Enhancing search-based testing with LLMs for finding bugs in system simulators

Despite the wide availability of automated testing techniques such as fuzzing, little attention has been devoted to testing computer architecture simulators. We propose a fully automated approach for this task. Our approach uses large language models (LLM) to generate input programs, including information about their parameters and types, as test cases for the simulators. The LLM’s output becomes the initial seed for an existing fuzzer, , which has been enhanced with three mutation operators, targeting both the input binary program and its parameters. We implement our approach in a tool called . We use it to test the system simulator. discovered 21 new bugs in , 14 where ’s software prediction differs from the real behaviour on actual hardware, and 7 where it crashed. New defects were uncovered with each of the 6 LLMs used.