LLM-Powered Code Vulnerability Repair with Reinforcement Learning and Semantic Reward
CoRR(2024)
摘要
In software development, the predominant emphasis on functionality often
supersedes security concerns, a trend gaining momentum with AI-driven
automation tools like GitHub Copilot. These tools significantly improve
developers' efficiency in functional code development. Nevertheless, it remains
a notable concern that such tools are also responsible for creating insecure
code, predominantly because of pre-training on publicly available repositories
with vulnerable code. Moreover, developers are called the "weakest link in the
chain" since they have very minimal knowledge of code security. Although
existing solutions provide a reasonable solution to vulnerable code, they must
adequately describe and educate the developers on code security to ensure that
the security issues are not repeated. Therefore we introduce a multipurpose
code vulnerability analysis system , powered by a large
language model, CodeGen2 assisting the developer in identifying and generating
fixed code along with a complete description of the vulnerability with a code
comment. Our innovative methodology uses a reinforcement learning paradigm to
generate code comments augmented by a semantic reward mechanism. Inspired by
how humans fix code issues, we propose an instruction-based dataset suitable
for vulnerability analysis with LLMs. We further identify zero-day and N-day
vulnerabilities in 6 Open Source IoT Operating Systems on GitHub. Our findings
underscore that incorporating reinforcement learning coupled with semantic
reward augments our model's performance, thereby fortifying its capacity to
address code vulnerabilities with improved efficacy.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要