LLMs are increasingly used in bug analysis to reason about code and judge whether a potential bug can be triggered in realistic execution contexts, with recent work showing promising empirical results. However, empirical effectiveness does not make a plausible model-generated rationale sufficient for discharging warnings. This distinction is especially important for no-bug decisions: dismissing a report or warning requires establishing that the reported error state is unreachable in the program context being analyzed, not merely offering a plausible explanation for why it may not occur. We argue that program-behavior reasoning should be grounded in formal analysis, rather than performed directly by LLMs. We present Evident, a bug analysis system that separates LLM assistance from program-behavior reasoning, delegating the latter to backend analysis. Given a warning specifying the reported location and data flow, Evident uses an LLM only to construct a warning-specific analysis harness. Evident then validates the harness before invoking the backend. The backend performs the harness-relative check: whether the reported error state is unreachable under the constructed harness and its assumptions. We evaluate Evident on 200 real Android kernel driver warnings from two existing static detectors. Evident correctly classifies 151 cases (76%), including discharging 111 false alarms, without discharging any confirmed bug in the dataset; the remaining cases are either unresolved or conservatively retained as potential bugs. Evident also rediscovers a confirmed vulnerability overlooked by both prior LLM-based filtering and manual triage.

翻译：大语言模型（LLM）在漏洞分析中用于推理代码并判断潜在漏洞能否在真实执行场景中被触发，近期研究显示出令人鼓舞的实验结果。然而，经验有效性并不足以使模型生成的理由充分支持预警排除。这一区别对"无漏洞"决策尤其重要：驳回报告或预警需要证明被报告的错误状态在待分析程序上下文中不可达，而不仅仅是提供为何该状态可能不会发生的合理解释。我们认为程序行为推理应基于形式化分析，而非直接由大语言模型执行。我们提出Evident漏洞分析系统，该系统将大语言模型辅助与程序行为推理分离，将后者委托给后端分析。给定指定报告位置和数据流的预警，Evident仅利用大语言模型构建针对该预警的分析框架，随后在调用后端前验证该框架。后端执行框架相关检查：在构建的框架及其假设下，被报告的错误状态是否不可达。我们在两个现有静态检测器生成的200个真实Android内核驱动预警上评估Evident。Evident正确分类151个案例（76%），包括排除111个误报，且未排除数据集中任何已确认漏洞；其余案例要么未解决，要么保守保留为潜在漏洞。Evident还重新发现了先前的基于大语言模型的过滤和人工分类均遗漏的已确认漏洞。