Volume 14 Number 6 (Jun. 2019)
Home > Archive > 2019 > Volume 14 Number 6 (Jun. 2019) >
JSW 2019 Vol.14(6): 227-246 ISSN: 1796-217X
doi: 10.17706/jsw.14.6.227-246

Program Synthesis and Vulnerability Injection Using a Grammar VAE

Leonard Kosta1, 2*, Laura Seaman2, Hongwei Xi2

1Boston University, 111 Cummington Mall, Boston, Massachusetts 02215, USA.
2Draper, 555 Technology Square, Boston, Massachusetts 02139, USA.

Abstract—The ability to automatically detect and repair vulnerabilities in code before deployment has become the subject of increasing attention. Some approaches to this problem rely on machine learning techniques, however the lack of datasets—code samples labeled as containing a vulnerability or not—presents a barrier to performance. We design and implement a deep neural network based on the recently developed Grammar Variational Autoencoder (VAE) architecture to generate an arbitrary number of unique C functions labeled in the aforementioned manner. We make several improvements on the original Grammar VAE: we guarantee that every vector in the neural network's latent space decodes to a syntactically valid C function; we extend the Grammar VAE into a context-sensitive environment; and we implement a semantic repair algorithm that transforms syntactically valid C functions into fully semantically valid C functions that compile and execute. Users can control the semantic qualities of output functions with our constraint system. Our constraints allow users to modify the return type, change control flow structures, inject vulnerabilities into generated code, and more. We demonstrate the advantages of our model over other program synthesis models targeting similar applications. We also explore alternative applications for our model, including code plagiarism detection and compiler fuzzing, testing, and optimization.

Index Terms—Abstract syntax tree, grammar variational autoencoder, program synthesis.

[PDF]

Cite: Leonard Kosta, Laura Seaman, Hongwei Xi, "Program Synthesis and Vulnerability Injection Using a Grammar VAE," Journal of Software vol. 14, no. 6, pp. 227-246, 2019.

General Information

ISSN: 1796-217X (Online)
Frequency:  Quarterly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, CNKIGoogle Scholar, ProQuest, INSPEC(IET), ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsweditorialoffice@gmail.com
  • Mar 01, 2024 News!

    Vol 19, No 1 has been published with online version    [Click]

  • Apr 26, 2021 News!

    Vol 14, No 4- Vol 14, No 12 has been indexed by IET-(Inspec)     [Click]

  • Nov 18, 2021 News!

    Papers published in JSW Vol 16, No 1- Vol 16, No 6 have been indexed by DBLP   [Click]

  • Jan 04, 2024 News!

    JSW will adopt Article-by-Article Work Flow

  • Nov 02, 2023 News!

    Vol 18, No 4 has been published with online version   [Click]