🤖 AI Summary
This work addresses the challenge of efficiently detecting security vulnerabilities in deep learning frameworks, which stems from their multilingual architecture and complex tensor states that hinder traditional static analysis. The authors propose Phoenix, the first large language model (LLM)-based static analysis approach, which introduces a novel Semantic Bridge Intermediate Representation (SBIR) to model cross-language tensor flows. Phoenix employs a multi-agent collaborative workflow that integrates historical patches, CWE rules, code symbol retrieval, and SBIR generation to enable precise vulnerability detection without runtime execution, facilitating accurate tensor semantic propagation analysis. Evaluated on PyTorch, Phoenix successfully identified 31 previously unknown real-world vulnerabilities across Intel CPU, NVIDIA CUDA, and Apple MPS backends, with 20 already patched and merged upstream.
📝 Abstract
Deep learning (DL) frameworks are critical AI infrastructures that often hide bugs with serious security implications. While dynamic approaches such as fuzzing are effective in uncovering these bugs, they require real test execution and incur high computational costs. Static analysis is a natural complement because it can detect bugs without runtime execution, offering fast and scalable testing. Unfortunately, there is still limited work targeting static analysis for DL frameworks due to their multilingual architectures and tensor-related program state.
We present Phoenix, the first LLM-based static analysis technique for DL frameworks. Our key insight is that cross-language tensor flows in DL frameworks can be modeled, together with concrete code context, as a structured semantic bridge intermediate representation (SBIR) that LLMs can analyze for potential bugs in tensor semantic propagation. We implement this insight through a multi-agent workflow. A summarization agent first distills bug summaries from historical bug-fix patches and CWE rules. Guided by each summary, an extraction agent identifies bug-relevant repository symbols for code retrieval, and a generation agent synthesizes grounded SBIRs from the retrieved context. Finally, an analysis agent is leveraged to check SBIRs and report potential bugs. Our evaluation shows that Phoenix is a practical complement to dynamic DL framework testing for bug finding. To date, Phoenix has found 31 real new bugs in PyTorch for different heterogeneous hardware backends (Intel CPU, NVIDIA CUDA, and Apple MPS). Among them, 20 submitted bug-fixing patches have been merged into upstream.