ELFuzz.md (997B)
1 # ELFuzz 2 3 **Definition:** Efficient input generation via LLM driven synthesis over fuzzer space is an approach to fuzzing that uses an LLM 4 5 ## How it Works 6 7 ### Steps 8 9 1. Setup a harness 10 2. Start with a Naive seed fuzzer 11 3. Evaluate the seed fuzzer(s) 12 4. Mutate the seed fuzzer with the goal of exploring more of the fuzzer space 13 5. Add the mutated fuzzers to the lattice structure, discarding weaker ones 14 6. Select the mutants that cover the max unioned cover set 15 7. These selections should then be the new seed fuzzers for the next iteration 16 8. Return to step 3 if all iterations haven't been completed 17 18 ### Mutation 19 20 There are three mutation approaches described: 21 22 1. Splicing 23 - Combines the prefix of one candidate and the suffix of another, combined with code from the LLM to fill in the middle 24 2. Completion 25 - Truncate a candidate at a random position and fill in the rest with the LLM 26 3. Infilling 27 - Remove random lines and use an LLM to fill in the missing parts of the code