Increasing precision of static code analysis using large language models

D. D. Panov^ab, N. V. Shimchik^ab, D. A. Chibisov^ab, A. A. Belevancev^ab, V. N. Ignatyev<sup>ab

a</sup> Ivannikov Institute for System Programming of the RAS
^b Lomonosov Moscow State University

Abstract: This paper describes an approach to verifying the results of static code analysis using large language models (LLMs), which filters warnings to eliminate false positives. To construct the prompt for LLM, the proposed approach retains information collected by the analyzer, such as abstract syntax trees of files, symbol tables, type and function summaries. This information can either be directly included in the prompt or used to accurately identify the code fragments required to verify the warning. The approach was implemented in SharpChecker – an industrial static analyzer for the C# language. Testing on real-world code demonstrated an improvement in result precision by up to 10 percentage points while maintaining high recall (0.8 to 0.97) for context-sensitive and interprocedural path-sensitive detectors of resource leaks, null dereferences, and integer overflows. In case of unreachable code detector, use of information from the static analyzer improved recall by 11–27 percentage points compared to an approach that only uses the program's source code in the prompt.

Keywords: static code analysis, large language models LLM

DOI: 10.15514/ISPRAS-2025-37(6)-5