The advances of deep learning (DL) have paved the way for automatic software vulnerability repair approaches, which effectively learn the mapping from the vulnerable code to the fixed code. Nevertheless, existing DL-based vulnerability repair methods face notable limitations: 1) they struggle to handle lengthy vulnerable code, 2) they treat code as natural language texts, neglecting its inherent structure, and 3) they do not tap into the valuable expert knowledge present in the expert system. To address this, we propose VulMaster, a Transformer-based neural network model that excels at generating vulnerability repairs by comprehensively understanding the entire vulnerable code, irrespective of its length. This model also integrates diverse information, encompassing vulnerable code structures and expert knowledge from the CWE system. We evaluated VulMaster on a real-world C/C++ vulnerability repair dataset comprising 1,754 projects with 5,800 vulnerable functions. The experimental results demonstrated that VulMaster exhibits substantial improvements compared to the learning-based state-of-the-art vulnerability repair approach. Specifically, VulMaster improves the EM, BLEU, and CodeBLEU scores from 10.2\% to 20.0\%, 21.3\% to 29.3\%, and 32.5\% to 40.9\%, respectively.

翻译：深度学习（DL）的进步为自动化软件漏洞修复方法奠定了基础，这些方法能够有效地学习从易受攻击代码到修复代码的映射。然而，现有基于深度学习的漏洞修复方法面临显著局限：1）难以处理长度较长的易受攻击代码；2）将代码视为自然语言文本，忽略了其内在结构；3）未能挖掘专家系统中宝贵的专家知识。为解决这一问题，我们提出了VulMaster——一种基于Transformer的神经网络模型，该模型擅长通过全面理解整个易受攻击代码（无论其长度如何）来生成漏洞修复。该模型还整合了多样化的信息，包括易受攻击代码的结构以及来自CWE系统的专家知识。我们在一个包含1,754个项目、5,800个易受攻击函数的真实C/C++漏洞修复数据集上对VulMaster进行了评估。实验结果表明，与基于学习的最先进漏洞修复方法相比，VulMaster展现出显著的改进。具体而言，VulMaster将EM、BLEU和CodeBLEU分数分别从10.2%提升至20.0%、从21.3%提升至29.3%、从32.5%提升至40.9%。