LLM-Driven Adaptive Source-Sink Identification and False Positive Mitigation for Static Analysis

Abstract

Static analysis is effective for discovering software vulnerabilities but notoriously suffers from incomplete source--sink specifications and excessive false positives (FPs). We present AdaTaint, an LLM-driven taint analysis framework that adaptively infers source/sink specifications and filters spurious alerts through neuro-symbolic reasoning. Unlike LLM-only detectors, AdaTaint grounds model suggestions in program facts and constraint validation, ensuring both adaptability and determinism. We evaluate AdaTaint on Juliet 1.3, SV-COMP-style C benchmarks, and three large real-world projects. Results show that AdaTaint reduces false positives by 43.7\% on average and improves recall by 11.2\% compared to state-of-the-art baselines (CodeQL, Joern, and LLM-only pipelines), while maintaining competitive runtime overhead. These findings demonstrate that combining LLM inference with symbolic validation offers a practical path toward more accurate and reliable static vulnerability analysis.

0

Turn this paper into a full lesson

ArcXiv compiles a staged curriculum from this paper: 8-12 lessons across beginner → advanced, synthesised section guides, visuals, flashcards, a quiz, exercises, and on-demand deep dives per section. Grounded in the abstract, never invented.

Discussion (0)

Sign in to join the discussion.

Loading comments…