Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

On the Adversarial Robustness of Instruction-Tuned Large Language Models for Code

Md Imran Hossen, Xiali Hei

TL;DR

The paper introduces DegradePrompter, a robustness evaluation framework for instruction-tuned Code LLMs that generates adversarial prompts via a black-box oracle LLM to test functional correctness. It benchmarks eight models (five open-source and three commercial) on HumanEval and MBPP using metrics like $pass@1$, $CDRA$, and $ANR$, revealing substantial robustness gaps, especially among open-source models (roughly $12$–$34\%$ degradation) compared with commercial models (roughly $3$–$24\%$). A guided prompting defense is proposed to mitigate adversarial effects, showing mixed but often meaningful improvements in $ANR$, with performance depending on model type and dataset. Overall, the work highlights the importance of robust model design and comprehensive evaluation for dependable automated code generation systems, and points to future work in language- and task-agnostic defenses, broader programming-language coverage, and more sophisticated attack/defense scenarios.

Abstract

The advent of instruction-tuned Large Language Models designed for coding tasks (Code LLMs) has transformed software engineering practices. However, their robustness against various input challenges remains a critical concern. This study introduces DegradePrompter, a novel method designed to systematically evaluate the robustness of instruction-tuned Code LLMs. We assess the impact of diverse input challenges on the functionality and correctness of generated code using rigorous metrics and established benchmarks. Our comprehensive evaluation includes five state-of-the-art open-source models and three production-grade closed-source models, revealing varying degrees of robustness. Open-source models demonstrate an increased susceptibility to input perturbations, resulting in declines in functional correctness ranging from 12% to 34%. In contrast, commercial models demonstrate relatively greater resilience, with performance degradation ranging from 3% to 24%. To enhance the robustness of the models against these vulnerabilities, we investigate a straightforward yet effective mitigation strategy. Our findings highlight the need for robust defense mechanisms and comprehensive evaluations during both the development and deployment phases to ensure the resilience and reliability of automated code generation systems.

On the Adversarial Robustness of Instruction-Tuned Large Language Models for Code

TL;DR

The paper introduces DegradePrompter, a robustness evaluation framework for instruction-tuned Code LLMs that generates adversarial prompts via a black-box oracle LLM to test functional correctness. It benchmarks eight models (five open-source and three commercial) on HumanEval and MBPP using metrics like , , and , revealing substantial robustness gaps, especially among open-source models (roughly degradation) compared with commercial models (roughly ). A guided prompting defense is proposed to mitigate adversarial effects, showing mixed but often meaningful improvements in , with performance depending on model type and dataset. Overall, the work highlights the importance of robust model design and comprehensive evaluation for dependable automated code generation systems, and points to future work in language- and task-agnostic defenses, broader programming-language coverage, and more sophisticated attack/defense scenarios.

Abstract

The advent of instruction-tuned Large Language Models designed for coding tasks (Code LLMs) has transformed software engineering practices. However, their robustness against various input challenges remains a critical concern. This study introduces DegradePrompter, a novel method designed to systematically evaluate the robustness of instruction-tuned Code LLMs. We assess the impact of diverse input challenges on the functionality and correctness of generated code using rigorous metrics and established benchmarks. Our comprehensive evaluation includes five state-of-the-art open-source models and three production-grade closed-source models, revealing varying degrees of robustness. Open-source models demonstrate an increased susceptibility to input perturbations, resulting in declines in functional correctness ranging from 12% to 34%. In contrast, commercial models demonstrate relatively greater resilience, with performance degradation ranging from 3% to 24%. To enhance the robustness of the models against these vulnerabilities, we investigate a straightforward yet effective mitigation strategy. Our findings highlight the need for robust defense mechanisms and comprehensive evaluations during both the development and deployment phases to ensure the resilience and reliability of automated code generation systems.

Paper Structure

This paper contains 17 sections, 8 equations, 2 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Method
  4. Problem Formulation
  5. Attack Overview
  6. Evaluation Setup
  7. Experimental Results
  8. Open-source Code LLMs
  9. Overall Impact on Model Families
  10. Commercial Code LLMs
  11. Defense
  12. Guided Prompting
  13. Results
  14. Discussion
  15. Limitations and Future Work
  16. ...and 2 more sections

Figures (2)

  • Figure 1: Overview of the DegradePrompter attack.
  • Figure 2: Correctness Degradation Rate under Attack (CDRA) for handcrafted and DegradePrompter-generated prompts on three open-source instruction-tuned Code LLM families of varying scales. On the left: HumanEval dataset. On the right: MBPP dataset. CL-Instruct represents the CodeLlama-Instruct family, DS-Instruct represents the DeepSeek-Coder-Instruct family.