About the Speaker

WebGPU is a browser standard that exposes the capabilities of GPUs from
the web -- benefiting complex computations, such as required by game
engines and local LLMs. As a by-product, the complex compiler machinery
needed to convert a web shader program into native GPU machine code is
reachable from the web. Even worse, the browser process performing
shader compilation is only weakly sandboxed if at all (depending on the
platform). In consequence, memory safety issues in shader compilers pose
an interesting surface.

In this talk, we present the design and implementation of a fuzzer and
custom harness aimed at exploring this attack surface. Central to our
approach is a custom intermediate representation (IR) that enables
semantically valid mutations of shader programs. We also describe our
approach to harnessing Mesa, the shader compilation pipeline on Linux.
 

Lukas Bernhard is a security researcher who recently moved from academia
to industry. His past research centers on browser fuzzing and memory
safety mitigations. Notable work includes differential testing of
JavaScript engines and fuzzing of WebGPU.