Retrieval-Augmented Semantic Mapping for Vulnerability Detection via Multi-View Code Similarity

With the rapid growth in the scale and complexity of software systems, automated vulnerability detection has become increasingly important. Although Large Language Models (LLMs) demonstrate strong code comprehension capabilities, their abilities in vulnerability detection are still limited by issues such as hallucinations, high fine-tuning costs, and difficulties in effectively leveraging fine-grained historical vulnerability patterns and domain knowledge. To address these challenges, we propose Retrieval-Augmented Semantic Mapping for Vulnerability Detection (RASM-Vul), a retrieval-augmented framework that enhances LLM detection capability through multi-perspective semantic mapping. The core of our approach is the construction of a comprehensive knowledge base composed of vulnerability–fix pairs and structured knowledge. We leverage multi-view (e.g., code, AST, knowledge) similarity retrieval to accurately match the most relevant vulnerability patterns with repair examples for the code under analysis. Our designed Weighted Reciprocal Ranking Fusion (WRRF) algorithm adaptively integrates contributions from different retrieval channels according to the problem type, significantly improving the relevance and accuracy of retrieval. Experiments show that RASM-Vul achieves an F1-score of 66.79%, outperforming existing baselines on the PrimeVul paired dataset. Our study demonstrates that knowledge-enhanced semantic mapping and retrieval can improve the robustness and reliability of automated vulnerability detection.