Update README.md
Browse files
README.md
CHANGED
|
@@ -8,4 +8,21 @@ tags:
|
|
| 8 |
- Joern
|
| 9 |
- Vulnerability Detection
|
| 10 |
- Program Analysis
|
| 11 |
-
---
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8 |
- Joern
|
| 9 |
- Vulnerability Detection
|
| 10 |
- Program Analysis
|
| 11 |
+
---
|
| 12 |
+
|
| 13 |
+
# LLMxCPG-Q
|
| 14 |
+
|
| 15 |
+
## Model Description:
|
| 16 |
+
|
| 17 |
+
LLMxCPG-Q is a specialized Large Language Model designed for vulnerability analysis. It is a fine-tuned version of the Qwen2.5-Coder-32B-Instruct model, specifically trained to generate CPGQL queries for use with the Joern static analysis tool.
|
| 18 |
+
|
| 19 |
+
This model serves as the first phase of the LLMxCPG framework, which combines Code Property Graphs (CPG) with Large Language Models (LLM) for robust vulnerability detection. LLMxCPG-Q's core function is to generate precise queries that identify vulnerability-relevant execution paths in source code, enabling the creation of focused code slices.
|
| 20 |
+
|
| 21 |
+
## How it Works:
|
| 22 |
+
|
| 23 |
+
The model takes a code snippet as input and outputs a valid CPGQL query. This query is then used by the Joern tool to traverse the Code Property Graph and extract a concise, vulnerability-focused code slice. This approach is highly effective because it overcomes the low-resource nature of the CPGQL language and allows for targeted program analysis.
|
| 24 |
+
|
| 25 |
+
## GitHub Repository:
|
| 26 |
+
For more information, please visit the official GitHub repository:
|
| 27 |
+
[https://github.com/qcri/llmxcpg](https://github.com/qcri/llmxcpg)
|
| 28 |
+
|