利用模糊测试技术进行软件安全漏洞挖掘是信息安全领域的热点研究问题。对于包含语言解析前端的目标程序而言，模糊测试工具只有生成符合其文法要求的测试用例，才有机会触发隐藏在深层代码路径上的安全漏洞。现有的模糊测试技术在很大程度上依赖测试人员提供目标语言文法结构和有效种子输入文件，难以对文法结构未知或部分文法结构未公开的应用程序进行有效测试。本项目拟对传统的模糊测试流程进行改造，使其适用于面向语言的模糊测试需求。具体而言，对反馈机制进行改进，提出解析器内部状态的观测方案；对变异策略进行重构，提出针对语言文法特性的分阶段变异策略；对筛选规则进行优化，提出基于多综合评价的测试用例筛选规则。在此基础上，设计实现相应的原型系统，以期在零知识条件下对目标程序进行模糊测试，解决当前面向语言的模糊测试的技术局限。

Using fuzzing for vulnerability discovery is a hot research topic in the information security field. For those target programs equipped with language parser, generating grammar-valid test cases is necessary for exposing hidden vulnerabilities in deep program paths. The existing fuzzing techniques are heavily depended on the grammar specification and the valid seed inputs provided by the analysts, which makes them ineffective for those programs whose grammar is unknown or partially undocumented. This research project aims to reform the fuzzing process to make it suitable for the requirement of language fuzzing. Specifically, the feedback mechanism will be improved to observe the parser internal state; the mutation strategy will be reconstructed to be multi-staged; the prioritization rule will be optimized to consider multiple metrics. A prototype system will be designed and implemented, which can be used under zero-knowledge condition, addressing the technical limitation of the state-of-art language fuzzers.