A Static Detection Method for Code Defects Based on Transformer

Shubin Yuan,Chenyu Liu,Jianheng Shi,Xinyu Liu,Wei Pu,JunTao Yu,LiQun Yang
DOI: https://doi.org/10.1145/3672121.3672141
2024-01-01
Abstract:With the continuous increase in the scale and complexity of computer software, code defects in software pose a serious threat to public security. A Static Detection Method for Code Defects Based on Transformer is proposed to address the issues of poor scalability of static analysis tools, as well as coarse detection granularity and unsatisfactory detection performance of existing methods. Firstly, perform data flow and control flow analysis on key points in the source code, and adopt a slicing method based on Interprocedural Finite Distributive Subset (IFDS) to obtain code fragments composed of multiple lines of statements related to code defects. Then, the word embedding method is used to obtain vector representations related to the semantics of the code snippets, in order to select the appropriate length of the code snippets while ensuring accuracy. Finally, use Transformer to detect the segment features at the slice level to determine whether the code has defects. The experimental results show that the proposed method can effectively detect different types of code defects, and the detection effect is significantly better than the static analysis tool Flawfender. Under fine-grained conditions, the IFDS slicing method can further improve F1 value and accuracy, reaching 89.64 and 92.08 respectively. It can be seen that the proposed method has better comprehensive detection performance without significantly increasing time complexity.
What problem does this paper attempt to address?