Many ML-based approaches have been proposed to automatically detect, localize, and repair software vulnerabilities. While ML-based methods are more effective than program analysis-based vulnerability analysis tools, few have been integrated into modern IDEs, hindering practical adoption. To bridge this critical gap, we propose AIBugHunter, a novel ML-based software vulnerability analysis tool for C/C++ languages that is integrated into Visual Studio Code. AIBugHunter helps software developers to achieve real-time vulnerability detection, explanation, and repairs during programming. In particular, AIBugHunter scans through developers' source code to (1) locate vulnerabilities, (2) identify vulnerability types, (3) estimate vulnerability severity, and (4) suggest vulnerability repairs. In this article, we propose a novel multi-objective optimization (MOO)-based vulnerability classification approach and a transformer-based estimation approach to help AIBugHunter accurately identify vulnerability types and estimate severity. Our empirical experiments on a large dataset consisting of 188K+ C/C++ functions confirm that our proposed approaches are more accurate than other state-of-the-art baseline methods for vulnerability classification and estimation. Furthermore, we conduct qualitative evaluations including a survey study and a user study to obtain software practitioners' perceptions of our AIBugHunter tool and assess the impact that AIBugHunter may have on developers' productivity in security aspects. Our survey study shows that our AIBugHunter is perceived as useful where 90% of the participants consider adopting our AIBugHunter. Last but not least, our user study shows that our AIBugHunter could possibly enhance developers' productivity in combating cybersecurity issues during software development.

翻译：许多基于机器学习的方法已被提出，用于自动检测、定位和修复软件漏洞。尽管基于ML的方法比基于程序分析的漏洞分析工具更有效，但很少有方法被集成到现代集成开发环境中，这阻碍了其实际应用。为弥合这一关键差距，我们提出了AIBugHunter，一种新型的基于ML的C/C++语言软件漏洞分析工具，该工具已集成到Visual Studio Code中。AIBugHunter帮助软件开发人员在编程过程中实现实时的漏洞检测、解释和修复。具体而言，AIBugHunter扫描开发人员的源代码，以（1）定位漏洞，（2）识别漏洞类型，（3）评估漏洞严重性，以及（4）建议漏洞修复方案。本文提出了一种基于多目标优化（MOO）的新型漏洞分类方法和一种基于Transformer的评估方法，以帮助AIBugHunter准确识别漏洞类型并评估严重性。我们在一个包含188K+个C/C++函数的大型数据集上进行的实证实验证实，所提出的方法在漏洞分类和严重性评估方面比其他最先进的基线方法更准确。此外，我们开展了定性评估，包括一项调查研究和一项用户研究，以获取软件从业者对AIBugHunter工具的看法，并评估AIBugHunter在安全方面可能对开发人员生产力产生的影响。调查研究显示，参与者认为AIBugHunter具有实用性，其中90%的参与者考虑采用我们的AIBugHunter。最后，用户研究表明，AIBugHunter可能有助于提升开发人员在软件开发过程中应对网络安全问题的生产力。