Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Agent That Debugs: Dynamic State-Guided Vulnerability Repair

Zhengyao Liu, Yunlong Ma, Jingxuan Xu, Junchen Ai, Xiang Gao, Hailong Sun, Abhik Roychoudhury

TL;DR

VulDebugger introduces a dynamic state-guided vulnerability repair paradigm that combines static code context with runtime debugging to locate root causes and generate patches. By extracting crash-free constraints and continuously comparing expected and actual program states, the approach guides an LLM through a human-like debugging process, followed by automated patch generation and validation. Empirical results on 50 real-world projects show a 60% repair rate, outperforming prior automated methods and pure LLM approaches, with detailed analyses of debugging effectiveness and the impact of crash-free constraints. The work demonstrates a practical path toward more reliable, automated vulnerability repair, while acknowledging limitations such as dependence on POCs and applicability primarily to C programs.

Abstract

In recent years, more vulnerabilities have been discovered every day, while manual vulnerability repair requires specialized knowledge and is time-consuming. As a result, many detected or even published vulnerabilities remain unpatched, thereby increasing the exposure of software systems to attacks. Recent advancements in agents based on Large Language Models have demonstrated their increasing capabilities in code understanding and generation, which can be promising to achieve automated vulnerability repair. However, the effectiveness of agents based on static information retrieval is still not sufficient for patch generation. To address the challenge, we propose a program repair agent called VulDebugger that fully utilizes both static and dynamic context, and it debugs programs in a manner akin to humans. The agent inspects the actual state of the program via the debugger and infers expected states via constraints that need to be satisfied. By continuously comparing the actual state with the expected state, it deeply understands the root causes of the vulnerabilities and ultimately accomplishes repairs. We experimentally evaluated VulDebugger on 50 real-life projects. With 60.00% successfully fixed, VulDebugger significantly outperforms state-of-the-art approaches for vulnerability repair.

Agent That Debugs: Dynamic State-Guided Vulnerability Repair

TL;DR

VulDebugger introduces a dynamic state-guided vulnerability repair paradigm that combines static code context with runtime debugging to locate root causes and generate patches. By extracting crash-free constraints and continuously comparing expected and actual program states, the approach guides an LLM through a human-like debugging process, followed by automated patch generation and validation. Empirical results on 50 real-world projects show a 60% repair rate, outperforming prior automated methods and pure LLM approaches, with detailed analyses of debugging effectiveness and the impact of crash-free constraints. The work demonstrates a practical path toward more reliable, automated vulnerability repair, while acknowledging limitations such as dependence on POCs and applicability primarily to C programs.

Abstract

In recent years, more vulnerabilities have been discovered every day, while manual vulnerability repair requires specialized knowledge and is time-consuming. As a result, many detected or even published vulnerabilities remain unpatched, thereby increasing the exposure of software systems to attacks. Recent advancements in agents based on Large Language Models have demonstrated their increasing capabilities in code understanding and generation, which can be promising to achieve automated vulnerability repair. However, the effectiveness of agents based on static information retrieval is still not sufficient for patch generation. To address the challenge, we propose a program repair agent called VulDebugger that fully utilizes both static and dynamic context, and it debugs programs in a manner akin to humans. The agent inspects the actual state of the program via the debugger and infers expected states via constraints that need to be satisfied. By continuously comparing the actual state with the expected state, it deeply understands the root causes of the vulnerabilities and ultimately accomplishes repairs. We experimentally evaluated VulDebugger on 50 real-life projects. With 60.00% successfully fixed, VulDebugger significantly outperforms state-of-the-art approaches for vulnerability repair.

Paper Structure

This paper contains 28 sections, 1 equation, 8 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Motivation
  3. Zero-shot repairs lack precision
  4. Our approach
  5. Methodology
  6. Perceiving the expected state based on the crash-free constraint
  7. Crash-free constraint extraction
  8. Expected states in potential fix locations.
  9. Obtaining actual state through program debugging
  10. Debugging process based on toolset
  11. Static information retrieval based on toolset
  12. Patch generation and validation
  13. Summary of debugging information
  14. Patch generation and validation
  15. Implementation and Evaluation
  16. ...and 13 more sections

Figures (8)

  • Figure 1: The motivation example
  • Figure 2: The debugging of CVE-2016-3623
  • Figure 3: Overall framework of VulDebugger
  • Figure 4: Debugging process of VulDebugger
  • Figure 5: Patch generation process of VulDebugger
  • ...and 3 more figures