中圖分類號：TP309 文獻(xiàn)標(biāo)志碼：A DOI: 10.16157/j.issn.0258-7998.256463
中文引用格式： 丁加宇，沙樂天，潘家曄. 基于大語言模型的JS引擎模糊測試方法[J]. 電子技術(shù)應(yīng)用，2026，52(2)：66-70.
英文引用格式： Ding Jiayu，Sha Letian，Pan Jiaye. Fuzz testing method for JavaScript engines based on large language model[J]. Application of Electronic Technique，2026，52(2)：66-70.

Fuzz testing method for JavaScript engines based on large language model

Abstract： Existing Fuzz tools for browser JavaScript engines are insufficient in detecting non-crashing vulnerabilities. To address this issue, an enhanced vulnerability detection method combining memory detection and large language models (LLMs) is proposed. This method improves the Fuzz tool's ability to identify potential vulnerabilities and reduces the false-negative rate. Additionally, the integration of LLMs with conventional mutators generates more complex and targeted test cases under the stimulus of Proof-of-Concept (PoC) sets, effectively exploring deeper code paths and increasing code coverage. Experimental results show that the improved tool significantly enhances branch coverage and vulnerability detection capabilities compared to existing tools.

Key words : Fuzz testing；JavaScript engine；use after free