SoylentNews is people
SoylentNews
MIT computer scientists have devised a new system that repairs dangerous software bugs by automatically importing functionality from other, more secure applications.
Remarkably, the system, dubbed CodePhage, doesn’t require access to the source code of the applications whose functionality it’s borrowing. Instead, it analyzes the applications’ execution and characterizes the types of security checks they perform. As a consequence, it can import checks from applications written in programming languages other than the one in which the program it’s repairing was written.
Once it’s imported code into a vulnerable application, CodePhage can provide a further layer of analysis that guarantees that the bug has been repaired.
[...] Sidiroglou-Douskos and his coauthors — MIT professor of computer science and engineering Martin Rinard, graduate student Fan Long, and Eric Lahtinen, a researcher in Rinard’s group — refer to the program CodePhage is repairing as the “recipient” and the program whose functionality it’s borrowing as the “donor.” To begin its analysis, CodePhage requires two sample inputs: one that causes the recipient to crash and one that doesn’t. A bug-locating program that the same group reported in March, dubbed DIODE, generates crash-inducing inputs automatically. But a user may simply have found that trying to open a particular file caused a crash.
[...] “The longer-term vision is that you never have to write a piece of code that somebody else has written before,” Rinard says. “The system finds that piece of code and automatically puts it together with whatever pieces of code you need to make your program work.”
“The technique of borrowing code from another program that has similar functionality, and being able to take a program that essentially is broken and fix it in that manner, is a pretty cool result,” says Emery Berger, a professor of computer science at the University of Massachusetts at Amherst. “To be honest, I was surprised that it worked at all.”
Original Submission
(Score: 0) by Anonymous Coward on Monday July 06 2015, @09:52PM
Don't all programmers try to reuse code. In fact, don't programming languages come with header or object files that already contain usable code that people can then implement into their software. Aren't there already (open and closed source) functions available that people can download and implement into their code instead of having to write new code from scratch. Isn't the whole idea of object oriented programming that you can avoid having to reinvent the wheel so to speak.
(Score: 2, Informative) by jummama on Monday July 06 2015, @10:02PM
Most programmers are humans though, not AI constructs dealing with machine code to write patches.
(Score: 4, Insightful) by davester666 on Tuesday July 07 2015, @07:36AM
Yes, this is new. This is compiled application A, reverse-engineering application B, finding that it has bugs, then reverse-engineering application C, noticing that it doesn't have those same bugs, and replacing some of the code in application B with code from application C in an attempt to fix those bugs.
I can see two things happening:
-this company being sued for having their customers commit copyright violations and violating their licensing terms
-this company being sued by their customers for introducing other bugs into their apps
(Score: 0) by Anonymous Coward on Tuesday July 07 2015, @08:07AM
-this application analysing itself, considering itself vulnerable and therefore incorporating new code into itself, thus changing its own functionality and finally evolving into Skynet. :-)