Slash Boxes

SoylentNews is people

posted by n1 on Monday July 06 2015, @09:32PM   Printer-friendly
from the human-obsolescence dept.

MIT computer scientists have devised a new system that repairs dangerous software bugs by automatically importing functionality from other, more secure applications.

Remarkably, the system, dubbed CodePhage, doesn’t require access to the source code of the applications whose functionality it’s borrowing. Instead, it analyzes the applications’ execution and characterizes the types of security checks they perform. As a consequence, it can import checks from applications written in programming languages other than the one in which the program it’s repairing was written.

Once it’s imported code into a vulnerable application, CodePhage can provide a further layer of analysis that guarantees that the bug has been repaired.

[...] Sidiroglou-Douskos and his coauthors — MIT professor of computer science and engineering Martin Rinard, graduate student Fan Long, and Eric Lahtinen, a researcher in Rinard’s group — refer to the program CodePhage is repairing as the “recipient” and the program whose functionality it’s borrowing as the “donor.” To begin its analysis, CodePhage requires two sample inputs: one that causes the recipient to crash and one that doesn’t. A bug-locating program that the same group reported in March, dubbed DIODE, generates crash-inducing inputs automatically. But a user may simply have found that trying to open a particular file caused a crash.

[...] “The longer-term vision is that you never have to write a piece of code that somebody else has written before,” Rinard says. “The system finds that piece of code and automatically puts it together with whatever pieces of code you need to make your program work.”

“The technique of borrowing code from another program that has similar functionality, and being able to take a program that essentially is broken and fix it in that manner, is a pretty cool result,” says Emery Berger, a professor of computer science at the University of Massachusetts at Amherst. “To be honest, I was surprised that it worked at all.”

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by mrchew1982 on Monday July 06 2015, @10:56PM

    by mrchew1982 (3565) on Monday July 06 2015, @10:56PM (#205880)

    Single celled organisms do this kind of thing all of the time, they import random genetic material to try to overcome environmental stress or even outcompete other organisms. It's a great part of why life is so resilient, thrives in unlikely places, and evolved/evolves so quickly.

    If artificial intelligence is going to take hold and thrive (terrifying though that may be) at some point it has to be able to repair its own codebase of even evolve new functionality, I view this as progress on that front, not as a way to fix simple code bloopers and remove maintainers. Of course given that this is a researcher looking for grant money, I doubt that it's even half as automated or efficient as they claim.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 1, Insightful) by Anonymous Coward on Tuesday July 07 2015, @03:42AM

    by Anonymous Coward on Tuesday July 07 2015, @03:42AM (#205976)

    The outcome of fixing a program is that the program should do what it's supposed to.

    The outcome of patching DNA in biology is to not do what it did before and to do something different in the future.

    Somehow, I don't see these as even similar.

    It seems to me that this proposed system is doing black box testing and patching. As a person with experience in high-reliability software (aerospace stuff), you don't do just black box testing, you do clear box so that all possible execution paths are covered. Maybe I just don't understand what they are proposing.

    • (Score: 3, Insightful) by penguinoid on Wednesday July 08 2015, @07:01AM

      by penguinoid (5331) on Wednesday July 08 2015, @07:01AM (#206365)

      Main difference is that each copy of a biological unit goes through rigorous unit testing. No exceptions.

      RIP Slashdot. Killed by greedy bastards.