Static Analysis-Guided Patch Synthesis for Correcting LLM-Generated Insecure Code
Discuss this preprint
Start a discussion What are Sciety discussions?Listed in
This article is not in any list yet, why not save it to one of your lists.Abstract
LLMs often miss subtle security conditions such as boundary checks and authentication flows. We introduce a static-analysis-driven patch synthesizer that transforms insecure LLM output into correct and safe code. The pipeline uses abstract interpretation to detect violations, followed by SMT-guided repair rules. On 3,200 vulnerable code snippets across five vulnerability categories, our system achieves 74% full automatic repair and 92% partial repair, outperforming Codex and GPT-4 post-processing by a large margin. Developer usability evaluation shows 58% reduction in manual fix time. The method highlights how program analysis can systematically strengthen LLM-based secure coding.
