English

FunFuzz: An LLM-Powered Evolutionary Fuzzing Framework

Cryptography and Security 2026-05-05 v1 Computation and Language

Abstract

Modern fuzzers increasingly use Large Language Models (LLMs) to generate structured inputs, but LLM-driven fuzzing is sensitive to prompt initialization and sampling variance, which can reduce exploration efficiency and lead to redundant inputs. We present FunFuzz, a multi-island evolutionary fuzzing framework that runs several isolated searches in parallel and periodically migrates high-value candidates to maintain diversity. FunFuzz derives initial generation prompts from documentation and initializes islands with topic-specific instructions, then continuously adapts prompts using feedback-guided selection. During fuzzing, candidates are prioritized by incremental compiler coverage, while compiler-internal failure signals are used to identify crash-inducing inputs. We evaluate FunFuzz on compiler fuzzing, where inputs are source programs and success is measured by compiler coverage and unique compiler-internal failures. Across repeated 24-hour campaigns on GCC and Clang, FunFuzz achieves higher compiler coverage than previous LLM-driven baselines and discovers more unique failure-triggering inputs.

Keywords

Cite

@article{arxiv.2605.02789,
  title  = {FunFuzz: An LLM-Powered Evolutionary Fuzzing Framework},
  author = {Mario Rodríguez Béjar and B. Romera-Paredes and Jose L. Hernández-Ramos},
  journal= {arXiv preprint arXiv:2605.02789},
  year   = {2026}
}

Comments

19 pages, 12 figures, 12 tables

R2 v1 2026-07-01T12:48:51.776Z