CoSEFA: An LLM-Based Programming Assistant for Secure Code Generation via Supervised Co-Decoding
Programming assistants based on Large Language Models (LLMs) assist developers in code generation and improve efficiency. These LLM-based programming assistants are prone to generate code with vulnerabilities. To mitigate security risk, existing approaches retrain an LLM with crafted data without vulnerabilities. However, retraining requires enormous computational costs and the accessible LLMs’ internal representation, often unavailable for LLMs deployed as distributed online services. Our previous work, CoSec, proposed a supervised co-decoding approach using base LLMs alongside a small-scale security-focused LLM fine-tuned with code changes before and after vulnerability fixing.
In this paper, we present CoSEFA, a programming assistant with CoSec as its core component for secure code hardening and error fixing. The front-end is a Visual Studio Code IDE extension with a dialogue interaction interface. The back-end handles users’ request for code generation, test case generation, etc., providing secure code generation and addressing three types of code generation errors. Experimental results showed that CoSEFA improved the generation security by 9.34% and functionality correctness by 11.2%, compared with the base LLM. Our user study showed that experienced developers rated CoSEFA as more useful than Copilot for security-related programming tasks, highlighting the importance of secure code generation.
Mon 23 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
16:00 - 17:50 | Code Generation 1Industry Papers / Demonstrations / Research Papers / Journal First at Cosmos 3C Chair(s): Zhongxin Liu Zhejiang University | ||
16:00 20mTalk | How Do Programming Students Use Generative AI? Research Papers DOI Pre-print | ||
16:20 20mTalk | Towards Mitigating API Hallucination in Code Generated by LLMs with Hierarchical Dependency Aware Industry Papers Yujia Chen Harbin Institute of Technology, Shenzhen, Mingyu Chen Harbin Institute of Technology, Shenzhen, Cuiyun Gao Harbin Institute of Technology, Shenzhen, Zhihan Jiang Huawei Cloud Computing Technologies Co., Ltd., Zhongqi Li Huawei Cloud Computing Technologies Co., Ltd., Yuchi Ma Huawei Cloud Computing Technologies | ||
16:40 10mTalk | CoSEFA: An LLM-Based Programming Assistant for Secure Code Generation via Supervised Co-Decoding Demonstrations Xuan He Chongqing University, Dong Li Chongqing University, Hao Wen CloudWalk Technology Co., Ltd, Yueheng Zhu Chongqing University, Chao Liu Chongqing University, Meng Yan Chongqing University, Hongyu Zhang Chongqing University | ||
16:50 20mTalk | DeclarUI: Bridging Design and Development with Automated Declarative UI Code Generation Research Papers Ting Zhou Huazhong University of Science and Technology, Yanjie Zhao Huazhong University of Science and Technology, Xinyi Hou Huazhong University of Science and Technology, Xiaoyu Sun Australian National University, Australia, Kai Chen Huazhong University of Science and Technology, Haoyu Wang Huazhong University of Science and Technology DOI | ||
17:10 20mTalk | RAG or Fine-tuning? A Comparative Study on LCMs-based Code Completion in Industry Industry Papers Chaozheng Wang The Chinese University of Hong Kong, Zezhou Yang Tencent Inc., Shuzheng Gao Chinese University of Hong Kong, Cuiyun Gao Harbin Institute of Technology, Shenzhen, Ting Peng Tencent Inc., Hailiang Huang Tencent Inc., Yuetang Deng Tencent, Michael Lyu Chinese University of Hong Kong | ||
17:30 20mTalk | Automated Code Editing with Search-Generate-Modify Journal First Changshu Liu Columbia University, Pelin Cetin Columbia University, Yogesh Patodia Columbia University, Baishakhi Ray Columbia University, Saikat Chakraborty Microsoft Research, Yangruibo Ding Columbia University Pre-print Media Attached File Attached | ||
Cosmos 3C is the third room in the Cosmos 3 wing.
When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.