Large Language Models Are Zero-Shot Fuzzers: Fuzzing Deep-Learning Libraries via Large Language Models
Deep Learning (DL) systems have received exponential growth in popularity and have become ubiquitous in our everyday life. Such systems are built on top of popular DL libraries, e.g., TensorFlow and PyTorch which provide APIs as building blocks for DL systems. Detecting bugs in these DL libraries is critical for almost all downstream DL systems in ensuring effectiveness/safety for end users. Meanwhile, traditional fuzzing techniques can be hardly effective for such a challenging domain since the input DL programs need to satisfy both the input language (e.g., Python) syntax/semantics and the DL API input/shape constraints for tensor computations.
To address these limitations, we propose TitanFuzz – the first approach to directly leveraging Large Language Models (LLMs) to generate input programs for fuzzing DL libraries. LLMs are titanic models trained on billions of code snippets and can autoregressively generate human-like code snippets. Our key insight is that modern LLMs can also include numerous code snippets invoking DL library APIs in their training corpora, and thus can implicitly learn both language syntax/semantics and intricate DL API constraints for valid DL program generation. More specifically, we use both generative and infilling LLMs (e.g., Codex/InCoder) to generate and mutate valid/diverse input DL programs for fuzzing. Our experimental results demonstrate that TitanFuzz can achieve 30.38%/50.84% higher code coverage than state-of-the-art fuzzers on TensorFlow/PyTorch. Furthermore, TitanFuzz is able to detect 65 bugs, with 44 already confirmed as previously unknown bugs.
This paper demonstrates that modern titanic LLMs can be leveraged to directly perform both generation-based and mutation-based fuzzing studied for decades, while being fully automated, generalizable, and applicable to domains challenging for traditional approaches (such as DL systems). We hope TitanFuzz can stimulate more work in this promising direction of LLMs for fuzzing.
Tue 18 JulDisplayed time zone: Pacific Time (US & Canada) change
10:30 - 12:00 | ISSTA 2: Fuzzing 1Technical Papers at Smith Classroom (Gates G10) Chair(s): Jonathan Bell Northeastern University | ||
10:30 15mTalk | Icicle: A Re-designed Emulator for Grey-Box Firmware Fuzzing Technical Papers Michael Chesser University of Adelaide, Surya Nepal CSIRO’s Data61, Damith C. Ranasinghe University of Adelaide DOI | ||
10:45 15mTalk | Green Fuzzing: A Saturation-Based Stopping Criterion using Vulnerability Prediction Technical Papers Stephan Lipp TU Munich, Daniel Elsner TU Munich, Severin Kacianka TU Munich, Alexander Pretschner TU Munich, Marcel Böhme MPI-SP; Monash University, Sebastian Banescu TU Munich DOI | ||
11:00 15mTalk | ItyFuzz: Snapshot-Based Fuzzer for Smart Contract Technical Papers Chaofan Shou University of California at Santa Barbara, Shangyin Tan University of California at Berkeley, Koushik Sen University of California at Berkeley DOI | ||
11:15 15mTalk | Large Language Models Are Zero-Shot Fuzzers: Fuzzing Deep-Learning Libraries via Large Language Models Technical Papers Yinlin Deng University of Illinois at Urbana-Champaign, Chunqiu Steven Xia University of Illinois at Urbana-Champaign, Haoran Peng University of Science and Technology of China, Chenyuan Yang University of Illinois at Urbana-Champaign, Lingming Zhang University of Illinois at Urbana-Champaign DOI | ||
11:30 15mTalk | Detecting State Inconsistency Bugs in DApps via On-Chain Transaction Replay and Fuzzing Technical Papers Mingxi Ye Sun Yat-sen University, Yuhong Nan Sun Yat-sen University, Zibin Zheng Sun Yat-sen University, Dongpeng Wu Sun Yat-sen University, Huizhong Li WeBank DOI | ||
11:45 15mTalk | Green Fuzzer Benchmarking Technical Papers DOI |