LLM-Driven Adaptive Source–Sink Identification and False Positive Mitigation for Static Analysis
preprint
OA: closed
Abstract
Static analysis is effective for discovering software vulnerabilities but notoriously suffers from incomplete source– sink specifications and excessive false positives (FPs). We present ADATAINT, an LLM-driven taint analysis framework that adap- tively infers source/sink specifications and filters spurious alerts through neuro-symbolic reasoning. Unlike LLM-only detectors, ADATAINT grounds model suggestions in program facts and con- straint validation, ensuring both adaptability and determinism. We evaluate ADATAINT on Juliet 1.3, SV-COMP-style C benchmarks, and three large real-world projects. Results show that ADATAINT reduces false positives by 43.7% on average and improves recall by 11.2% compared to state-of-the-art baselines (CodeQL, Joern, and LLM-only pipelines), while maintaining competitive runtime overhead. These findings demonstrate that combining LLM inference with symbolic validation offers a prac- tical path toward more accurate and reliable static vulnerability analysis
My notes (saved in your browser only)
Citation neighborhood (no data yet)
We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2025) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.
Source provenance
- europepmc
- last seen: 2026-05-20T01:45:00.602351+00:00