Advances in Deep Learning have led to the emergence of Large Language Models (LLMs) such as OpenAI Codex which powers GitHub Copilot. LLMs have been fine tuned and packaged so that programmers can use them in an Integrated Development Environment (IDE) to write code. An emerging line of work is assessing the code quality of code written with the help of these LLMs, with security studies warning that LLMs do not fundamentally have any understanding of the code they are writing, so they are more likely to make mistakes that may be exploitable. We thus conducted a user study (N=58) to assess the security of code written by student programmers when guided by LLMs. Half of the students in our study had the help of the LLM and the other half did not. The students were asked to write code in C that performed operations over a singly linked list, including node operations such as inserting, updating, removing, combining, and others. While the results of our study showed that the students who had the help of an LLM were more likely to write functional code, no generalizable impact on security was observed -- the security impacts were localized to individual functions. We also investigate systematic stylistic differences between unaided and LLM-assisted code, finding that LLM code is more repetitive, which may have an amplifying effect if vulnerable code is repeated in addition to the impact on source code attribution.
翻译:深层学习的进展导致了大型语言模型(LLMs)的出现,如OpenAI Codex(GitHub Copilot权力的GitHub Copilation)。LLMs经过了细微的调整和包装,使程序员能够在综合开发环境中(IDE)使用它们来写代码。正在出现的工作路线是评估在这些LMs的帮助下编写的代码的代码的代码质量,安全研究警告LLMs根本上不理解正在编写的代码,因此更有可能犯错误。因此,我们进行了一项用户研究(N=58),以评估学生程序员在LMs的指导下编写的代码的安全性。在我们的研究中,有一半的学生得到LMM的帮助,而另一半没有这样做。要求学生在C中写代码,在单独链接的列表中进行操作,包括诸如插入、更新、删除、合并等的操作。我们研究的结果显示,有LM公司帮助的学生更有可能写出功能代码,但是没有观察到对安全的普遍影响。如果安全影响是重复性代码,那么LM法规则的系统化影响可能是重复性的,那么,对于LM规则的。我们也可以的代码可能重复性影响。
相关内容
微信扫码咨询专知VIP会员