Login
Register
Submit a Paper
Propose a Special lssue
Open Access
ARTICLE
Research on Prompt Engineering to Enhance LLM-Driven CPG Vulnerability Reachability
1 School of Computer Science and Engineering, South China University of Technology, Guangzhou, China
2 China Electronic Product Reliability and Environmental Testing Research Institute, Guangzhou, China
* Corresponding Author: Ying Gao. Email:
Computers, Materials & Continua 2026, 88(2), 62 https://doi.org/10.32604/cmc.2026.075938
Received 11 November 2025; Accepted 01 April 2026; Issue published 15 June 2026
View Full Text
Download PDFAbstract
In recent years, large language models (LLMs) have seen growing application in code understanding and security analysis. However, their performance relies heavily on prompt context quality and engineering design, with unstable vulnerability detection and high false positive rates remaining key bottlenecks to reliable adoption. This paper systematically reviews advances in prompt engineering and context optimization across four core areas and proposes LARA (LLM-Augmented Reachability Analysis), a neural-symbolic framework leveraging code property graphs (CPGs), which uses a static analysis engine to extract source-to-sink data flow paths, integrates systematic prompt engineering to create context-aware prompts, and invokes LLMs for path risk scoring and reasoning. The framework forms a closed-loop process of path identification, risk assessment, and manual verification. Experimental validation on the Log4Shell vulnerability shows LARA accurately identifies core exploit paths and outperforms traditional static signature methods in covering unknown/variant vulnerabilities without explicit dangerous functions, with notable improvements in contextual understanding and detection accuracy. Our study identifies three core research trends: systematic context engineering, task-adaptive prompt strategies, and prompt-analysis closed loops in code security. However, LLMs still face challenges like long-text generation logic breaks, cross-model prompt transfer degradation, and code security false positive control. Future work should focus on long-context understanding/generation co-optimization, code-security-oriented fine-tuning of open-source LLMs, and deep CPG-prompt engineering integration to advance LLMs’ practical use in code security.Keywords
Large language models; prompt engineering; context optimization; code security analysis; neural-symbolic systems; code property graphs
Cite This Article
APA Style
Feng, X., Gao, Y., Du, P., Shi, L. (2026). Research on Prompt Engineering to Enhance LLM-Driven CPG Vulnerability Reachability. Computers, Materials & Continua, 88(2), 62. https://doi.org/10.32604/cmc.2026.075938
Vancouver Style
Feng X, Gao Y, Du P, Shi L. Research on Prompt Engineering to Enhance LLM-Driven CPG Vulnerability Reachability. Comput Mater Contin. 2026;88(2):62. https://doi.org/10.32604/cmc.2026.075938
IEEE Style
X. Feng, Y. Gao, P. Du, and L. Shi, “Research on Prompt Engineering to Enhance LLM-Driven CPG Vulnerability Reachability,” Comput. Mater. Contin., vol. 88, no. 2, pp. 62, 2026. https://doi.org/10.32604/cmc.2026.075938
Copyright © 2026 The Author(s). Published by Tech Science Press.This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Downloads
Citation Tools
