Ache-Fuzz: Constraint-aware fuzzing for vulnerability discovery in distributed deep learning frameworks

Ensuring the reliability and security of deep learning (DL) libraries is essential for the robustness of modern AI systems and large-scale intelligent computing infrastructures. However, the complexity of API semantics and the diversity of parameter constraints make it challenging to generate comprehensive and effective test cases. This paper presents Ache-Fuzz, a fuzzing-based automated testing framework designed to enhance vulnerability discovery in DL libraries such as TensorFlow. Ache-Fuzz integrates constraint-aware test generation with a hierarchical mutation strategy to construct diverse and valid API inputs. It extracts parameter constraint patterns from official API documentation to model structural and attribute dependencies, while the hierarchical mutation mechanism systematically strengthens boundary condition coverage and promotes broader exploration of API functionalities. Experimental evaluation on three versions of TensorFlow shows that Ache-Fuzz achieves over 25% API coverage and identifies 38 previously unknown vulnerabilities, 15 of which have been assigned CVE identifiers. These results demonstrate that Ache-Fuzz offers a scalable and effective approach for improving the robustness and security of large-scale AI software systems.