[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-82777-en":3,"doc-seo-82777-105":29,"detail-sidebar-cat-0-en-105":91},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":20,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":21,"language":22,"language_code":23,"site_id":24,"html_lang":23,"table_of_contents":25,"faqs":26,"seo_title":13,"seo_description":14,"update_tm":27,"read_time":28},82777,137441390410,"Hazel","https://ap-avatar.wpscdn.com/avatar/2000252f4ab5702993?_k=1776741390130283984",8,"Research & Report","Neuro-Symbolic Reasoning for Vulnerability Detection","Ask a large language model (LLM) whether a pointer dereference is safe, and it may produce a convincing “yes” with plausible text. Fluent justification is not proof, yet automated vulnerability detection must decide whether memory-safety defects like null dereference, use-after-free, or double free can actually occur. The work attributes LLM unreliability to premature discharge of safety obligations and proposes role separation: interpretation must not both prove obligations and decide verdicts. It introduces LEANGUARD, a neuro-symbolic framework combining neural AST fact filtering with Lean 4 verification guarding dangerous operations. Experiments across five CWE classes and three backends show consistent F1 gains, with significant improvements in most bounded repeated runs and strongest gains on CWE-415 recall.","Neuro-Symbolic Reasoning for Vulnerability  \nDetection  \nYanjie Zhao 1 , Hongjie Chen 1 , Li Lu 1 , Zhou Yang2 , Xiao Cheng3 , and Haoyu Wang 1 ✉  \n1Huazhong University of Science and Technology, Wuhan, China  \n{yanjie zhao, hongjie chen, li lu, [haoyuwang](haoyuwang}@hust.edu.cn)[}](haoyuwang}@hust.edu.cn)[@hust.edu.cn](haoyuwang}@hust.edu.cn)  \n2 University of Alberta; Alberta Machine Intelligence Institute; Canada CIFAR AI Chair, Canada, [zy25@ualberta.ca](zy25@ualberta.ca)  \n3 Macquarie University, Sydney, Australia, [xiao.cheng@mq.edu.au](xiao.cheng@mq.edu.au)  \narXiv :2607 .03963v 1 [ cs . SE] 4 Jul 2026  \nAbstract—Ask a large language model (LLM) whether a pointer dereference is safe, and it can often produce a plausible justification for “yes”. The difficulty is that a fluent justification isnot a proof. This gap is precisely where automated vulnerability detection lives: deciding, for a given operation in source code, whether a memory safety defect such as a null dereference, useafter-free, or double free can actually occur. We trace the unreliability of LLM-based vulnerability detection to a mechanism, the premature discharge of safety obligations, and argue that the remedy is not better prompting but a separation of roles: the component that interprets the code must not also be the one that decides a safety obligation is met.  \nIn this paper, we present LEANGUARD, a neuro-symbolic framework that assigns each act to the side equipped for it. On the neural side, an LLM serves strictly as a semantic filter over candidate facts extracted from the abstract syntax tree (AST): it prunes spurious facts and keeps the real ones, but never discharges an obligation or decides the verdict on its own. On the symbolic side, the surviving facts are compiled into a verification model in Lean 4 (a formal proof assistant whose kernel acceptsa conclusion only when it is formally proved), where every dangerous operation must be matched by a guard that provably covers it in scope; absent such a guard, the obligation stays open rather than being argued away. Because a function rarely arrives with full context, this symbolic model is necessarily partial: an unproved obligation is not yet a defect. An evidence-aware adjudicator therefore weighs the symbolic and neural verdicts by the quality of each. We instantiate the framework on five CWE classes to ask how far this division of labor can be pushed. Across these classes and three backends, including agentic baselines granted full-repository access, LEANGUARD improves F1 over the strongest baseline in all fifteen settings. On a repeated-run subset (three CWE classes × three backends), chosen to bound experimental cost, the gain is significant in six of nine (p \u003C 0.05). It helps most precisely where premature discharge hurts most: on CWE-415, recall roughly doubles, from 0.21 to 0.41.  \nIndex Terms—Neuro-symbolic, LLM, Vulnerability detection.  \nI. INTRODUCTION  \nMemory safety defects remain among the most damaging and persistent flaws in systems software. Classes such as NULL pointer dereference (CWE-476), use-after-free (CWE- 416), and double free (CWE-415) sit atop the most-reported weakness categories year after year [38], [39], and they survive even in mature, heavily audited code: the Linux kernel alone absorbs hundreds of NULL-dereference fixes in a single  \n✉ Corresponding author: Haoyu Wang ([haoyuwang@hust.edu.cn](haoyuwang@hust.edu.cn)).  \nrecent year, across memory management, file systems, and the network stack [10], [30] . What makes them so stubborn is an asymmetry inherent to the task. A defender must guard every dangerous operation; an attacker needs only the one that slipped through. Since these operations are scattered across acodebase that no analysis can hold in full, each must be judged where it sits—often without the rest of the program in view. The hard question is therefore no longer whether these bugs exist, but whether we can judge a single function reliably when c","cbCaintDuamK0m7z","https://ap.wps.com/l/cbCaintDuamK0m7z","pdf",571119,1,12,"English","en",105,"# Abstract\n# Introduction","[{\"question\":\"为什么仅依靠LLM生成的“安全”理由不足以进行漏洞检测？\",\"answer\":\"因为LLM输出的是流畅的解释而不是形式化证明。它可能在证据不足时就给出结论，因而“解释为何可能安全”并不等同于“证明义务已被满足”。\"},{\"question\":\"LEANGUARD如何避免“安全义务的过早解除”（premature discharge）？\",\"answer\":\"框架将角色分离：神经侧只作为语义过滤器，对从AST提取的候选事实进行剪枝；符号侧把保留下来的事实编译到Lean 4的验证模型中，由形式证明来匹配危险操作对应的guard。若缺少可覆盖的guard，义务保持未关闭状态而不是被语言模型说服性地绕过。\"},{\"question\":\"实验结果表明LEANGUARD在不同CWE类别上的改进体现在哪些方面？\",\"answer\":\"在五个CWE类别与三个后端的十五个设置中，LEANGUARD在所有设置上相对最强基线提升F1。对成本受限的重复运行子集（九次）中，有六次达到显著提升（p \\u003c 0.05），尤其在CWE-415上召回率大约从0.21提升到0.41。\"}]",1784182875,30,{"code":4,"msg":30,"data":31},"ok",{"site_id":24,"language":23,"slug":32,"title":13,"keywords":33,"description":14,"schema_data":34,"social_meta":86,"head_meta":88,"extra_data":90,"updated_unix":27},"neuro-symbolic-reasoning-for-vulnerability-detection","",{"@graph":35,"@context":85},[36,53,68],{"@type":37,"itemListElement":38},"BreadcrumbList",[39,43,47,50],{"item":40,"name":41,"@type":42,"position":20},"https://docshare.wps.com","Home","ListItem",{"item":44,"name":45,"@type":42,"position":46},"https://docshare.wps.com/document/","Document",2,{"item":48,"name":12,"@type":42,"position":49},"https://docshare.wps.com/document/research-report/",3,{"item":51,"name":13,"@type":42,"position":52},"https://docshare.wps.com/document/neuro-symbolic-reasoning-for-vulnerability-detection/82777/",4,{"url":51,"name":13,"@type":54,"author":55,"headline":13,"publisher":57,"fileFormat":60,"inLanguage":23,"description":14,"dateModified":61,"datePublished":62,"encodingFormat":60,"isAccessibleForFree":63,"interactionStatistic":64},"DigitalDocument",{"name":9,"@type":56},"Person",{"url":40,"name":58,"@type":59},"DocShare","Organization","application/pdf","2026-07-17","2026-07-16",true,{"@type":65,"interactionType":66,"userInteractionCount":20},"InteractionCounter",{"@type":67},"ViewAction",{"@type":69,"mainEntity":70},"FAQPage",[71,77,81],{"name":72,"@type":73,"acceptedAnswer":74},"为什么仅依靠LLM生成的“安全”理由不足以进行漏洞检测？","Question",{"text":75,"@type":76},"因为LLM输出的是流畅的解释而不是形式化证明。它可能在证据不足时就给出结论，因而“解释为何可能安全”并不等同于“证明义务已被满足”。","Answer",{"name":78,"@type":73,"acceptedAnswer":79},"LEANGUARD如何避免“安全义务的过早解除”（premature discharge）？",{"text":80,"@type":76},"框架将角色分离：神经侧只作为语义过滤器，对从AST提取的候选事实进行剪枝；符号侧把保留下来的事实编译到Lean 4的验证模型中，由形式证明来匹配危险操作对应的guard。若缺少可覆盖的guard，义务保持未关闭状态而不是被语言模型说服性地绕过。",{"name":82,"@type":73,"acceptedAnswer":83},"实验结果表明LEANGUARD在不同CWE类别上的改进体现在哪些方面？",{"text":84,"@type":76},"在五个CWE类别与三个后端的十五个设置中，LEANGUARD在所有设置上相对最强基线提升F1。对成本受限的重复运行子集（九次）中，有六次达到显著提升（p \u003C 0.05），尤其在CWE-415上召回率大约从0.21提升到0.41。","https://schema.org",{"og:url":51,"og:type":87,"og:title":13,"og:site_name":58,"og:description":14},"article",{"robots":89,"canonical":51},"index,follow",{"doc_id":7,"site_id":24},{"code":4,"msg":5,"data":92},[93,97,101,105,110,115,120,122,127,130,134],{"id":20,"doc_module":4,"doc_module_name":45,"category_name":94,"show_sort_weight":95,"slug":96},"Story & Novel",90,"story-novel",{"id":46,"doc_module":4,"doc_module_name":45,"category_name":98,"show_sort_weight":99,"slug":100},"Literature",80,"literature",{"id":52,"doc_module":4,"doc_module_name":45,"category_name":102,"show_sort_weight":103,"slug":104},"Exam",70,"exam",{"id":106,"doc_module":4,"doc_module_name":45,"category_name":107,"show_sort_weight":108,"slug":109},5,"Comic",60,"comic",{"id":111,"doc_module":4,"doc_module_name":45,"category_name":112,"show_sort_weight":113,"slug":114},6,"Technology",50,"technology",{"id":116,"doc_module":4,"doc_module_name":45,"category_name":117,"show_sort_weight":118,"slug":119},7,"Healthcare",40,"healthcare",{"id":11,"doc_module":4,"doc_module_name":45,"category_name":12,"show_sort_weight":28,"slug":121},"research-report",{"id":123,"doc_module":4,"doc_module_name":45,"category_name":124,"show_sort_weight":125,"slug":126},9,"Religion & Spirituality",20,"religion-spirituality",{"id":125,"doc_module":4,"doc_module_name":45,"category_name":128,"show_sort_weight":125,"slug":129},"World Cup","world-cup",{"id":131,"doc_module":4,"doc_module_name":45,"category_name":132,"show_sort_weight":131,"slug":133},10,"Lifestyle","lifestyle",{"id":135,"doc_module":4,"doc_module_name":45,"category_name":136,"show_sort_weight":106,"slug":137},19,"General","general"]