Enregistré dans:
Détails bibliographiques
Auteurs principaux: Wang, Bin, Li, Hui, Liu, AoFan, Yang, BoTao, Yang, Ao, Zhong, YiLu, Huang, Weixiang, Zhang, Yanping, Huang, Runhuai, Zeng, Weimin
Format: Preprint
Publié: 2025
Sujets:
Accès en ligne:https://arxiv.org/abs/2510.23674
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866912672876855296
author Wang, Bin
Li, Hui
Liu, AoFan
Yang, BoTao
Yang, Ao
Zhong, YiLu
Huang, Weixiang
Zhang, Yanping
Huang, Runhuai
Zeng, Weimin
author_facet Wang, Bin
Li, Hui
Liu, AoFan
Yang, BoTao
Yang, Ao
Zhong, YiLu
Huang, Weixiang
Zhang, Yanping
Huang, Runhuai
Zeng, Weimin
contents Security in code generation remains a pivotal challenge when applying large language models (LLMs). This paper introduces RefleXGen, an innovative method that significantly enhances code security by integrating Retrieval-Augmented Generation (RAG) techniques with guided self-reflection mechanisms inherent in LLMs. Unlike traditional approaches that rely on fine-tuning LLMs or developing specialized secure code datasets - processes that can be resource-intensive - RefleXGen iteratively optimizes the code generation process through self-assessment and reflection without the need for extensive resources. Within this framework, the model continuously accumulates and refines its knowledge base, thereby progressively improving the security of the generated code. Experimental results demonstrate that RefleXGen substantially enhances code security across multiple models, achieving a 13.6% improvement with GPT-3.5 Turbo, a 6.7% improvement with GPT-4o, a 4.5% improvement with CodeQwen, and a 5.8% improvement with Gemini. Our findings highlight that improving the quality of model self-reflection constitutes an effective and practical strategy for strengthening the security of AI-generated code.
format Preprint
id arxiv_https___arxiv_org_abs_2510_23674
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle RefleXGen:The unexamined code is not worth using
Wang, Bin
Li, Hui
Liu, AoFan
Yang, BoTao
Yang, Ao
Zhong, YiLu
Huang, Weixiang
Zhang, Yanping
Huang, Runhuai
Zeng, Weimin
Software Engineering
Artificial Intelligence
Cryptography and Security
Security in code generation remains a pivotal challenge when applying large language models (LLMs). This paper introduces RefleXGen, an innovative method that significantly enhances code security by integrating Retrieval-Augmented Generation (RAG) techniques with guided self-reflection mechanisms inherent in LLMs. Unlike traditional approaches that rely on fine-tuning LLMs or developing specialized secure code datasets - processes that can be resource-intensive - RefleXGen iteratively optimizes the code generation process through self-assessment and reflection without the need for extensive resources. Within this framework, the model continuously accumulates and refines its knowledge base, thereby progressively improving the security of the generated code. Experimental results demonstrate that RefleXGen substantially enhances code security across multiple models, achieving a 13.6% improvement with GPT-3.5 Turbo, a 6.7% improvement with GPT-4o, a 4.5% improvement with CodeQwen, and a 5.8% improvement with Gemini. Our findings highlight that improving the quality of model self-reflection constitutes an effective and practical strategy for strengthening the security of AI-generated code.
title RefleXGen:The unexamined code is not worth using
topic Software Engineering
Artificial Intelligence
Cryptography and Security
url https://arxiv.org/abs/2510.23674