🌌Fuzz4All: Universal Fuzzing with
Large Language Models

Fuzzing has achieved tremendous success in discovering bugs and vulnerabilities in various software systems. Systems under test that take in programming or formal language as inputs, e.g., compilers, runtime engines, constraint solvers, and software libraries with accessible APIs, are especially important as they are fundamental building blocks of software development. However, existing fuzzers for such systems often target a specific language, and thus cannot be easily applied to other languages or even other versions of the same language.

To address these issues, we present Fuzz4All, the first fuzzer that is universal in the sense that it can target many input languages and features of these languages. The key idea behind Fuzz4All is to leverage large language models (LLMs) as an input generation and mutation engine, which enables the approach to produce diverse and realistic inputs for any practically relevant language. To realize this potential, we present a novel autoprompting technique, which creates LLM prompts that are well-suited for fuzzing, and a novel LLM-powered fuzzing loop, which iteratively updates the prompt to create new fuzzing inputs.

🐛 Bugs Found

So far, Fuzz4All has found 98 bugs across 9 SUTs, we will continue our current fuzzing campaigns as well as applying Fuzz4All on additional languages and SUTs

GCC: 30 bugs Clang: 27 bugs CVC5: 9 bugs Z3: 14 bugs
Go: 4 bugs Java: 3 bugs Qiskit: 11 bugs



Authors

Chunqiu Steven Xia Matteo Paltenghi Jia Le Tian Michael Pradel Lingming Zhang


Template adapted from Nerfiese by Keunhong Park et al.