Software development life cycle is profoundly influenced by bugs: their introduction, identification, and eventual resolution account for a significant portion of software cost. This has motivated software engineering researchers and practitioners to propose different approaches for automating the identification and repair of software defects. Large language models have been adapted to the program repair task through few-shot demonstration learning and instruction prompting, treating this as an infilling task. However, these models have only focused on learning general bug-fixing patterns for uncategorized bugs mined from public repositories. In this paper, we propose InferFix: a transformer-based program repair framework paired with a state-of-the-art static analyzer to fix critical security and performance bugs. InferFix combines a Retriever -- transformer encoder model pretrained via contrastive learning objective, which aims at searching for semantically equivalent bugs and corresponding fixes; and a Generator -- a large language model (Codex Cushman) finetuned on supervised bug-fix data with prompts augmented via bug type annotations and semantically similar fixes retrieved from an external non-parametric memory. To train and evaluate our approach, we curated InferredBugs, a novel, metadata-rich dataset of bugs extracted by executing the Infer static analyzer on the change histories of thousands of Java and C# repositories. Our evaluation demonstrates that InferFix outperforms strong LLM baselines, with a top-1 accuracy of 65.6% for generating fixes in C# and 76.8% in Java. We discuss the deployment of InferFix alongside Infer at Microsoft which offers an end-to-end solution for detection, classification, and localization of bugs, as well as fixing and validation of candidate patches, integrated in the continuous integration pipeline to automate the software development workflow.
翻译:软件开发生命周期受到错误的深刻影响: 它们的引入、 识别和最终解析会占软件成本的很大一部分。 这促使软件工程研究人员和从业者提出软件缺陷的自动化识别和修复方法。 大语言模型已经通过微小的演示学习和导师的提示来适应程序修理任务, 将之作为补全任务处理 。 但是, 这些模型仅仅侧重于学习从公共储存库中提取的未分类错误的一般修补模式 。 在本文中, 我们建议 InferFix: 基于变压器的程序修理框架, 配以最先进的静态分析器, 以修补关键的安全和性能错误。 Infix将一个retriever -- -- 变压器自动校验模型, 通过对比性学习目标, 搜索等等量的错误和相应的修正。 以及一个发电机 -- 一个大型的语言模型( Codex Cushman), 精细化的调调的错误流数据, 通过错误类型描述和精密的精密的定型分析器分析器, 将一个精密的精密的精密的精密的内径分析器化的精度分析器, 。</s>