This work addresses semantic-level Entity Inconsistency Bugs (EIBs)—syntactically valid but semantically erroneous code tokens, such as misnamed variables or functions. We propose WitheredLeaf, a cascaded detection framework that pioneers a lightweight, code-specific model for efficient negative-sample pre-filtering, integrated with context-aware prompt engineering and a multi-stage filtering mechanism. By synergistically leveraging large language models (e.g., GPT-4) and compact code-specialized models, WitheredLeaf significantly improves both precision and recall in EIB detection. Evaluated across 154 high-star Python/C open-source repositories, it identified 123 previously unknown EIBs—45% of which induce functional anomalies—and contributed 69 patches, with 27 already merged. To our knowledge, this is the first systematic modeling and scalable detection of EIBs, establishing a novel, extensible paradigm for semantic-level code defect identification.

Originating from semantic bugs, Entity-Inconsistency Bugs (EIBs) involve misuse of syntactically valid yet incorrect program entities, such as variable identifiers and function names, which often have security implications. Unlike straightforward syntactic vulnerabilities, EIBs are subtle and can remain undetected for years. Traditional detection methods, such as static analysis and dynamic testing, often fall short due to the versatile and context-dependent nature of EIBs. However, with advancements in Large Language Models (LLMs) like GPT-4, we believe LLM-powered automatic EIB detection becomes increasingly feasible through these models' semantics understanding abilities. This research first undertakes a systematic measurement of LLMs' capabilities in detecting EIBs, revealing that GPT-4, while promising, shows limited recall and precision that hinder its practical application. The primary problem lies in the model's tendency to focus on irrelevant code snippets devoid of EIBs. To address this, we introduce a novel, cascaded EIB detection system named WitheredLeaf, which leverages smaller, code-specific language models to filter out most negative cases and mitigate the problem, thereby significantly enhancing the overall precision and recall. We evaluated WitheredLeaf on 154 Python and C GitHub repositories, each with over 1,000 stars, identifying 123 new flaws, 45% of which can be exploited to disrupt the program's normal operations. Out of 69 submitted fixes, 27 have been successfully merged.