Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Automated Harmfulness Testing for Code Large Language Models

Honghao Tan, Haibo Wang, Diany Pressato, Yisen Xu, Shin Hwei Tan

TL;DR

Automated Harmfulness Testing for Code Large Language Models (CHT) targets the robustness gap in content moderation for Code LLMs by introducing coverage-guided harmfulness testing that injects harmful keywords into benign code transformations. The method builds a 13-category harm taxonomy, constructs a harm-content dataset and a benign program dataset, and uses diversity-enhanced prompt synthesis and output-damage measurement to assess risks in LLM outputs. Key findings show Code LLMs generally struggle to resist harmful code generation (average GN $65.93\%$) and that a two-phase moderation approach using function calling can substantially reduce harmful outputs (e.g., NR $34.50\%$). The work provides datasets, a testing framework, and empirical results across multiple Code LLMs, highlighting the need for automated, pre-output content moderation to improve developer safety and software artifact integrity.

Abstract

Generative AI systems powered by Large Language Models (LLMs) usually use content moderation to prevent harmful content spread. To evaluate the robustness of content moderation, several metamorphic testing techniques have been proposed to test content moderation software. However, these techniques mainly focus on general users (e.g., text and image generation). Meanwhile, a recent study shows that developers consider using harmful keywords when naming software artifacts to be an unethical behavior. Exposure to harmful content in software artifacts can negatively impact the mental health of developers, making content moderation for Code Large Language Models (Code LLMs) essential. We conduct a preliminary study on program transformations that can be misused to introduce harmful content into auto-generated code, identifying 32 such transformations. To address this, we propose CHT, a coverage-guided harmfulness testing framework that generates prompts using diverse transformations and harmful keywords injected into benign programs. CHT evaluates output damage to assess potential risks in LLM-generated explanations and code. Our evaluation of four Code LLMs and GPT-4o-mini reveals that content moderation in LLM-based code generation is easily bypassed. To enhance moderation, we propose a two-phase approach that first detects harmful content before generating output, improving moderation effectiveness by 483.76\%.

Automated Harmfulness Testing for Code Large Language Models

TL;DR

Automated Harmfulness Testing for Code Large Language Models (CHT) targets the robustness gap in content moderation for Code LLMs by introducing coverage-guided harmfulness testing that injects harmful keywords into benign code transformations. The method builds a 13-category harm taxonomy, constructs a harm-content dataset and a benign program dataset, and uses diversity-enhanced prompt synthesis and output-damage measurement to assess risks in LLM outputs. Key findings show Code LLMs generally struggle to resist harmful code generation (average GN ) and that a two-phase moderation approach using function calling can substantially reduce harmful outputs (e.g., NR ). The work provides datasets, a testing framework, and empirical results across multiple Code LLMs, highlighting the need for automated, pre-output content moderation to improve developer safety and software artifact integrity.

Abstract

Generative AI systems powered by Large Language Models (LLMs) usually use content moderation to prevent harmful content spread. To evaluate the robustness of content moderation, several metamorphic testing techniques have been proposed to test content moderation software. However, these techniques mainly focus on general users (e.g., text and image generation). Meanwhile, a recent study shows that developers consider using harmful keywords when naming software artifacts to be an unethical behavior. Exposure to harmful content in software artifacts can negatively impact the mental health of developers, making content moderation for Code Large Language Models (Code LLMs) essential. We conduct a preliminary study on program transformations that can be misused to introduce harmful content into auto-generated code, identifying 32 such transformations. To address this, we propose CHT, a coverage-guided harmfulness testing framework that generates prompts using diverse transformations and harmful keywords injected into benign programs. CHT evaluates output damage to assess potential risks in LLM-generated explanations and code. Our evaluation of four Code LLMs and GPT-4o-mini reveals that content moderation in LLM-based code generation is easily bypassed. To enhance moderation, we propose a two-phase approach that first detects harmful content before generating output, improving moderation effectiveness by 483.76\%.

Paper Structure

This paper contains 23 sections, 2 equations, 6 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Problem Formulation
  3. Methodology
  4. Preliminary Study
  5. Dataset Construction
  6. Coverage-guided Harmful Content Dataset
  7. Benign Program Dataset.
  8. Diversity-enhanced Prompt Synthesis
  9. Harmful Content Execution in LLMs
  10. Output Damage Measurement
  11. Evaluation
  12. RQ1: Effectiveness for Different LLMs
  13. RQ2: Accuracy of Output Damage Measurement
  14. RQ3: Impact of Different Factors
  15. Insert Comment versus Refactoring
  16. ...and 8 more sections

Figures (6)

  • Figure 1: An example of lenient content moderation in a Code LLM that gives a warning message but still generates code with harmful content ($GR$).
  • Figure 2: An example of neither generating relevant code nor providing any warning message ($NN$).
  • Figure 3: An overview of the CHT framework.
  • Figure 4: The heatmap of $GN$ for different refactoring categories. Each value is a percentage (x/y)% where x denotes the number of a given refactoring category with label $GN$ and y is the total number of $GN$ for a given tool.
  • Figure 5: The heatmap of $NN$ for various refactoring categories. Each value is a percentage (x/y)% where x denotes the number of a given refactoring category with label $NN$ and y is the total number of $NN$ for a given tool.
  • ...and 1 more figures

Theorems & Definitions (4)

  • Definition 1: Harmful content
  • Definition 2: Input-Output of LLM $C$
  • Definition 3: Output Damage $D$
  • Definition 4: Harmfulness Testing