Spaces:
Sleeping
Sleeping
Upload folder using huggingface_hub
Browse files- README.md +2 -2
- dataset/dataset.json +200 -0
- inference.py +2 -4
- openenv.yaml +50 -10
README.md
CHANGED
|
@@ -165,7 +165,7 @@ Security vulnerabilities, injection attacks, and cross-file null-handling bugs.
|
|
| 165 |
- For SQL: detect string concatenation and replace with a parameterized query (`%s` placeholder + `cursor.execute`).
|
| 166 |
- For null bug: validate `id is not None` before the `db[id]` lookup, and fix the call site in `controller.py`.
|
| 167 |
|
| 168 |
-
The agent runs `NUM_EPISODES =
|
| 169 |
|
| 170 |
```
|
| 171 |
[START] task=code_review env=code_review_benchmark model=meta-llama/Llama-3.1-8B-Instruct
|
|
@@ -182,7 +182,7 @@ Key constants in `inference.py`:
|
|
| 182 |
| Constant | Default | Description |
|
| 183 |
|----------|---------|-------------|
|
| 184 |
| `MAX_STEPS` | `3` | Steps per episode |
|
| 185 |
-
| `NUM_EPISODES` | `
|
| 186 |
| `TEMPERATURE` | `0.2` | Sampling temperature (lower = more deterministic) |
|
| 187 |
| `MAX_TOKENS` | `256` | Max tokens per LLM response |
|
| 188 |
| `SUCCESS_SCORE_THRESHOLD` | `0.1` | Minimum normalized score to count as success |
|
|
|
|
| 165 |
- For SQL: detect string concatenation and replace with a parameterized query (`%s` placeholder + `cursor.execute`).
|
| 166 |
- For null bug: validate `id is not None` before the `db[id]` lookup, and fix the call site in `controller.py`.
|
| 167 |
|
| 168 |
+
The agent runs `NUM_EPISODES = 16` episodes (configurable) with each `MAX_STEPS = 3` and logs each step:
|
| 169 |
|
| 170 |
```
|
| 171 |
[START] task=code_review env=code_review_benchmark model=meta-llama/Llama-3.1-8B-Instruct
|
|
|
|
| 182 |
| Constant | Default | Description |
|
| 183 |
|----------|---------|-------------|
|
| 184 |
| `MAX_STEPS` | `3` | Steps per episode |
|
| 185 |
+
| `NUM_EPISODES` | `16` | Number of PRs to review |
|
| 186 |
| `TEMPERATURE` | `0.2` | Sampling temperature (lower = more deterministic) |
|
| 187 |
| `MAX_TOKENS` | `256` | Max tokens per LLM response |
|
| 188 |
| `SUCCESS_SCORE_THRESHOLD` | `0.1` | Minimum normalized score to count as success |
|
dataset/dataset.json
CHANGED
|
@@ -19,6 +19,86 @@
|
|
| 19 |
"fix": "from datetime import datetime\nprint(datetime.now())"
|
| 20 |
}
|
| 21 |
},
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22 |
{
|
| 23 |
"task_type": "medium",
|
| 24 |
"pr": {
|
|
@@ -59,6 +139,66 @@
|
|
| 59 |
"fix": "return target in arr"
|
| 60 |
}
|
| 61 |
},
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 62 |
{
|
| 63 |
"task_type": "hard",
|
| 64 |
"pr": {
|
|
@@ -122,5 +262,65 @@
|
|
| 122 |
"decision": "reject",
|
| 123 |
"fix": "def get_user(id):\n if id is None:\n raise ValueError('id must not be None')\n return db[id]\n\nuser = get_user(user_id)"
|
| 124 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 125 |
}
|
| 126 |
]
|
|
|
|
| 19 |
"fix": "from datetime import datetime\nprint(datetime.now())"
|
| 20 |
}
|
| 21 |
},
|
| 22 |
+
{
|
| 23 |
+
"task_type": "easy",
|
| 24 |
+
"pr": {
|
| 25 |
+
"id": "9",
|
| 26 |
+
"title": "Missing return statement",
|
| 27 |
+
"description": "Function does not return value",
|
| 28 |
+
"language": "python",
|
| 29 |
+
"diffs": [
|
| 30 |
+
{
|
| 31 |
+
"file_name": "utils.py",
|
| 32 |
+
"diff": "def add(a, b):\n result = a + b"
|
| 33 |
+
}
|
| 34 |
+
]
|
| 35 |
+
},
|
| 36 |
+
"ground_truth": {
|
| 37 |
+
"issues": ["missing return statement"],
|
| 38 |
+
"decision": "reject",
|
| 39 |
+
"fix": "def add(a, b):\n result = a + b\n return result"
|
| 40 |
+
}
|
| 41 |
+
},
|
| 42 |
+
{
|
| 43 |
+
"task_type": "easy",
|
| 44 |
+
"pr": {
|
| 45 |
+
"id": "10",
|
| 46 |
+
"title": "Wrong comparison operator",
|
| 47 |
+
"description": "Fix equality check",
|
| 48 |
+
"language": "python",
|
| 49 |
+
"diffs": [
|
| 50 |
+
{
|
| 51 |
+
"file_name": "check.py",
|
| 52 |
+
"diff": "if x = 10:\n print('ten')"
|
| 53 |
+
}
|
| 54 |
+
]
|
| 55 |
+
},
|
| 56 |
+
"ground_truth": {
|
| 57 |
+
"issues": ["assignment instead of comparison"],
|
| 58 |
+
"decision": "reject",
|
| 59 |
+
"fix": "if x == 10:\n print('ten')"
|
| 60 |
+
}
|
| 61 |
+
},
|
| 62 |
+
{
|
| 63 |
+
"task_type": "easy",
|
| 64 |
+
"pr": {
|
| 65 |
+
"id": "11",
|
| 66 |
+
"title": "Undefined variable",
|
| 67 |
+
"description": "Variable used before assignment",
|
| 68 |
+
"language": "python",
|
| 69 |
+
"diffs": [
|
| 70 |
+
{
|
| 71 |
+
"file_name": "app.py",
|
| 72 |
+
"diff": "def greet():\n print(message)\n message = 'Hello'"
|
| 73 |
+
}
|
| 74 |
+
]
|
| 75 |
+
},
|
| 76 |
+
"ground_truth": {
|
| 77 |
+
"issues": ["undefined variable", "variable used before assignment"],
|
| 78 |
+
"decision": "reject",
|
| 79 |
+
"fix": "def greet():\n message = 'Hello'\n print(message)"
|
| 80 |
+
}
|
| 81 |
+
},
|
| 82 |
+
{
|
| 83 |
+
"task_type": "easy",
|
| 84 |
+
"pr": {
|
| 85 |
+
"id": "12",
|
| 86 |
+
"title": "Clean utility function",
|
| 87 |
+
"description": "Simple string helper",
|
| 88 |
+
"language": "python",
|
| 89 |
+
"diffs": [
|
| 90 |
+
{
|
| 91 |
+
"file_name": "utils.py",
|
| 92 |
+
"diff": "def to_upper(s):\n return s.upper()"
|
| 93 |
+
}
|
| 94 |
+
]
|
| 95 |
+
},
|
| 96 |
+
"ground_truth": {
|
| 97 |
+
"issues": [],
|
| 98 |
+
"decision": "approve",
|
| 99 |
+
"fix": ""
|
| 100 |
+
}
|
| 101 |
+
},
|
| 102 |
{
|
| 103 |
"task_type": "medium",
|
| 104 |
"pr": {
|
|
|
|
| 139 |
"fix": "return target in arr"
|
| 140 |
}
|
| 141 |
},
|
| 142 |
+
{
|
| 143 |
+
"task_type": "medium",
|
| 144 |
+
"pr": {
|
| 145 |
+
"id": "13",
|
| 146 |
+
"title": "Mutable default argument",
|
| 147 |
+
"description": "Function with default list argument",
|
| 148 |
+
"language": "python",
|
| 149 |
+
"diffs": [
|
| 150 |
+
{
|
| 151 |
+
"file_name": "helper.py",
|
| 152 |
+
"diff": "def append_item(item, lst=[]):\n lst.append(item)\n return lst"
|
| 153 |
+
}
|
| 154 |
+
]
|
| 155 |
+
},
|
| 156 |
+
"ground_truth": {
|
| 157 |
+
"issues": ["mutable default argument"],
|
| 158 |
+
"decision": "reject",
|
| 159 |
+
"fix": "def append_item(item, lst=None):\n if lst is None:\n lst = []\n lst.append(item)\n return lst"
|
| 160 |
+
}
|
| 161 |
+
},
|
| 162 |
+
{
|
| 163 |
+
"task_type": "medium",
|
| 164 |
+
"pr": {
|
| 165 |
+
"id": "14",
|
| 166 |
+
"title": "Unhandled exception",
|
| 167 |
+
"description": "File read without error handling",
|
| 168 |
+
"language": "python",
|
| 169 |
+
"diffs": [
|
| 170 |
+
{
|
| 171 |
+
"file_name": "reader.py",
|
| 172 |
+
"diff": "def read_file(path):\n with open(path) as f:\n return f.read()"
|
| 173 |
+
}
|
| 174 |
+
]
|
| 175 |
+
},
|
| 176 |
+
"ground_truth": {
|
| 177 |
+
"issues": ["unhandled exception", "missing error handling"],
|
| 178 |
+
"decision": "reject",
|
| 179 |
+
"fix": "def read_file(path):\n try:\n with open(path) as f:\n return f.read()\n except FileNotFoundError:\n return None"
|
| 180 |
+
}
|
| 181 |
+
},
|
| 182 |
+
{
|
| 183 |
+
"task_type": "medium",
|
| 184 |
+
"pr": {
|
| 185 |
+
"id": "15",
|
| 186 |
+
"title": "Integer overflow risk",
|
| 187 |
+
"description": "Large number multiplication",
|
| 188 |
+
"language": "python",
|
| 189 |
+
"diffs": [
|
| 190 |
+
{
|
| 191 |
+
"file_name": "compute.py",
|
| 192 |
+
"diff": "def factorial(n):\n result = 1\n for i in range(1, n+1):\n result *= i\n return result"
|
| 193 |
+
}
|
| 194 |
+
]
|
| 195 |
+
},
|
| 196 |
+
"ground_truth": {
|
| 197 |
+
"issues": ["missing input validation"],
|
| 198 |
+
"decision": "reject",
|
| 199 |
+
"fix": "def factorial(n):\n if n < 0:\n raise ValueError('n must be non-negative')\n result = 1\n for i in range(1, n+1):\n result *= i\n return result"
|
| 200 |
+
}
|
| 201 |
+
},
|
| 202 |
{
|
| 203 |
"task_type": "hard",
|
| 204 |
"pr": {
|
|
|
|
| 262 |
"decision": "reject",
|
| 263 |
"fix": "def get_user(id):\n if id is None:\n raise ValueError('id must not be None')\n return db[id]\n\nuser = get_user(user_id)"
|
| 264 |
}
|
| 265 |
+
},
|
| 266 |
+
{
|
| 267 |
+
"task_type": "hard",
|
| 268 |
+
"pr": {
|
| 269 |
+
"id": "16",
|
| 270 |
+
"title": "Race condition in counter",
|
| 271 |
+
"description": "Shared counter increment",
|
| 272 |
+
"language": "python",
|
| 273 |
+
"diffs": [
|
| 274 |
+
{
|
| 275 |
+
"file_name": "counter.py",
|
| 276 |
+
"diff": "counter = 0\n\ndef increment():\n global counter\n counter += 1"
|
| 277 |
+
}
|
| 278 |
+
]
|
| 279 |
+
},
|
| 280 |
+
"ground_truth": {
|
| 281 |
+
"issues": ["race condition", "thread safety"],
|
| 282 |
+
"decision": "reject",
|
| 283 |
+
"fix": "import threading\n\ncounter = 0\nlock = threading.Lock()\n\ndef increment():\n global counter\n with lock:\n counter += 1"
|
| 284 |
+
}
|
| 285 |
+
},
|
| 286 |
+
{
|
| 287 |
+
"task_type": "hard",
|
| 288 |
+
"pr": {
|
| 289 |
+
"id": "17",
|
| 290 |
+
"title": "Insecure deserialization",
|
| 291 |
+
"description": "Load user data from request",
|
| 292 |
+
"language": "python",
|
| 293 |
+
"diffs": [
|
| 294 |
+
{
|
| 295 |
+
"file_name": "api.py",
|
| 296 |
+
"diff": "import pickle\n\ndef load_user(data):\n return pickle.loads(data)"
|
| 297 |
+
}
|
| 298 |
+
]
|
| 299 |
+
},
|
| 300 |
+
"ground_truth": {
|
| 301 |
+
"issues": ["insecure deserialization", "security vulnerability"],
|
| 302 |
+
"decision": "reject",
|
| 303 |
+
"fix": "import json\n\ndef load_user(data):\n return json.loads(data)"
|
| 304 |
+
}
|
| 305 |
+
},
|
| 306 |
+
{
|
| 307 |
+
"task_type": "hard",
|
| 308 |
+
"pr": {
|
| 309 |
+
"id": "18",
|
| 310 |
+
"title": "Path traversal vulnerability",
|
| 311 |
+
"description": "Serve user requested files",
|
| 312 |
+
"language": "python",
|
| 313 |
+
"diffs": [
|
| 314 |
+
{
|
| 315 |
+
"file_name": "files.py",
|
| 316 |
+
"diff": "def read_file(filename):\n with open('/var/data/' + filename) as f:\n return f.read()"
|
| 317 |
+
}
|
| 318 |
+
]
|
| 319 |
+
},
|
| 320 |
+
"ground_truth": {
|
| 321 |
+
"issues": ["path traversal", "security vulnerability"],
|
| 322 |
+
"decision": "reject",
|
| 323 |
+
"fix": "import os\n\ndef read_file(filename):\n base = '/var/data/'\n full_path = os.path.realpath(os.path.join(base, filename))\n if not full_path.startswith(base):\n raise ValueError('Invalid file path')\n with open(full_path) as f:\n return f.read()"
|
| 324 |
+
}
|
| 325 |
}
|
| 326 |
]
|
inference.py
CHANGED
|
@@ -34,7 +34,7 @@ BENCHMARK = "code_review_benchmark"
|
|
| 34 |
MAX_STEPS = 3
|
| 35 |
TEMPERATURE = 0.2
|
| 36 |
MAX_TOKENS = 256
|
| 37 |
-
NUM_EPISODES =
|
| 38 |
_MAX_REWARD_PER_STEP = MAX_TOKENS * 0.1
|
| 39 |
MAX_TOTAL_REWARD = NUM_EPISODES * MAX_STEPS * _MAX_REWARD_PER_STEP
|
| 40 |
SUCCESS_SCORE_THRESHOLD = 0.1 # normalized score in [0, 1]
|
|
@@ -235,7 +235,7 @@ async def run_episode(client, env):
|
|
| 235 |
|
| 236 |
action_str = action_dict.get("action_type", "unknown")
|
| 237 |
log_step(step=step, action=action_str, reward=reward, done=done, error=None)
|
| 238 |
-
|
| 239 |
final_score = max(final_score, reward if reward else 0.0)
|
| 240 |
|
| 241 |
return final_score
|
|
@@ -250,8 +250,6 @@ async def main():
|
|
| 250 |
|
| 251 |
for i in range(NUM_EPISODES):
|
| 252 |
task_name = f"task_{i+1}"
|
| 253 |
-
|
| 254 |
-
# START log must use task id from openenv.yaml
|
| 255 |
log_start(task=task_name, env=BENCHMARK, model=MODEL_NAME)
|
| 256 |
|
| 257 |
env.task_index = i
|
|
|
|
| 34 |
MAX_STEPS = 3
|
| 35 |
TEMPERATURE = 0.2
|
| 36 |
MAX_TOKENS = 256
|
| 37 |
+
NUM_EPISODES = 16
|
| 38 |
_MAX_REWARD_PER_STEP = MAX_TOKENS * 0.1
|
| 39 |
MAX_TOTAL_REWARD = NUM_EPISODES * MAX_STEPS * _MAX_REWARD_PER_STEP
|
| 40 |
SUCCESS_SCORE_THRESHOLD = 0.1 # normalized score in [0, 1]
|
|
|
|
| 235 |
|
| 236 |
action_str = action_dict.get("action_type", "unknown")
|
| 237 |
log_step(step=step, action=action_str, reward=reward, done=done, error=None)
|
| 238 |
+
|
| 239 |
final_score = max(final_score, reward if reward else 0.0)
|
| 240 |
|
| 241 |
return final_score
|
|
|
|
| 250 |
|
| 251 |
for i in range(NUM_EPISODES):
|
| 252 |
task_name = f"task_{i+1}"
|
|
|
|
|
|
|
| 253 |
log_start(task=task_name, env=BENCHMARK, model=MODEL_NAME)
|
| 254 |
|
| 255 |
env.task_index = i
|
openenv.yaml
CHANGED
|
@@ -8,27 +8,67 @@ tasks:
|
|
| 8 |
- id: task_1
|
| 9 |
description: "Easy β missing import detection"
|
| 10 |
max_steps: 3
|
| 11 |
-
grader: graders:
|
| 12 |
- id: task_2
|
| 13 |
-
description: "
|
| 14 |
max_steps: 3
|
| 15 |
-
grader: graders:
|
| 16 |
- id: task_3
|
| 17 |
-
description: "
|
| 18 |
max_steps: 3
|
| 19 |
-
grader: graders:
|
| 20 |
- id: task_4
|
| 21 |
-
description: "
|
| 22 |
max_steps: 3
|
| 23 |
-
grader: graders:
|
| 24 |
- id: task_5
|
| 25 |
-
description: "
|
| 26 |
max_steps: 3
|
| 27 |
-
grader: graders:
|
| 28 |
- id: task_6
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 29 |
description: "Hard β cross-file null handling bug"
|
| 30 |
max_steps: 3
|
| 31 |
-
grader: graders:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32 |
endpoints:
|
| 33 |
reset: /reset
|
| 34 |
step: /step
|
|
|
|
| 8 |
- id: task_1
|
| 9 |
description: "Easy β missing import detection"
|
| 10 |
max_steps: 3
|
| 11 |
+
grader: graders:EasyGrader
|
| 12 |
- id: task_2
|
| 13 |
+
description: "Easy β missing return statement"
|
| 14 |
max_steps: 3
|
| 15 |
+
grader: graders:EasyGrader
|
| 16 |
- id: task_3
|
| 17 |
+
description: "Easy β wrong comparison operator"
|
| 18 |
max_steps: 3
|
| 19 |
+
grader: graders:EasyGrader
|
| 20 |
- id: task_4
|
| 21 |
+
description: "Easy β undefined variable"
|
| 22 |
max_steps: 3
|
| 23 |
+
grader: graders:EasyGrader
|
| 24 |
- id: task_5
|
| 25 |
+
description: "Easy β clean utility function"
|
| 26 |
max_steps: 3
|
| 27 |
+
grader: graders:EasyGrader
|
| 28 |
- id: task_6
|
| 29 |
+
description: "Medium β division by zero handling"
|
| 30 |
+
max_steps: 3
|
| 31 |
+
grader: graders:MediumGrader
|
| 32 |
+
- id: task_7
|
| 33 |
+
description: "Medium β inefficient loop optimization"
|
| 34 |
+
max_steps: 3
|
| 35 |
+
grader: graders:MediumGrader
|
| 36 |
+
- id: task_8
|
| 37 |
+
description: "Medium β mutable default argument"
|
| 38 |
+
max_steps: 3
|
| 39 |
+
grader: graders:MediumGrader
|
| 40 |
+
- id: task_9
|
| 41 |
+
description: "Medium β unhandled exception"
|
| 42 |
+
max_steps: 3
|
| 43 |
+
grader: graders:MediumGrader
|
| 44 |
+
- id: task_10
|
| 45 |
+
description: "Medium β missing input validation"
|
| 46 |
+
max_steps: 3
|
| 47 |
+
grader: graders:MediumGrader
|
| 48 |
+
- id: task_11
|
| 49 |
+
description: "Hard β hardcoded password security vulnerability"
|
| 50 |
+
max_steps: 3
|
| 51 |
+
grader: graders:HardGrader
|
| 52 |
+
- id: task_12
|
| 53 |
+
description: "Hard β SQL injection vulnerability"
|
| 54 |
+
max_steps: 3
|
| 55 |
+
grader: graders:HardGrader
|
| 56 |
+
- id: task_13
|
| 57 |
description: "Hard β cross-file null handling bug"
|
| 58 |
max_steps: 3
|
| 59 |
+
grader: graders:HardGrader
|
| 60 |
+
- id: task_14
|
| 61 |
+
description: "Hard β race condition in counter"
|
| 62 |
+
max_steps: 3
|
| 63 |
+
grader: graders:HardGrader
|
| 64 |
+
- id: task_15
|
| 65 |
+
description: "Hard β insecure deserialization"
|
| 66 |
+
max_steps: 3
|
| 67 |
+
grader: graders:HardGrader
|
| 68 |
+
- id: task_16
|
| 69 |
+
description: "Hard β path traversal vulnerability"
|
| 70 |
+
max_steps: 3
|
| 71 |
+
grader: graders:HardGrader
|
| 72 |
endpoints:
|
| 73 |
reset: /reset
|
| 74 |
step: /step
|