Enhancing Search-Based Testing with LLMs for Finding Bugs in System Simulators

Despite wide availability of automated testing techniques such as fuzzing, little attention has been devoted to testing computer architecture simulators. We propose a fully automated approach for this task. Our approach uses large languagemodels to create input programs, including information about their parametersand their types, as test cases for the simulators. The LLM’s output becomesthe initial seed for an existing fuzzer, AFL, which has been enhanced with threemutation operators, targeting both the input binary program and its parame-ters. We implement our approach in a tool called SearchSYS. We use it to testthe gem5 system simulator. SearchSYS discovered 21 new bugs in gem5, 14 where gem5’s software prediction differs from the real behaviour on actual hardware and 7 where it crashed. New defects were uncovered with each of the 6 LLMs used.