Saved in:
Bibliographic Details
Main Authors: Zhang, Boyu, Du, Tianyu, Tong, Junkai, Zhang, Xuhong, Chow, Kingsum, Cheng, Sheng, Wang, Xun, Yin, Jianwei
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2410.01488
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916420710825984
author Zhang, Boyu
Du, Tianyu
Tong, Junkai
Zhang, Xuhong
Chow, Kingsum
Cheng, Sheng
Wang, Xun
Yin, Jianwei
author_facet Zhang, Boyu
Du, Tianyu
Tong, Junkai
Zhang, Xuhong
Chow, Kingsum
Cheng, Sheng
Wang, Xun
Yin, Jianwei
contents After large models (LMs) have gained widespread acceptance in code-related tasks, their superior generative capacity has greatly promoted the application of the code LM. Nevertheless, the security of the generated code has raised attention to its potential damage. Existing secure code generation methods have limited generalizability to unseen test cases and poor robustness against the attacked model, leading to safety failures in code generation. In this paper, we propose a generalizable and robust secure code generation method SecCoder by using in-context learning (ICL) and the safe demonstration. The dense retriever is also used to select the most helpful demonstration to maximize the improvement of the generated code's security. Experimental results show the superior generalizability of the proposed model SecCoder compared to the current secure code generation method, achieving a significant security improvement of an average of 7.20% on unseen test cases. The results also show the better robustness of SecCoder compared to the current attacked code LM, achieving a significant security improvement of an average of 7.74%. Our analysis indicates that SecCoder enhances the security of LMs in generating code, and it is more generalizable and robust.
format Preprint
id arxiv_https___arxiv_org_abs_2410_01488
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle SecCoder: Towards Generalizable and Robust Secure Code Generation
Zhang, Boyu
Du, Tianyu
Tong, Junkai
Zhang, Xuhong
Chow, Kingsum
Cheng, Sheng
Wang, Xun
Yin, Jianwei
Programming Languages
After large models (LMs) have gained widespread acceptance in code-related tasks, their superior generative capacity has greatly promoted the application of the code LM. Nevertheless, the security of the generated code has raised attention to its potential damage. Existing secure code generation methods have limited generalizability to unseen test cases and poor robustness against the attacked model, leading to safety failures in code generation. In this paper, we propose a generalizable and robust secure code generation method SecCoder by using in-context learning (ICL) and the safe demonstration. The dense retriever is also used to select the most helpful demonstration to maximize the improvement of the generated code's security. Experimental results show the superior generalizability of the proposed model SecCoder compared to the current secure code generation method, achieving a significant security improvement of an average of 7.20% on unseen test cases. The results also show the better robustness of SecCoder compared to the current attacked code LM, achieving a significant security improvement of an average of 7.74%. Our analysis indicates that SecCoder enhances the security of LMs in generating code, and it is more generalizable and robust.
title SecCoder: Towards Generalizable and Robust Secure Code Generation
topic Programming Languages
url https://arxiv.org/abs/2410.01488