SynthFix: Adaptive Neuro-Symbolic Code Vulnerability Repair

Abstract: LLMs show promise for automated code repair but often struggle with the complex semantic and structural correctness required. We present SynthFix, a hybrid neural-symbolic framework that improves LLM-based vulnerability repair by unifying code synthesis with compiler-informed symbolic feedback. The core of our approach is an adaptive training strategy where a neural Router Model directs code samples to either Supervised Fine-Tuning (SFT) to learn common patterns or Reward Fine-Tuning (RFT) with symbolic rewards for complex, iterative refinement. On the FixJS (JavaScript) and CodeFlaws (C) benchmarks, SynthFix achieves up to 18% relative improvement in CodeBLEU/CrystalBLEU and 32% in Exact Match over strong SFT and RFT baselines. Our results show that this adaptive combination of training strategies, which mirrors how developers alternate between pattern application and tool feedback, significantly improves the accuracy and efficiency of LLM-based vulnerability repair. Our code and data are available at https://github.com/CoderDoge1108/SynthFix.

• The paper presents an adaptive framework for code vulnerability repair that merges supervised fine-tuning (SFT) and reward fine-tuning (RFT) via a neural router.
• It leverages compiler-guided static signals—AST, CFG, and Semgrep—to ensure both syntactic correctness and semantic fidelity in generated patches.
• Empirical results demonstrate up to 32% improvement in Exact Match and significant gains in CodeBLEU, outperforming traditional repair techniques.

SynthFix: Adaptive Neuro-Symbolic Code Vulnerability Repair

Introduction and Motivation

SynthFix introduces an integrated neuro-symbolic approach to automated code vulnerability repair, addressing fundamental limitations of LLMs in capturing the semantic rigor and structural correctness necessary to rectify real-world software vulnerabilities. While LLMs excel at generating plausible source code modifications through large-scale supervised learning, they commonly fail to ensure functional correctness or security, sometimes introducing subtle bugs or missing domain-specific secure patterns. Pure reinforcement- or reward-based fine-tuning approaches offer semantically richer feedback but are computationally costly and sample-inefficient. SynthFix proposes a principled hybridization—praxis-mirroring human repair workflows—dynamically alternating between supervised fine-tuning (SFT) and compiler-informed reward fine-tuning (RFT) according to task and code complexity.

Figure 1: SynthFix overview—left, patch generation and selective validation; right, adaptive routing between SFT and RFT via a neural router and symbolic multimodal reward.

Technical Framework

SynthFix combines three principal modules: a Repair Agent (transformer-based LLM), a symbolic Reward Model, and a neural Router Model. The Repair Agent is spun up on open LLM architectures (e.g., CodeLLaMA, StarCoder2), then trained through adaptive alternation of SFT and RFT. The symbolic Reward Model introduces a dense, composite reward that aggregates static code analysis (Semgrep), AST congruence, and CFG structural validation.

Key reward components are:

• Syntactic Correctness ($r_{\text{AST}}$): AST structure matching, ensuring well-formed, syntactically valid patches.
• Logical Fidelity ($r_{\text{CFG}}$): CFG similarity, constraining control-flow equivalence and guarding logical semantics.
• Assessed Security ($r_{\text{Semgrep}}$): Static analysis-based signals for vulnerability elimination and patch validity.

The neural Router Model, a lightweight MLP classifier, takes compiler-derived code features (AST/CFG complexity metrics, code length) to dynamically dispatch each batch to either SFT (pattern-based, low-complexity) or RFT (feedback-driven, high-complexity). This batch-wise adaptive scheduling, informed by static symbolic evidence, enables efficient allocation of computational resources and grounds training in real-time code analysis.

Experimental Design and Quantitative Results

SynthFix is evaluated on FixJS (JavaScript) and CodeFlaws (C), utilizing canonical train/val/test splits and four baseline code LLMs—CodeGen-220M, CodeT5-350M, CodeLLaMA-7B, StarCoder2-7B. Metrics include CodeBLEU, CrystalBLEU, and Exact Match (EM).

Empirical results validate the superiority of this adaptive hybridization:

• Relative improvements of up to 18% in CodeBLEU/CrystalBLEU and 32% in EM over SFT/RFT-only baselines.
• Across all tested LLMs and datasets, SynthFix’s router-augmented variant robustly outperforms both static-hybrid and single-paradigm models.
• Detailed analysis by vulnerability type (CWE) and code functionality demonstrates broad generalization, with especially strong gains in categories involving rich control-flow or intricate attack vectors (e.g., XSS, input validation).

Case studies highlight the qualitative jump in patch quality—SynthFix avoids both the syntactic myopia of SFT and the verbosity or instability of pure RFT, synthesizing robust, minimal, and semantically precise repairs.

Figure 2: FixJS task performance—SynthFix consistently surpasses SFT-only and RFT-only baselines in JavaScript vulnerability repair.

Figure 3: Comparison of diffs on two representative FixJS cases showing SFT, RFT, and SynthFix patch outputs: left, XSS bug; right, array summation error.

Ablation and Component Analysis

Ablation reveals non-trivial contributions from each symbolic reward module. Exclusion of the Semgrep/static analysis component yields the sharpest degradation, but all three signals (AST, CFG, Semgrep) are necessary to reach maximal repair accuracy. Thus, combining multiple symbolic dimensions into the reward function is integral to robust semantic repairs.

Implications and Future Work

SynthFix’s empirical and architectural outcomes carry several notable implications:

• Curriculum learning by adaptive routing: Dynamic, code-feature-driven assignment of fine-tuning strategy can substantially accelerate both convergence and final quality in hybrid LLM frameworks for software engineering tasks.
• Reward model composition: Multi-objective, compiler-grounded signals directly shape LLM outputs toward structural and semantic security, suggesting a general strategy for tightly coupling static analysis with neural models.
• Beyond static features: Current routing relies on syntactic/structural metrics. Incorporating dynamic execution traces or runtime characteristics could further enrich the adaptive controller and remedy complex, data-dependent vulnerabilities.
• Scalability and cross-lingual transfer: While validated on academic datasets, scaling to industrial codebases and extending to additional programming languages (e.g., Python) are immediate avenues for future exploration.

Limitations

SynthFix’s routing relies primarily on static code features; scenarios with subtle, runtime-only bug manifestations may evade optimal routing. The evaluation, though rigorous, is limited to curated academic benchmarks; broad validation in industrial, multi-language environments is pending.

Conclusion

SynthFix substantiates the case for adaptive, neuro-symbolic hybridization in LLM-based automated code repair. By architecturally fusing supervised and reward-based learning with dynamic routing and compiler-informed symbolic feedback, it achieves superior repair accuracy, efficiency, and generalization. This paradigm offers a blueprint for future AI research at the intersection of language modeling, static analysis, and software reliability, with direct implications for automated security tooling, program synthesis, and dependable software engineering.