Software Development Applications

Motivation: In today's rapidly evolving technological landscape, software development applications play a critical role in enhancing productivity for software developers. For instance, in the popular Visual Studio Code (VSCode), there are more than 50,000 different extensions designed to assist developers in various tasks. With the advent of AI, these tools are becoming even more sophisticated, ensuring best practices and improving the overall development experience.

Approach: Our research aims to uncover unknown issues and gain empirical insights into the reliability and effectiveness of these applications. We focus on exploring how these tools can assist developers, identifying potential issues, and proposing solutions. Our research includes:

  • AI-generated Code: Popular Large Language Model (LLM) products like ChatGPT and GitHub Copilot can help software developers directly write code. However, LLM tools that produce low-quality code are not reliable for real-world usage. We conducted a systematic study on the quality of 4,066 LLM-generated code implementations in two popular programming languages, Java and Python [TOSEM 24]. Our study unveils various issues in LLM-generated code, including solution inaccuracies and maintainability issues. To address these, we propose three different strategies to improve code quality.
  • Software Security: Maintaining security when using development applications is paramount. We have applied program analysis techniques to identify and mitigate security vulnerabilities in VSCode systems. Our work includes evaluating security risks in VSCode extensions through taint analysis (under review) and understanding and preventing data exposure in VSCode extensions (under review).
  • AI Coding Assistants: As Large Language Model (LLM) products continue to evolve, providers such as OpenAI with GPT-4 and Anthropic with Claude 2 API are offering powerful APIs. These advancements enable third-party developers to create increasingly sophisticated AI-coding assistants, significantly enhancing the coding process and developer productivity. My research focuses on exploring the best practices for designing these software tools to ensure they are reliable, efficient, and user-friendly.

    • Related Publications

    Refining ChatGPT-Generated Code: Characterizing and Mitigating Code Quality Issues
    Yue Liu, Thanh Le-Cong, Ratnadira Widyasari, Chakkrit Tantithamthavorn, Li Li, Xuan-Bach D. Le, and David Lo
    ACM Transactions on Software Engineering and Methodology (TOSEM 2024), to appear (Core A*, CCF A)

    TaintVSCode: Evaluating VSCode Extensions Security Risks Through Taint Analysis
    Yue Liu, Yanjie Zhao, Chakkrit Tantithamthavorn, Li Li and David Lo
    Under Review

    Protect Your Secrets: Understanding and Preventing Data Exposure in VSCode Extensions
    Yue Liu, Chakkrit Tantithamthavorn, and Li Li
    Under Review