Theoretically a good fuzzer could discover this value by itself, but I don’t believe anything like that exists that could run JS code and explore VM-level branches, at least not for JS code that’s even this complex. Otherwise, yes, PBT is less trivial than it seems, though I’m guessing a simple `strings jsc` coupled with general knowledge of special values of other types[1,2] could get you quite far.

[1] https://www.exploringbinary.com/php-hangs-on-numeric-value-2...

[2] https://www.exploringbinary.com/java-hangs-when-converting-2...