基于思维链的软件漏洞自动修复技术研究
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

TP311

基金项目:


Automated Software Vulnerability Repair Based on Chain-of-thought
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    随着软件漏洞的类型、数量和复杂性日渐增长, 研究人员提出了诸多自动化的手段来帮助开发人员发现、检测和定位漏洞, 但研究人员仍需花费大量精力对漏洞进行修复. 近年来, 一些研究者开始关注软件漏洞自动修复技术, 然而当前的先进技术仅仅将软件漏洞修复规约为通用的文本生成问题, 没有对缺陷修复位置进行定位, 导致修复程序的生成空间较大, 使得生成的修复程序质量较低, 将其提供给开发人员反而影响漏洞修复的效率和效果. 针对上述问题, 本文提出了一种基于思维链的通用类型漏洞修复方法CotRepair, 利用思维链技术, 模型首先对产生漏洞概率较高的位置进行预测, 而后依托预测结果, 更加准确地生成修复程序. 实验结果表明本文提出的方法在评价生成修复程序的各项指标上均显著优于基线方法, 从多个维度验证了所提方法的有效性.

    Abstract:

    As software vulnerabilities grow in type, volume, and complexity, researchers have proposed various techniques to help developers discover, detect, and localize vulnerabilities. However, researchers still need to exert considerable effort to manually repair these vulnerabilities. In recent years, some researchers have focused on automated software vulnerability repair. However, such a task is merely considered a generic text generation problem by the current advanced technology, and the detects are not located. As a result, the generation space of the repair program is large, and the generated repair program is low-quality. Providing developers with such low-quality repairs affects the efficiency and effectiveness of vulnerability repair. To solve the above problems, a general type vulnerability repair approach based on chain-of-thought is proposed in this study, which is named CotRepair. By utilizing the chain-of-thought technology, the model first predicts the locations that are most likely to contain vulnerable code, and then generates the repair program more accurately based on the predicted locations. The experimental results show that CotRepair outperforms the baselines in various metrics, and the effectiveness of the proposed approach is demonstrated from multiple aspects.

    参考文献
    相似文献
    引证文献
引用本文

林博,王尚文,毛晓光.基于思维链的软件漏洞自动修复技术研究.软件学报,,():1-23

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2023-11-27
  • 最后修改日期:2024-02-23
  • 录用日期:
  • 在线发布日期: 2024-06-20
  • 出版日期:
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号