Source Code Generation Research Articles

SecureCoder: A Framework for Mitigating Vulnerabilities in Automated Code Generation Using Large Language Models

In recent years, the proliferation of code generation models based on large language models such as GitHub Copilot and ChatGPT allows automated source code generation to meet the needs of developers and helps increase coding efficiency. However, a recent study revealed security concerns in generated code, leading the code to be vulnerable to attacks. My research introduces a framework aimed at mitigating the risk of code generation models generating vulnerable code specific to data leakage issues. The ranker is developed to use VUDENC, a deep learning model for vulnerability detection, along with CodeQL and Bandit, two Python code analyzers, to evaluate and rank generated code based on security metrics. By generating multiple code candidates and utilizing the ranker to select the most secure option, it ensures the generation of more secure code. The framework is evaluated on an aggregated SecurityEval and LLMSecEval dataset on relevant scenarios, which shows the framework has newfound advantages compared to the gpt3.5-turbo model. With its proven effectiveness, the framework could be expanding its applicability beyond data leakage issues, adapting to mitigate a comprehensive range of vulnerabilities.

Generative Models for Source Code: Fine-Tuning Techniques for Structured Pattern Learning

This study addresses the problem of how to automatically generate source code that is not only functional, but also well-structured, readable, and maintainable. Existing generative models for source code often produce functional code, but they lack consistency in structure and adherence to coding standards, essential for integration into existing application development projects and long-term software maintenance. By training the model on specific code structures, including a dataset with Italian annotations, the proposed methodology ensures that the generated code is compliant with both the functional requirements and the pre-defined coding standards. The methodology proposed in this study applies transfer learning techniques on the DeepSeek Coder model, to refine pre-trained models to generate code that integrates additional structuring constraints. By training the model on specific code structures, including a dataset with Italian comments, the proposed methodology ensures that the generated code meets both functional requirements and coding structure. Experimental results, evaluated using the perplexity metric, demonstrate the effectiveness of the proposed approach, which impacts the goals of reducing errors, and ultimately improves software development quality.

Supersonic: Learning to Generate Source Code Optimizations in C/C++

Supersonic: Learning to Generate Source Code Optimizations in C/C++

Automatic source code generation for deterministic global optimization with parallel architectures

Trends over the past two decades indicate that much of the performance gains of commercial optimization solvers is due to improvements in x86 hardware. To continue making progress, it is critical to consider alternative/specialized massively parallel computing architectures. In this work, we detail the development of an open-source source code transformation approach built using Symbolics.jl to construct McCormick-based relaxations of functions that enables their effective parallelized evaluation. We then apply this approach in a novel parallelized branch-and-bound routine that offloads lower- and upper-bounding problems to a GPU. The effectiveness of this new approach is demonstrated on three nonconvex problems of interest, where it yields convergence time improvements of 22–118x compared to an equivalent serial CPU implementation and in two cases outperforms vanilla branch-and-bound versions of existing state-of-the-art solvers that use tighter bounding techniques. This work exemplifies how deterministic global optimizers using alternative hardware architectures can compete with—or eventually outclass—even the most powerful serial CPU implementations, and to the best of the authors' knowledge, represents the first successful demonstration of deterministic global optimization using a GPU.

Automatically generated state observers – toolchain and validation with real measurements

State estimation of wind turbines is the basis for many advanced control strategies and analysis applications such as condition monitoring, fault diagnosis, and much more. It depends on the application and its goals, which states of the real turbine are relevant. Therefore, estimators with different levels of detail and sets of states suitable for the problem at hand are needed. This paper describes a toolchain that generates custom-tailored code for an extended Kalman filter. The aim is to create computationally highly efficient estimators for a wide range of applications. Automatic generation of source code allows for agile experimentation and reduces the risk of time-consuming implementation errors. The new contributions are the selection and combination of all parts of the toolchain, the extension of the integration algorithm to include the Jacobian of the transition function, and the adaptation of an efficient covariance auto-tuning algorithm. Four different models are validated in a three-stage process, including measurement data from a real turbine.

Exploring AI Innovations in Automated Software Source Code Generation: Progress, Hurdles, and Future Paths

Exploring AI Innovations in Automated Software Source Code Generation: Progress, Hurdles, and Future Paths

Extracting TLA+ Specifications Out of a Program for a BEAM Virtual Machine

Formal specifications are mathematical descriptions of the desired system functionality. Since they are usually written separately from the software itself, it is important to ensure that the software implements what the specification requires. A common approach to achieve this is to have a specification detailed enough to generate source code but those are rarely written due to expertise required. If code is not generated, then currently there is no straightforward way to reliably show that implementation conforms to initial formal specification. This research attempts to define a way to extract formal TLA+ specification by translating Elixir source code and generating detailed specification to give the system developer the ability to show that it refines the initial one.

GPTSniffer: A CodeBERT-based classifier to detect source code written by ChatGPT

Since its launch in November 2022, ChatGPT has gained popularity among users, especially programmers who use it to solve development issues. However, while offering a practical solution to programming problems, ChatGPT should be used primarily as a supporting tool (e.g., in software education) rather than as a replacement for humans. Thus, detecting automatically generated source code by ChatGPT is necessary, and tools for identifying AI-generated content need to be adapted to work effectively with code. This paper presents GPTSniffer– a novel approach to the detection of source code written by AI – built on top of CodeBERT. We conducted an empirical study to investigate the feasibility of automated identification of AI-generated code, and the factors that influence this ability. The results show that GPTSniffer can accurately classify whether code is human-written or AI-generated, outperforming two baselines, GPTZero and OpenAI Text Classifier. Also, the study shows how similar training data or a classification context with paired snippets helps boost the prediction. We conclude that GPTSniffer can be leveraged in different contexts, e.g., in software engineering education, where teachers use the tool to detect cheating and plagiarism, or in development, where AI-generated code may require peculiar quality assurance activities.

Selecting Source Code Generation Tools Based on Bandit Algorithms

Selecting Source Code Generation Tools Based on Bandit Algorithms

Unraveling quantum computing system architectures: An extensive survey of cutting-edge paradigms

Context:The convergence of physics and computer science in the realm of quantum computing systems has sparked a profound revolution within the computer industry. However, despite such promise, the existing focus on quantum software systems primarily centers on the generation of quantum source code, inadvertently overlooking the pivotal role of the overall software architecture. Objectives:In order to provide comprehensive guidance to researchers and practitioners engaged in quantum software development, employing an architecture-centered development model, an extensive literature review was conducted pertaining to existing research on quantum software architecture. The analysis encompasses a detailed examination of the characteristics exhibited by these studies and the identification of prospective challenges that lie ahead in the field of quantum software architecture. Methods:We have closely examined instances of quantum software engineering, quantum modeling languages, quantum design patterns, and quantum communication security to gain insights into the distinctive attributes associated with various software architecture approaches. Results:Our findings underscore the critical significance of prioritizing software architecture in the development of robust and efficient quantum software systems. Through the synthesis of these multifaceted aspects, both researchers and practitioners can devise quantum software solutions that are inherently architecture-centric. Conclusion:The software architecture of quantum computing systems plays a pivotal role in determining their ultimate success and usability. Given the ongoing advancements in quantum computing technology, the migration of traditional software architecture development methods to the domain of quantum software development holds significant importance.

Model transformation and code generation using a secure business process model

Emerging daily, new devices and software-driven advancements pose challenges in software development, including errors, bugs, and evolving requirements. This leads to delays in delivery. Ensuring software security within the Software Development Life Cycle (SDLC) is crucial. To address this, the research focuses on incorporating security aspects early in the SDLC through model transformation. Platform-independent models with security attributes like Integrity, Privacy, Security Audit, non-repudiation, and authentication are generated. A template-based source code generator is utilized to create the structure of the source model. The Secure Business Process Model (SBPM) encompasses Unified Modeling Language (UML) artifacts, such as analysis level classes and sequence diagrams, enriched with security attributes derived from the activity model. Security requirements are linked to elements extracted from the source model, and structural codes with security-enabled members are produced. Automation in software development is inevitable, though not complete, as it plays a vital role in addressing these challenges and improving the security of software applications.

Applying a model-driven approach to the development of power plant SCADA/EMS software

In this paper, we propose and apply a model-driven approach to develop applications that compose a suite known as Energy Management System (EMS). EMS is an essential tool for the operation of electrical systems. Although models of cyber–physical phenomena are extensively used in planning, designing, and operating power systems, the development of EMS applications often uses such models only as support and documentation, while the main artifact throughout the software development process is source code. In other words, the models are used merely to document and communicate some aspects of a system. The evolution of such a system is expensive and error-prone, requiring specialized personnel, skilled in both software engineering and power systems. Some of the problems arising from this manual process include: (i) substantial implementation effort in interpreting models and manually translating them into programs; (ii) greater risk of introducing software defects; (iii) risk of leaving documentation outdated, or implementation inconsistent with the intended design. Model-Driven Engineering (MDE) is an approach to constructing computing systems in which models are used as primary engineering artifacts, while programs (and other products) are automatically generated from the models, thus addressing the above limitations. MDE approaches have been adopted in several industrial areas, including smart grid automation, in which specialized modeling languages and tools facilitate the production of executable software from high-level models. For SCADA/EMS software development, however, a dedicated approach is still absent. We address these issues by proposing D-SPADES: a Model-Driven Engineering approach tailored to the EMS domain. D-SPADES defines a domain-specific modeling language based on block diagram notation, called EMSML, specifically targeted to describe the behavior of EMS applications. It also defines the associated mapping strategies and harnesses a set of tools for automatically transforming models into source code of applications that can be integrated into existing SCADA platforms. We have applied D-SPADES to model and automatically generate source code for two different applications from the Itaipu power plant: a voltage and reactive power controller and a component for a system-wide special protection scheme. Both applications were validated using a power system simulator and performed satisfactorily. The special protection scheme was deployed to the production system. Hence we demonstrate that D-SPADES is a viable approach to developing mission-critical applications.

GIO: Generating Efficient Matrix and Frame Readers for Custom Data Formats by Example

Data Scientists deal with a wide variety of file data formats and data representations. Probably the most difficult to handle are custom data formats that liberally define their own particular flat or nested structure with multiple custom delimiters, multi-line records, or undocumented semantics of attribute sequences, co-appearances, and repetitions. As a prerequisite for exploratory ML model training, data scientists need to map these data representations into regular frames or matrices. Unfortunately, existing tools and frameworks provide only limited support for aiding this process, which causes redundant manual efforts and unnecessary data quality issues. In this paper, we initiate work on automatic matrix and frame reader generation by example. A user provides a sample of raw text data and its mapped matrix or frame representation. Our GIO framework then first identifies the mapping rules from raw to structured data, and subsequently generates source code of an efficient, multi-threaded reader for reading full raw datasets of this format. In order to facilitate manual improvements, both the mapping rules, and generated reader can be modified as needed. Our experiments show that GIO is able to correctly identify the mapping rules for basic text formats like CSV, LibSVM, MatrixMarket; custom text formats from publishing, automotive, and health care; as well as various nested formats such as JSON and XML. Additionally, the automatically generated readers yield competitive performance compared to hand-coded readers and tuned libraries like RapidJSON.

Transpilers: A Systematic Mapping Review of Their Usage in Research and Industry

Transpilers refer to a special type of compilation that takes source code and translates it into target source code. This type of technique has been used for different types of implementations in scientific studies. A review of the research areas related to the use of transpilers allows the understanding of the direction in this branch of knowledge. The objective was to carry out an exhaustive and extended mapping of the usage and implementation of transpilers in research studies in the last 10 years. A systematic mapping review was carried out for answering the 5 research questions proposed. The PSALSAR method is used as a guide to the steps needed for the review. In total, from 1181 articles collected, 683 primary studies were selected, reviewed, and analyzed. Proposals from the industry were also analyzed. A new method for automatic data tabulation has been proposed for the mapping objective, using a relational database and SQL language. It was identified that the most common uses of transpilers are related to performance optimizations, parallel programming, embedded systems, compilers, testing, AI, graphics, and software development. In conclusion, it was possible to determine the extent and identification of research sub-areas and their impact on the usage of the transpilers. Future research could be considered about the usage of transpilers in transactional software, migration strategies for legacy systems, AI, math, multiplatform games and apps, automatic source code generation, and networking.

Program Synthesis for Cyber-Resilience

Architectural tactics enable stakeholders to achieve cyber-resilience requirements. They permit systems to react, resist, detect, and recover from cyber incidents. This paper presents an approach to generate source code for architectural tactics typically used in safety and mission-critical systems. Our approach extensively relies on the use of the <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Event-B</small> formal method and the <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">EventB2Java</small> code generation plugin of the Rodin platform. It leverages the modeling of architectural tactics in the <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Event-B</small> formal language and uses a set of <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">EventB2Java</small> transformation rules to generate certified code implementations for the said tactics. Since resilience requirements are statements about a system over time, and because of the fact that the <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Event-B</small> language does not provide (native) support for the writing of temporal specifications, we have implemented a novel Linear Temporal Logic (LTL) extension for <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Event-B</small> . We support several architectural tactics for availability, performance, and security. The generated code is certified in the following sense: discharging proof obligations in Rodin - the platform we use for writing the <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Event-B</small> models - attests to the soundness of the architectural tactics modelled in <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Event-B</small> , and the soundness of the translation encoded by the <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">EventB2Java</small> tool attests to the code correctness. Finally, we demonstrate the usability of our resilience validation approach with the aid of an Autonomous Vehicle System. It further helped us increase our confidence in the soundness of our Event-B LTL extension.

An Infinity of Pong: A Raspberry Pi Pico W handheld writes its own games

There is currently a lot of interest in AI tools designed to help programmers write software. GitHub's Copilot and Amazon's CodeWhisperer apply deep-learning techniques originally developed for generating natural-language text by adapting it to generate source code. The idea is that programmers can use these tools as a kind of auto-complete on steroids, using prompts to produce chunks of code that developers can integrate into their software.

Artificial neural network model for automatic code generation in graphical interface applications

Introduction: Currently, the software development industry is living in its golden age due to the progress in areas related to machine learning, which is part of AI techniques. These advances have allowed tasks considered exclusively human to be solved using a computer. However, the complexity and the extensive area covered by new projects that must be developed using programming languages have slowed down project delivery times and affected the company's productivity. Objective: This research presents the methodology carried out for constructing a recurrent neural network model for the automatic generation of source code related to graphical user interfaces using Python programming language. Method: By constructing a natural language-related dataset for describing graphical interfaces programmed in Python, a deep neural network model is built to generate automatic source code. Results: The trained model achieves loss and perplexity values of 1.57 and 4.82, respectively, in the validation stage, avoiding overfitting in the model's training. Conclusions: A neural network model is trained to process the natural language related to the request to create graphical interfaces using the Python programming language to automatically generate source code that can be executed through the Python interpreter.

Constructing an AI Compiler for ARM Cortex-M Devices

The diversity of software and hardware forces programmers to spend a great deal of time optimizing their source code, which often requires specific treatment for each platform. The problem becomes critical on embedded devices, where computational and memory resources are strictly constrained. Compilers play an essential role in deploying source code on a target device through the backend. In this work, a novel backend for the Open Neural Network Compiler (ONNC) is proposed, which exploits machine learning to optimize code for the ARM Cortex-M device. The backend requires minimal changes to Open Neural Network Exchange (ONNX) models. Several novel optimization techniques are also incorporated in the backend, such as quantizing the ONNX model’s weight and automatically tuning the dimensions of operators in computations. The performance of the proposed framework is evaluated for two applications: handwritten digit recognition on the Modified National Institute of Standards and Technology (MNIST) dataset and model, and image classification on the Canadian Institute For Advanced Research and 10 (CIFAR-10) dataset with the AlexNet-Light model. The system achieves 98.90% and 90.55% accuracy for handwritten digit recognition and image classification, respectively. Furthermore, the proposed architecture is significantly more lightweight than other state-of-the-art models in terms of both computation time and generated source code complexity. From the system perspective, this work provides a novel approach to deploying direct computations from the available ONNX models to target devices by optimizing compilers while maintaining high efficiency in accuracy performance.

A study on the relevance of semantic features extracted using BERT-based language models for enhancing the performance of software defect classifiers

In the context of new research in the software defect prediction (SDP) task using pre-trained language models, the present study aims to analyze the relevance of semantic features extracted using BERT-based language models for the detection of defective source codes. RoBERTa and CodeBERT-MLM language models are used to generate source code embeddings that capture semantic and contextual features which help in solving language understanding tasks such as SDP. The learned representations are then fed to a neural network-based SDP classifier in order to decide which of the learned code embeddings are more informative in discriminating between faulty and non-faulty software entities. Extensive experiments are conducted in a cross-version SDP scenario for Apache Calcite, an open-source framework for data management. The evaluation results of the defect classifiers show a statistically significant improvement when the code representations are learned by the pre-trained models compared with the semantic representations provided by other natural language-based models, doc2vec and LSI.

Complex Cases of Source Code Authorship Identification Using a Hybrid Deep Neural Network

This paper is a continuation of our previous work on solving source code authorship identification problems. The analysis of heterogeneous source code is a relevant issue for copyright protection in commercial software development. This is related to the specificity of development processes and the usage of collaborative development tools (version control systems). As a result, there are source codes written according to different programming standards by a team of programmers with different skill levels. Another application field is information security—in particular, identifying the author of computer viruses. We apply our technique based on a hybrid of Inception-v1 and Bidirectional Gated Recurrent Units architectures on heterogeneous source codes and consider the most common commercial development complex cases that negatively affect the authorship identification process. The paper is devoted to the possibilities and limitations of the author’s technique in various complex cases. For situations where a programmer was proficient in two programming languages, the average accuracy was 87%; for proficiency in three or more—76%. For the artificially generated source code case, the average accuracy was 81.5%. Finally, the average accuracy for source codes generated from commits was 84%. The comparison with state-of-the-art approaches showed that the proposed method has no full-functionality analogs covering actual practical cases.