Semantics-Aligned, Curriculum-Driven, and Reasoning-Enhanced Vulnerability Repair Framework Article Swipe
Chengran Yang
,
Ting Zhang
,
Jingchi Jiang
,
Xin Zhou
,
Haoye Tian
,
Jieke Shi
,
Junkai Chen
,
Yikun Li
,
Eng Lieh Ouh
,
Lwin Khin Shar
,
David Lo
·
YOU?
·
· 2025
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2510.01002
YOU?
·
· 2025
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2510.01002
Current learning-based Automated Vulnerability Repair (AVR) approaches, while promising, often fail to generalize effectively in real-world scenarios. Our diagnostic analysis reveals three fundamental weaknesses in state-of-the-art AVR approaches: (1) limited cross-repository generalization, with performance drops on unseen codebases; (2) inability to capture long-range dependencies, causing a performance degradation on complex, multi-hunk repairs; and (3) over-reliance on superficial lexical patterns, leading to significant performance drops on vulnerabilities with minor syntactic variations like variable renaming. To address these limitations, we propose SeCuRepair, a semantics-aligned, curriculum-driven, and reasoning-enhanced framework for vulnerability repair. At its core, SeCuRepair adopts a reason-then-edit paradigm, requiring the model to articulate why and how a vulnerability should be fixed before generating the patch. This explicit reasoning enforces a genuine understanding of repair logic rather than superficial memorization of lexical patterns. SeCuRepair also moves beyond traditional supervised fine-tuning and employs semantics-aware reinforcement learning, rewarding patches for their syntactic and semantic alignment with the oracle patch rather than mere token overlap. Complementing this, a difficulty-aware curriculum progressively trains the model, starting with simple fixes and advancing to complex, multi-hunk coordinated edits. We evaluate SeCuRepair on strict, repository-level splits of BigVul and newly crafted PrimeVul_AVR datasets. SeCuRepair significantly outperforms all baselines, surpassing the best-performing baselines by 34.52% on BigVul and 31.52% on PrimeVul\textsubscript{AVR} in terms of CodeBLEU, respectively. Comprehensive ablation studies further confirm that each component of our framework contributes to its final performance.
Related Topics
Concepts
No concepts available.
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2510.01002
- https://arxiv.org/pdf/2510.01002
- OA Status
- green
- OpenAlex ID
- https://openalex.org/W4414810190
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4414810190Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2510.01002Digital Object Identifier
- Title
-
Semantics-Aligned, Curriculum-Driven, and Reasoning-Enhanced Vulnerability Repair FrameworkWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2025Year of publication
- Publication date
-
2025-10-01Full publication date if available
- Authors
-
Chengran Yang, Ting Zhang, Jingchi Jiang, Xin Zhou, Haoye Tian, Jieke Shi, Junkai Chen, Yikun Li, Eng Lieh Ouh, Lwin Khin Shar, David LoList of authors in order
- Landing page
-
https://arxiv.org/abs/2510.01002Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2510.01002Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2510.01002Direct OA link when available
- Cited by
-
0Total citation count in OpenAlex
Full payload
| id | https://openalex.org/W4414810190 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2510.01002 |
| ids.doi | https://doi.org/10.48550/arxiv.2510.01002 |
| ids.openalex | https://openalex.org/W4414810190 |
| fwci | |
| type | preprint |
| title | Semantics-Aligned, Curriculum-Driven, and Reasoning-Enhanced Vulnerability Repair Framework |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T12423 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.9387000203132629 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1712 |
| topics[0].subfield.display_name | Software |
| topics[0].display_name | Software Reliability and Analysis Research |
| topics[1].id | https://openalex.org/T10734 |
| topics[1].field.id | https://openalex.org/fields/17 |
| topics[1].field.display_name | Computer Science |
| topics[1].score | 0.9359999895095825 |
| topics[1].domain.id | https://openalex.org/domains/3 |
| topics[1].domain.display_name | Physical Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/1710 |
| topics[1].subfield.display_name | Information Systems |
| topics[1].display_name | Information and Cyber Security |
| topics[2].id | https://openalex.org/T12127 |
| topics[2].field.id | https://openalex.org/fields/17 |
| topics[2].field.display_name | Computer Science |
| topics[2].score | 0.9332000017166138 |
| topics[2].domain.id | https://openalex.org/domains/3 |
| topics[2].domain.display_name | Physical Sciences |
| topics[2].subfield.id | https://openalex.org/subfields/1705 |
| topics[2].subfield.display_name | Computer Networks and Communications |
| topics[2].display_name | Software System Performance and Reliability |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2510.01002 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | cc-by |
| locations[0].pdf_url | https://arxiv.org/pdf/2510.01002 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | https://openalex.org/licenses/cc-by |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2510.01002 |
| locations[1].id | doi:10.48550/arxiv.2510.01002 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | cc-by |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | https://openalex.org/licenses/cc-by |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2510.01002 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5108839501 |
| authorships[0].author.orcid | |
| authorships[0].author.display_name | Chengran Yang |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Yang, Chengran |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5100458263 |
| authorships[1].author.orcid | https://orcid.org/0000-0001-5008-2081 |
| authorships[1].author.display_name | Ting Zhang |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Zhang, Ting |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5064238181 |
| authorships[2].author.orcid | https://orcid.org/0000-0003-2167-4082 |
| authorships[2].author.display_name | Jingchi Jiang |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | Jiang, Jinfeng |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5100424233 |
| authorships[3].author.orcid | https://orcid.org/0000-0002-4558-0622 |
| authorships[3].author.display_name | Xin Zhou |
| authorships[3].author_position | middle |
| authorships[3].raw_author_name | Zhou, Xin |
| authorships[3].is_corresponding | False |
| authorships[4].author.id | https://openalex.org/A5101397373 |
| authorships[4].author.orcid | https://orcid.org/0000-0002-8049-3997 |
| authorships[4].author.display_name | Haoye Tian |
| authorships[4].author_position | middle |
| authorships[4].raw_author_name | Tian, Haoye |
| authorships[4].is_corresponding | False |
| authorships[5].author.id | https://openalex.org/A5002667771 |
| authorships[5].author.orcid | https://orcid.org/0000-0002-0799-5018 |
| authorships[5].author.display_name | Jieke Shi |
| authorships[5].author_position | middle |
| authorships[5].raw_author_name | Shi, Jieke |
| authorships[5].is_corresponding | False |
| authorships[6].author.id | https://openalex.org/A5069649500 |
| authorships[6].author.orcid | https://orcid.org/0009-0001-3814-6000 |
| authorships[6].author.display_name | Junkai Chen |
| authorships[6].author_position | middle |
| authorships[6].raw_author_name | Chen, Junkai |
| authorships[6].is_corresponding | False |
| authorships[7].author.id | https://openalex.org/A5100730906 |
| authorships[7].author.orcid | https://orcid.org/0000-0002-1566-725X |
| authorships[7].author.display_name | Yikun Li |
| authorships[7].author_position | middle |
| authorships[7].raw_author_name | Li, Yikun |
| authorships[7].is_corresponding | False |
| authorships[8].author.id | https://openalex.org/A5041682105 |
| authorships[8].author.orcid | https://orcid.org/0000-0001-7759-348X |
| authorships[8].author.display_name | Eng Lieh Ouh |
| authorships[8].author_position | middle |
| authorships[8].raw_author_name | Ouh, Eng Lieh |
| authorships[8].is_corresponding | False |
| authorships[9].author.id | https://openalex.org/A5029828965 |
| authorships[9].author.orcid | https://orcid.org/0000-0001-5130-0407 |
| authorships[9].author.display_name | Lwin Khin Shar |
| authorships[9].author_position | middle |
| authorships[9].raw_author_name | Shar, Lwin Khin |
| authorships[9].is_corresponding | False |
| authorships[10].author.id | https://openalex.org/A5081036622 |
| authorships[10].author.orcid | https://orcid.org/0000-0002-4367-7201 |
| authorships[10].author.display_name | David Lo |
| authorships[10].author_position | last |
| authorships[10].raw_author_name | Lo, David |
| authorships[10].is_corresponding | False |
| has_content.pdf | True |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2510.01002 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | Semantics-Aligned, Curriculum-Driven, and Reasoning-Enhanced Vulnerability Repair Framework |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T12423 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.9387000203132629 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1712 |
| primary_topic.subfield.display_name | Software |
| primary_topic.display_name | Software Reliability and Analysis Research |
| cited_by_count | 0 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2510.01002 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | cc-by |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2510.01002 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | https://openalex.org/licenses/cc-by |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2510.01002 |
| primary_location.id | pmh:oai:arXiv.org:2510.01002 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | cc-by |
| primary_location.pdf_url | https://arxiv.org/pdf/2510.01002 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | https://openalex.org/licenses/cc-by |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2510.01002 |
| publication_date | 2025-10-01 |
| publication_year | 2025 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 45, 80, 94, 105, 118, 162 |
| abstract_inverted_index.At | 89 |
| abstract_inverted_index.To | 73 |
| abstract_inverted_index.We | 180 |
| abstract_inverted_index.be | 108 |
| abstract_inverted_index.by | 203 |
| abstract_inverted_index.in | 14, 24, 211 |
| abstract_inverted_index.of | 121, 128, 187, 213, 224 |
| abstract_inverted_index.on | 35, 48, 55, 64, 183, 205, 209 |
| abstract_inverted_index.to | 11, 40, 60, 100, 175, 228 |
| abstract_inverted_index.we | 77 |
| abstract_inverted_index.(1) | 28 |
| abstract_inverted_index.(2) | 38 |
| abstract_inverted_index.(3) | 53 |
| abstract_inverted_index.AVR | 26 |
| abstract_inverted_index.Our | 17 |
| abstract_inverted_index.all | 197 |
| abstract_inverted_index.and | 52, 83, 103, 138, 148, 173, 189, 207 |
| abstract_inverted_index.for | 86, 145 |
| abstract_inverted_index.how | 104 |
| abstract_inverted_index.its | 90, 229 |
| abstract_inverted_index.our | 225 |
| abstract_inverted_index.the | 98, 112, 152, 167, 200 |
| abstract_inverted_index.why | 102 |
| abstract_inverted_index.This | 114 |
| abstract_inverted_index.also | 132 |
| abstract_inverted_index.each | 222 |
| abstract_inverted_index.fail | 10 |
| abstract_inverted_index.like | 70 |
| abstract_inverted_index.mere | 157 |
| abstract_inverted_index.than | 125, 156 |
| abstract_inverted_index.that | 221 |
| abstract_inverted_index.with | 32, 66, 151, 170 |
| abstract_inverted_index.(AVR) | 5 |
| abstract_inverted_index.core, | 91 |
| abstract_inverted_index.drops | 34, 63 |
| abstract_inverted_index.final | 230 |
| abstract_inverted_index.fixed | 109 |
| abstract_inverted_index.fixes | 172 |
| abstract_inverted_index.logic | 123 |
| abstract_inverted_index.minor | 67 |
| abstract_inverted_index.model | 99 |
| abstract_inverted_index.moves | 133 |
| abstract_inverted_index.newly | 190 |
| abstract_inverted_index.often | 9 |
| abstract_inverted_index.patch | 154 |
| abstract_inverted_index.terms | 212 |
| abstract_inverted_index.their | 146 |
| abstract_inverted_index.these | 75 |
| abstract_inverted_index.this, | 161 |
| abstract_inverted_index.three | 21 |
| abstract_inverted_index.token | 158 |
| abstract_inverted_index.while | 7 |
| abstract_inverted_index.31.52% | 208 |
| abstract_inverted_index.34.52% | 204 |
| abstract_inverted_index.BigVul | 188, 206 |
| abstract_inverted_index.Repair | 4 |
| abstract_inverted_index.adopts | 93 |
| abstract_inverted_index.before | 110 |
| abstract_inverted_index.beyond | 134 |
| abstract_inverted_index.edits. | 179 |
| abstract_inverted_index.model, | 168 |
| abstract_inverted_index.oracle | 153 |
| abstract_inverted_index.patch. | 113 |
| abstract_inverted_index.rather | 124, 155 |
| abstract_inverted_index.repair | 122 |
| abstract_inverted_index.should | 107 |
| abstract_inverted_index.simple | 171 |
| abstract_inverted_index.splits | 186 |
| abstract_inverted_index.trains | 166 |
| abstract_inverted_index.unseen | 36 |
| abstract_inverted_index.Current | 0 |
| abstract_inverted_index.address | 74 |
| abstract_inverted_index.capture | 41 |
| abstract_inverted_index.causing | 44 |
| abstract_inverted_index.confirm | 220 |
| abstract_inverted_index.crafted | 191 |
| abstract_inverted_index.employs | 139 |
| abstract_inverted_index.further | 219 |
| abstract_inverted_index.genuine | 119 |
| abstract_inverted_index.leading | 59 |
| abstract_inverted_index.lexical | 57, 129 |
| abstract_inverted_index.limited | 29 |
| abstract_inverted_index.patches | 144 |
| abstract_inverted_index.propose | 78 |
| abstract_inverted_index.repair. | 88 |
| abstract_inverted_index.reveals | 20 |
| abstract_inverted_index.strict, | 184 |
| abstract_inverted_index.studies | 218 |
| abstract_inverted_index.ablation | 217 |
| abstract_inverted_index.analysis | 19 |
| abstract_inverted_index.complex, | 49, 176 |
| abstract_inverted_index.enforces | 117 |
| abstract_inverted_index.evaluate | 181 |
| abstract_inverted_index.explicit | 115 |
| abstract_inverted_index.overlap. | 159 |
| abstract_inverted_index.repairs; | 51 |
| abstract_inverted_index.semantic | 149 |
| abstract_inverted_index.starting | 169 |
| abstract_inverted_index.variable | 71 |
| abstract_inverted_index.Automated | 2 |
| abstract_inverted_index.CodeBLEU, | 214 |
| abstract_inverted_index.advancing | 174 |
| abstract_inverted_index.alignment | 150 |
| abstract_inverted_index.baselines | 202 |
| abstract_inverted_index.component | 223 |
| abstract_inverted_index.datasets. | 193 |
| abstract_inverted_index.framework | 85, 226 |
| abstract_inverted_index.inability | 39 |
| abstract_inverted_index.learning, | 142 |
| abstract_inverted_index.paradigm, | 96 |
| abstract_inverted_index.patterns, | 58 |
| abstract_inverted_index.patterns. | 130 |
| abstract_inverted_index.reasoning | 116 |
| abstract_inverted_index.renaming. | 72 |
| abstract_inverted_index.requiring | 97 |
| abstract_inverted_index.rewarding | 143 |
| abstract_inverted_index.syntactic | 68, 147 |
| abstract_inverted_index.SeCuRepair | 92, 131, 182, 194 |
| abstract_inverted_index.articulate | 101 |
| abstract_inverted_index.baselines, | 198 |
| abstract_inverted_index.codebases; | 37 |
| abstract_inverted_index.curriculum | 164 |
| abstract_inverted_index.diagnostic | 18 |
| abstract_inverted_index.generalize | 12 |
| abstract_inverted_index.generating | 111 |
| abstract_inverted_index.long-range | 42 |
| abstract_inverted_index.multi-hunk | 50, 177 |
| abstract_inverted_index.promising, | 8 |
| abstract_inverted_index.real-world | 15 |
| abstract_inverted_index.scenarios. | 16 |
| abstract_inverted_index.supervised | 136 |
| abstract_inverted_index.surpassing | 199 |
| abstract_inverted_index.variations | 69 |
| abstract_inverted_index.weaknesses | 23 |
| abstract_inverted_index.SeCuRepair, | 79 |
| abstract_inverted_index.approaches, | 6 |
| abstract_inverted_index.approaches: | 27 |
| abstract_inverted_index.contributes | 227 |
| abstract_inverted_index.coordinated | 178 |
| abstract_inverted_index.degradation | 47 |
| abstract_inverted_index.effectively | 13 |
| abstract_inverted_index.fine-tuning | 137 |
| abstract_inverted_index.fundamental | 22 |
| abstract_inverted_index.outperforms | 196 |
| abstract_inverted_index.performance | 33, 46, 62 |
| abstract_inverted_index.significant | 61 |
| abstract_inverted_index.superficial | 56, 126 |
| abstract_inverted_index.traditional | 135 |
| abstract_inverted_index.PrimeVul_AVR | 192 |
| abstract_inverted_index.limitations, | 76 |
| abstract_inverted_index.memorization | 127 |
| abstract_inverted_index.performance. | 231 |
| abstract_inverted_index.Complementing | 160 |
| abstract_inverted_index.Comprehensive | 216 |
| abstract_inverted_index.Vulnerability | 3 |
| abstract_inverted_index.dependencies, | 43 |
| abstract_inverted_index.over-reliance | 54 |
| abstract_inverted_index.progressively | 165 |
| abstract_inverted_index.reinforcement | 141 |
| abstract_inverted_index.respectively. | 215 |
| abstract_inverted_index.significantly | 195 |
| abstract_inverted_index.understanding | 120 |
| abstract_inverted_index.vulnerability | 87, 106 |
| abstract_inverted_index.learning-based | 1 |
| abstract_inverted_index.best-performing | 201 |
| abstract_inverted_index.generalization, | 31 |
| abstract_inverted_index.semantics-aware | 140 |
| abstract_inverted_index.vulnerabilities | 65 |
| abstract_inverted_index.cross-repository | 30 |
| abstract_inverted_index.difficulty-aware | 163 |
| abstract_inverted_index.reason-then-edit | 95 |
| abstract_inverted_index.repository-level | 185 |
| abstract_inverted_index.state-of-the-art | 25 |
| abstract_inverted_index.curriculum-driven, | 82 |
| abstract_inverted_index.reasoning-enhanced | 84 |
| abstract_inverted_index.semantics-aligned, | 81 |
| abstract_inverted_index.PrimeVul\textsubscript{AVR} | 210 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 11 |
| citation_normalized_percentile |