pith. sign in
Pith Number

pith:I6VRWGKD

pith:2026:I6VRWGKDI7I6N6P32R5CYSANXT
not attested not anchored not stored refs resolved

ContraFix: Agentic Vulnerability Repair via Differential Runtime Evidence and Skill Reuse

Fang Liu, Li Zhang, Simiao Liu, Yang Liu, Yinghao Zhu

ContraFix identifies root causes for vulnerabilities by comparing state differences in crashing versus non-crashing PoC variants and reuses prior repair skills.

arxiv:2605.17450 v1 · 2026-05-17 · cs.SE · cs.AI · cs.CL · cs.CR

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{I6VRWGKDI7I6N6P32R5CYSANXT}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

On SEC-Bench (C/C++, 200 instances) and PatchEval (Go, Python, JavaScript, 225 instances), ContraFix with GPT-5-mini resolves 84.0% and 73.8% of the tasks, respectively, achieving state-of-the-art performance on both benchmarks while costing less than one-third of the strongest comparable baseline.

C2weakest assumption

That the divergences identified by state probes between crashing and non-crashing PoC variants reliably isolate the causal variables or state transitions responsible for the vulnerability, and that these can be converted into a repair specification that produces correct, verified patches rather than symptom fixes.

C3one line summary

ContraFix couples differential runtime evidence from execution variants with reusable repair skills to achieve 84.0% resolution on SEC-Bench and 73.8% on PatchEval using GPT-5-mini, outperforming baselines at lower cost.

References

61 extracted · 61 resolved · 6 Pith anchors

[1] SEC-bench/aider 2025
[2] Amir Al-Maamari. 2026. Why LLMs Fail: A Failure Analysis and Partial Success Measurement for Automated Security Patch Generation. arXiv:2603.10072 [cs.CR] https://arxiv.org/abs/2603.10072 2026
[3] Anthropic. 2025. Claude Code: A Command Line Tool for Agentic Coding. https://code.claude.com/docs. Accessed: 2026-03-26 2025
[4] Afsah Anwar, Aminollah Khormali, Hisham Alasmary, Sung J Choi, Saeed Salem, David Mohaisen, et al. 2020. Measuring the Cost of Software Vulnerabilities.EAI Endorsed Transactions on Security & Safety7, 2020
[5] Tim Blazytko, Moritz Schlögel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon Wörner, and Thorsten Holz. 2020. AURORA: statistical crash analysis for automated root cause explanation. InProceedin 2020

Formal links

2 machine-checked theorem links

Receipt and verification
First computed 2026-05-20T00:04:39.605167Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

47ab1b194347d1e6f9fbd47a2c480dbccc8d58b71af548b271cf66d22f27e14b

Aliases

arxiv: 2605.17450 · arxiv_version: 2605.17450v1 · doi: 10.48550/arxiv.2605.17450 · pith_short_12: I6VRWGKDI7I6 · pith_short_16: I6VRWGKDI7I6N6P3 · pith_short_8: I6VRWGKD
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/I6VRWGKDI7I6N6P32R5CYSANXT \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 47ab1b194347d1e6f9fbd47a2c480dbccc8d58b71af548b271cf66d22f27e14b
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "8e2d18aa448da2a49ec500383f1f7344616231d5785e40f1e5155d004a4761d0",
    "cross_cats_sorted": [
      "cs.AI",
      "cs.CL",
      "cs.CR"
    ],
    "license": "http://arxiv.org/licenses/nonexclusive-distrib/1.0/",
    "primary_cat": "cs.SE",
    "submitted_at": "2026-05-17T13:48:25Z",
    "title_canon_sha256": "b9ea41076ae752434094f0daf0db13afb0b6f94f04b53e6d879b07296c4078aa"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.17450",
    "kind": "arxiv",
    "version": 1
  }
}