A cross-language code vulnerability repair method based on knowledge graph and large model double constraints
By constructing a multidimensional directed security knowledge graph and a cross-language attention alignment mechanism, combined with a dynamic lexical interception matrix, the limitations of existing cross-language code vulnerability repair technologies are overcome, achieving efficient and secure cross-language code vulnerability repair.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SOUTHWEST UNIVERSITY FOR NATIONALITIES
- Filing Date
- 2026-04-10
- Publication Date
- 2026-07-10
AI Technical Summary
Existing cross-language code vulnerability remediation technologies have limitations in cross-language feature representation, knowledge constraints, controllability of underlying generation, and cross-language semantic alignment, which renders remediation solutions infeasible or introduces secondary security risks.
We employ a dual-constraint approach based on knowledge graphs and large models. By constructing a multi-dimensional directed secure knowledge graph for multi-hop knowledge reasoning, and combining a cross-language attention alignment mechanism and a dynamic lexical interception matrix, we implement tensor log-probability hard interception to ensure the security and semantic correctness of the generated repair patch.
It significantly improves the accuracy and security of cross-language code vulnerability repair, ensures the absolute security and semantic correctness of repair patches, and enhances the efficiency of supply chain security governance under complex software architectures.
Smart Images

Figure CN122363738A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the fields of software defect repair and software supply chain, specifically to a cross-language code vulnerability repair method based on dual constraints of knowledge graph and large model. Background Technology
[0002] Currently, with the accelerated evolution of cloud-native and microservice architectures, multi-language hybrid programming has become the mainstream model for modern large-scale and complex software systems. In this rapidly iterating development environment, data flow interactions across language boundaries are frequent, easily introducing security vulnerabilities such as cross-language type mismatches and unfiltered transmission of dangerous data. Unlike single-language defects, the investigation and remediation of cross-language vulnerabilities often require traversing the entire heterogeneous microservice call chain. Manual remediation is not only time-consuming and labor-intensive, but improper remediation can also easily cause the collapse of the entire data pipeline.
[0003] In recent years, deep learning techniques, represented by pre-trained large language models, have made breakthroughs in code understanding and generation tasks. These models can assist developers in quickly generating partial code patches, effectively reducing manual maintenance costs.
[0004] However, when faced with extremely demanding cross-language security vulnerability remediation tasks, existing technologies still have the following significant problems: Most current large model repair methods rely primarily on parameterized knowledge from pre-training within the model, lacking mandatory guidance from external expert safety rules. When dealing with complex cross-language API mappings, models often suffer from severe "model illusion" due to an excessively large search space, resulting in patches that may call deprecated APIs in the target language or contain type conversion errors, rendering the repair solution infeasible.
[0005] Most existing external knowledge augmentation solutions often employ concatenated prompt word engineering, directly inputting security rules as text prefixes. This superficial "soft guidance" lacks control over the model's underlying generation logic. During autoregressive decoding, the model may still selectively ignore these rules, thereby generating malicious code containing dangerous functions and easily introducing secondary security risks.
[0006] Existing security rule extraction relies heavily on manually written static matching templates, which are difficult to adapt to the complex type systems and security specifications of heterogeneous programming languages. There is a lack of a structured knowledge routing and feature extraction mechanism that can automatically perform multi-hop reasoning and cross the semantic gap between languages.
[0007] In summary, existing automated code vulnerability repair technologies still have many limitations when dealing with multilingual scenarios, particularly regarding the determinism of knowledge constraints, the controllability of underlying generation, and cross-language semantic alignment. Therefore, there is an urgent need to propose a new automated code defect repair method that integrates structured security knowledge with the semantic generation advantages of large-scale models, overcoming the technical bottlenecks of the large-scale model illusion and weak underlying control, and improving the absolute security and efficiency of vulnerability repair. Summary of the Invention
[0008] To address the shortcomings of existing technologies and solve the aforementioned problems, this invention proposes a cross-language code vulnerability repair method based on dual constraints of knowledge graphs and large-scale models. Compared with existing technologies, this invention represents a significant technological advancement in cross-language feature representation, knowledge constraint dimensions, underlying decoding control mechanisms, and deterministic patch generation.
[0009] A cross-language code vulnerability repair method based on dual constraints of knowledge graph and large model, the main steps of which are as follows: 1) Conduct data collection and cross-language feature standardization. Use a multi-language unified parser to process heterogeneous code samples containing known vulnerabilities. Combine taint analysis technology to extract control flow and data flow features of code source and sink points, generate language-independent intermediate representations, and assign globally unique core vulnerability intent labels to them. 2) Construct a multi-dimensional directed security knowledge graph containing vulnerability entities, risk patterns, whitelist rules, and blacklist rules; based on the core vulnerability intent tags, use a multi-hop knowledge reasoning algorithm to perform bidirectional topological pathfinding in the graph and extract the first rule set and the second rule set with confidence scores higher than the preset threshold. 3) Construct context-aware soft constraints at the input of the pre-trained language model, introduce a cross-language attention alignment mechanism, and structurally concatenate and fuse the intermediate representation with the first rule set to generate a contextual cue vector with safety intent guidance; 4) Construct a dynamic word interception matrix at the output of the pre-trained language model, map the second rule set to the underlying multidimensional word sequence set through a word segmenter, and construct a state machine based on a trie. 5) Implement tensor log probability hard interception. At each time step of the model's autoregressive generation, match the state machine path in real time. If a dangerous word prefix is hit, dynamically intervene in the underlying tensor operation and force the generation log probability of the corresponding dimension word to be modified to negative infinity. 6) Combining soft constraints at the input end and hard interception at the decoding end, the pre-trained language model is driven to generate multiple repair candidate patches using beam search; 7) Design a multi-task comprehensive scoring function based on fluency, security intent alignment and hard constraint non-violation rate, reorder candidate patches and output the optimal target language repair code. Beneficial effects
[0010] The cross-language code vulnerability repair method proposed in this invention, based on the dual constraints of knowledge graph and large model, effectively overcomes the problems of high illusion rate, poor cross-language adaptation, and inability to guarantee repair security in existing technologies by integrating symbolic graph knowledge with neural network semantic generation.
[0011] Specifically: This invention successfully bridges the semantic gap between heterogeneous languages and improves the accuracy of cross-language rule mapping by constructing a multi-dimensional directed security knowledge graph and implementing multi-hop pathfinding; the pioneering dual-pipeline architecture of "input-side attention soft guidance + decoding-side logarithmic probability hard interception" transforms the purely probabilistic black-box text generation into deterministic constraint rewriting, completely eliminating the generation path of dangerous code from the mathematical level; combined with a multi-task evaluation and reordering mechanism, it ensures the absolute security and semantic correctness of the patch.
[0012] Therefore, this invention significantly improves the efficiency and reliability of supply chain security governance under complex software architectures such as microservices, and has strong technical advantages and practical application value. Attached Figure Description
[0013] Figure 1 The present invention provides an overall flowchart of a cross-language code vulnerability repair method; Figure 2 A schematic diagram illustrating the specific process of a cross-language code vulnerability repair method provided by this invention; Figure 3 This invention provides a technical framework diagram for a cross-language code vulnerability repair method. Detailed Implementation
[0014] Step 1-1: Data Preprocessing and Cross-Language Vulnerability Sample Collection In one embodiment, data collection and preprocessing are performed first. This invention collects a heterogeneous code sample library containing known cross-language call vulnerabilities and their corresponding security remediation tags. Since cross-language vulnerabilities are often scattered across different code repositories of front-end orchestration scripts and back-end business logic, the preprocessing stage requires cleaning the raw data, removing irrelevant configuration files and redundant dependencies, and extracting the core code fragments involved in cross-language data interaction, providing a high-purity defect sample set for subsequent structured analysis.
[0015] Steps 1-2: Constructing cross-language code attribute graphs and dynamic feature pruning In constructing a multi-dimensional code graph structure, transforming heterogeneous code into a unified structure is a crucial step. In one embodiment, this invention employs a multi-language unified abstract syntax tree parser to transform processed code samples into a standardized intermediate representation, and constructs a cross-language code attribute graph accordingly. Nodes represent the basic logical units of a program; edges represent control flow, data dependencies, and cross-language data transfer relationships. To accurately locate cross-language data flow breakpoints and highlight core defect information, this invention introduces cross-language taint analysis and designs a node relevance scoring function: ; in, Represents nodes in the code property graph The overall relevance score; and These represent the shortest dependency path lengths from the node to the external taint source and the sensitive sink in the graph, respectively. , Weighting coefficients for tasks; , denoted as the distance decay constant. Based on the calculated score, the system sets a dynamic threshold to perform dynamic pruning on the code attribute graph, removing weakly correlated and redundant nodes with scores below the threshold, ultimately generating a sparsely optimized defective code slice. This slice significantly reduces the graph size while preserving the core vulnerability context, serving as a standardized input for subsequent knowledge graph pathfinding and large model understanding.
[0016] Step 2: Multi-hop pathfinding and rule feature extraction in knowledge graph In multidimensional code security knowledge modeling, transforming cross-language security rules into a graph structure is a crucial step. In one embodiment, a directed attribute graph is constructed, containing vulnerability entities, type mappings, whitelist rules, and blacklist rules. For specific vulnerability intent tags, a multi-hop knowledge reasoning algorithm with a decay factor is employed. Arbitrary pathfinding is defined. The cumulative confidence score is: ; in, For the first in the knowledge graph k The basic credibility weight of the edge; L Number of jumps; This is the path length attenuation coefficient, used to penalize excessively long indirect reasoning. The system performs a forward traversal along both the safe substitution relation and the prohibited relation, extracting... The security interface is used as the first rule set, i.e., the whitelist, to extract... The danger function is used as the second rule set, i.e., the blacklist.
[0017] Step 3: Fusion of Context-Aware Soft Constraints and Cross-Modal Attention In one embodiment, this invention uses a pre-trained language model to extract semantic embeddings of code snippets. To ensure deep integration of the knowledge graph security intent (first rule set) with the original code, a cross-language attention alignment mechanism is proposed. Let the feature matrix of the first rule set obtained by knowledge graph mapping be... The code text embedding matrix is , A structured soft bias matrix is introduced into the self-attention mechanism of the Transformer. This makes the fusion attention weights calculated as follows: ; in, For vector dimensions; This is a block matrix where the element value is a positive bias constant when the target location corresponds to a whitelisted security API that must be used. Otherwise, it is 0. This step generates a contextual cue vector for a deeply fused global security intent.
[0018] Step 4: Construction of a dynamic lexical interception matrix based on a trie In one embodiment, the present invention constructs the underlying hard interception foundation based on a second rule set. Through a large-scale model's word segmenter, blacklist fragments are mapped to a multi-dimensional set of lexical index sequences. And insert it into the prefix trie. Define the state transition function of the state machine as: ; in, The state of the tree node in the previous time step; This represents the currently generated lexical unit; if a corresponding edge exists in the trie, then... Move to a child node, otherwise Back to the root node By introducing a state transition function, the system is able to accurately track complete dangerous code sequence fragments across single tokens generated by the model.
[0019] Step 5: Tensor-log probability hard interception intervention In one embodiment, tensor-level hard interception is deployed in the autoregressive decoding layer of the pre-trained language model. In the underlying operations of large language models, tensors are the core mathematical carriers used to represent multidimensional data structures; in this invention, they specifically refer to the original log-probability one-dimensional matrix output by the model's decoding layer, containing the dimensions of the entire vocabulary, where each dimension of the matrix precisely corresponds to the generation probability score of a specific candidate word. Let the model at time step... For the entire vocabulary size The original log-odds vector of the candidate noun output is Specifically, based on the state machine state in step 4... If the pointer reaches the set of leaf nodes of the trie... This triggers a dangerous path, and the system defines a characteristic function. : ; The underlying interceptor forcibly modifies the tensor, generating a new safe log-probability vector. , its first The components of each dimension are calculated as follows: ; Step 6: Dual-pipeline collaborative generation and multi-task integrated reordering In one embodiment, the fused soft-constrained feature vectors are input into a pre-trained language model, and the log-odds hard interception from step 5 is superimposed at the bottom layer, using beam search to generate... N One patch candidate A multi-task comprehensive scoring function is calculated for candidate patches, and the comprehensive scoring result is specifically defined. as follows: ; in, The structural similarity score is based on the abstract syntax tree; To measure the alignment rate of security intent, measure the patch's impact on whitelist rules. Coverage; Fluency probability distribution generated for large models; This is an indicator function that returns 0 if it contains any blacklist logic, and 1 otherwise. To satisfy the weighting coefficient that sums to 1, the patch with the highest overall score is selected as the candidate.
[0020] Step 7: Complete the repair In one embodiment, the present invention selects the candidate patch with the highest score and applies it to the multi-language target code, and performs a three-stage progressive verification of "type safety - API compatibility - security rules". Specifically, first, the target language parser is called to verify the type conversion constraint matrix between Java and Python; second, a sandbox run checks version dependencies; and finally, it is ensured that the patch does not introduce new syntactic or logical defects.
[0021] This invention proposes a cross-language code vulnerability remediation method based on dual constraints of knowledge graphs and large-scale models. By integrating symbolic constraint graph modeling, log-probability low-level interception, multimodal semantic alignment, and multi-task evaluation mechanisms, a complete, efficient, and deterministic automated remediation pipeline is constructed. Compared with existing technologies, it significantly improves the alignment rate and security of remediation intent for complex cross-language vulnerabilities in Java / Python.
[0022] It should be understood that this embodiment is only used to illustrate the technical principles of the present invention and is not intended to limit the scope of protection of the present invention. Those skilled in the art can readily implement other embodiments of the present invention after considering the specification and disclosure. These variations, uses, or adaptations follow the general principles of the present invention and include common knowledge or conventional techniques not specifically described in this application. Therefore, the scope of protection of the present invention is not limited to the above embodiments, but should be determined by the scope defined in the claims.
Claims
1. A cross-language code vulnerability repair method based on dual constraints of knowledge graph and large model, characterized in that, Includes the following steps: S1: Collect heterogeneous defective code samples containing multiple programming languages, construct a cross-language abstract syntax tree parser to transform them into a unified standardized intermediate representation; combine data flow taint analysis technology to extract source and sink features of the code, generate cross-language vulnerability intent tags, and capture key topological information of the vulnerability context. S2: Construct a multi-dimensional directed security knowledge graph containing vulnerability entities, risk pattern nodes, whitelist rules, and blacklist rules; using the vulnerability intent tag as the anchor point, use a multi-hop knowledge reasoning algorithm to calculate the semantic correlation between each risk pattern node and the current intermediate representation, and perform bidirectional topology pathfinding based on the confidence weight: extract mandatory security interfaces with confidence scores higher than the first threshold as the first rule set, and extract dangerous functions and code snippets with risk scores higher than the second threshold as the second rule set; S3: Construct a context-aware soft-constraint feature space, input the standardized intermediate representation and the first rule set into the encoder of the pre-trained language model; introduce a cross-language attention alignment mechanism, calculate the attention distribution weight of the first rule set in the code space to be repaired, and generate a contextual cue vector that deeply integrates security intent to guide the model to probabilistically tilt towards the security direction with high attention weight in the broad solution space; S4: Construct a dynamic blacklist word token interception matrix based on a trie, map the second rule set to a set of underlying multidimensional word token sequences through the word segmenter of the pre-trained language model, and deploy a tensor log-probability interceptor in the decoding layer of the pre-trained language model. S5: At each time step of the model's autoregressive generation, calculate the feature matching degree between the currently generated prefix and the blacklist word lexical sequence. If the blacklist prefix path in the trie is hit, dynamically intervene in the underlying tensor operation to forcibly modify the generation log probability of the corresponding dimension word in the candidate word matrix to negative infinity, thus completely blocking the generation path of high-risk feature code from the mathematical level. S6: Based on the coordinated control of the soft constraint feature space and the hard constraint interception matrix, the pre-trained language model is driven to generate multiple cross-language repair candidate patches using a beam search algorithm; a multi-task comprehensive evaluation scoring function is constructed, which includes grammatical correctness score, security intent alignment score, and hard constraint non-violation rate, to re-rank and verify the repair candidate patches, and the patch with the highest comprehensive score and semantic losslessness is selected as the final absolute security repair output for the target language.
2. The cross-language code vulnerability repair method according to claim 1, characterized in that, In step S1, a standardized intermediate representation and vulnerability intent label are generated. Specifically, the following processing mechanisms are considered: First, a unified abstract syntax tree parser for multiple languages is used to remove the surface syntactic sugar of specific programming languages and map the heterogeneous code of Python and Java into a unified language-independent feature representation. Secondly, based on cross-language taint analysis of data flow, by tracing the propagation path from the source to the sink, the data flow breakpoints are extracted and quantified. Combined with a pre-set security vulnerability feature library, a globally unique core vulnerability intent label is assigned to the code fragment. Finally, only AST nodes directly related to the taint propagation path are retained for dynamic pruning to obtain a lightweight cross-language defective code context fragment.
3. The cross-language code vulnerability repair method according to claim 1, characterized in that, The multidimensional directed security knowledge graph in step S2 has a topological structure formally defined as a graph. , where the set of nodes V It includes vulnerability entity nodes, risk pattern nodes, whitelist rule nodes, and blacklist rule nodes; the specific execution logic of the multi-hop knowledge reasoning algorithm is as follows: when a specific vulnerability intent tag is received, the system reverses the traversal of the trigger relationship to extract the core risk pattern node that causes the vulnerability, and then performs a bidirectional forward traversal in parallel: on the one hand, it extracts the security interface along the repair relationship to generate the first rule set, and on the other hand, it extracts the dangerous function along the disabling relationship to generate the second rule set; during the extraction process, a confidence decay weight is introduced, and only when the cumulative confidence score of the path where the target rule node is located is higher than the set network threshold can it be included in the final rule set.
4. The cross-language code vulnerability repair method according to claim 1, characterized in that, The cross-language attention alignment mechanism in step S3 is characterized in that, in order to avoid the illusion caused by cross-language context confusion in large models, the soft-constraint feature space is constructed through a structured template engine. Specifically, the system concatenates the lightweight defect code context fragment with the first rule set according to preset structured placeholders, and applies attention weight penalty terms or reward masks to the input lexical sequence representing the first rule set in the self-attention matrix calculation of the pre-trained language model, forcibly increasing the attention allocation ratio of the model to this part of the security intent text during the generation stage, thereby achieving deterministic guidance of the generation intent in the parameter space of the model.
5. The cross-language code vulnerability repair method according to claim 1, characterized in that, The construction of the dynamic blacklist word token interception matrix based on the trie in step S4 is mainly to solve the problem of missed interception caused by a single dangerous function being segmented into multiple discrete tokens by the word segmenter. Specifically, the system pre-maps each complete dangerous code fragment in the second rule set into an ordered sequence composed of underlying token indices through the word segmenter of the pre-trained language model, and inserts all ordered sequences into a prefix trie. During the model autoregressive generation stage, a state machine pointer is maintained to track the matching depth of the currently generated continuous token sequences in the trie in real time.
6. The cross-language code vulnerability repair method according to claim 1, characterized in that, The tensor log-probability interceptor in step S5 has the following specific mathematical logic for dynamic intervention and interception: In the pre-trained language model generating the first... t When working with the lexical units, obtain the original log-probability one-dimensional tensor of the entire vocabulary. When the state machine pointer hits a dangerous prefix path in the trie, the system determines the current candidate term. This is a high-risk prohibited word, triggering underlying modifications. The modification logic is as follows: in, This represents the safe log-probability tensor after being modified by the interceptor. By forcibly setting the value of the dangerous word dimension to negative infinity before the Softmax activation function, the generation probability of this word in the output layer is strictly zero.
7. The cross-language code vulnerability repair method according to claim 1, characterized in that, The multi-task comprehensive evaluation scoring function in step S6 is characterized by performing quantitative evaluation on each repair candidate patch generated by the beam search in the following dimensions: fluency score based on generation probability, security intent alignment score based on the inclusion of the first rule set, and hard constraint non-violation score based on blacklist verification; the system calculates the final comprehensive score by weighting and summing each indicator according to the dynamic adaptive weights preset based on task experience, reorders the repair candidate patches, and vetoes any candidate branch that fails to meet the hard constraint non-violation score by a single vote.
8. The cross-language code vulnerability repair method according to claim 1, characterized in that, Before outputting the absolute safety repair patch for the target language in step S6, the system further introduces a cross-language post-processing verification engine. By calling the abstract syntax tree parser of the corresponding target language, the repair patch with the highest comprehensive score is subjected to a three-stage progressive verification of "type safety - API compatibility - security rules" to ensure that the model has not experienced generation logic collapse after being interfered with by the underlying tensor. Only after the verification is passed can it be merged into the final software supply chain repair flow.