DebugHarness: Emulating Human Dynamic Debugging for Autonomous Program Repair

TL;DR

DebugHarness is an autonomous debugging agent that emulates human dynamic debugging practices to effectively diagnose and repair complex security vulnerabilities in software, outperforming existing static analysis methods.

Contribution

It introduces a novel LLM-powered debugging approach that actively interacts with runtime environments, enabling dynamic diagnosis and repair of low-level memory safety bugs.

Findings

DebugHarness patches about 90% of bugs in SEC-bench dataset.

It achieves over 30% improvement over state-of-the-art baselines.

Dynamic debugging significantly enhances LLM diagnostic capabilities.

Abstract

Patching severe security flaws in complex software remains a major challenge. While automated tools like fuzzers efficiently discover bugs, fixing deep-rooted low-level faults (e.g., use-after-free and memory corruption) still requires labor-intensive manual analysis by experts. Emerging Large Language Model (LLM) agents attempt to automate this pipeline, but they typically treat bug fixing as a purely static code-generation task. Relying solely on static artifacts, these methods miss the dynamic execution context strictly necessary for diagnosing intricate memory safety violations. To overcome these limitations, we introduce DebugHarness, an autonomous LLM-powered debugging agent harness that resolves complex vulnerabilities by emulating the interactive debugging practices of human systems engineers. Instead of merely examining static code, DebugHarness actively queries the live runtime environment. Driven by a reproducible crash, it utilizes a pattern-guided investigation strategy to formulate hypotheses, interactively probes program memory states and execution paths, and synthesizes patches via a closed-loop validation cycle. We evaluate DebugHarness on SEC-bench, a rigorous dataset of real-world C/C++ security vulnerabilities. DebugHarness successfully patches approximately 90% of the evaluated bugs. This yields a relative improvement of over 30% compared to state-of-the-art baselines, demonstrating that dynamic debugging significantly enhances LLM diagnostic capabilities. Overall, DebugHarness establishes a novel paradigm for automated program repair, bridging the gap between static LLM reasoning and the dynamic intricacies of low-level systems programming.