Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

6-2025

Abstract

Inspired by advances in deep learning, numerous learning-based approaches for vulnerability detection have emerged, primarily operating at the function level for scalability. However, this design choice has a critical limitation: many vulnerabilities span multiple functions, causing function-level approaches to lose the semantics of called functions and fail to capture true vulnerability patterns. To address this issue, we propose VulnSC, a novel framework designed to enhance learning-based approaches by complementing inter-procedural semantics. VulnSC retrieves the source code of called functions for datasets and leverages large language models (LLMs) with well-designed prompts to generate summaries for these functions. The datasets, enhanced with these summaries, are fed into neural networks for improved vulnerability detection. VulnSC is the first general framework to integrate inter-procedural semantics into existing learning-based approaches for vulnerability detection while maintaining scalability. We evaluate VulnSC on four state-of-the-art learning-based approaches using two widely used datasets, and our experimental results demonstrate that VulnSC significantly enhances detection performance with minimal additional computational overhead.

Keywords

Vulnerability detection, inter-procedural semantics, LLMs

Discipline

Software Engineering

Research Areas

Software and Cyber-Physical Systems

Areas of Excellence

Digital transformation

Publication

Proceedings of the ACM on Software Engineering, Volume 2, Issue ISSTA, Trondheim, Norway, 2025 June 25-28

First Page

1

Last Page

23

Identifier

10.1145/3728912

City or Country

Norway

Additional URL

https://doi.org/10.1145/3728912

Download

Share

COinS