How Robustly do LLMs Understand Execution Semantics?
This work highlights critical limitations in how LLMs understand code, which is a problem for developers and researchers relying on these models for programming tasks, though it is incremental in evaluating robustness.
The study investigated the robustness of LLMs in understanding code execution semantics, revealing that while open-source models like DeepSeek-R1 maintain stable accuracies (38% to 67%) under perturbations, GPT-5.2 shows significant brittleness with accuracy declines of 20% to 24% from a near-perfect 99% baseline, particularly in predicting exception behaviors.
LLMs demonstrate remarkable reasoning capabilities, yet whether they utilize internal world models or rely on sophisticated pattern matching remains open. We study LLMs through the lens of robustness of their code understanding using a standard program-output prediction task. Our results reveal a stark divergence in model behavior: while open-source reasoning models (DeepSeek-R1 family) maintain stable, albeit somewhat lower accuracies (38% to 67%) under code transformations & input perturbations, the frontier model GPT-5.2 exhibits significant brittleness. Despite achieving a near-perfect score of 99% on the original, unperturbed CRUXEval benchmark, perturbed inputs trigger accuracy declines between 20% and 24%. In addition, we find that many models perform much worse at predicting behavior on perturbed inputs that raise exceptions, and that prediction performance depends on the kind of exception. We study remedies to address this deficiency in exception prediction, and evaluate the effect of these remedies on the ability to predict non-exception behaviors. Our findings both point to limitations in the way all models understand code, and establish the value of using perturbation to evaluate code models.