libFuzzer

Tool

libFuzzer is described in the provided evidence as an LLVM-based tool used as the basis for a coverage-guided fuzzing approach. In the cited RISC-V instruction-set-simulator verification work, researchers built on libFuzzer, added functional-coverage tracing and ISS-specific mutation support, and evaluated the approach on three publicly available RISC-V ISSs.

First seen 5/28/2026

Last seen 6/8/2026

Evidence 13 chunks

Wiki v2

WIKI

Overview

libFuzzer is described in the cited instruction-set-simulator (ISS) verification paper as an LLVM-based tool used as the foundation for a coverage-guided fuzzing (CGF) approach.^[1]

The paper frames CGF as using a code-coverage metric, then extends that baseline with a functional-coverage metric and an ISS-specific mutation procedure.^[2]

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

6 connections

Verifying Instruction Set Simulators using Coverage-guided Fuzzing ← uses 100% 6e

The paper implements its CGF approach on top of libFuzzer.

Coverage-Guided Fuzzing implements → 100% 6e

libFuzzer is an LLVM-based implementation of coverage-guided fuzzing.

LLVMFuzzerTestOneInput uses → 100% 4e

LLVMFuzzerTestOneInput is the interface function that libFuzzer calls repeatedly to pass inputs to the DUT.

LLVMFuzzerTestOneInput ← part of 100% 2e

LLVMFuzzerTestOneInput is the interface function defined in the DUT that libFuzzer calls.

In-process Fuzzing uses → 100% 1e

libFuzzer performs in-process fuzzing by being linked with the DUT.

Code Coverage uses → 100% 1e

libFuzzer uses code coverage to guide input generation.

LINKED ENTITIES

3 links

Verifying Instruction Set Simulators using Coverage-guided Fuzzing USES Extracted graph relationship

Coverage-Guided Fuzzing IMPLEMENTS Extracted graph relationship

LLVMFuzzerTestOneInput USES Extracted graph relationship

CITATIONS

7 sources

7 citations — click to expand

[1] libFuzzer is described as LLVM-based and used as the basis for CGF Verifying Instruction Set Simulators using Coverage-guided Fuzzing

[2] The ISS work added functional coverage and mutation extensions to CGF Verifying Instruction Set Simulators using Coverage-guided Fuzzing

[3] The RISC-V ISS case study was built on libFuzzer Verifying Instruction Set Simulators using Coverage-guided Fuzzing

[4] ISS-UT used clang branch-coverage instrumentation and manual functional-coverage trace calls Verifying Instruction Set Simulators using Coverage-guided Fuzzing

[5] Functional-coverage tracing captures instruction, decoded operation, registers, and immediates Verifying Instruction Set Simulators using Coverage-guided Fuzzing

[6] ISS-specific mutation uses engineer-defined instruction sequences Verifying Instruction Set Simulators using Coverage-guided Fuzzing

[7] The libFuzzer-based ISS evaluation found errors across the evaluated ISSs Verifying Instruction Set Simulators using Coverage-guided Fuzzing