A New Era in Software Security: Towards Self-Healing Software via Large Language Models and Formal Verification

by   Yiannis Charalambous, et al.

In this paper we present a novel solution that combines the capabilities of Large Language Models (LLMs) with Formal Verification strategies to verify and automatically repair software vulnerabilities. Initially, we employ Bounded Model Checking (BMC) to locate the software vulnerability and derive a counterexample. The counterexample provides evidence that the system behaves incorrectly or contains a vulnerability. The counterexample that has been detected, along with the source code, are provided to the LLM engine. Our approach involves establishing a specialized prompt language for conducting code debugging and generation to understand the vulnerability's root cause and repair the code. Finally, we use BMC to verify the corrected version of the code generated by the LLM. As a proof of concept, we create ESBMC-AI based on the Efficient SMT-based Context-Bounded Model Checker (ESBMC) and a pre-trained Transformer model, specifically gpt-3.5-turbo, to detect and fix errors in C programs. Our experimentation involved generating a dataset comprising 1000 C code samples, each consisting of 20 to 50 lines of code. Notably, our proposed method achieved an impressive success rate of up to 80 code encompassing buffer overflow and pointer dereference failures. We assert that this automated approach can effectively incorporate into the software development lifecycle's continuous integration and deployment (CI/CD) process.


page 1

page 2

page 3

page 7

page 8

page 9

page 10

page 11


The FormAI Dataset: Generative AI in Software Security Through the Lens of Formal Verification

This paper presents the FormAI dataset, a large collection of 112, 000 A...

Verifying Security Vulnerabilities in Large Software Systems using Multi-Core k-Induction

Computer-based systems have been used to solve several domain problems, ...

ESBMC v7.3: Model Checking C++ Programs using Clang AST

This paper introduces ESBMC v7.3, the latest Efficient SMT-Based Context...

SecureFalcon: The Next Cyber Reasoning System for Cyber Security

Software vulnerabilities leading to various detriments such as crashes, ...

RatGPT: Turning online LLMs into Proxies for Malware Attacks

The evolution of Generative AI and the capabilities of the newly release...

Vulnerable Source Code Detection using SonarCloud Code Analysis

In Software Development Life Cycle (SDLC), security vulnerabilities are ...

DualSC: Automatic Generation and Summarization of Shellcode via Transformer and Dual Learning

A shellcode is a small piece of code and it is executed to exploit a sof...

Please sign up or login with your details

Forgot password? Click here to reset