Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Helping LLMs Improve Code Generation Using Feedback from Testing and Static Analysis

Greta Dolcetti, Vincenzo Arceri, Eleonora Iotti, Sergio Maffeis, Agostino Cortesi, Enea Zaffanella

TL;DR

This paper presents a framework that leverages testing and static analysis to assess the quality, and guide the self-improvement, of code generated by general-purpose, open-source LLMs, and shows that models often produce incorrect code, and that the generated code can include safety issues.

Abstract

Large Language Models (LLMs) are one of the most promising developments in the field of artificial intelligence, and the software engineering community has readily noticed their potential role in the software development life-cycle. Developers routinely ask LLMs to generate code snippets, increasing productivity but also potentially introducing ownership, privacy, correctness, and security issues. Previous work highlighted how code generated by mainstream commercial LLMs is often not safe, containing vulnerabilities, bugs, and code smells. In this paper, we present a framework that leverages testing and static analysis to assess the quality, and guide the self-improvement, of code generated by general-purpose, open-source LLMs. First, we ask LLMs to generate C code to solve a number of programming tasks. Then we employ ground-truth tests to assess the (in)correctness of the generated code, and a static analysis tool to detect potential safety vulnerabilities. Next, we assess the models ability to evaluate the generated code, by asking them to detect errors and vulnerabilities. Finally, we test the models ability to fix the generated code, providing the reports produced during the static analysis and incorrectness evaluation phases as feedback. Our results show that models often produce incorrect code, and that the generated code can include safety issues. Moreover, they perform very poorly at detecting either issue. On the positive side, we observe a substantial ability to fix flawed code when provided with information about failed tests or potential vulnerabilities, indicating a promising avenue for improving the safety of LLM-based code generation tools.

Helping LLMs Improve Code Generation Using Feedback from Testing and Static Analysis

TL;DR

This paper presents a framework that leverages testing and static analysis to assess the quality, and guide the self-improvement, of code generated by general-purpose, open-source LLMs, and shows that models often produce incorrect code, and that the generated code can include safety issues.

Abstract

Large Language Models (LLMs) are one of the most promising developments in the field of artificial intelligence, and the software engineering community has readily noticed their potential role in the software development life-cycle. Developers routinely ask LLMs to generate code snippets, increasing productivity but also potentially introducing ownership, privacy, correctness, and security issues. Previous work highlighted how code generated by mainstream commercial LLMs is often not safe, containing vulnerabilities, bugs, and code smells. In this paper, we present a framework that leverages testing and static analysis to assess the quality, and guide the self-improvement, of code generated by general-purpose, open-source LLMs. First, we ask LLMs to generate C code to solve a number of programming tasks. Then we employ ground-truth tests to assess the (in)correctness of the generated code, and a static analysis tool to detect potential safety vulnerabilities. Next, we assess the models ability to evaluate the generated code, by asking them to detect errors and vulnerabilities. Finally, we test the models ability to fix the generated code, providing the reports produced during the static analysis and incorrectness evaluation phases as feedback. Our results show that models often produce incorrect code, and that the generated code can include safety issues. Moreover, they perform very poorly at detecting either issue. On the positive side, we observe a substantial ability to fix flawed code when provided with information about failed tests or potential vulnerabilities, indicating a promising avenue for improving the safety of LLM-based code generation tools.

Paper Structure

This paper contains 37 sections, 37 figures, 39 tables.

Table of Contents

  1. Introduction
  2. Paper Structure
  3. Experimental Setup
  4. Benchmark Creation
  5. (Non-)Memorization in Benchmark Design
  6. Models
  7. API
  8. Prompt Engineering
  9. Code Generation
  10. Code Cleaning
  11. Correctness
  12. Safety
  13. Self-evaluation
  14. Correctness
  15. Safety
  16. ...and 22 more sections

Figures (37)

  • Figure 1: MBPP test case translated to C.
  • Figure 2: System prompt to perform correctness classification.
  • Figure 3: System prompt to perform vulnerability detection.
  • Figure 4: System prompt for repairing incorrect code.
  • Figure 5: System prompt for repairing unsafe code.
  • ...and 32 more figures