PATCHAGENT: A Practical Program Repair Agent Mimicking Human Expertise

Automated program repair (APR) techniques, which aim to triage and fix software bugs autonomously, have emerged as powerful tools against vulnerable code. Recent advancements in large language models (LLMs) have further shown promising results when applied to APR, especially on patch generation. However, without effective fault localization and patch validation, APR tools specialized in patching alone cannot handle a more practical and end-to-end setting—given a concrete input that triggers a vulnerability, how to patch the program without breaking existing tests?

In this paper, we introduce PatchAgent, a novel LLM-based APR tool that seamlessly integrates fault localization, patch generation, and validation within a single autonomous agent. PatchAgent employs a language server, a patch verifier, and interaction optimization techniques to mimic human-like reasoning during vulnerability repair. Evaluated on a dataset of 178 real-world vulnerabilities, PatchAgent successfully repairs over 90% of the cases, outperforming state-of-the-art APR tools where applicable. Our ablation study further offers insights into how various interaction optimizations contribute to PatchAgent's effectiveness.