FunFuzz: An LLM-Powered Evolutionary Fuzzing Framework

TL;DR

FunFuzz is a novel evolutionary fuzzing framework that leverages LLMs with multi-island parallelism and adaptive prompts to improve compiler testing efficiency and effectiveness.

Contribution

It introduces a multi-island evolutionary approach with prompt adaptation for LLM-driven fuzzing, enhancing exploration and crash discovery in compiler testing.

Findings

FunFuzz achieves higher compiler coverage than previous LLM-based fuzzers.

It discovers more unique compiler-internal failures.

Parallel island searches improve exploration diversity.

Abstract

Modern fuzzers increasingly use Large Language Models (LLMs) to generate structured inputs, but LLM-driven fuzzing is sensitive to prompt initialization and sampling variance, which can reduce exploration efficiency and lead to redundant inputs. We present FunFuzz, a multi-island evolutionary fuzzing framework that runs several isolated searches in parallel and periodically migrates high-value candidates to maintain diversity. FunFuzz derives initial generation prompts from documentation and initializes islands with topic-specific instructions, then continuously adapts prompts using feedback-guided selection. During fuzzing, candidates are prioritized by incremental compiler coverage, while compiler-internal failure signals are used to identify crash-inducing inputs. We evaluate FunFuzz on compiler fuzzing, where inputs are source programs and success is measured by compiler coverage and unique compiler-internal failures. Across repeated 24-hour campaigns on GCC and Clang, FunFuzz achieves higher compiler coverage than previous LLM-driven baselines and discovers more unique failure-triggering inputs.