ICPC 2024
Sun 14 - Sat 20 April 2024 Lisbon, Portugal
co-located with ICSE 2024

AI-based code generators have become pivotal in assisting developers in writing software starting from natural language (NL). However, they are trained on large amounts of data, often collected from unsanitized online sources (e.g., GitHub, HuggingFace). As a consequence, AI models become an easy target for data poisoning, i.e., an attack that injects malicious samples into the training data to generate vulnerable code. To address this threat, we investigate the security of AI code generators by devising a targeted data poisoning strategy. We poison the training data by injecting increasing amounts of code containing security vulnerabilities and assess the attack’s success on different state-of-the-art models for code generation. Our study shows that AI code generators are vulnerable to even a small amount of poison. Notably, the attack success strongly depends on the model architecture and poisoning rate, whereas it is not influenced by the type of vulnerabilities. Moreover, since the attack does not impact the correctness of code generated by pre-trained models, it is hard to detect. Lastly, our work offers practical insights into understanding and potentially mitigating this threat.

Tue 16 Apr

Displayed time zone: Lisbon change

11:00 - 12:30
11:00
10m
Talk
What the Fix? A Study of ASAT Rules DocumentationICPCICPC Full paper
Research Track
Corentin Latappy Univ. Bordeaux, CNRS, Bordeaux INP, LaBRI, UMR 5800, Promyze, Thomas Degueule CNRS, Jean-Rémy Falleri Bordeaux INP, Romain Robbes CNRS, LaBRI, University of Bordeaux, Xavier Blanc Univ. Bordeaux, Bordeaux INP, CNRS, LaBRI, UMR5800, Cédric Teyton Promyze, Bordeaux, France
Pre-print
11:10
10m
Talk
SolaSim: Clone Detection for Solana Smart Contracts via Program RepresentationICPCICPC Full paper
Research Track
Che Wang Peking University, China, Yue Li Peking University, Jianbo Gao Peking University, Ke Wang Peking University, Jiashuo Zhang Peking University, China, Zhi Guan Peking University, Zhong Chen
11:20
10m
Talk
The Impact of Compiler Warnings on Code Quality in C++ ProjectsICPCICPC Full paper
Research Track
Albin Johansson Chalmers University of Technology, Carl Holmberg Chalmers University of Technology, Francisco Gomes de Oliveira Neto Chalmers | University of Gothenburg, Philipp Leitner Chalmers | University of Gothenburg
11:30
10m
Talk
Vulnerabilities in AI Code Generators: Exploring Targeted Data Poisoning AttacksICPCICPC Full paper
Research Track
Domenico Cotroneo University of Naples Federico II, Cristina Improta University of Naples Federico II, Pietro Liguori University of Naples Federico II, Roberto Natella Federico II University of Naples
Pre-print
11:40
10m
Talk
A Just-in-time Software Defect Localization Method based on Code Graph RepresentationICPCICPC Full paperVirtual-Talk
Research Track
Huan Zhang Central South University, Wei-Huan Min Central South University, Zhao Wei Tencent, Li Kuang School of Computer Science and Engineering, Central South University, Hong-Hao Gao Shanghai University, Huai-Kou Miao Shanghai University
11:50
10m
Talk
SICode: Embedding-Based Subgraph Isomorphism Identification for Bug DetectionICPCICPC Full paper
Research Track
Yuanjun Gong Renmin University of China, Jianglei Nie Renmin University of China, Wei You Renmin University of China, Wenchang Shi Renmin University of China, China, Jianjun Huang Renmin University of China, Bin Liang Renmin University of China, China, Jian Zhang Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences
12:00
10m
Talk
Tuning Code Smell Prediction Models: A Replication StudyICPCICPC RENE Paper
Replications and Negative Results (RENE)
Henrique Gomes Nunes Federal University of Minas Gerais (UFMG), Amanda Santana Federal University of Minas Gerais (UFMG), Eduardo Figueiredo Federal University of Minas Gerais, Brazil, Heitor Augustus Xavier Costa Federal University of Lavras
12:10
8m
Talk
Studying Vulnerable Code Entities in RICPCICPC ERA Paper
Early Research Achievements (ERA)
Zixiao Zhao University of British Columbia, Millon Madhur Das Indian Institute of Technology Kharagpur, Fatemeh Hendijani Fard University of British Columbia
12:18
12m
Talk
Bugs, Defects, and Code Quality: Panel with SpeakersICPC
Discussion