Ocassionally Secure: A Comparative Analysis of Code Generation Assistants

TL;DR

This study compares four advanced LLMs in code generation tasks, focusing on security, functionality, and reliability to understand their effective deployment in real-world developer scenarios.

Contribution

It provides a comparative analysis of multiple LLMs' code generation capabilities, emphasizing security and practical use cases for developers.

Findings

GPT-4 and Gemini outperform others in code correctness.

Security awareness varies significantly across models.

Model performance depends on task complexity and context.

Abstract

$ $Large Language Models (LLMs) are being increasingly utilized in various applications, with code generations being a notable example. While previous research has shown that LLMs have the capability to generate both secure and insecure code, the literature does not take into account what factors help generate secure and effective code. Therefore in this paper we focus on identifying and understanding the conditions and contexts in which LLMs can be effectively and safely deployed in real-world scenarios to generate quality code. We conducted a comparative analysis of four advanced LLMs--GPT-3.5 and GPT-4 using ChatGPT and Bard and Gemini from Google--using 9 separate tasks to assess each model's code generation capabilities. We contextualized our study to represent the typical use cases of a real-life developer employing LLMs for everyday tasks as work. Additionally, we place an emphasis on security awareness which is represented through the use of two distinct versions of our developer persona. In total, we collected 61 code outputs and analyzed them across several aspects: functionality, security, performance, complexity, and reliability. These insights are crucial for understanding the models' capabilities and limitations, guiding future development and practical applications in the field of automated code generation.