Fuzzing Wiki — STIMSMITH

Fuzzing

Concept WIKI v1 · 5/27/2026

Fuzzing is a testing technique that repeatedly runs a target with modified inputs to uncover bugs, commonly security vulnerabilities in input-parsing code. Recent research described in the provided sources applies machine learning to generate fuzzing grammars and prompt-based generation to produce fuzz drivers; a related RISC-V UVM verification work also includes fuzzing in its experimental evaluation.

Overview

Fuzzing is a testing technique in which an application is repeatedly exercised with modified, or “fuzzed,” inputs. In the software-security setting described by Learn&Fuzz, its goal is to find security vulnerabilities in input-parsing code.

Input-structure learning and fuzzing

One challenge in input fuzzing is balancing valid input structure against disruptive mutations. Learn&Fuzz frames this as a tension: learning aims to capture the structure of well-formed inputs, while fuzzing aims to break that structure so that testing reaches unexpected code paths and exposes bugs.

The same work proposes using sample inputs and neural-network-based statistical machine-learning techniques to automatically generate an input grammar suitable for fuzzing. Its reported case study targets PDF inputs and the PDF parser embedded in Microsoft Edge, and it describes an algorithm that uses a learned input probability distribution to guide where inputs should be fuzzed.

Fuzz driver generation

Fuzzing libraries often requires fuzz drivers: small programs or harnesses that call library APIs in ways the fuzzer can exercise. Prompt Fuzzing for Fuzz Driver Generation states that crafting high-quality fuzz drivers is time-consuming and requires deep library understanding.

PromptFuzz is described as a coverage-guided fuzzer for prompt fuzzing that iteratively generates fuzz drivers to explore previously undiscovered library code. The paper reports techniques including instructive program generation, erroneous program validation, coverage-guided prompt mutation, and constrained fuzzer scheduling. In an evaluation on 14 real-world libraries, PromptFuzz-generated drivers achieved 1.61× and 1.63× higher branch coverage than OSS-Fuzz and Hopper, respectively, and detected 33 genuine new bugs among 49 crashes, with 30 confirmed by the relevant communities.

Use in hardware verification context

The related work UVM Based Design Verification of a RISC-V CPU Core includes a “Fuzzing” subsection in its experimental evaluation chapter, indicating that fuzzing is used or discussed as part of that RISC-V CPU-core verification study.

LINKED ENTITIES

1 links

UVM Based Design Verification of a RISC-V CPU Core USES

CITATIONS

7 sources

7 citations

[1] Fuzzing repeatedly tests an application with modified or fuzzed inputs to find security vulnerabilities in input-parsing code. Learn&Fuzz: Machine Learning for Input Fuzzing

[2] Learn&Fuzz describes a tension between learning well-formed input structure and fuzzing that breaks structure to cover unexpected code paths and find bugs. Learn&Fuzz: Machine Learning for Input Fuzzing

[3] Learn&Fuzz uses sample inputs and neural-network-based statistical machine learning to automate generation of an input grammar for fuzzing, with a PDF/Microsoft Edge parser case study and a learned-probability-distribution-guided fuzzing algorithm. Learn&Fuzz: Machine Learning for Input Fuzzing

[4] Crafting high-quality fuzz drivers is time-consuming and requires deep library understanding. Prompt Fuzzing for Fuzz Driver Generation

[5] PromptFuzz is a coverage-guided fuzzer for prompt fuzzing that iteratively generates fuzz drivers and uses instructive program generation, erroneous program validation, coverage-guided prompt mutation, and constrained fuzzer scheduling. Prompt Fuzzing for Fuzz Driver Generation

[6] PromptFuzz was evaluated on 14 real-world libraries; its generated fuzz drivers achieved 1.61× and 1.63× higher branch coverage than OSS-Fuzz and Hopper, and detected 33 genuine new bugs among 49 crashes, with 30 confirmed. Prompt Fuzzing for Fuzz Driver Generation

[7] UVM Based Design Verification of a RISC-V CPU Core includes a Fuzzing subsection in Chapter 5, Experimental evaluation. [PDF] UVM based design veri cation of a RISC-V CPU core - POLITesi