Saved in:
Bibliographic Details
Main Authors: Herter, Patrick, Ahlrichs, Vincent, Açilan, Ridvan, Horsch, Julian
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2512.01609
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914176104923136
author Herter, Patrick
Ahlrichs, Vincent
Açilan, Ridvan
Horsch, Julian
author_facet Herter, Patrick
Ahlrichs, Vincent
Açilan, Ridvan
Horsch, Julian
contents Fuzzing is a highly effective method for uncovering software vulnerabilities, but analyzing the resulting data typically requires substantial manual effort. This is amplified by the fact that fuzzing campaigns often find a large number of crashing inputs, many of which share the same underlying bug. Crash deduplication is the task of finding such duplicate crashing inputs and thereby reducing the data that needs to be examined. Many existing deduplication approaches rely on comparing stack traces or other information that is collected when a program crashes. Although various metrics for measuring the similarity of such pieces of information have been proposed, many do not yield satisfactory deduplication results. In this work, we present GPTrace, a deduplication workflow that leverages a large language model to evaluate the similarity of various data sources associated with crashes by computing embedding vectors and supplying those as input to a clustering algorithm. We evaluate our approach on over 300 000 crashing inputs belonging to 50 ground truth labels from 14 different targets. The deduplication results produced by GPTrace show a noticeable improvement over hand-crafted stack trace comparison methods and even more complex state-of-the-art approaches that are less flexible.
format Preprint
id arxiv_https___arxiv_org_abs_2512_01609
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle GPTrace: Effective Crash Deduplication Using LLM Embeddings
Herter, Patrick
Ahlrichs, Vincent
Açilan, Ridvan
Horsch, Julian
Software Engineering
Fuzzing is a highly effective method for uncovering software vulnerabilities, but analyzing the resulting data typically requires substantial manual effort. This is amplified by the fact that fuzzing campaigns often find a large number of crashing inputs, many of which share the same underlying bug. Crash deduplication is the task of finding such duplicate crashing inputs and thereby reducing the data that needs to be examined. Many existing deduplication approaches rely on comparing stack traces or other information that is collected when a program crashes. Although various metrics for measuring the similarity of such pieces of information have been proposed, many do not yield satisfactory deduplication results. In this work, we present GPTrace, a deduplication workflow that leverages a large language model to evaluate the similarity of various data sources associated with crashes by computing embedding vectors and supplying those as input to a clustering algorithm. We evaluate our approach on over 300 000 crashing inputs belonging to 50 ground truth labels from 14 different targets. The deduplication results produced by GPTrace show a noticeable improvement over hand-crafted stack trace comparison methods and even more complex state-of-the-art approaches that are less flexible.
title GPTrace: Effective Crash Deduplication Using LLM Embeddings
topic Software Engineering
url https://arxiv.org/abs/2512.01609