in detecting the worst-case time algorithmic complexity and optimization vulnerabilities.

OpenCL 程序通常采用复杂的存储模型和不同的数据类型，并表现出各种内存访问模式，这使得有效检测性能问题具有挑战性。然而，迄今为止，很少有研究工作致力于应对这一挑战。在本文中，我们介绍了 CVFuzz，这是一种独立于域的工具，可以有效地检测和定位 OpenCL 内核中的算法复杂性漏洞。关键的启用想法是利用自动生成的病理输入来触发 OpenCL 内核执行期间的最坏情况行为。我们的方法利用代码覆盖率和运行时间等指标来指导可能减慢给定 OpenCL 内核执行速度的输入的生成。我们在 250 多个真实世界的 OpenCL 内核上评估了 CVFuzz。