This framework leverages Large Language Models (LLMs) to automatically generate fuzzing targets for C/C++, Java, and Python projects, integrating with the OSS-Fuzz platform for evaluation. It aims to improve bug detection by creating novel fuzzing harnesses that reach code not covered by existing targets, benefiting security researchers and developers focused on software robustness.

How It Works

The system utilizes various LLMs (including OpenAI and Google's Gemini models) to generate fuzzing targets. It employs prompt engineering techniques to guide the LLM in creating effective fuzzing code. Generated targets are then benchmarked against existing OSS-Fuzz targets using metrics like compilability, runtime crashes, and code coverage, providing quantitative data on the LLM-generated targets' effectiveness.

Quick Start & Requirements

• Install: Instructions are detailed in the usage guide.
• Prerequisites: Requires access to LLM APIs (e.g., OpenAI API key, Google Cloud project with Vertex AI enabled). Specific Python versions and potentially build tools for C/C++ projects are needed.
• Resources: LLM API costs, compute for fuzzing, and potentially significant disk space for project codebases and fuzzing corpora.
• Links: Usage Guide

Highlighted Details

• Successfully generated valid fuzz targets for 160 C/C++ projects in an experiment, achieving up to a 29% line coverage increase over human-written targets.
• Reported 30 new bugs/vulnerabilities not reachable by existing OSS-Fuzz targets.
• Supports a wide range of LLMs, including multiple versions of OpenAI's GPT and Google's Gemini models.
• Evaluates generated targets on compilability, runtime crashes, and coverage gains.

Maintenance & Community

• Developed by Google. Contact: oss-fuzz-team@google.com.
• Collaboration is encouraged via GitHub issues.

Licensing & Compatibility

• The repository itself is licensed under the Apache License 2.0. However, the generated fuzz targets and their compatibility depend on the OSS-Fuzz platform and the projects being fuzzed.

Limitations & Caveats

The effectiveness of generated targets varies significantly by project and LLM used. The reported bug data is not public due to potential undisclosed vulnerabilities. LLM API costs and the need for specific API access are significant adoption considerations.