A Systematic Survey on Large Language Models for Static Code Analysis

Abstract

Static code analysis aids in improving software quality, security, and maintainability by detecting vulnerabilities, errors, and programming issues in source code without executing it. The latest advancements in Artificial Intelligence (AI), especially the development of Large Language Models (LLMs) such as ChatGPT, have enabled transformational opportunities in this domain. Thus, it is essential to explore this hot field of research alongside many directions. This systematic survey focuses on the use of LLMs for static code analysis, detailing their applications, advantages, contexts, limitations, etc. In this study, the research papers that have been published on the topic from well-known literature databases were examined to answer several research questions regarding state-of-the-art use of LLMs for static code analysis. Also, different research gaps and challenges were identified and discussed alongside many directions. The results of this study demonstrate how LLMs can be useful for static code analysis and overcome different constraints. Thus, it opens the doors for developers and researchers to employ LLMs for affordable and effective static code analysis to improve software development process