Abstract
Fuzzing has achieved tremendous success in discovering bugs andvulnerabilities in various software systems. Systems under test (SUTs) thattake in programming or formal language as inputs, e.g., compilers, runtimeengines, constraint solvers, and software libraries with accessible APIs, areespecially important as they are fundamental building blocks of softwaredevelopment. However, existing fuzzers for such systems often target a specificlanguage, and thus cannot be easily applied to other languages or even otherversions of the same language. Moreover, the inputs generated by existingfuzzers are often limited to specific features of the input language, and thuscan hardly reveal bugs related to other or new features. This paper presentsFuzz4All, the first fuzzer that is universal in the sense that it can targetmany different input languages and many different features of these languages.The key idea behind Fuzz4All is to leverage large language models (LLMs) as aninput generation and mutation engine, which enables the approach to producediverse and realistic inputs for any practically relevant language. To realizethis potential, we present a novel autoprompting technique, which creates LLMprompts that are wellsuited for fuzzing, and a novel LLM-powered fuzzing loop,which iteratively updates the prompt to create new fuzzing inputs. We evaluateFuzz4All on nine systems under test that take in six different languages (C,C++, Go, SMT2, Java and Python) as inputs. The evaluation shows, across all sixlanguages, that universal fuzzing achieves higher coverage than existing,language-specific fuzzers. Furthermore, Fuzz4All has identified 98 bugs inwidely used systems, such as GCC, Clang, Z3, CVC5, OpenJDK, and the Qiskitquantum computing platform, with 64 bugs already confirmed by developers aspreviously unknown.