Large-scale language models are improving rapidly, but mistakes in code security can be costly. CodeMender’s automated validation process ensures that code changes are correct across multiple dimensions, for example by revealing only high-quality patches that fix the root cause of an issue, are functionally correct, do not cause regressions, and follow style guidelines for human review.
As part of our research, we also developed new techniques and tools that allow CodeMender to reason about code and validate changes more effectively. This includes:
Advanced program analysis: We have developed tools based on advanced program analysis, including static analysis, dynamic analysis, differential testing, fuzzing, and SMT solvers. By systematically scrutinizing code patterns, control flow, and data flow using these tools, CodeMender can better identify the root cause of security flaws and architectural weaknesses. Multi-agent system: We have developed specialized agents that allow CodeMender to address specific aspects of the underlying problem. For example, CodeMender uses extensive language model-based critique tools that highlight differences between original and modified code to ensure that proposed changes do not cause regressions and self-correct when necessary.
Vulnerability fixes
To effectively patch vulnerabilities and prevent them from reappearing, Code Mender uses debuggers, source code browsers, and other tools to identify root causes and devise patches. We’ve added two examples of CodeMender patching vulnerabilities to the video carousel below.
Example #1: Identifying the root cause of a vulnerability
Below are some of the agent’s inferences about the root cause of the CodeMender-generated patch after analyzing the debugger output and code search tool results.
Although the final patch in this example only changed a few lines of code, the root cause of the vulnerability was not immediately apparent. In this case, the crash report indicated a heap buffer overflow, but the actual problem was elsewhere: incorrect stack management of the Extensible Markup Language (XML) elements being parsed.
Example #2: Agents can create critical patches
In this example, the CodeMender agent was able to come up with an important patch that addressed a complex object lifetime issue.
Not only was the agent able to identify the root cause of vulnerabilities, but it was also able to modify a completely custom system for generating C code within the project.
