Large Language Models for Code Analysis: Do LLMs Really Do Their Job?

Chongzhou Fang; Ning Miao; Shaurya Srivastav; Jialin Liu; Ruoyu Zhang; Ruijie Fang; Asmita; Ryan Tsang; Najmeh Nazari; Han Wang; Houman Homayoun

Large Language Models for Code Analysis: Do LLMs Really Do Their Job?

Chongzhou Fang
, Ning Miao
, Shaurya Srivastav
, Jialin Liu
, Ruoyu Zhang
, Ruijie Fang
, Asmita
, Ryan Tsang
, Najmeh Nazari
, Han Wang
, Houman Homayoun

Department of Computer Science

University of California at Davis
Temple University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

61 Scopus citations

Abstract

Large language models (LLMs) have demonstrated significant potential in the realm of natural language understanding and programming code processing tasks. Their capacity to comprehend and generate human-like code has spurred research into harnessing LLMs for code analysis purposes. However, the existing body of literature falls short in delivering a systematic evaluation and assessment of LLMs' effectiveness in code analysis, particularly in the context of obfuscated code. This paper seeks to bridge this gap by offering a comprehensive evaluation of LLMs' capabilities in performing code analysis tasks. Additionally, it presents real-world case studies that employ LLMs for code analysis. Our findings indicate that LLMs can indeed serve as valuable tools for automating code analysis, albeit with certain limitations. Through meticulous exploration, this research contributes to a deeper understanding of the potential and constraints associated with utilizing LLMs in code analysis, paving the way for enhanced applications in this critical domain.

Original language	English
Title of host publication	Proceedings of the 33rd USENIX Security Symposium
Pages	829-846
Number of pages	18
ISBN (Electronic)	9781939133441
State	Published - 2024
Event	33rd USENIX Security Symposium, USENIX Security 2024 - Philadelphia, United States Duration: 14 Aug 2024 → 16 Aug 2024

Publication series

Name	Proceedings of the 33rd USENIX Security Symposium

Conference

Conference	33rd USENIX Security Symposium, USENIX Security 2024
Country/Territory	United States
City	Philadelphia
Period	14/08/24 → 16/08/24

Cite this

@inproceedings{ea28195339954ee1b91bcf62a0bbf5c8,

title = "Large Language Models for Code Analysis: Do LLMs Really Do Their Job?",

abstract = "Large language models (LLMs) have demonstrated significant potential in the realm of natural language understanding and programming code processing tasks. Their capacity to comprehend and generate human-like code has spurred research into harnessing LLMs for code analysis purposes. However, the existing body of literature falls short in delivering a systematic evaluation and assessment of LLMs' effectiveness in code analysis, particularly in the context of obfuscated code. This paper seeks to bridge this gap by offering a comprehensive evaluation of LLMs' capabilities in performing code analysis tasks. Additionally, it presents real-world case studies that employ LLMs for code analysis. Our findings indicate that LLMs can indeed serve as valuable tools for automating code analysis, albeit with certain limitations. Through meticulous exploration, this research contributes to a deeper understanding of the potential and constraints associated with utilizing LLMs in code analysis, paving the way for enhanced applications in this critical domain.",

author = "Chongzhou Fang and Ning Miao and Shaurya Srivastav and Jialin Liu and Ruoyu Zhang and Ruijie Fang and Asmita and Ryan Tsang and Najmeh Nazari and Han Wang and Houman Homayoun",

note = "Publisher Copyright: {\textcopyright} USENIX Security Symposium 2024.All rights reserved.; 33rd USENIX Security Symposium, USENIX Security 2024 ; Conference date: 14-08-2024 Through 16-08-2024",

year = "2024",

language = "English",

series = "Proceedings of the 33rd USENIX Security Symposium",

pages = "829--846",

booktitle = "Proceedings of the 33rd USENIX Security Symposium",

}

Fang, C, Miao, N, Srivastav, S, Liu, J, Zhang, R, Fang, R, Asmita, , Tsang, R, Nazari, N, Wang, H & Homayoun, H 2024, Large Language Models for Code Analysis: Do LLMs Really Do Their Job? in Proceedings of the 33rd USENIX Security Symposium. Proceedings of the 33rd USENIX Security Symposium, pp. 829-846, 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, United States, 14/08/24.

TY - GEN

T1 - Large Language Models for Code Analysis

T2 - 33rd USENIX Security Symposium, USENIX Security 2024

AU - Fang, Chongzhou

AU - Miao, Ning

AU - Srivastav, Shaurya

AU - Liu, Jialin

AU - Zhang, Ruoyu

AU - Fang, Ruijie

AU - Asmita,

AU - Tsang, Ryan

AU - Nazari, Najmeh

AU - Wang, Han

AU - Homayoun, Houman

PY - 2024

Y1 - 2024

N2 - Large language models (LLMs) have demonstrated significant potential in the realm of natural language understanding and programming code processing tasks. Their capacity to comprehend and generate human-like code has spurred research into harnessing LLMs for code analysis purposes. However, the existing body of literature falls short in delivering a systematic evaluation and assessment of LLMs' effectiveness in code analysis, particularly in the context of obfuscated code. This paper seeks to bridge this gap by offering a comprehensive evaluation of LLMs' capabilities in performing code analysis tasks. Additionally, it presents real-world case studies that employ LLMs for code analysis. Our findings indicate that LLMs can indeed serve as valuable tools for automating code analysis, albeit with certain limitations. Through meticulous exploration, this research contributes to a deeper understanding of the potential and constraints associated with utilizing LLMs in code analysis, paving the way for enhanced applications in this critical domain.

AB - Large language models (LLMs) have demonstrated significant potential in the realm of natural language understanding and programming code processing tasks. Their capacity to comprehend and generate human-like code has spurred research into harnessing LLMs for code analysis purposes. However, the existing body of literature falls short in delivering a systematic evaluation and assessment of LLMs' effectiveness in code analysis, particularly in the context of obfuscated code. This paper seeks to bridge this gap by offering a comprehensive evaluation of LLMs' capabilities in performing code analysis tasks. Additionally, it presents real-world case studies that employ LLMs for code analysis. Our findings indicate that LLMs can indeed serve as valuable tools for automating code analysis, albeit with certain limitations. Through meticulous exploration, this research contributes to a deeper understanding of the potential and constraints associated with utilizing LLMs in code analysis, paving the way for enhanced applications in this critical domain.

UR - https://www.scopus.com/pages/publications/85204993694

UR - https://www.scopus.com/pages/publications/85204993694#tab=citedBy

M3 - Conference contribution

AN - SCOPUS:85204993694

T3 - Proceedings of the 33rd USENIX Security Symposium

SP - 829

EP - 846

BT - Proceedings of the 33rd USENIX Security Symposium

Y2 - 14 August 2024 through 16 August 2024

ER -

Large Language Models for Code Analysis: Do LLMs Really Do Their Job?

Abstract

Publication series

Conference

Other files and links

Fingerprint

Cite this