LibLMFuzz: LLM-Augmented Fuzz Target Generation for Black-box Libraries

TL;DR

LibLMFuzz leverages large language models to autonomously generate fuzzing drivers for closed-source libraries, achieving full API coverage and high correctness without human intervention, thus reducing fuzzing costs.

Contribution

This paper introduces LibLMFuzz, a novel LLM-based framework that automates fuzz target generation for black-box libraries, significantly reducing manual effort and increasing coverage.

Findings

Achieved 100% API coverage on four Linux libraries.

Generated 558 syntactically correct fuzzing drivers with no human input.

75.52% of drivers were correct on first execution.

Abstract

A fundamental problem in cybersecurity and computer science is determining whether a program is free of bugs and vulnerabilities. Fuzzing, a popular approach to discovering vulnerabilities in programs, has several advantages over alternative strategies, although it has investment costs in the form of initial setup and continuous maintenance. The choice of fuzzing is further complicated when only a binary library is available, such as the case of closed-source and proprietary software. In response, we introduce LibLMFuzz, a framework that reduces costs associated with fuzzing closed-source libraries by pairing an agentic Large Language Model (LLM) with a lightweight tool-chain (disassembler/compiler/fuzzer) to autonomously analyze stripped binaries, plan fuzz strategies, generate drivers, and iteratively self-repair build or runtime errors. Tested on four widely-used Linux libraries, LibLMFuzz produced syntactically correct drivers for all 558 fuzz-able API functions, achieving 100% API coverage with no human intervention. Across the 1601 synthesized drivers, 75.52% were nominally correct on first execution. The results show that LLM-augmented middleware holds promise in reducing the costs of fuzzing black box components and provides a foundation for future research efforts. Future opportunities exist for research in branch coverage.