Fuzzing has become a widely adopted technique for vulnerability discovery, yet it remains ineffective for structured-input programs due to strict syntactic constraints and limited semantic awareness. Traditional greybox fuzzers rely on mutation-based strategies and coarse-grained coverage feedback, which often fail to generate valid inputs and explore deep execution paths. Recent advances in large language models (LLMs) have shown promise in improving input generation, but existing approaches primarily focus on seed generation and largely overlook the effective use of runtime feedback. In this paper, we propose SDLLMFuzz, a dynamic-static LLM-assisted greybox fuzzing framework for structured-input programs. Our approach integrates LLM-based structure-aware seed generation with static crash analysis, forming a unified feedback loop that iteratively refines test inputs. Specifically, we leverage LLMs to generate syntactically valid and semantically diverse inputs, while extracting rich semantic information from crash artifacts (e.g., core dumps and execution traces) to guide subsequent input generation. This dynamic-static feedback mechanism enables more efficient exploration of complex program behaviors. We evaluate SDLLMFuzz on the Magma benchmark across multiple structured-input programs, including libxml2, libpng, and libsndfile. Experimental results show that SDLLMFuzz significantly outperforms traditional greybox fuzzers and LLM-assisted baselines in terms of bug discovery and time-to-bug. These results demonstrate that combining semantic input generation with feedback-driven refinement is an effective direction for improving fuzzing performance on structured-input programs.

翻译：模糊测试已成为漏洞发现中广泛采用的技术，但由于严格的语法约束和有限的语义感知，其在结构化输入程序上仍效果不佳。传统灰盒模糊器依赖基于变异的策略和粗粒度的覆盖率反馈，往往难以生成有效输入并探索深层执行路径。近年来，大语言模型（LLM）的进展在改进输入生成方面展现出潜力，但现有方法主要关注种子生成，很大程度上忽视了运行时反馈的有效利用。本文提出SDLLMFuzz，一种面向结构化输入程序的动静态大语言模型辅助灰盒模糊测试框架。该方法将基于LLM的结构感知种子生成与静态崩溃分析相结合，形成统一反馈循环，迭代优化测试输入。具体而言，我们利用LLM生成语法有效且语义多样的输入，同时从崩溃产物（如核心转储和执行轨迹）中提取丰富语义信息以指导后续输入生成。这种动静态反馈机制能够更高效地探索复杂程序行为。我们在Magma基准测试上对SDLLMFuzz进行评价，涵盖libxml2、libpng和libsndfile等多个结构化输入程序。实验结果表明，在漏洞发现数量和发现速度方面，SDLLMFuzz显著优于传统灰盒模糊器和基于LLM的基线方法。这些结果证明，将语义输入生成与反馈驱动优化相结合是提升结构化输入程序模糊测试性能的有效方向。