RefleXGen:The unexamined code is not worth using

TL;DR

RefleXGen enhances security in AI-generated code by integrating retrieval-augmented generation with guided self-reflection, improving safety without extensive fine-tuning or resource-heavy datasets.

Contribution

It introduces a resource-efficient self-reflection mechanism that iteratively improves code security in large language models without fine-tuning.

Findings

Achieves up to 13.6% security improvement with GPT-3.5 Turbo.

Demonstrates effectiveness across multiple models.

Highlights the importance of self-reflection in secure code generation.

Abstract

Security in code generation remains a pivotal challenge when applying large language models (LLMs). This paper introduces RefleXGen, an innovative method that significantly enhances code security by integrating Retrieval-Augmented Generation (RAG) techniques with guided self-reflection mechanisms inherent in LLMs. Unlike traditional approaches that rely on fine-tuning LLMs or developing specialized secure code datasets - processes that can be resource-intensive - RefleXGen iteratively optimizes the code generation process through self-assessment and reflection without the need for extensive resources. Within this framework, the model continuously accumulates and refines its knowledge base, thereby progressively improving the security of the generated code. Experimental results demonstrate that RefleXGen substantially enhances code security across multiple models, achieving a 13.6% improvement with GPT-3.5 Turbo, a 6.7% improvement with GPT-4o, a 4.5% improvement with CodeQwen, and a 5.8% improvement with Gemini. Our findings highlight that improving the quality of model self-reflection constitutes an effective and practical strategy for strengthening the security of AI-generated code.