SymTEE combines AST slicing with LLM-generated KLEE harnesses and mock TEE environments to detect missing input validation, reporting 100% precision and 92.3% recall on 26 vulnerabilities at $0.05 average cost.
Title resolution pending
2 Pith papers cite this work. Polarity classification is still indexing.
citation-role summary
citation-polarity summary
fields
cs.SE 2years
2026 2verdicts
UNVERDICTED 2roles
background 1polarities
background 1representative citing papers
Merlin generates CodeQL queries from natural language questions via RAG-based iteration and a self-test technique using assistive queries, achieving 3.8x higher task accuracy and 31% less completion time in user studies while finding additional software issues.
citing papers explorer
-
Finding Missing Input Validation in TEEs via LLM-Assisted Symbolic Execution
SymTEE combines AST slicing with LLM-generated KLEE harnesses and mock TEE environments to detect missing input validation, reporting 100% precision and 92.3% recall on 26 vulnerabilities at $0.05 average cost.
-
Generating Complex Code Analyzers from Natural Language Questions
Merlin generates CodeQL queries from natural language questions via RAG-based iteration and a self-test technique using assistive queries, achieving 3.8x higher task accuracy and 31% less completion time in user studies while finding additional software issues.