ClozeMaster: Fuzzing Rust Compiler by Harnessing LLMs for Infilling Masked Real Programs
Masking real code and letting LLMs fill blanks exposes deep compiler flaws.
As Rust gains traction in critical systems for its memory safety guarantees, the reliability of its compiler becomes paramount. However, generating valid test programs for Rust is notoriously difficult due to its strict syntax and semantics. Directly using LLMs to generate Rust programs often yields invalid test cases. Researchers from Nanjing University addressed this with ClozeMaster, a fuzzer that extracts real code from historical compiler bug reports, masks specific structural snippets, and prompts an LLM to fill in those gaps. This bracket-based masking strategy, termed clozeMask, preserves the validity of the original program while introducing novel variations that stress-test the compiler.
In their evaluation, ClozeMaster identified 27 confirmed bugs in both rustc (the official Rust compiler) and mrustc (an alternative implementation), with 10 already fixed by developers. The tool achieved higher code coverage than existing state-of-the-art fuzzers. The paper, accepted at ICSE 2025, demonstrates that leveraging LLMs for targeted infilling of real-world programs is a highly effective approach for compiler fuzzing, especially for languages with complex syntax like Rust.
- ClozeMaster uses a new clozeMask strategy: masking specific code structures from real Rust bug reports and having an LLM fill them.
- Discovered 27 confirmed bugs in rustc and mrustc, with 10 fixed by developers.
- Outperforms existing fuzzers in code coverage and effectiveness for Rust compiler testing.
Why It Matters
LLM-assisted fuzzing finds real compiler bugs, boosting Rust’s reliability for critical infrastructure.