A Practical Program Repair Agent Mimicking Human Expertise
USENIX Security 2025 ยท Northwestern University & University of Waterloo
Fixing critical vulnerabilities in popular open-source projects
Automated program repair (APR) techniques aim to triage and fix software bugs autonomously. Recent advancements in large language models (LLMs) have shown promising results when applied to APR, especially on patch generation. However, without effective fault localization and patch validation, APR tools specialized in patching alone cannot handle a more practical end-to-end setting.
We introduce PATCHAGENT, a novel LLM-based APR tool that seamlessly integrates fault localization, patch generation, and validation within a single autonomous agent. PATCHAGENT employs a language server, a patch verifier, and interaction optimization techniques to mimic human-like reasoning during vulnerability repair.
How PatchAgent mimics human expertise
Uses Language Server Protocol for accurate code navigation and identifying buggy code snippets
Leverages LLMs to generate context-aware patches that fix vulnerabilities without breaking functionality
Automated verification ensures patches resolve issues without introducing new bugs
Four optimization techniques to elevate LLM capabilities to expert-level performance
Learns from failed attempts and improves patches through counterexample feedback
Successfully deployed to fix vulnerabilities in popular open-source projects
To cite PatchAgent in your research
@article{PatchAgent,
title = {PatchAgent: A Practical Program Repair Agent Mimicking Human Expertise},
author = {Yu, Zheng and Guo, Ziyi and Wu, Yuhang and Yu, Jiahao and
Xu, Meng and Mu, Dongliang and Chen, Yan and Xing, Xinyu},
booktitle = {34rd USENIX Security Symposium (USENIX Security 25)},
year = {2025}
}