Model Compression vs. Adversarial Robustness: An Empirical Study on Language Models for Code

TL;DR

This study evaluates how common model compression techniques impact the adversarial robustness of language models for code, revealing a trade-off between efficiency and security in software analytics tasks.

Contribution

It provides a comprehensive empirical analysis of the effects of pruning, quantization, and distillation on robustness against adversarial attacks in code-focused language models.

Findings

Compressed models show similar performance to uncompressed models.

Adversarial robustness significantly decreases in compressed models.

There is a trade-off between model size reduction and robustness.

Abstract

Transformer-based language models for code have shown remarkable performance in various software analytics tasks, but their adoption is hindered by high computational costs, slow inference speeds, and substantial environmental impact. Model compression techniques such as pruning, quantization, and knowledge distillation have gained traction in addressing these challenges. However, the impact of these strategies on the robustness of compressed language models for code in adversarial scenarios remains poorly understood. Understanding how these compressed models behave under adversarial attacks is essential for their safe and effective deployment in real-world applications. To bridge this knowledge gap, we conduct a comprehensive evaluation of how common compression strategies affect the adversarial robustness of compressed models. We assess the robustness of compressed versions of three widely used language models for code across three software analytics tasks, using six evaluation metrics and four commonly used classical adversarial attacks. Our findings indicate that compressed models generally maintain comparable performance to their uncompressed counterparts. However, when subjected to adversarial attacks, compressed models exhibit significantly reduced robustness. These results reveal a trade-off between model size reduction and adversarial robustness, underscoring the need for careful consideration when deploying compressed models in security-critical software applications. Our study highlights the need for further research into compression strategies that strike a balance between computational efficiency and adversarial robustness, which is essential for deploying reliable language models for code in real-world software applications.