research-article

Adversarial Robustness of Deep Code Comment Generation

Authors:

Xiaoqing Zhang,

Harald GallAuthors Info & Claims

ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 31, Issue 4

Article No.: 60, Pages 1 - 30

https://doi.org/10.1145/3501256

Published: 12 July 2022 Publication History

Abstract

Deep neural networks (DNNs) have shown remarkable performance in a variety of domains such as computer vision, speech recognition, and natural language processing. Recently they also have been applied to various software engineering tasks, typically involving processing source code. DNNs are well-known to be vulnerable to adversarial examples, i.e., fabricated inputs that could lead to various misbehaviors of the DNN model while being perceived as benign by humans. In this paper, we focus on the code comment generation task in software engineering and study the robustness issue of the DNNs when they are applied to this task. We propose ACCENT(Adversarial Code Comment gENeraTor), an identifier substitution approach to craft adversarial code snippets, which are syntactically correct and semantically close to the original code snippet, but may mislead the DNNs to produce completely irrelevant code comments. In order to improve the robustness, ACCENT also incorporates a novel training method, which can be applied to existing code comment generation models. We conduct comprehensive experiments to evaluate our approach by attacking the mainstream encoder-decoder architectures on two large-scale publicly available datasets. The results show that ACCENT efficiently produces stable attacks with functionality-preserving adversarial examples, and the generated examples have better transferability compared with the baselines. We also confirm, via experiments, the effectiveness in improving model robustness with our training method.

References

[1]

Wasi Uddin Ahmad, Saikat Chakraborty, Baishakhi Ray, and Kai-Wei Chang. 2020. A transformer-based approach for source code summarization. arXiv preprint arXiv:2005.00653 (2020).

[2]

Lingfei Wu, Collin McMillan, Alex LeClair, and Sakib Haque. 2020. Improved code summarization via a graph neural network. In 2020 IEEE/ACM International Conference on Program Comprehension.

Digital Library

[3]

Miltos Allamanis, Daniel Tarlow, Andrew Gordon, and Yi Wei. 2015. Bimodal modelling of source code and natural language. In International Conference on Machine Learning. 2123–2132.

[4]

Moustafa Alzantot, Yash Sharma, Ahmed Elgohary, Bo-Jhang Ho, Mani Srivastava, and Kai-Wei Chang. 2018. Generating natural language adversarial examples. arXiv preprint arXiv:1804.07998 (2018).

[5]

Dzmitry Bahdanau, Kyunghyun Cho, and Yoshua Bengio. 2014. Neural machine translation by jointly learning to align and translate. arXiv preprint arXiv:1409.0473 (2014).

[6]

Yonatan Belinkov and Yonatan Bisk. 2017. Synthetic and natural noise both break neural machine translation. arXiv preprint arXiv:1711.02173 (2017).

[7]

Pavol Bielik and Martin T. Vechev. 2020. Adversarial robustness for code. In Proceedings of the 37th International Conference on Machine Learning, ICML 2020, 13–18 July 2020, Virtual Event. 896–907.

[8]

Nicholas Carlini and David A. Wagner. 2017. Towards evaluating the robustness of neural networks. In 2017 IEEE Symposium on Security and Privacy, SP 2017. 39–57.

[9]

Chib, Siddhartha, Greenberg, and Edward. 1995. Understanding the Metropolis-Hastings algorithm. American Statistician (1995).

[10]

Robert Feldt and Ana Magazinius. 2010. Validity threats in empirical software engineering research-an initial survey. In SEKE. 374–379.

[11]

Ji Gao, Jack Lanchantin, Mary Lou Soffa, and Yanjun Qi. 2018. Black-box generation of adversarial text sequences to evade deep learning classifiers. In 2018 IEEE Security and Privacy Workshops (SPW). IEEE, 50–56.

[12]

Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. In ICML.

[13]

Xing Hu, Ge Li, Xin Xia, David Lo, and Zhi Jin. 2018. Deep code comment generation. In 2018 IEEE/ACM 26th International Conference on Program Comprehension (ICPC). IEEE, 200–210.

Digital Library

[14]

Xing Hu, Ge Li, Xin Xia, David Lo, and Zhi Jin. 2018. Summarizing source code with transferred API knowledge. In Twenty-Seventh International Joint Conference on Artificial Intelligence IJCAI-18.

[15]

Ruitong Huang, Bing Xu, Dale Schuurmans, and Csaba Szepesvari. 2015. Learning with a strong adversary. Computer Science (2015).

[16]

Andrew Ilyas, Shibani Santurkar, Dimitris Tsipras, Logan Engstrom, Brandon Tran, and Aleksander Madry. 2019. Adversarial examples are not bugs, they are features. In Advances in Neural Information Processing Systems. 125–136.

[17]

Srinivasan Iyer, Ioannis Konstas, Alvin Cheung, and Luke Zettlemoyer. 2016. Summarizing source code using a neural attention model. In Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers).

[18]

Ebrahimi Javid, Anyi Rao, Daniel Lowd, and Dejing Dou. 2017. HotFlip: White-box adversarial examples for text classification. arXiv preprint arXiv:1712.06751 (2017).

[19]

Robin Jia and Percy Liang. 2017. Adversarial examples for evaluating reading comprehension systems. In Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing, EMNLP 2017, Copenhagen, Denmark, September 9–11, 2017. 2021–2031.

[20]

Alexey Kurakin, Ian J. Goodfellow, and Samy Bengio. 2017. Adversarial examples in the physical world. In 5th International Conference on Learning Representations, ICLR 2017, Toulon, France, April 24–26, 2017, Workshop Track Proceedings.

[21]

Alexander LeClair, Siyuan Jiang, and Collin McMillan. 2019. A neural model for generating natural language summaries of program subroutines. In Proceedings of the 41st International Conference on Software Engineering, ICSE 2019, Montreal, QC, Canada, May 25–31, 2019. 795–806.

Digital Library

[22]

Jinfeng Li, Shouling Ji, Tianyu Du, Bo Li, and Ting Wang. 2018. TextBugger: Generating adversarial text against real-world applications. arXiv preprint arXiv:1812.05271 (2018).

[23]

Pengcheng Li, Jinfeng Yi, Bowen Zhou, and Lijun Zhang. 2019. Improving the robustness of deep neural networks via adversarial training with triplet loss. In Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence, IJCAI 2019, Macao, China, August 10–16, 2019. 2909–2915.

[24]

Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2018. Towards deep learning models resistant to adversarial attacks. In 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada, April 30–May 3, 2018, Conference Track Proceedings. OpenReview.net. https://openreview.net/forum?id=rJzIBfZAb.

[25]

Paul Michel, Xian Li, Graham Neubig, and Juan Miguel Pino. 2019. On evaluation of adversarial perturbations for sequence-to-sequence models. arXiv preprint arXiv:1903.06620 (2019).

[26]

Tomas Mikolov, Ilya Sutskever, Kai Chen, Greg S. Corrado, and Jeffrey Dean. 2013. Distributed representations of words and phrases and their compositionality. (2013), 3111–3119.

[27]

Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, and Pascal Frossard. 2016. DeepFool: A simple and accurate method to fool deep neural networks. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2574–2582.

[28]

Muzammal Naseer, Salman Hameed Khan, Shafin Rahman, and Fatih Porikli. 2018. Distorting neural representations to generate highly transferable adversarial examples. arXiv preprint arXiv:1811.09020 (2018).

[29]

Nicolas Papernot, Patrick McDaniel, Ian Goodfellow, Somesh Jha, Z. Berkay Celik, and Ananthram Swami. 2017. Practical black-box attacks against machine learning. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 506–519.

Digital Library

[30]

Nicolas Papernot, Patrick McDaniel, Somesh Jha, Matt Fredrikson, Z. Berkay Celik, and Ananthram Swami. 2016. The limitations of deep learning in adversarial settings. In 2016 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 372–387.

[31]

Nicolas Papernot, Patrick McDaniel, Ananthram Swami, and Richard Harang. 2016. Crafting adversarial input sequences for recurrent neural networks. In Military Communications Conference.

Digital Library

[32]

Danish Pruthi, Bhuwan Dhingra, and Zachary C. Lipton. 2019. Combating adversarial misspellings with robust word recognition. arXiv preprint arXiv:1905.11268 (2019).

[33]

Goutham Ramakrishnan, Jordan Henkel, Zi Wang, Aws Albarghouthi, Somesh Jha, and Thomas Reps. 2020. Semantic robustness of models of source code. arXiv preprint arXiv:2002.03043 (2020).

[34]

Harish Ravichandar, Kenneth Shaw, and Sonia Chernova. 2020. STRATA: Unified framework for task assignments in large teams of heterogeneous agents. Auton. Agents Multi Agent Syst. 34, 2 (2020), 38.

Digital Library

[35]

Shuhuai Ren, Yihe Deng, Kun He, and Wanxiang Che. 2019. Generating natural language adversarial examples through probability weighted word saliency. In Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics (ACL 2019).

[36]

Suranjana Samanta and Sameep Mehta. 2017. Towards crafting text adversarial samples. arXiv preprint arXiv:1707.02812 (2017).

[37]

Motoki Sato, Jun Suzuki, Hiroyuki Shindo, and Yuji Matsumoto. 2018. Interpretable adversarial perturbation in input embedding space for text. arXiv preprint arXiv:1805.02917 (2018).

[38]

Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2013. Intriguing properties of neural networks. arXiv: Computer Vision and Pattern Recognition (2013).

[39]

Florian Tramèr, Alexey Kurakin, Nicolas Papernot, Ian J. Goodfellow, Dan Boneh, and Patrick D. McDaniel. 2018. Ensemble adversarial training: Attacks and defenses. (2018).

[40]

Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, Łukasz Kaiser, and Illia Polosukhin. 2017. Attention is all you need. In Advances in Neural Information Processing Systems. 5998–6008.

[41]

Yao Wan, Zhou Zhao, Min Yang, Guandong Xu, Haochao Ying, Jian Wu, and Philip S. Yu. 2018. Improving automatic source code summarization via deep reinforcement learning. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. 397–407.

Digital Library

[42]

W. Wang, L. Wang, B. Tang, R. Wang, and A. Ye. 2019. Towards a robust deep neural network in texts: A survey. arXiv preprint arXiv:1902.07285 (2019).

[43]

Yicheng Wang and Mohit Bansal. 2018. Robust machine comprehension models via adversarial training. arXiv preprint arXiv:1804.06473 (2018).

[44]

Zhaoyang Wang and Hongtao Wang. 2020. Defense of word-level adversarial attacks via random substitution encoding. arXiv preprint arXiv:2005.00446 (2020).

[45]

Bolin Wei, Ge Li, Xin Xia, Zhiyi Fu, and Zhi Jin. 2019. Code generation as a dual task of code summarization. In Advances in Neural Information Processing Systems 32. 6563–6573.

[46]

Bolin Wei, Yongmin Li, Ge Li, Xin Xia, and Zhi Jin. 2020. Retrieve and refine: Exemplar-based neural comment generation. In 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 349–360.

Digital Library

[47]

Noam Yefet, Uri Alon, and Eran Yahav. 2020. Adversarial examples for models of code. Proc. ACM Program. Lang. 4, OOPSLA (2020), 162:1–162:30.

Digital Library

[48]

Yuan Zang, Fanchao Qi, Chenghao Yang, Zhiyuan Liu, Meng Zhang, Qun Liu, and Maosong Sun. 2020. Word-level textual adversarial attacking as combinatorial optimization. In Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics. Association for Computational Linguistics, 6066–6080.

[49]

Huangzhao Zhang, Zhuo Li, Ge Li, Lei Ma, Yang Liu, and Zhi Jin. 2020. Generating adversarial examples for holding robustness of source code processing models. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 34. 1169–1176.

[50]

Huangzhao Zhang, Hao Zhou, Ning Miao, and Lei Li. 2019. Generating fluent adversarial examples for natural languages. Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics (ACL 2019) (2019).

[51]

Jian Zhang, Xu Wang, Hongyu Zhang, Hailong Sun, and Xudong Liu. 2020. Retrieval-based neural source code summarization. In ICSE’20: 42nd International Conference on Software Engineering, Seoul, South Korea, 27 June - 19 July, 2020. 1385–1397.

Digital Library

[52]

Yu Zhou, Xin Yan, Wenhua Yang, Taolue Chen, and Zhiqiu Huang. 2019. Augmenting Java method comments generation with context information based on neural networks. Journal of Systems and Software 156 (2019), 328–340.

Digital Library

[53]

Wei Zou, Shujian Huang, Jun Xie, Xinyu Dai, and Jiajun Chen. 2020. A reinforced generation of adversarial samples for neural machine translation. arXiv preprint arXiv:1911.03677 (2020).

Cited By

Yao KWang HQin CZhu HWu YZhang L(2024)CARL: Unsupervised Code-Based Adversarial Attacks for Programming Language Models via Reinforcement LearningACM Transactions on Software Engineering and Methodology10.1145/3688839Online publication date: 14-Aug-2024
https://doi.org/10.1145/3688839
Zhou SHuang MSun YLi K(2024)Evolutionary Multi-objective Optimization for Contextual Adversarial Example GenerationProceedings of the ACM on Software Engineering10.1145/36608081:FSE(2285-2308)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660808
Chen SFeng XHan XLiu CYang W(2024)PPM: Automated Generation of Diverse Programming Problems for Benchmarking Code Generation ModelsProceedings of the ACM on Software Engineering10.1145/36437801:FSE(1194-1215)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643780
Show More Cited By

Index Terms

Adversarial Robustness of Deep Code Comment Generation
1. Computing methodologies
  1. Artificial intelligence
2. Software and its engineering

Recommendations

Poster: Boosting Adversarial Robustness by Adversarial Pre-training
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Vision Transformer (ViT) shows superior performance on various tasks, but, similar to other deep learning techniques, it is vulnerable to adversarial attacks. Due to the differences between ViT and traditional CNNs, previous works designed new ...
Adversarial Robustness in Deep Learning: From Practices to Theories
KDD '21: Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining

Deep neural networks (DNNs) have achieved unprecedented accomplishments in various machine learning tasks. However, recent studies demonstrate that DNNs are extremely vulnerable to adversarial examples. They are manually synthesized input samples which ...
Learning Activation Functions for Adversarial Attack Resilience in CNNs
Artificial Intelligence and Soft Computing
Abstract
Adversarial attacks on convolutional neural networks (CNNs) have been a serious concern in recent years, as they can cause CNNs to produce inaccurate predictions. Through our analysis of training CNNs with adversarial examples, we discovered that ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Software Engineering and Methodology

ACM Transactions on Software Engineering and Methodology Volume 31, Issue 4

October 2022

867 pages

ISSN:1049-331X

EISSN:1557-7392

DOI:10.1145/3543992

Editor:
Mauro Pezzè
USI Università della Svizzera italiana and SIT Schaffhausen Institute of Technology, Switzerland

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 July 2022

Online AM: 31 January 2022

Accepted: 01 November 2021

Revised: 01 September 2021

Received: 01 March 2021

Published in TOSEM Volume 31, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Refereed

Funding Sources

National Natural Science Foundation of China
Natural Science Foundation of Jiangsu Province
Collaborative Innovation Center of Novel Software Technology and Industrialization
Birkbeck BEI School Project (ARTEFACT)
UK EPSRC
Guangdong Science and Technology Department
State Key Laboratory of Novel Software Technology, Nanjing University

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
1,248
Total Downloads

Downloads (Last 12 months)399
Downloads (Last 6 weeks)50

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yao KWang HQin CZhu HWu YZhang L(2024)CARL: Unsupervised Code-Based Adversarial Attacks for Programming Language Models via Reinforcement LearningACM Transactions on Software Engineering and Methodology10.1145/3688839Online publication date: 14-Aug-2024
https://doi.org/10.1145/3688839
Zhou SHuang MSun YLi K(2024)Evolutionary Multi-objective Optimization for Contextual Adversarial Example GenerationProceedings of the ACM on Software Engineering10.1145/36608081:FSE(2285-2308)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660808
Chen SFeng XHan XLiu CYang W(2024)PPM: Automated Generation of Diverse Programming Problems for Benchmarking Code Generation ModelsProceedings of the ACM on Software Engineering10.1145/36437801:FSE(1194-1215)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643780
Liu YTantithamthavorn CLiu YLi L(2024)On the Reliability and Explainability of Language Models for Program GenerationACM Transactions on Software Engineering and Methodology10.1145/364154033:5(1-26)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3641540
Yang GZhou YYang WYue TChen XChen T(2024)How Important Are Good Method Names in Neural Code Generation? A Model Robustness PerspectiveACM Transactions on Software Engineering and Methodology10.1145/363001033:3(1-35)Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1145/3630010
Fang CSun WChen YChen XWei ZZhang QYou YLuo BLiu YChen Z(2024)Esale: Enhancing Code-Summary Alignment Learning for Source Code SummarizationIEEE Transactions on Software Engineering10.1109/TSE.2024.342227450:8(2077-2095)Online publication date: Aug-2024
https://doi.org/10.1109/TSE.2024.3422274
Liu DZhang S(2024)ALANCA: Active Learning Guided Adversarial Attacks for Code Comprehension on Diverse Pre-trained and Large Language Models2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER60148.2024.00067(602-613)Online publication date: 12-Mar-2024
https://doi.org/10.1109/SANER60148.2024.00067
Almeida YAlbuquerque DFilho EMuniz Fde Farias Santos KPerkusich MAlmeida HPerkusich A(2024)AICodeReview: Advancing code quality with AI-enhanced reviewsSoftwareX10.1016/j.softx.2024.10167726(101677)Online publication date: May-2024
https://doi.org/10.1016/j.softx.2024.101677
Li LLiang BChen LZhang X(2024)Cross-Modal Retrieval-enhanced code Summarization based on joint learning for retrieval and generationInformation and Software Technology10.1016/j.infsof.2024.107527175(107527)Online publication date: Nov-2024
https://doi.org/10.1016/j.infsof.2024.107527
Qu YHuang SYao Y(2024)A survey on robustness attacks for deep code modelsAutomated Software Engineering10.1007/s10515-024-00464-731:2Online publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1007/s10515-024-00464-7
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Full Text

View this article in Full Text.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View full text|Download PDF

View Issue’s Table of Contents