oss-fuzz-gen copied to clipboard
LLM powered fuzzing via OSS-Fuzz.
A Framework for Fuzz Target Generation and Evaluation
This framework generates fuzz targets for real-world
C++ projects with
various Large Language Models (LLM) and benchmarks them via the
More details available in AI-Powered Fuzzing: Breaking the Bug Hunting Barrier:
Current supported models are:
- Vertex AI code-bison
- Vertex AI code-bison-32k
- Gemini Pro
- OpenAI GPT-3.5-turbo
- OpenAI GPT-4
Generated fuzz targets are evaluated with four metrics against the most up-to-date data from production environment:
- Runtime crashes
- Runtime coverage
- Runtime line coverage diff against existing human-written fuzz targets in
Here is a sample experiment result from 2024 Jan 31. The experiment included 1300+ benchmarks from 297 open-source projects.
Overall, this framework manages to successfully leverage LLMs to generate valid fuzz targets (which generate non-zero coverage increase) for 160 C/C++ projects. The maximum line coverage increase is 29% from the existing human-written targets.
Note that these reports are not public as they may contain undisclosed vulnerabilities.
Check our detailed usage guide for instructions on how to run this framework and generate reports based on the results.
Interested in research or open-source community collaborations? Please feel free to create an issue or email us: [email protected].
So far, we have reported 3 new bugs/vulnerabilities found by automatically generated targets built by this framework:
Current top coverage improvements by project
|Coverage increase % *
* Percentage coverage is calculated using a denominator of the total lines of source code compiled during the OSS-Fuzz build process for the entire project.