Fuzzing has achieved tremendous success in discovering bugs and vulnerabilities in various software systems. Systems under test that take in programming or formal language as inputs, e.g., compilers, runtime engines, constraint solvers, and software libraries with accessible APIs, are especially important as they are fundamental building blocks of software development. However, existing fuzzers for such systems often target a specific language, and thus cannot be easily applied to other languages or even other versions of the same language.
To address these issues, we present Fuzz4All, the first fuzzer that is universal in the sense that it can target many input languages and features of these languages. The key idea behind Fuzz4All is to leverage large language models (LLMs) as an input generation and mutation engine, which enables the approach to produce diverse and realistic inputs for any practically relevant language. To realize this potential, we present a novel autoprompting technique, which creates LLM prompts that are well-suited for fuzzing, and a novel LLM-powered fuzzing loop, which iteratively updates the prompt to create new fuzzing inputs.
So far, Fuzz4All has found 98 bugs across 9 SUTs, we will continue our current fuzzing campaigns as well as applying Fuzz4All on additional languages and SUTs
GCC: 30 bugs | Clang: 27 bugs | CVC5: 9 bugs | Z3: 14 bugs |
Go: 4 bugs | Java: 3 bugs | Qiskit: 11 bugs |