This work addresses the challenge of effectively detecting silent bugs in deep learning libraries, which existing fuzzing techniques struggle to uncover due to the lack of effective test programs and validation oracles. The authors propose a novel approach that leverages large language models (LLMs) to extract context-aware bug patterns from historical bug reports. By combining functional semantic embeddings to identify semantically similar APIs, the method enables controlled cross-API transfer of high-risk contexts and customized oracle logic. Furthermore, an LLM-driven self-validation mechanism is introduced to generate precise test cases. Evaluated on PyTorch, TensorFlow, and MindSpore, the approach uncovered 79 previously unknown bugs—including 12 assigned CVEs—spanning ten distinct bug types, significantly improving both the accuracy and generalizability of silent bug detection.

Deep learning (DL) libraries are widely used in critical applications, where even subtle silent bugs can lead to serious consequences. While existing DL fuzzing techniques have made progress in detecting crashes, they inherently struggle to detect silent bugs due to the lack of effective test programs and corresponding oracles. Building on the observation that historical bug reports contain rich, underutilized information about silent bugs, we leverage large language models (LLMs) to perform versatile yet controlled bug transfer for silent bug fuzzing. Specifically, our approach uses LLMs to extract context-aware bug patterns from historical issues, match semantically related Application Programming Interfaces (APIs) using functionality-based embeddings, and synthesize test cases with customized oracles. This enables proactive detection of silent bugs by transferring high-risk contexts and oracle designs from known buggy APIs to functionally similar target APIs. To ensure the reliability of our context-aware bug transfer, we introduce an LLM-powered self-validation module that systematically evaluates the validity of each transferred bug instance. We implement this methodology in a tool named TransFuzz and evaluate it on three mainstream DL libraries: PyTorch, TensorFlow, and MindSpore. TransFuzz successfully discovers 79 previously unknown bugs (12 confirmed as Common Vulnerabilities and Exposures (CVEs)) in 10 bug types, demonstrating its effectiveness and generalizability in migrating DL library bug discovery capabilities.