LLM-Powered Static Binary Taint Analysis

Author: Junming Liu

Update: March 29, 2025

Paper:

Code:

#static_analysis #LLM4SE #slicing #2025 #pub-TOSEM

(1) use LLM to identify sinks + extract backward slicing -> call chains,

(2) use LLM to identify sources + match call chains with sources -> candidate data flow,

(3) use LLM to extract tainted data in candidate data flow recursively (add one function each time) and identify vulnerability.