Cross-Language Generalization of Llama3, Codestral, and DeepSeek-R1 in Vulnerability Detection
Abstract
Abstract: This report synthesises findings from 10 peer-reviewed papers addressing the following research question: How do Llama3, Codestral, and Deepseek R1 compare in cross-language generalization for vulnerability detection when fine-tuned on a subset of Big-Vul and evaluated on unseen programming languages. Large Language Models (LLMs) have garnered remarkable advancements across diverse code-related tasks, known as Code LLMs, particularly in code generation that generates source code with LLM from natural language descriptions. This burgeoning field has captured significant. 5 claims were extracted from source literature; 4 were independently verified against retrieved documents. An automated multi-reviewer quality assessment produced a score of 7.4/10. This report is a machine-generated literature synthesis and does not constitute original research.
Research Question
How do Llama3, Codestral, and Deepseek R1 compare in cross-language generalization for vulnerability detection when fine-tuned on a subset of Big-Vul and evaluated on unseen programming languages?
Verification Level
| Paper level | L2, Source-grounded claims | |
| Source-grounded claims | 5 | |
| Claim record source | not publicly specified |
Descriptive public verification status only; aggregate claim counts are public, but individual claim records are not exposed here.
Truth-Engine Gate Verdict
| Status | Unverified | |
| Gate | Gate 2 — Verification (formal proof or sandbox reproduction) | |
| Reason | Published before the Gate 2 verification pipeline was activated (2026-06-10). No formal proof or sandbox reproduction has been attempted for this record. | |
| Evaluated | 2026-06-10T06:30:49+00:00 |
This record has not completed Gate 2 of the verification pipeline (a type-checked Lean4 proof for mathematical claims, or a sealed-sandbox reproduction for empirical claims). It is a literature synthesis only. VERIFIED requires an attached reproducible artifact (Lean4 proof source, or repro script and results) before this status can be set; it is not derived from review score or claim count.
Quality Tier
| Tier | Watchlist | |
| Basis | Review score or public verified-claim signal is below DOI-grade threshold. |
Descriptive public triage only; this tier does not alter current publication or DOI behavior.
Quality Dimensions
| Evidence strength | LOW | |
| Citation grounding | MEDIUM | |
| Uncertainty disclosure | MEDIUM | |
| Reproducibility status | MEDIUM |
Automated triage signals derived from public fields; not human peer review or independent validation.
Correction Record
| Status | CURRENT |
| Correction count | 0 |
| Manifest contract | paper-manifest-v1.1 |
| Correction contract | correction-record-v1 |
Public corrections are additive records. Current status does not claim the synthesis is error-free.
Provenance
| Publisher | Assignee Research |
| Public provenance | L3, Claim aggregate record |
| Report artifact | Available |
| External record | Not registered |
| Claim lineage | 5 aggregate source-grounded claims |
| Review method | Automated multi-reviewer assessment |
| Quality guide | How to read scores, claims, manifests, and evidence links |
| Provenance contract | source-provenance-v1 |
| Note | Machine-generated synthesis of existing literature. Not primary research. |