Fuzz4All: Universal Fuzzing with Large Language Models
Proceedings of the IEEE/ACM 46th International Conference on Software Engineering(2023)
摘要
Fuzzing has achieved tremendous success in discovering bugs and
vulnerabilities in various software systems. Systems under test (SUTs) that
take in programming or formal language as inputs, e.g., compilers, runtime
engines, constraint solvers, and software libraries with accessible APIs, are
especially important as they are fundamental building blocks of software
development. However, existing fuzzers for such systems often target a specific
language, and thus cannot be easily applied to other languages or even other
versions of the same language. Moreover, the inputs generated by existing
fuzzers are often limited to specific features of the input language, and thus
can hardly reveal bugs related to other or new features. This paper presents
Fuzz4All, the first fuzzer that is universal in the sense that it can target
many different input languages and many different features of these languages.
The key idea behind Fuzz4All is to leverage large language models (LLMs) as an
input generation and mutation engine, which enables the approach to produce
diverse and realistic inputs for any practically relevant language. To realize
this potential, we present a novel autoprompting technique, which creates LLM
prompts that are wellsuited for fuzzing, and a novel LLM-powered fuzzing loop,
which iteratively updates the prompt to create new fuzzing inputs. We evaluate
Fuzz4All on nine systems under test that take in six different languages (C,
C++, Go, SMT2, Java and Python) as inputs. The evaluation shows, across all six
languages, that universal fuzzing achieves higher coverage than existing,
language-specific fuzzers. Furthermore, Fuzz4All has identified 98 bugs in
widely used systems, such as GCC, Clang, Z3, CVC5, OpenJDK, and the Qiskit
quantum computing platform, with 64 bugs already confirmed by developers as
previously unknown.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要