Vulnerability detection is a crucial component in the software development lifecycle. Existing vulnerability detectors, especially those based on deep learning (DL) models, have achieved high effectiveness. Despite their capability of detecting vulnerable code snippets from given code fragments, the detectors are typically unable to further locate the fine-grained information pertaining to the vulnerability, such as the precise vulnerability triggering locations.In this paper, we propose VULEXPLAINER, a tool for automatically locating vulnerability-critical code lines from coarse-level vulnerable code snippets reported by DL-based detectors.Our approach takes advantage of the code structure and the semantics of the vulnerabilities. Specifically, we leverage program slicing to get a set of critical program paths containing vulnerability-triggering and vulnerability-dependent statements and rank them to pinpoint the most important one (i.e., sub-graph) as the data flow associated with the vulnerability. We demonstrate that VULEXPLAINER performs consistently well on four state-of-the-art graph-representation(GP)-based vulnerability detectors, i.e., it can flag the vulnerability-triggering code statements with an accuracy of around 90% against eight common C/C++ vulnerabilities, outperforming five widely used GNN-based explanation approaches. The experimental results demonstrate the effectiveness of VULEXPLAINER, which provides insights into a promising research line: integrating program slicing and deep learning for the interpretation of vulnerable code fragments.

翻译：漏洞检测是软件开发生命周期中的关键环节。现有漏洞检测器，尤其是基于深度学习模型的检测器，已取得较高有效性。尽管这些检测器能从给定代码片段中识别出脆弱代码，但通常无法进一步定位漏洞的细粒度信息，例如精确的漏洞触发位置。本文提出VULEXPLAINER工具，可自动定位基于深度学习的检测器所报告的粗粒度脆弱代码片段中的关键漏洞代码行。该方法充分利用代码结构与漏洞语义：具体而言，通过程序切片获取包含漏洞触发及依赖语句的关键程序路径集，并对其进行排序以精确定位最重要的子图（即与漏洞相关的数据流）。实验表明，VULEXPLAINER在四种最先进的基于图表示的漏洞检测器上表现稳定——针对八种常见C/C++漏洞，其识别漏洞触发代码语句的准确率达约90%，优于五种广泛使用的基于图神经网络的解释方法。实验结果验证了VULEXPLAINER的有效性，为融合程序切片与深度学习解释脆弱代码片段这一前景方向提供了重要启示。