SynthFix: Adaptive Neuro-Symbolic Code Vulnerability Repair

TL;DR

SynthFix is a hybrid neural-symbolic framework that enhances LLM-based code vulnerability repair by combining adaptive training strategies with symbolic feedback, leading to significant improvements on benchmark datasets.

Contribution

Introduces SynthFix, a novel adaptive training approach unifying neural and symbolic methods for more accurate code vulnerability repair.

Findings

Achieves up to 18% improvement in CodeBLEU/CrystalBLEU scores.

Attains 32% higher Exact Match accuracy over baseline methods.

Demonstrates effectiveness on JavaScript and C vulnerability benchmarks.

Abstract

Large Language Models (LLMs) show promise for automated code repair but often struggle with the complex semantic and structural correctness required. We present SynthFix, a hybrid neural-symbolic framework that improves LLM-based vulnerability repair by unifying code synthesis with compiler-informed symbolic feedback. The core of our approach is an adaptive training strategy where a neural Router Model directs code samples to either Supervised Fine-Tuning (SFT) to learn common patterns or Reward Fine-Tuning (RFT) with symbolic rewards for complex, iterative refinement. On the FixJS (JavaScript) and CodeFlaws (C) benchmarks, SynthFix achieves up to 18% relative improvement in CodeBLEU/CrystalBLEU and 32% in Exact Match over strong SFT and RFT baselines. Our results show that this adaptive combination of training strategies, which mirrors how developers alternate between pattern application and tool feedback, significantly improves the accuracy and efficiency of LLM-based vulnerability repair. Our code and data are available at https://github.com/CoderDoge1108/SynthFix.