An Empirical Study of Code Smells in Transformer-based Code Generation Techniques

• Published in: Proceedings / IEEE International Working Conference on Source Code Analysis and Manipulation pp. 71 - 82
• Main Authors: Siddiq, Mohammed Latif, Majumder, Shafayat H., Mim, Maisha R., Jajodia, Sourov, Santos, Joanna C. S.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.10.2022
• Subjects: Analytical models; code generation; code smell; Codes; GitHub copilot; pre-trained model; Security; security smell; Source coding; Training; transformer; Transformers; Writing
• ISSN: 2470-6892
• DOI: 10.1109/SCAM55253.2022.00014

Prior works have developed transformer-based language learning models to automatically generate source code for a task without compilation errors. The datasets used to train these techniques include samples from open source projects which may not be free of security flaws, code smells, and violations of standard coding practices. Therefore, we investigate to what extent code smells are present in the datasets of coding generation techniques and verify whether they leak into the output of these techniques. To conduct this study, we used Pylint and Bandit to detect code smells and security smells in three widely used training sets (CodeXGlue, APPS, and Code Clippy). We observed that Pylint caught 264 code smell types, whereas Bandit located 44 security smell types in these three datasets used for training code generation techniques. By analyzing the output from ten different configurations of the open-source fine-tuned transformer-based GPT-Neo 125M parameters model, we observed that this model leaked the smells and non-standard practices to the generated source code. When analyzing GitHub Copilot's suggestions, a closed source code generation tool, we observed that it contained 18 types of code smells, including substandard coding patterns and 2 security smell types.