The Seeds of the FUTURE Sprout from History: Fuzzing for Unveiling Vulnerabilities in Prospective Deep-Learning Libraries Article Swipe
Zhiyuan Li
,
Jingzheng Wu
,
Xiang Ling
,
Tianyue Luo
,
Zhiqing Rui
,
Yanjun Wu
·
YOU?
·
· 2024
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2412.01317
YOU?
·
· 2024
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2412.01317
The widespread application of large language models (LLMs) underscores the importance of deep learning (DL) technologies that rely on foundational DL libraries such as PyTorch and TensorFlow. Despite their robust features, these libraries face challenges with scalability and adaptation to rapid advancements in the LLM community. In response, tech giants like Apple and Huawei are developing their own DL libraries to enhance performance, increase scalability, and safeguard intellectual property. Ensuring the security of these libraries is crucial, with fuzzing being a vital solution. However, existing fuzzing frameworks struggle with target flexibility, effectively testing bug-prone API sequences, and leveraging the limited available information in new libraries. To address these limitations, we propose FUTURE, the first universal fuzzing framework tailored for newly introduced and prospective DL libraries. FUTURE leverages historical bug information from existing libraries and fine-tunes LLMs for specialized code generation. This strategy helps identify bugs in new libraries and uses insights from these libraries to enhance security in existing ones, creating a cycle from history to future and back. To evaluate FUTURE's effectiveness, we conduct comprehensive evaluations on three newly introduced DL libraries. Evaluation results demonstrate that FUTURE significantly outperforms existing fuzzers in bug detection, success rate of bug reproduction, validity rate of code generation, and API coverage. Notably, FUTURE has detected 148 bugs across 452 targeted APIs, including 142 previously unknown bugs. Among these, 10 have been assigned CVE IDs. Additionally, FUTURE detects 7 bugs in PyTorch, demonstrating its ability to enhance security in existing libraries in reverse.
Related Topics
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2412.01317
- https://arxiv.org/pdf/2412.01317
- OA Status
- green
- Related Works
- 10
- OpenAlex ID
- https://openalex.org/W4405034258
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4405034258Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2412.01317Digital Object Identifier
- Title
-
The Seeds of the FUTURE Sprout from History: Fuzzing for Unveiling Vulnerabilities in Prospective Deep-Learning LibrariesWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2024Year of publication
- Publication date
-
2024-12-02Full publication date if available
- Authors
-
Zhiyuan Li, Jingzheng Wu, Xiang Ling, Tianyue Luo, Zhiqing Rui, Yanjun WuList of authors in order
- Landing page
-
https://arxiv.org/abs/2412.01317Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2412.01317Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2412.01317Direct OA link when available
- Concepts
-
Fuzz testing, Political science, Computer science, Software, Programming languageTop concepts (fields/topics) attached by OpenAlex
- Cited by
-
0Total citation count in OpenAlex
- Related works (count)
-
10Other works algorithmically related by OpenAlex
Full payload
| id | https://openalex.org/W4405034258 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2412.01317 |
| ids.doi | https://doi.org/10.48550/arxiv.2412.01317 |
| ids.openalex | https://openalex.org/W4405034258 |
| fwci | |
| type | preprint |
| title | The Seeds of the FUTURE Sprout from History: Fuzzing for Unveiling Vulnerabilities in Prospective Deep-Learning Libraries |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T10764 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.6455000042915344 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1702 |
| topics[0].subfield.display_name | Artificial Intelligence |
| topics[0].display_name | Privacy-Preserving Technologies in Data |
| topics[1].id | https://openalex.org/T10883 |
| topics[1].field.id | https://openalex.org/fields/33 |
| topics[1].field.display_name | Social Sciences |
| topics[1].score | 0.5785999894142151 |
| topics[1].domain.id | https://openalex.org/domains/2 |
| topics[1].domain.display_name | Social Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/3311 |
| topics[1].subfield.display_name | Safety Research |
| topics[1].display_name | Ethics and Social Impacts of AI |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| concepts[0].id | https://openalex.org/C111065885 |
| concepts[0].level | 3 |
| concepts[0].score | 0.6444530487060547 |
| concepts[0].wikidata | https://www.wikidata.org/wiki/Q1189053 |
| concepts[0].display_name | Fuzz testing |
| concepts[1].id | https://openalex.org/C17744445 |
| concepts[1].level | 0 |
| concepts[1].score | 0.3459925651550293 |
| concepts[1].wikidata | https://www.wikidata.org/wiki/Q36442 |
| concepts[1].display_name | Political science |
| concepts[2].id | https://openalex.org/C41008148 |
| concepts[2].level | 0 |
| concepts[2].score | 0.2766042947769165 |
| concepts[2].wikidata | https://www.wikidata.org/wiki/Q21198 |
| concepts[2].display_name | Computer science |
| concepts[3].id | https://openalex.org/C2777904410 |
| concepts[3].level | 2 |
| concepts[3].score | 0.07991534471511841 |
| concepts[3].wikidata | https://www.wikidata.org/wiki/Q7397 |
| concepts[3].display_name | Software |
| concepts[4].id | https://openalex.org/C199360897 |
| concepts[4].level | 1 |
| concepts[4].score | 0.06427627801895142 |
| concepts[4].wikidata | https://www.wikidata.org/wiki/Q9143 |
| concepts[4].display_name | Programming language |
| keywords[0].id | https://openalex.org/keywords/fuzz-testing |
| keywords[0].score | 0.6444530487060547 |
| keywords[0].display_name | Fuzz testing |
| keywords[1].id | https://openalex.org/keywords/political-science |
| keywords[1].score | 0.3459925651550293 |
| keywords[1].display_name | Political science |
| keywords[2].id | https://openalex.org/keywords/computer-science |
| keywords[2].score | 0.2766042947769165 |
| keywords[2].display_name | Computer science |
| keywords[3].id | https://openalex.org/keywords/software |
| keywords[3].score | 0.07991534471511841 |
| keywords[3].display_name | Software |
| keywords[4].id | https://openalex.org/keywords/programming-language |
| keywords[4].score | 0.06427627801895142 |
| keywords[4].display_name | Programming language |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2412.01317 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2412.01317 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2412.01317 |
| locations[1].id | doi:10.48550/arxiv.2412.01317 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2412.01317 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5115003859 |
| authorships[0].author.orcid | |
| authorships[0].author.display_name | Zhiyuan Li |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Li, Zhiyuan |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5101024367 |
| authorships[1].author.orcid | https://orcid.org/0000-0001-5561-9829 |
| authorships[1].author.display_name | Jingzheng Wu |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Wu, Jingzheng |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5115003860 |
| authorships[2].author.orcid | |
| authorships[2].author.display_name | Xiang Ling |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | Ling, Xiang |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5021069086 |
| authorships[3].author.orcid | https://orcid.org/0009-0000-9454-2924 |
| authorships[3].author.display_name | Tianyue Luo |
| authorships[3].author_position | middle |
| authorships[3].raw_author_name | Luo, Tianyue |
| authorships[3].is_corresponding | False |
| authorships[4].author.id | https://openalex.org/A5115003861 |
| authorships[4].author.orcid | |
| authorships[4].author.display_name | Zhiqing Rui |
| authorships[4].author_position | middle |
| authorships[4].raw_author_name | Rui, Zhiqing |
| authorships[4].is_corresponding | False |
| authorships[5].author.id | https://openalex.org/A5101053493 |
| authorships[5].author.orcid | https://orcid.org/0000-0002-1823-0459 |
| authorships[5].author.display_name | Yanjun Wu |
| authorships[5].author_position | last |
| authorships[5].raw_author_name | Wu, Yanjun |
| authorships[5].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2412.01317 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2024-12-05T00:00:00 |
| display_name | The Seeds of the FUTURE Sprout from History: Fuzzing for Unveiling Vulnerabilities in Prospective Deep-Learning Libraries |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T10764 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.6455000042915344 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1702 |
| primary_topic.subfield.display_name | Artificial Intelligence |
| primary_topic.display_name | Privacy-Preserving Technologies in Data |
| related_works | https://openalex.org/W4391375266, https://openalex.org/W2899084033, https://openalex.org/W2748952813, https://openalex.org/W2511770387, https://openalex.org/W3120811337, https://openalex.org/W2766647240, https://openalex.org/W4385301282, https://openalex.org/W2990186179, https://openalex.org/W4210660460, https://openalex.org/W3203597304 |
| cited_by_count | 0 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2412.01317 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2412.01317 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2412.01317 |
| primary_location.id | pmh:oai:arXiv.org:2412.01317 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2412.01317 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2412.01317 |
| publication_date | 2024-12-02 |
| publication_year | 2024 |
| referenced_works_count | 0 |
| abstract_inverted_index.7 | 234 |
| abstract_inverted_index.a | 80, 161 |
| abstract_inverted_index.10 | 225 |
| abstract_inverted_index.DL | 20, 58, 123, 181 |
| abstract_inverted_index.In | 46 |
| abstract_inverted_index.To | 105, 169 |
| abstract_inverted_index.as | 23 |
| abstract_inverted_index.in | 42, 102, 145, 157, 192, 236, 244, 247 |
| abstract_inverted_index.is | 75 |
| abstract_inverted_index.of | 3, 11, 72, 197, 202 |
| abstract_inverted_index.on | 18, 177 |
| abstract_inverted_index.to | 39, 60, 154, 165, 241 |
| abstract_inverted_index.we | 109, 173 |
| abstract_inverted_index.142 | 219 |
| abstract_inverted_index.148 | 212 |
| abstract_inverted_index.452 | 215 |
| abstract_inverted_index.API | 94, 206 |
| abstract_inverted_index.CVE | 229 |
| abstract_inverted_index.LLM | 44 |
| abstract_inverted_index.The | 0 |
| abstract_inverted_index.and | 25, 37, 52, 65, 96, 121, 133, 148, 167, 205 |
| abstract_inverted_index.are | 54 |
| abstract_inverted_index.bug | 128, 193, 198 |
| abstract_inverted_index.for | 118, 136 |
| abstract_inverted_index.has | 210 |
| abstract_inverted_index.its | 239 |
| abstract_inverted_index.new | 103, 146 |
| abstract_inverted_index.own | 57 |
| abstract_inverted_index.the | 9, 43, 70, 98, 112 |
| abstract_inverted_index.(DL) | 14 |
| abstract_inverted_index.IDs. | 230 |
| abstract_inverted_index.LLMs | 135 |
| abstract_inverted_index.This | 140 |
| abstract_inverted_index.been | 227 |
| abstract_inverted_index.bugs | 144, 213, 235 |
| abstract_inverted_index.code | 138, 203 |
| abstract_inverted_index.deep | 12 |
| abstract_inverted_index.face | 33 |
| abstract_inverted_index.from | 130, 151, 163 |
| abstract_inverted_index.have | 226 |
| abstract_inverted_index.like | 50 |
| abstract_inverted_index.rate | 196, 201 |
| abstract_inverted_index.rely | 17 |
| abstract_inverted_index.such | 22 |
| abstract_inverted_index.tech | 48 |
| abstract_inverted_index.that | 16, 186 |
| abstract_inverted_index.uses | 149 |
| abstract_inverted_index.with | 35, 77, 88 |
| abstract_inverted_index.APIs, | 217 |
| abstract_inverted_index.Among | 223 |
| abstract_inverted_index.Apple | 51 |
| abstract_inverted_index.back. | 168 |
| abstract_inverted_index.being | 79 |
| abstract_inverted_index.bugs. | 222 |
| abstract_inverted_index.cycle | 162 |
| abstract_inverted_index.first | 113 |
| abstract_inverted_index.helps | 142 |
| abstract_inverted_index.large | 4 |
| abstract_inverted_index.newly | 119, 179 |
| abstract_inverted_index.ones, | 159 |
| abstract_inverted_index.rapid | 40 |
| abstract_inverted_index.their | 28, 56 |
| abstract_inverted_index.these | 31, 73, 107, 152 |
| abstract_inverted_index.three | 178 |
| abstract_inverted_index.vital | 81 |
| abstract_inverted_index.(LLMs) | 7 |
| abstract_inverted_index.FUTURE | 125, 187, 209, 232 |
| abstract_inverted_index.Huawei | 53 |
| abstract_inverted_index.across | 214 |
| abstract_inverted_index.future | 166 |
| abstract_inverted_index.giants | 49 |
| abstract_inverted_index.models | 6 |
| abstract_inverted_index.robust | 29 |
| abstract_inverted_index.target | 89 |
| abstract_inverted_index.these, | 224 |
| abstract_inverted_index.Despite | 27 |
| abstract_inverted_index.FUTURE, | 111 |
| abstract_inverted_index.PyTorch | 24 |
| abstract_inverted_index.ability | 240 |
| abstract_inverted_index.address | 106 |
| abstract_inverted_index.conduct | 174 |
| abstract_inverted_index.detects | 233 |
| abstract_inverted_index.enhance | 61, 155, 242 |
| abstract_inverted_index.fuzzers | 191 |
| abstract_inverted_index.fuzzing | 78, 85, 115 |
| abstract_inverted_index.history | 164 |
| abstract_inverted_index.limited | 99 |
| abstract_inverted_index.propose | 110 |
| abstract_inverted_index.results | 184 |
| abstract_inverted_index.success | 195 |
| abstract_inverted_index.testing | 92 |
| abstract_inverted_index.unknown | 221 |
| abstract_inverted_index.Ensuring | 69 |
| abstract_inverted_index.FUTURE's | 171 |
| abstract_inverted_index.However, | 83 |
| abstract_inverted_index.Notably, | 208 |
| abstract_inverted_index.PyTorch, | 237 |
| abstract_inverted_index.assigned | 228 |
| abstract_inverted_index.creating | 160 |
| abstract_inverted_index.crucial, | 76 |
| abstract_inverted_index.detected | 211 |
| abstract_inverted_index.evaluate | 170 |
| abstract_inverted_index.existing | 84, 131, 158, 190, 245 |
| abstract_inverted_index.identify | 143 |
| abstract_inverted_index.increase | 63 |
| abstract_inverted_index.insights | 150 |
| abstract_inverted_index.language | 5 |
| abstract_inverted_index.learning | 13 |
| abstract_inverted_index.reverse. | 248 |
| abstract_inverted_index.security | 71, 156, 243 |
| abstract_inverted_index.strategy | 141 |
| abstract_inverted_index.struggle | 87 |
| abstract_inverted_index.tailored | 117 |
| abstract_inverted_index.targeted | 216 |
| abstract_inverted_index.validity | 200 |
| abstract_inverted_index.available | 100 |
| abstract_inverted_index.bug-prone | 93 |
| abstract_inverted_index.coverage. | 207 |
| abstract_inverted_index.features, | 30 |
| abstract_inverted_index.framework | 116 |
| abstract_inverted_index.including | 218 |
| abstract_inverted_index.leverages | 126 |
| abstract_inverted_index.libraries | 21, 32, 59, 74, 132, 147, 153, 246 |
| abstract_inverted_index.property. | 68 |
| abstract_inverted_index.response, | 47 |
| abstract_inverted_index.safeguard | 66 |
| abstract_inverted_index.solution. | 82 |
| abstract_inverted_index.universal | 114 |
| abstract_inverted_index.Evaluation | 183 |
| abstract_inverted_index.adaptation | 38 |
| abstract_inverted_index.challenges | 34 |
| abstract_inverted_index.community. | 45 |
| abstract_inverted_index.detection, | 194 |
| abstract_inverted_index.developing | 55 |
| abstract_inverted_index.fine-tunes | 134 |
| abstract_inverted_index.frameworks | 86 |
| abstract_inverted_index.historical | 127 |
| abstract_inverted_index.importance | 10 |
| abstract_inverted_index.introduced | 120, 180 |
| abstract_inverted_index.leveraging | 97 |
| abstract_inverted_index.libraries. | 104, 124, 182 |
| abstract_inverted_index.previously | 220 |
| abstract_inverted_index.sequences, | 95 |
| abstract_inverted_index.widespread | 1 |
| abstract_inverted_index.TensorFlow. | 26 |
| abstract_inverted_index.application | 2 |
| abstract_inverted_index.demonstrate | 185 |
| abstract_inverted_index.effectively | 91 |
| abstract_inverted_index.evaluations | 176 |
| abstract_inverted_index.generation, | 204 |
| abstract_inverted_index.generation. | 139 |
| abstract_inverted_index.information | 101, 129 |
| abstract_inverted_index.outperforms | 189 |
| abstract_inverted_index.prospective | 122 |
| abstract_inverted_index.scalability | 36 |
| abstract_inverted_index.specialized | 137 |
| abstract_inverted_index.underscores | 8 |
| abstract_inverted_index.advancements | 41 |
| abstract_inverted_index.flexibility, | 90 |
| abstract_inverted_index.foundational | 19 |
| abstract_inverted_index.intellectual | 67 |
| abstract_inverted_index.limitations, | 108 |
| abstract_inverted_index.performance, | 62 |
| abstract_inverted_index.scalability, | 64 |
| abstract_inverted_index.technologies | 15 |
| abstract_inverted_index.Additionally, | 231 |
| abstract_inverted_index.comprehensive | 175 |
| abstract_inverted_index.demonstrating | 238 |
| abstract_inverted_index.reproduction, | 199 |
| abstract_inverted_index.significantly | 188 |
| abstract_inverted_index.effectiveness, | 172 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 6 |
| citation_normalized_percentile |