CovRL: Fuzzing JavaScript Engines with Coverage-Guided Reinforcement Learning for LLM-based Mutation
CoRR(2024)
摘要
Fuzzing is an effective bug-finding technique but it struggles with complex
systems like JavaScript engines that demand precise grammatical input.
Recently, researchers have adopted language models for context-aware mutation
in fuzzing to address this problem. However, existing techniques are limited in
utilizing coverage guidance for fuzzing, which is rather performed in a
black-box manner. This paper presents a novel technique called CovRL
(Coverage-guided Reinforcement Learning) that combines Large Language Models
(LLMs) with reinforcement learning from coverage feedback. Our fuzzer,
CovRL-Fuzz, integrates coverage feedback directly into the LLM by leveraging
the Term Frequency-Inverse Document Frequency (TF-IDF) method to construct a
weighted coverage map. This map is key in calculating the fuzzing reward, which
is then applied to the LLM-based mutator through reinforcement learning.
CovRL-Fuzz, through this approach, enables the generation of test cases that
are more likely to discover new coverage areas, thus improving vulnerability
detection while minimizing syntax and semantic errors, all without needing
extra post-processing. Our evaluation results indicate that CovRL-Fuzz
outperforms the state-of-the-art fuzzers in terms of code coverage and
bug-finding capabilities: CovRL-Fuzz identified 48 real-world security-related
bugs in the latest JavaScript engines, including 39 previously unknown
vulnerabilities and 11 CVEs.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要