Careers > GNAT DAS: AI Automated Fuzz Testing for C using LLMs
Last modified 1/30/2025 2:06:08 PM

GNAT DAS: AI Automated Fuzz Testing for C using LLMs

Internship
AdaCore
Bristol, UK

AdaCore: Helping Developers Build Software that Matters

Everything we do at AdaCore is centered around helping developers build safe, secure and reliable software.

For 30 years, we've partnered with global leaders in aerospace & defense, air traffic management, space, railway and financial services. We've developed tools and services simplifying high-integrity software development through a subscription-based model. As demand for secure applications grows in industries like automotive, medical, energy, and IoT, we're adapting our proven technologies to assist a new generation of developers.

Our 150 global experts based in the US, France, Germany, the UK, and Estonia, collectively develop cutting-edge technologies to address the challenges of high-grade software development.

Joining AdaCore is about joining a culture of innovation, openness, collaboration and dependability, which defines how we work together, with our customers and partners.

 

Context

Developed at AdaCore, the GNAT DAS tool suite (https://www.adacore.com/dynamic-analysis) includes GNATfuzz (https://www.adacore.com/dynamic-analysis/gnatfuzz), an advanced fuzz testing solution for Ada applications. GNATfuzz was designed to utilize multiple backend fuzz testing solutions, including AFL++, and includes advanced branch-solving algorithms like RedQueen and Symbolic Execution. GNATfuzz targets and finds bugs in Ada applications and linked C and C++ libraries. The next phase in the evolution of this product is to replicate the success of GNATfuzz for Ada by supporting the C programming language. There are multiple challenges to overcome in the automation of test cases and test harnesses for C applications and libraries; these include automated build infrastructures and support for buffers and pointers. Utilization of AI forms a part of the strategy of this internship; AdaCore would like to better understand the benefits of AI over more traditional forms of static analysis. Candidates for this position should have a strong interest in automated dynamic analysis verification and a good understanding of Large Language Models (LLMs) and other AI components. A good working knowledge of C and Python programming languages is essential. Experience with Libclang is highly beneficial.

 

Goals

The internship's overall goal is to progress the state of the art in automated fuzz testing for C applications. This is then split into 3 research areas; the number of applicable goals will depend on the length of the internship.

 

  • Goal 1: Automatic generation of C test harnesses

    • Create a manual harness for marshaling primitive C types (ignore pointers initially) from binary test cases

    • Genericize the test harness design into a template that can be populated via the fuzzing tool

    • Automate a static analysis of user code bases to capture required data elements and populate the test harness template

  • Goal 2: Investigate the benefits of AI for test harness generation

    • Multiple directions can be taken here, including:

      • Groupings of pointers to buffers and buffer sizes

      • Help with advanced concepts like function pointers

      • Identification of interesting subprograms for fuzzing (subprograms at the boundary of a system call tree)

      • Identification of code regions not suitable for fuzzing (i.e. permanent loops, blocking calls, file IO, retained state)

      • Auto-mocking of non-fuzzable function calls

  • Goal 3 (stretch): Automatic generation of interesting values (corpus generation)

    • Generate a corpus via static analysis tooling like Libclang

    • Investigate the benefits of corpus generation via AI, multiple directions can be taken here, including:

      • Perform a benchmark comparison of AI vs compiler-generated objects

      • Generation of interesting values for solving complex branch conditions and therefore increasing coverage

 

Skills required/nice to have

  • Experience/interest in fuzz testing or other forms of dynamic analysis and/or compilation (GCC or LLVM)

  • Good programming skills in Python and C

  • Experience/interest in C language interfaces (libclang)

  • Solid understanding and interest in LLMs and other primary aspects of AI

 

Timeframe & Location

During 2025 - 3 to 9 months - Bristol office

 

Beyond the job

We're a global organization driven by diverse backgrounds, fostering innovation through an open exchange of ideas. We welcome applicants of all backgrounds, celebrating diversity in ethnicity, nationality, gender, age, religion, abilities, sexual orientation, veteran or marital status. 

Our commitment is to help our teammates, wherever they are based, feel comfortable and satisfied, by encouraging flexibility to ensure them a healthy work-life balance. Additionally, we prioritize individual development by offering continuous training from day one with a personalized onboarding plan.

 

Powered by Hello Talent