LLM-Driven Adaptive Source–Sink Identification and False Positive Mitigation for Static Analysis

preprint OA: closed
View at publisher

Abstract

Static analysis is effective for discovering software vulnerabilities but notoriously suffers from incomplete source– sink specifications and excessive false positives (FPs). We present ADATAINT, an LLM-driven taint analysis framework that adap- tively infers source/sink specifications and filters spurious alerts through neuro-symbolic reasoning. Unlike LLM-only detectors, ADATAINT grounds model suggestions in program facts and con- straint validation, ensuring both adaptability and determinism. We evaluate ADATAINT on Juliet 1.3, SV-COMP-style C benchmarks, and three large real-world projects. Results show that ADATAINT reduces false positives by 43.7% on average and improves recall by 11.2% compared to state-of-the-art baselines (CodeQL, Joern, and LLM-only pipelines), while maintaining competitive runtime overhead. These findings demonstrate that combining LLM inference with symbolic validation offers a prac- tical path toward more accurate and reliable static vulnerability analysis

My notes (saved in your browser only)

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2025) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.

Source provenance

europepmc
last seen: 2026-05-20T01:45:00.602351+00:00