Towards Reliable LLM-Driven Fuzz Testing: Vision and Road Ahead
read the original abstract
Fuzz testing is a crucial component of software security assessment, yet its effectiveness heavily relies on valid fuzz drivers and diverse seed inputs. Recent advancements in Large Language Models (LLMs) offer transformative potential for automating fuzz testing (LLM4Fuzz), particularly in generating drivers and seeds. However, current LLM4Fuzz solutions face critical reliability challenges, including low driver validity rates and seed quality trade-offs, hindering their practical adoption. This paper aims to examine the reliability bottlenecks of LLM-driven fuzzing and explores potential research directions to address these limitations. It begins with an overview of the current development of LLM4SE and emphasizes the necessity for developing reliable LLM4Fuzz solutions. Following this, the paper envisions a vision where reliable LLM4Fuzz transforms the landscape of software testing and security for industry, software development practitioners, and economic accessibility. It then outlines a road ahead for future research, identifying key challenges and offering specific suggestions for the researchers to consider. This work strives to spark innovation in the field, positioning reliable LLM4Fuzz as a fundamental component of modern software testing.
This paper has not been read by Pith yet.
Forward citations
Cited by 2 Pith papers
-
Quality-Assured Fuzz Harness Generation via the Four Principles Framework
QuartetFuzz introduces the Four Principles framework for harness correctness and deploys an autonomous LLM agent that produces verified harnesses, yielding 29 confirmed bugs across 23 projects and identifying violatio...
-
MASFuzzer: Fuzz Driver Generation and Adaptive Scheduling via Multidimensional API Sequences
MASFuzzer generates fuzz drivers via mined multidimensional API sequences and adaptive scheduling, delivering 8.54% higher code coverage and 16 new vulnerabilities across 12 libraries.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.