TEERepair: LLMs and DSL auto-fix TEE partitioning bugs at 87.6% success

TEERepair addresses a critical gap in TEE security: automated repair of improper partitioning between trusted and untrusted OS components. The framework first defines a DSL to encode common TEE security patterns as patch templates with placeholders. Then, an LLM (likely a large language model similar to GPT-4 or Codex) analyzes the low-level C code semantics and fills those placeholders to create context-aware fixes. Finally, TEERepair automatically generates test clients to validate each repair.

Evaluated on the TEE Partitioning Errors Benchmark (PartitioningE-Bench), TEERepair achieved a repair success rate of 87.6%, significantly higher than any existing automated repair tool. The researchers also applied it to real-world TEE projects, submitting 5 pull requests; 2 have already been confirmed and merged by maintainers. This work, accepted at FSE 2026, demonstrates a practical path from vulnerability detection to fix generation in a domain where manual repair is tedious and error-prone.