Automated Software Vulnerability Repair Based on Chain-of-thought
Author:
Affiliation:

Clc Number:

TP311

Fund Project:

  • Article
  • |
  • Figures
  • |
  • Metrics
  • |
  • Reference
  • |
  • Related
  • |
  • Cited by
  • |
  • Materials
  • |
  • Comments
    Abstract:

    As software vulnerabilities grow in type, volume, and complexity, researchers have proposed various techniques to help developers discover, detect, and localize vulnerabilities. However, researchers still need to exert considerable effort to manually repair these vulnerabilities. In recent years, some researchers have focused on automated software vulnerability repair. However, such a task is merely considered a generic text generation problem by the current advanced technology, and the detects are not located. As a result, the generation space of the repair program is large, and the generated repair program is low-quality. Providing developers with such low-quality repairs affects the efficiency and effectiveness of vulnerability repair. To solve the above problems, a general type vulnerability repair approach based on chain-of-thought is proposed in this study, which is named CotRepair. By utilizing the chain-of-thought technology, the model first predicts the locations that are most likely to contain vulnerable code, and then generates the repair program more accurately based on the predicted locations. The experimental results show that CotRepair outperforms the baselines in various metrics, and the effectiveness of the proposed approach is demonstrated from multiple aspects.

    Reference
    Related
    Cited by
Get Citation

林博,王尚文,毛晓光.基于思维链的软件漏洞自动修复.软件学报,,():1-21

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:November 27,2023
  • Revised:February 23,2024
  • Adopted:
  • Online: June 20,2024
  • Published:
You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063