{"id":"https://openalex.org/W7161055881","doi":"https://doi.org/10.1145/3786165.3788441","title":"Bridging Code Property Graphs and Language Models for Program Analysis","display_name":"Bridging Code Property Graphs and Language Models for Program Analysis","publication_year":2026,"publication_date":"2026-04-12","ids":{"openalex":"https://openalex.org/W7161055881","doi":"https://doi.org/10.1145/3786165.3788441"},"language":null,"primary_location":{"id":"doi:10.1145/3786165.3788441","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3786165.3788441","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2026 IEEE/ACM 4th International Workshop on Software Vulnerability Management","raw_type":"proceedings-article"},"type":"conference-paper","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3786165.3788441","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016721206","display_name":"Ahmed Lekssays","orcid":"https://orcid.org/0000-0001-5783-8638"},"institutions":[{"id":"https://openalex.org/I1301390666","display_name":"Qatar Airways (Qatar)","ror":"https://ror.org/01hx00y13","country_code":"QA","type":"company","lineage":["https://openalex.org/I1301390666"]}],"countries":["QA"],"is_corresponding":true,"raw_author_name":"Ahmed Lekssays","raw_affiliation_strings":["Qatar Computing Research Institute, Doha, Qatar"],"raw_orcid":"https://orcid.org/0000-0001-5783-8638","affiliations":[{"raw_affiliation_string":"Qatar Computing Research Institute, Doha, Qatar","institution_ids":["https://openalex.org/I1301390666"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5016721206"],"corresponding_institution_ids":["https://openalex.org/I1301390666"],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"33","last_page":"40"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.25270000100135803,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.25270000100135803,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.2485000044107437,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.20200000703334808,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/codebase","display_name":"Codebase","score":0.6705999970436096},{"id":"https://openalex.org/keywords/bridging","display_name":"Bridging (networking)","score":0.4487000107765198},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.44690001010894775},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.43160000443458557},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.42899999022483826},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.41530001163482666},{"id":"https://openalex.org/keywords/property","display_name":"Property (philosophy)","score":0.3928000032901764},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.3659999966621399},{"id":"https://openalex.org/keywords/symbolic-execution","display_name":"Symbolic execution","score":0.33250001072883606}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8324999809265137},{"id":"https://openalex.org/C51929080","wikidata":"https://www.wikidata.org/wiki/Q2425187","display_name":"Codebase","level":3,"score":0.6705999970436096},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.5684999823570251},{"id":"https://openalex.org/C174348530","wikidata":"https://www.wikidata.org/wiki/Q188635","display_name":"Bridging (networking)","level":2,"score":0.4487000107765198},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.44690001010894775},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.43160000443458557},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.42899999022483826},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.41530001163482666},{"id":"https://openalex.org/C189950617","wikidata":"https://www.wikidata.org/wiki/Q937228","display_name":"Property (philosophy)","level":2,"score":0.3928000032901764},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.38589999079704285},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3813999891281128},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.3659999966621399},{"id":"https://openalex.org/C2779639559","wikidata":"https://www.wikidata.org/wiki/Q7661178","display_name":"Symbolic execution","level":3,"score":0.33250001072883606},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.3262999951839447},{"id":"https://openalex.org/C75949130","wikidata":"https://www.wikidata.org/wiki/Q848010","display_name":"Database transaction","level":2,"score":0.3257000148296356},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.2944999933242798},{"id":"https://openalex.org/C162319229","wikidata":"https://www.wikidata.org/wiki/Q175263","display_name":"Data structure","level":2,"score":0.2825999855995178},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.28040000796318054},{"id":"https://openalex.org/C2212953","wikidata":"https://www.wikidata.org/wiki/Q948454","display_name":"Transaction log","level":3,"score":0.28029999136924744},{"id":"https://openalex.org/C27458966","wikidata":"https://www.wikidata.org/wiki/Q1187693","display_name":"Control flow graph","level":2,"score":0.2782000005245209},{"id":"https://openalex.org/C98183937","wikidata":"https://www.wikidata.org/wiki/Q2112188","display_name":"Program analysis","level":2,"score":0.27790001034736633},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.27790001034736633},{"id":"https://openalex.org/C2777561058","wikidata":"https://www.wikidata.org/wiki/Q2652119","display_name":"Program comprehension","level":4,"score":0.2680000066757202},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.26249998807907104},{"id":"https://openalex.org/C4924752","wikidata":"https://www.wikidata.org/wiki/Q184148","display_name":"Plug-in","level":2,"score":0.25679999589920044},{"id":"https://openalex.org/C133162039","wikidata":"https://www.wikidata.org/wiki/Q1061077","display_name":"Code generation","level":3,"score":0.2549000084400177}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3786165.3788441","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3786165.3788441","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2026 IEEE/ACM 4th International Workshop on Software Vulnerability Management","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3786165.3788441","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3786165.3788441","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2026 IEEE/ACM 4th International Workshop on Software Vulnerability Management","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5873599648475647,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W1992114977","https://openalex.org/W4405543707","https://openalex.org/W4407423361","https://openalex.org/W4408749848","https://openalex.org/W4410815357","https://openalex.org/W4412791594","https://openalex.org/W4412889702","https://openalex.org/W4414250350","https://openalex.org/W7134939857"],"related_works":[],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"(LLMs)":[3],"face":[4],"critical":[5],"challenges":[6],"when":[7],"analyzing":[8],"security":[9],"vulnerabilities":[10,49],"in":[11,138,152],"real-world":[12],"codebases:":[13],"token":[14],"limits":[15],"prevent":[16],"loading":[17],"entire":[18,167],"repositories,":[19,168],"code":[20,46,99,164],"embeddings":[21],"fail":[22],"to":[23,31,42,80,124,161],"capture":[24],"inter-procedural":[25],"data":[26,94],"flows,":[27],"and":[28,54,97,131,140,173],"LLMs":[29,79,160],"struggle":[30],"generate":[32,81],"complex":[33,82],"static":[34],"analysis":[35],"queries.":[36],"These":[37],"limitations":[38],"force":[39],"existing":[40],"approaches":[41],"operate":[43],"on":[44,154],"isolated":[45],"snippets,":[47],"missing":[48],"that":[50,66],"span":[51],"multiple":[52],"functions":[53],"files.":[55],"We":[56,111],"introduce":[57],"codebadger,":[58],"an":[59,121,147],"open-source":[60],"Model":[61],"Context":[62],"Protocol":[63],"(MCP)":[64],"server":[65],"integrates":[67],"Joern\u2019s":[68],"Code":[69],"Property":[70],"Graph":[71],"(CPG)":[72],"engine":[73],"with":[74],"LLMs.":[75],"Rather":[76],"than":[77],"requiring":[78],"CPG":[83],"queries,":[84],"codebadger":[85,158],"provides":[86],"high-level":[87],"tools":[88],"for":[89,146],"program":[90,174],"slicing,":[91],"taint":[92],"tracking,":[93],"flow":[95],"analysis,":[96],"semantic":[98],"navigation,":[100],"enabling":[101],"targeted":[102],"exploration":[103],"of":[104],"large":[105],"codebases":[106],"without":[107],"exhaustive":[108],"file":[109],"reading.":[110],"demonstrate":[112],"its":[113],"effectiveness":[114],"through":[115],"three":[116],"use":[117],"cases:":[118],"(1)":[119],"navigating":[120],"8,000-method":[122],"codebase":[123],"audit":[125],"memory":[126],"safety":[127],"patterns,":[128],"(2)":[129],"discovering":[130],"exploiting":[132],"a":[133,143],"previously":[134],"unreported":[135],"buffer":[136],"overflow":[137,149],"libtiff,":[139],"(3)":[141],"generating":[142],"correct":[144],"patch":[145],"integer":[148],"vulnerability":[150,170],"(CVE-2025-6021)":[151],"libxml2":[153],"the":[155],"first":[156],"attempt.":[157],"enables":[159],"reason":[162],"about":[163],"semantically":[165],"across":[166],"supporting":[169],"discovery,":[171],"patching,":[172],"comprehension":[175],"at":[176],"scale.":[177]},"counts_by_year":[],"updated_date":"2026-07-14T23:27:15.235271","created_date":"2026-05-14T00:00:00"}
