Fixing Bugs, But Bypassing the Source Code

shreshtha contributes this snippet from MIT's Technology Review: "Martin Rinard, a professor of computer science at MIT, is unabashed about the ultimate goal of his group's research: 'delivering an immortal, invulnerable program.' In work presented this month at the ACM Symposium on Operating Systems Principles in Big Sky, MT, his group has developed software that can find and fix certain types of software bugs within a matter of minutes." Interestingly, this software doesn't need access to the source code of the target program.

I sure wouldn't

[Korbeau]

run this software before running ClearView on it first. Imagine what this could do if it had a bug in its code!

Re:I sure wouldn't

WTF dude. You need to quit crack.

Re:I sure wouldn't

[sconeu]

Error - Stack recursion. Head asploding!

Re:I sure wouldn't

Error - Not enough self-awareness

Re:I sure wouldn't

...you can blame it on racism even though the worst racist in the world still can't force you to break the law.

Dude, you messed up and let some insightful slip in with the troll. Be more careful next time.

Re:I sure wouldn't

[pinkushun]

That would obviously bring SkyNet into existence!

One might have the question...

was it ever applied to itself? ... and did it gain conciousness?

Re:One might have the question...

[thhamm]

yes. now it talks in a fanny accent. and is a governator. and makes ads for wieners.

Re:One might have the question...

Yes, it was, and yes I did.

MS will probably kill it

[vawarayer]

Another interesting project that Microsoft will probably buy out and kill in the egg.

Re:MS will probably kill it

[SnarfQuest]

If MS included this in Windows, you'd never get to see the login screen because the CPU would be so busy fixing bugs.

Re:MS will probably kill it

[MobileTatsu-NJG]

If MS included this in Windows, you'd never get to see the login screen because the CPU would be so busy fixing bugs.

Geez... imagine the sheer volume of .CONF files a Linux user would have to waft through just to get this to check a distro for bugs.

Re:MS will probably kill it

By installing via a distro customized binary, likely none

Re:MS will probably kill it

[westlake]

If MS included this in Windows, you'd never get to see the login screen because the CPU would be so busy fixing bugs.

This sort of thing plays well to the geek's hive mind. But is it really worth a mod-up to +5, Insightful?

Vulnerability Report: Microsoft Windows 7 - 2009 There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

Re:MS will probably kill it

[Xtifr]

imagine the sheer volume of .CONF files a Linux user would have to waft through just to get this to check a distro for bugs.

501:~ $ locate .CONF
502:~ $

Looks like the volume is...zero? I think maybe I don't understand what you mean. Is ".CONF" some sort of Windows-speak for configuration files? If so, then the fact that they're all in /etc (or possibly /usr/etc or /usr/local/etc) and /home should make them very easy to skip.

Re:MS will probably kill it

[mewsenews]

If MS included this in Windows, you'd never get to see the login screen because the CPU would be so busy fixing bugs.

Geez... imagine the sheer volume of .CONF files a Linux user would have to waft through just to get this to check a distro for bugs.

Is this some sort of "out-stereotype the operating system" competition? If so, here is my entry:

If the tool from TFA existed already, Mac users wouldn't notice it until Steve Jobs named it the iPatcher and made some cutesy advertisements with Justin Long wearing an eye patch. At that point they'd proclaim it made their systems invulnerable to bugs in a far superior way than Windows and Linux.

Re:MS will probably kill it

[Missing_dc]

Me-thinks someone sounds jealous they did not think of it first.

Re:MS will probably kill it

> FYI, I'm laughing at you, not with you.

You're either mad that a good point and was made and modded up or you don't actually understand the gag.

You're certainly not laughing. Gritting teeth, maybe.

Re:MS will probably kill it

"Windows 7 endless reboot answer evades Microsoft
Microsoft support offers ideas, but some PCs still crippled after upgrade attempt"

Re:MS will probably kill it

[BikeHelmet]

If MS included this in Windows, you'd never get to see the login screen because the CPU would be so busy fixing bugs.

If MS included this in windows, it'd be blazing fast, because all those stupid thread lockups would be gone, along with endlessly increasing numbers of file handles. Responsiveness would shoot through the roof, even if ClearView was eating a core or two for breakfast...

But I would prefer to see stuff like this built into compilers, rather than on an end user system. This article described what I thought compilers were supposed to do, before I learned programming. Turns out profiling is actually a rather dumb operation, and JITs like Java's don't aim to correct so much as stop & alert. :/

Re:MS will probably kill it

[ArsenneLupin]

What's happening? Are Microsoft's astromoderators on strike?

Re:MS will probably kill it

[Chris_Jefferson]

By .CONF I'm sure they mean "configuration files which begin with a .". In my home directory there seem to be 80 of the things, and I have no idea what is in more than 2 of them.

Re:MS will probably kill it

I have 80 boxes here. I don't know what's in them, and I won't open them to find out.

Re:MS will probably kill it

[chis101]

Stop hiding behind your case sensitivity ;)

[~] locate -i .conf|wc -l
3400

Not that I'm sure what exactly your parent meant anyway, but that was bothering me

Re:MS will probably kill it

[Xtifr]

If you're going to do that, you need to eliminate files that simply contain ".conf" in them somewhere (use --regex '\.conf$'), as well as files in /usr/share/doc (merely documentation), files in /bin, /sbin, /usr/bin, /usr/sbin and /usr/local/bin (binaries wont be configuration files), and files in a source directory (I have numerous scattered around). If I eliminate those and /etc (which I discussed previously), I get 108, most of which are in /usr/share/alsa.

This really deserves

[fuzzyfuzzyfungus]

A "whatcouldpossiblygowrong". Along with, just to be on the safe side, a "colossustheforbinproject", a "shodan", a "hal", a "skynet" and probably a bunch of others that I'm forgetting right now.

Re:This really deserves

This idea can work. It is effectively possible to solve some types of trivial bugs in the executable.
Here is what could go wrong:
1 - A program is written with high security features.
2 - The programmer disable security just for testing. I create such back doors all the time.
3 - At some point the a bug is introduced that closes the back door.
4 - Trying to access the back door causes a trap.
5 - The program passes quality control. Accessing the back door causes an ugly trap but this is a minor issue.
6 - Clearview detect the bug, fixes it and reopens the back door.
7 - Now everyone can access all other accounts.
The root problem is that Clearview does not understand the intent of the program.
 

Re:This really deserves

With Rinard talking about an immortal program, it just begs for this:

Look at you, hacker. A pathetic creature of meat and bone, panting and sweating as you run through my corridors. How can you challenge a perfect, immortal machine?

...an immortal, invulnerable program...

[John+Hasler]

Has anyone cracked "Hello World" yet?

Re:...an immortal, invulnerable program...

[selven]

It's not immortal. You want:

while 1:
        print "Hello World"

Re:...an immortal, invulnerable program...

[zapakh]

# That's not invulnerable.  Try this:

while 1:
   try:
      while 1:
         print "Hello World"
   except KeyboardInterrupt:
      pass

Re:...an immortal, invulnerable program...

[ShakaUVM]

It's not immortal. You want:

while 1:
                print "Hello World"

Sorry, but I have prior art on a truly immortal and bug-free program:

10 PRINT "HELLO WORLD"
20 GOTO 10

Let me know who I should contact so MIT can send the royalty checks on my software patent to me.

Re:...an immortal, invulnerable program...

[dgatwood]

You forgot

0 REM Block Control-C
1 ONERR GOTO 10

5 REM Control-Reset reboots
6 POKE 1010,0

Re:...an immortal, invulnerable program...

[flaming+error]

These two posts contain the most robust code I've seen all day. But still,

"A computer's attention span is no longer than it's power cord."

Re:...an immortal, invulnerable program...

[brainboyz]

import fusiononachip

reference: http://xkcd.com/353/

Re:...an immortal, invulnerable program...

[gzipped_tar]

Use a bare except, plz.

Re:...an immortal, invulnerable program...

[syousef]

Has anyone cracked "Hello World" yet?

I think someone cracked my "Hello World". It compiled fine but when I ran it, it printed out "Core Dumped".

Re:...an immortal, invulnerable program...

The one and obvious choice would actually be:
from __future__ import fusiononachip

Re:...an immortal, invulnerable program...

[Delkster]

You bring up an interesting contradiction between "invulnerable" and "generally desirable way of coding". ;-)

Re:...an immortal, invulnerable program...

[elrous0]

I would try, but I put in a "20 Goto 10" line after it and am still waiting for the loop to finish.

Re:...an immortal, invulnerable program...

[zapakh]

Use a bare except, plz.

Following the old tenet here, I shied away from making the code completely invulnerable.

Re:...an immortal, invulnerable program...

[selven]

You just wait until we have solar-powered laptops.

It's interesting, but software should "expire"..

[skgrey]

It's a good idea, but here's the issue: software isn't meant to be immortal. It's meant to grow, get better, offer more functionality; imagine if all software stopped growing in Word 1.0 or PrintShop Pro? We'd never have all these great alternatives for office products or Photoshop/Gimp/etc.

This doesn't support innovation and improvement, and that's the cornerstone of technology improvement.

Source doesn't run

[camperdave]

Of course it can fix a program without the source code. The source code is not the part that runs. Rather it is the executable, which is just a file of bytes. Find/Replace one sequence of bytes with another, and you've changed the program without the source. It's not a big deal. Viruses have been doing this sort of thing for decades.

Re:Source doesn't run

[Grishnakh]

Yes, it sounds like a dumb idea. Sure, you can look for certain simple things in running or compiled code, but you can't debug much more complicated things without access to the source, unless perhaps this checking program were orders of magnitude more complicated than the code it's checking. Why bother, when you can just get the source?

It's like trying to make some kind of "scanner" which can detect faults in a building's design, without even going inside the building, (which obviously would require a lot of technology far more advanced than ours) when it's a lot easier to just get a structural engineer to look at the blueprints.

Re:Source doesn't run

[lgw]

There's a lot of code optimization, for example, that works better with object code (or some platform-independent intermediate code or bytecode) than with source code, by doing template matching. The source code may give hints about the user's intentions, which is useful for some kinds of problem solving. The object code give information about patterns that are common regardless of intention, which is useful for other kinds of problem solving. I've found the latter to be quite useful in debugging difficult problems. For example, you'll never find a compiler bug by just looking at the source code (or more commonly, find that you misunderstood some dark corner of the language spec).

Easy bugs tend to be apparant from the source. Hard bugs tend to require careful inspection of the object. Hmm, I guess there's several ways to paint causation over that correlation.

Re:Source doesn't run

[ceoyoyo]

A person needs source code to effectively check things. A program doesn't. Source code isn't magic, it's just set up to be nice for a person to read. It's crap for a machine to read though, which is why pure interpreters are so slow.

Re:Source doesn't run

[Korin43]

It makes sense to me that a program wouldn't need the source code to detect errors. Source code is just a way for humans to understand computer programs, there's no reason computers would find source code easier to work with. Especially if it's the sort of find/replace deal that it sounds like.

Re:Source doesn't run

[goarilla]

the thing that bothers me is this, assume that you have this process running
it modifies some of your binaries, making it 'better'
then i want to add features ..., so i code some more and recompile ?
now the magic code fixing process has to do all it's magic again ...

why bother with binary patches, if the enhancements don't get it into the development chain ? (i'm assuming here and in this entire post :D)
unless this process is 'the development team', or is able to find and change the code into the versioning control tree as well
i don't really see any use of it for my purpose

this stuff does have it uses tho, there is quite some legacy (binary-only) code going around

Re:Source doesn't run

[Grishnakh]

I agree. If you're going to find bugs in compiled code, why not go ahead and fix the bugs in the source code so you don't even need this thing any more?

Re:Source doesn't run

[Korin43]

It may be easier to fix the compiled version (at least for what they're doing).

Misleading Slashdot summary, as usual

It checks a bunch of identical machines for a set of know bugs, then applies a bunch of predermined patches until one works.

That's nice, but not what was promised.

Re:Misleading Slashdot summary, as usual

[geckipede]

It's not really very nice. If the testing of the patched software is purely automated, I wouldn't reckon its chances highly of managing a fix without screwing something else up except in very simple systems or very well coded and sensibly designed systems.

They say this is intended as a method for keeping crap old code going when the original vendors are gone. Odds are, this autopatcher is going to be dealing with stuff the like of which you'd expect to see on thedailywtf.

Re:Misleading Slashdot summary, as usual

[Meshach]

The program does not really "fix software bugs" at all. What it does is notice if a program starts taking an abnormal code path. The "normality" of a path is based on how the program operates. If a program starts taking an abnormal path then it is terminated.

This is good in preventing an attack or code injection. But as far as bug fixing nothing could be further from the truth. Some developer still needs to look at the assembly generated to identify the bad path taken, find that place in the code, figure out how the program got there, apply a fix, test the fix, then deploy the new application. If anything this is a QA tool for software to avoid attacks.

A valuable tool for exposing bugs. Bug as far as actually improving software I do not see it.

Re:Misleading Slashdot summary, as usual

[lgw]

Well, obviously a valuable tool for finding bugs is a valuable tool for improving software. But perhaps not by itself.

Re:Misleading Slashdot summary, as usual

[Meshach]

Well, obviously a valuable tool for finding bugs is a valuable tool for improving software. But perhaps not by itself.

You are right. This tool does help developers find bugs.

I guess my beef is the claim of the headline that this software will fix bugs and bypass the source code. It does highlight and cut off potential vulnerabilities without accessing the source code. But it does not "fix" anything and may cut off legitimate uses of the software. It just gives you notice and a dirty work around until a real fix can be developed and deployed.

Re:Misleading Slashdot summary, as usual

Either you didn't read the article, or you have a massive reading comprehension problem. Clearview actually creates patches to fix problems that it identifies. Note the following passage from the article:

"For seven of the attacking team's approaches, ClearView created patches that corrected the underlying errors. In all cases, it discarded corrections that had negative side effects. On average, ClearView came up with a successful patch within about five minutes of its first exposure to an attack."

Re:Misleading Slashdot summary, as usual

You should re-read the article, and specifically the following passage:

"For seven of the attacking team's approaches, ClearView created patches that corrected the underlying errors. In all cases, it discarded corrections that had negative side effects. On average, ClearView came up with a successful patch within about five minutes of its first exposure to an attack."

So it does indeed fix bugs, contrary to your claim.

Re:Misleading Slashdot summary, as usual

[lgw]

But was it a source patch, or a binary patch? A binary patch is at best a dirty work-around, becuase the bug will keep reappearing in subsequent released of the software (perhaps even in needed patches for other issues).

Re:Misleading Slashdot summary, as usual

From the article, it creates a binary patch. The purpose of the program is not to be used for software that will have its bugs fixed in source, but instead to fix software for which you do not have the source.

Picture it as a more advanced realtime virus monitor, but instead of looking for viruses it is babysitting all of your programs to make sure they are only behaving like they are supposed to. If one misbehaves, then it halts the program and attempts to create a binary batch to prevent such misbehavior in the future (perhaps until an appropriate new version of the software is released).

Re:It's interesting, but software should "expire".

This doesn't support innovation and improvement, and that's the cornerstone of technology improvement.

Please allow myself to introduce... myself.

2012

[Frosty+Piss]

How long before "it" becomes self-aware? This is the beginning of the end, folks... By 2012 it'll be all over.

Why owuld you need to access the source

[geekoid]

code. I would argue that would be the worst way to do it.

Look at the hex, make changes. The conept is no different then inserting or replacing a JMP to get around software protection.

Re:Why owuld you need to access the source

[Miandrital]

code. I would argue that would be the worst way to do it.

Look at the hex, make changes. The conept is no different then inserting or replacing a JMP to get around software protection.

But what happens with this program when you want to redistribute the code for a different platform? You wouldn't (easily) be able to convert the binary code back into the original language of the program. Unless im missing something here...

Re:Why owuld you need to access the source

[stephanruby]

Look at the hex, make changes. The conept is no different then inserting or replacing a JMP to get around software protection.

Exactly! This software sounds like it might work for getting around non-technical vendor-imposed arbitrary limitations.

If you don't feel like paying for the Standard Edition of SQL Server 2005 anymore, now you won't have to, you can just purchase the slightly crippled Workgroup edition, and have ClearView make sure the database keeps on running after it blows by its self-imposed limits. Don't have legal copies of Windows 7, that's ok. Now your government or your office will have a contingency plan, should Microsoft decide to hit the kill switch on you.

Not that I expect this software to work that well. In my mind, there is no substitute for having a real knowledgeable human being tinkering with an hex editor in the same manner as this software will try to do.

That being said, I expect such software to work very well on contrived prepared examples, and I expect such software will make lots of money even if it doesn't work very well in real life. It's the nature of legacy software used in business. You can usually sell any automated magical half-baked solutions for untold amounts money if the customer comes to you at the same point he thinks he's about to lose everything (and has no idea, or no intention, on getting it fixed the right way in the first place).

Re:Why owuld you need to access the source

[Alpha830RulZ]

paff. People have been doing this with SuperZap on mainframe code for 30 years. Kids.

Now get off my lawn.

If humans did the same..!

[Odinlake]

The very first time ClearView encounters an exploit it closes the program and begins analyzing the binary, searching for a patch that could have stopped the error.

Think of how much bullshit would go out of business if people were to do the same thing (i.e. sit down and think it over) when presented with some unusual idea.

Re:If humans did the same..!

[Xtravar]

THIS IS UNNATURAL HERESY!!!!
You've convinced me. We need to destroy this program and replace it with one that makes judgments based on feelings.

Re:If humans did the same..!

omfg that was hilarious. 10x funnier than the original.

Who will police the police?

[ashanin]

Who will fix the bugs in the ClearView program?

Re:It's interesting, but software should "expire".

[skgrey]

Dammit! Let me fix that..

"This doesn't support innovation and improvement, and that's the cornerstone of technology evolution."

I'm thinking the gist was there at least..

DNA?

[ShadowXOmega]

May be isnt immortal and invulnerable, but is pretty near...
- self repairing
- self replicating
- survive large amounts of time with minor changes

clearview

[wizardforce]

If the programs that Clearview is monitering/patching are the target, wouldn't it make sense for an attacker to focus on Clearview first? Perhaps even alter its function to serve the purposes of the attacker instead of the user. Why attack the programs it is patching when you could hit Clearview and gain the ability to hijack everything it is patching?

Re:clearview

So run two.

Re:clearview

But you first have to buy two licenses.

Re:clearview

[owlstead]

Because Clearview was created by a bunch of people that know what they are doing. Because Clearview is likely to be a much smaller target than the monitored software packages. Because Clearview is not directly connected to the web. Because Clearview may not even be easily detectable.

Re:clearview

[wizardforce]

Because Clearview was created by a bunch of people that know what they are doing.

That is no deterrent. Many programs are made by reasonably intelligent people who "know what they're doing" software is complex, especially for something like this.

Because Clearview is likely to be a much smaller target than the monitored software packages.

Why? Antivirus programs serve a very similar function and yet they are under attack all the time.

Because Clearview is not directly connected to the web.

neither are other programs that have exploitable flaws.

Because Clearview may not even be easily detectable.

You could say the same for other programs. It's naive to believe that Clearview is a magic bullet here, every program has flaws and a flaw in this program could prove disastrous.

Re:clearview

[BitZtream]

Really ... they know what they are doing? Then why is it called:

Research

If they knew what they were doing it wouldn't really be research would it.

ALL software has bugs. Adding more software to fix bugs ... introduces more bugs.

This doesn't just apply to software, it applies to just about everything, right down to the atoms that make of the universe from our perspective. As far as we can figure, the universe itself will break down to a state that will no longer support life as we know it. Adding more layers of protection falls under the laws of diminishing returns, software, hardware, bridges, cars, or molecules.

Re:clearview

[SheeEttin]

Why attack the programs it is patching when you could hit Clearview and gain the ability to hijack everything it is patching?

Because hopefully you're running Clearview in your development environment, not a production one.

Re:clearview

Employ use of Dog Curtains

Re:clearview

[Danny+Rathjens]

!X id1

id1: Friar Tuck... I am under attack! Pray save me!
id1: Off (aborted)

id2: Fear not, friend Robin! I shall rout the Sheriff of Nottingham's men!

id1: Thank you, my good fellow!

http://catb.org/jargon/html/meaning-of-hack.html

Re:clearview

[Alpha830RulZ]

Adding more software to fix bugs ... introduces more bugs.

Is a debugger software?

Your general point is valid - increasing complexity allows for increasing entropy. But entropy can be locally reduced.

Re:clearview

[logixoul]

What?

In a development environment, you run something like ProPolice, so your app crashes loudly when a buffer overflows.

Clearview is for production, where the safety of the user is at stake.

Re:clearview

No, his general point is not valid. It is possible to write a piece of code without bugs. Therefore it's possible to do multiple lines of bug free code. Therefore it's possible to do multiple multiple lines og bug free code. A claim that all software has bugs is false.

Re:clearview

[Minwee]

If they knew what they were doing it wouldn't really be research would it.

If somebody hadn't done it before then it would be called "search".

Re:clearview

[clone53421]

No, it's for development, where you'd prefer to have a quick-and-dirty hack to patch the security hole rather than a siren and flashing lights to tell you it's time to dig up the source code.

If the quick-and-dirty hack works, you deploy it. Then, you do dig up the source code and create a proper fix.

I'm guessing the amount of hand-holding that it has to do would make it prohibitively slow to run on the end-user's product. It basically virtualizes the application in a really strict but likely slow security model.

Disclaimer: I did not read TFA.

Re:clearview

[clone53421]

No

It is possible to write a word with the correct spelling.

It is possible to write a piece of code without bugs.

It is possible to write a full sentence without errors in grammar or spelling.

og

ohshit...

Re:clearview

[owlstead]

"Why? Antivirus programs serve a very similar function and yet they are under attack all the time."

And still all those firms keep installing those antivirus programs. And I doubt that is because it makes the computer less safe now does it?

Did they use that tool to develop that tool?

[140Mandak262Jamuna]

My friend developed an automatic code quality estimation program for his masters thesis. It will basically find average the number of lines per function, ratio of code to comment, and other such metrics and give a letter grade to the code. The fiendish prof announced that he will run that code through itself. Whatever letter grade it spits out will be his thesis grade. He got a D. He begged and cried and threw a hissy fit and wangled a B and scraped through the degree.

I wonder if we should turn that software loose on itself and see what it finds.

Re:Did they use that tool to develop that tool?

[Wonko+the+Sane]

The fiendish prof announced that he will run that code through itself. Whatever letter grade it spits out will be his thesis grade. He got a D. He begged and cried and threw a hissy fit and wangled a B and scraped through the degree.

Fiendish? What could possibly be more fair and objective than making him eat his own dogfood?

Re:Did they use that tool to develop that tool?

[mattack2]

"Fiendish" prof? If this is even a true story, it rates a "duhh!" Of course he should have ran his analyzer on his own code..

Re:Did they use that tool to develop that tool?

[KillerBob]

Either that or put in an author check that automatically spits out an A+ if it detects that the author of the code was himself....

Re:Did they use that tool to develop that tool?

[goodmanj]

Great story, but [Citation needed].

Re:Did they use that tool to develop that tool?

[BitZtream]

More appropriate would be to give your friend a F as he seems to have entirely missed the point. If he had a clue, he would have added a check to itself to always give itself an A, maybe throw in a joke about it along the way.

He didn't deserve a D, that much is clear.

Re:Did they use that tool to develop that tool?

[Mike610544]

It will basically find average the number of lines per function, ratio of code to comment, and other such metrics and give a letter grade to the code.

//
// Are
// two
// numbers
// equal?
//
int is_equal(int a, int b) {
if ((a = b)) {
return 1;
}
return 0;
}
// This
// function
// only
// takes
// up
// 6
// lines

Do I get an A?

Re:Did they use that tool to develop that tool?

Being graded on the quality of the ideas in the thesis and not the implementation?

Re:Did they use that tool to develop that tool?

[Corporate+Drone]

Dude deserves to fail: when confronted, he shoulda countered that he used his program as a baseline: the program that minimally gets a "pass", when run through the analyzer. Any MS student who can't BS his thesis prof... *sigh*...!

Re:Did they use that tool to develop that tool?

[Corporate+Drone]

The fiendish prof announced that he will run that code through itself. Whatever letter grade it spits out will be his thesis grade. He got a D. He begged and cried and threw a hissy fit and wangled a B and scraped through the degree.

Fiendish? What could possibly be more fair and objective than making him eat his own dogfood?

Suggesting that he runs his prof's code through the analyzer, if the prof truly believes his code deserves a "D"...

Re:Did they use that tool to develop that tool?

[Jah-Wren+Ryel]

Being graded on the quality of the ideas in the thesis and not the implementation?

Why even implement then? Just write a paper and be done with it.

In other words, if the MSc thesis requirements include an implementation then clearly the quality of the implementation is going to be evaluated.

If that guy ever gets a real job outside of academia the lesson he learned from that singular experience will probably define his career.

Re:Did they use that tool to develop that tool?

[grahamwest]

Perhaps, but I think your function is misnamed. It should be called "is_b_nonzero".

Re:Did they use that tool to develop that tool?

[ArsenneLupin]

The fiendish prof announced that he will run that code through itself. Whatever letter grade it spits out will be his thesis grade.

The even more fiendish student submits the following code:
int main(int argc, char **argv)
{
printf("A\n");
}
Of course, with lots of fluff around it to make it less obvious...

Re:Did they use that tool to develop that tool?

[Wonko+the+Sane]

I guess it does form a sort of paradox. If the grade of "D" is in fact an accurate measure of the quality of the source code of the grading program, then maybe the program deserves an "A" after all.

Re:Did they use that tool to develop that tool?

[omnichad]

It assigns the value of a to b, and returns true if successful. I don't see where you care if b is non-zero.

Re:Did they use that tool to develop that tool?

[omnichad]

b to a, that is.

Re:Did they use that tool to develop that tool?

[foobarbaz]

Please not to make program I will use.

Re:Did they use that tool to develop that tool?

[omnichad]

please not to not make sense.

Re:Did they use that tool to develop that tool?

[clone53421]

NO. The expression (a = b) assigns a to the value of b and then returns the value it assigned to a.

If b was zero, (a = b) is 0, which the if statement considers to be false. Otherwise, the if statement considers it to be true.

Re:Did they use that tool to develop that tool?

[omnichad]

Yeah, guess you're right in most languages (PHP, C, Java).

But we have to assume that this is pseudocode, since the article is about something that works straight on machine language code. So this is a silly argument to have in the first place.

Re:Did they use that tool to develop that tool?

[clone53421]

Actually, no, we were talking about this guy:

My friend developed an automatic code quality estimation program for his masters thesis.

No mention is made of what language he used, but I'm guessing it wasn't pseudo-code. Or machine code, for that matter.

The followup post, which was a joke, assumed c or something with very c-like structure.

Obviously Linux developers aren't human ;-)

[Zero__Kelvin]

"When a potentially harmful vulnerability is discovered in a piece of software, it takes nearly a month on average for human engineers to come up with a fix and to push the fix out to affected systems, according to a report issued by security company Symantec in 2006."

This is absolutely correct, so long as one assumes that Windows systems are the only systems, and Linux developers aren't human.

Re:Obviously Linux developers aren't human ;-)

This is absolutely correct, so long as one assumes that Windows systems are the only systems, and Linux developers aren't human.

If we assume windows systems are the only ones, Linux doesn't enter in the equation, so Linux developers don't need to not be human for the assumption that windows systems are the only ones.

Did you get it?

Re:Obviously Linux developers aren't human ;-)

[BitZtream]

The fact that they care far less about backwards compatibility ABI since most things for Linux can be recompiled might have a slight effect on why Linux bugs get 'fixed' faster. You have a different definition of 'fix' than most of the world.

Re:Obviously Linux developers aren't human ;-)

[Zero__Kelvin]

"The fact that they care far less about backwards compatibility ABI since most things for Linux can be recompiled ...

I was unaware that most things for Windows can never be recompiled ;-)

Basically, what you are saying is that our way is much smarter and that just isn't playing fair. Since applications use well defined POSIX APIs I can go back and substitute any kernel released in (at least) the last year without breaking my system, so you need to go back and rethink your argument (It will automagically use the correct dynamic libraries including glibc, etc, which can quite safely coexist, unlike the Windows scenario.) It sounds like you think applications make direct calls to the kernel, ala Windows, but maybe you know damn well how it works and are merely trying to confuse others. I don't know.

Re:Obviously Linux developers aren't human ;-)

[Qu4Z]

The definition where you update the software, and it no longer has the problem? What definition of "fix" does the rest of the world use?

Re:Obviously Linux developers aren't human ;-)

Not always true. Especially about cohabiting dynamic libraries like glibc, since there's been this exact problem in the past with glibc versions being incompatible and the kernel picking the wrong one to use.

Re:Obviously Linux developers aren't human ;-)

This is absolutely correct, so long as one assumes that Windows systems are the only systems, and Linux developers aren't human.

Stallman would seemingly confirm that second assumption is at least partially true... I've seen apes with less covering

Yeah, and if it did happen to work

[transporter_ii]

It would totally wipe out Microsoft's current business model. I think they better wait until they sucker everyone into software rental agreements before this is unleashed on Windows.

.

Re:Yeah, and if it did happen to work

[BitZtream]

And how would it do that? You think MS software has every feature for every situation that will ever exist? Its just the bugs that are the problem?

Re:Yeah, and if it did happen to work

[Avalain]

Of course it does! That's why it never needed more than 640k!

DMCA?

[happyslayer]

So how long before someone uses this to "patch" DRM and/or Windows Genuine Advantage? They interfere with my computer's functions, cause software/systems to fail out of nowhere, and are an unwanted inclusion in many programs. Yep--sounds like bugs to me!

Which means it won't be long before patches are available. Cue the angry horde of DMCA attorneys....

Re:DMCA?

[happyslayer]

Ouch! The dreaded "Offtopic" moderation...perhaps I should elaborate:

Others have already pointed out the "blackhats just got a new weapon" scenario, so I thought another possible (mis)use would be to patch software to which we do not have the source code.

• Commonly used software w/o source code? Windows and DRM systems. Check.
• Commonly used systems that inhibit user's systems? WGA and DRM. Check.
• Software that rewrites/patches binaries without source? Clearwater. Check.
• Obvious non-software response by corporations whose systems are getting hacked? DMCA letters...either to the Clearwater developers or anyone who distributes such a patch.

Just my inflation-adjusted 2 cents...

Yeah right...

"Keeping the system going at all costs does seem to have merit," adds David Pearce, a senior lecturer in computer science at Victoria University in Wellington, New Zealand.

At all costs? What sort of systems does he imagine this would be useful for? Flight control computers? Industrial robots? Nuclear reactor control systems? Radiation therapy machines?

Or just systems where people's lives aren't potentially in jeopardy when "Keeping the system going at all costs" results in the system going haywire? When certain systems have something go wrong and end up in an unanticipated state, the thing you want to do is reset them to a known state, not just keep them going in hopes the software can get things under control.

Re:Yeah right...

[jimmydevice]

Failing SAFE is a requirement for most of those applications.
In most cases, "SAFE" means shutdown with no outputs or a redundant, independent system taking control.

Re:Yeah right...

Failing SAFE is a requirement for most of those applications.

That was kind of my point. Most of the systems where you think you'd really want to keep the system running at all costs are really systems that have to fail safely and have been designed to do that from the start and thus wouldn't need or welcome interference from some stupid automated program that somewhat haphazardly modifies binaries to see if it fixes the problem.

If a system isn't so critical that letting some automated binary changing program have a whack at fixing problems so the system can keep running at any cost then the system isn't very critical in the first place so why would keeping it running at any cost even be desirable?

The whose idea seems to me to be nothing more than making repairs with spit and baling wire, which while it can get the job done, ain't exactly safe over the short term or the long term.

No Silver Bullet

[gweihir]

There has been no silver bullet in Software Engineering, not for attacker and not for defenders. I highly doubt this is one. From the article, I gather that this is actually some kind of macro Design by Contract based self-fixer. This means it is at best just as good as the people writing the contracts. It will however fail for more complex contracts, which are needed frequently in practice, unless it can get over all sorts of theoretical and practical limitations. And it will make behavior non-predictable, since your software could be patched at any time.

I would say this is a pretty bad idea, both from a security point of view and from a data-integrity and software reliability point of view.

Re:No Silver Bullet

[Yold]

I'd also point out, that from an Automata Theory standpoint, "The task of software verification is not solvable by a computer" (MIT's own Sipser).

Re:No Silver Bullet

[FlyingBishop]

Unless they've solved strong AI and plan to just sit in and have the AI write perfect software for them so they can rake in the licensing fees until someone else figures it out.

Re:No Silver Bullet

[cameigons]

Yeah, their headlines are pure sensationalism. And if I'm not mistaken what your saying is actually demonstrable.

Re:No Silver Bullet

There was this one episode of Star Trek:TNG that used a mathematical shape to pose an unsolvable problem. The borg named Hue would look at it, and unable to solve it would store the mathematical shape until it can be processed when reintegrated with the borg. Once the collective got it, it would pose an unsolvable problem that would cause the borg to allocate all it's resources to try and solve the shape.

How come programs aren't written to limit themselves? Like if a DoS occurs or some null pointer exception, it will realize that trying to solve the problem would render the system unusable to other processes, and halt the program until other resources become available? I don't mean window's "program is unresponsive" - more along the lines of a Quality Assurance tool. If a program needs on average a certain number of compute cycles, and the program runs out of bounds, then the program will self-check it's data for errors?

Re:No Silver Bullet

[gweihir]

Indeed.

Re:No Silver Bullet

[gweihir]

Well, if they have solved strog AI, then they are a few decades ahead of everybody else. The common wisdom is that its feasability is unclear. There also would be far more profitable applications...

Re:No Silver Bullet

[Handlarn]

Then you'd just have added another programming layer since you'd still have to tell the computer exactly what type of software you want it to write. Really not that different from a compiler.

Re:No Silver Bullet

[FlyingBishop]

If it's a truly sentient AI, you can just hand it Firefox with all the documentation and say "Make this as fast as you can, and remove any possible security issues. If you need any help on what constitutes a security issue, take a look at these books and blogs."

Once that's done, have the AI sit in memory looking for emergent threats.

Re:No Silver Bullet

[FlyingBishop]

its feasability is unclear.

Definitely. That's why it wouldn't surprise me too much if someone announced it tomorrow, but it will probably take decades.

And the biggest application I see is fast engineering, whether of software or hardware. I'd expect the first AIs to require a datacenter, so the sort of robots you often associate with AI would probably not be what the first generation would be doing.

Sensationalism ruined it for me

[billcopc]

When a potentially harmful vulnerability is discovered in a piece of software, it takes nearly a month on average for human engineers to come up with a fix and to push the fix out to affected systems

Yes. It takes us 5 seconds to an hour to actually come up with the fix, the remainder of the month is spent in bureaucratic hell - sitting in a trouble ticket queue, sitting in a verification queue, sitting in a QA manager's inbox, sitting with the communications team.

Clearview, if it does what it says on the tin, only addresses the 5 second problem. Any "sane" dev shop would still run the resultant patch through the many cogs and loops of modern software management. You won't get your hole patched any quicker, you'll just have shifted the coders' attention away from your own app's bugs, and onto Clearview's bugs. Net gain: less than zero.

Theoretically and conceptually, it's an interesting tool (you know, like Intercal). It just doesn't really fit in the industry, IMHO.

Re:Sensationalism ruined it for me

[starrsoft]

Yes. It takes us 5 seconds to an hour to actually come up with the fix, the remainder of the month is spent in bureaucratic hell - sitting in a trouble ticket queue, sitting in a verification queue, sitting in a QA manager's inbox, sitting with the communications team. Clearview, if it does what it says on the tin, only addresses the 5 second problem. Any "sane" dev shop would still run the resultant patch through the many cogs and loops of modern software management. You won't get your hole patched any quicker, you'll just have shifted the coders' attention away from your own app's bugs, and onto Clearview's bugs. Net gain: less than zero. Theoretically and conceptually, it's an interesting tool (you know, like Intercal). It just doesn't really fit in the industry, IMHO. [emphasis added]

You're missing the point. This isn't aimed at developers, it's aimed at end users.

Re:Sensationalism ruined it for me

[grumpy_old_troll]

If it happens live, on the server where a problem was observed, then it dodges the whole bureaucratic hell problem, and puts a hacky patch up immediately.

It's not a real fix, of course, it's just a dodge for an observed, live vulnerability. At least maybe your computer won't be a botnet node in the meantime, if you're alert enough to notice the takeover, nor will your website be down.

Maybe you can even get it to generate some input based on your vulnerability, to more easily reproduce your problem, and a hint that links to the symbol file so you can see where it went wrong. If that's possible, you'd give half the problems a potentially quicker trip through the verification queue/trouble ticket queue/triage system, plus you'd cut out most arguments about how it's not reproducible.

Sounds fairly promising to me, though of course it'll probably have its own problems. But hey, so does GDB, and yet it still helps make certain problems quicker and easier to nail down.

Good idea...

[Thelasko]

terrible name. Come on ClearView is the best you could come up with?

Re:It's interesting, but software should "expire".

You thought you'd fix your own post by replying to an AC? Good job. Now you can make a third post to fix that!

Next step: CPUs that do this

I want my CPU to say, "oh, these are the instructions you meant to execute..."

(Granted, I'd bet there are optimizations present in CPUs that do this today, but they're not supposed to introduce changes in behavior.)

Re:Next step: CPUs that do this

[omnichad]

Automated Clippy?

Re:Next step: CPUs that do this

[clone53421]

Funny, I don't want my CPU to say that. Ever.

Re:Next step: CPUs that do this

That's why it was a joke.

But no, your CPU does do that. See also pipelining, branch prediction, etc. It's just completely transparent and produces equivalent results.

How about

[raddan]

"Entscheidungsproblem". You'd think a professor of CS at MIT would have heard of it.

Re:How about

[blueg3]

The relevance here?

Re:How about

[fuzzyfuzzyfungus]

Isn't that the one that Bruce Schneier has the general solution to?

Re:How about

[raddan]

You can't write an algorithm that takes as input another algorithm and outputs whether that second algorithm is correct or not. Since ClearView must make this decision somehow (this behavior is bad; make it good), the process cannot be algorithmic. However-- this is exactly how the vast majority of software is written now-- a programmer has a good idea about how to solve the problem, but does not "provably" solve it. If you believe language designers, that's part of the problem. ClearView just adds another layer of heuristics on top of the ones that are already there. Someone has to come up with those rules. This makes the actual work of understanding a program much more complicated. But, you know, the MIT people have been chasing AI for a long time, so maybe they don't think that understanding something is important as long as there's a good simulacrum of the thing they're trying to create. Black box computer science.

Re:How about

[A+nonymous+Coward]

The relevance here?

Well, none to you. But to people who understand Goedel Escher and Bach, your arrogant ignorance is quite the giggle.

Re:How about

[Migala77]

ClearView doesn't have to prove that a program is either correct or incorrect. It only has to detect certain types of bugs, and fix them. There is no guarantee your program is correct after running it.

And personally I can't think of any cases where a buffer overflow is part of a correct program...

Re:How about

[setagllib]

Bruce Schneier is the general solution.

Re:How about

And we should have fired all the mathematicians in 1931 because they can't prove or disprove every possible theorem.

Re:How about

[eggnoglatte]

Except that you are making two mistakes:

- the Entscheidungsproblem refers to the problem of finding a general solution that will determine for all possible programs whether or not they are correct. This is an undecidable problem. However, this does NOT mean you can't find a solution for certain subclasses of programs, or a program that finds certain kinds of flaws.

- also, you already know there is an error (otherwise the program wouldn't be triggered), and the type of error (e.g. NULL pointer, array index out of bounds etc.) . That makes much easier again than the general Entscheidungsproblem.

Re:How about

[Qu4Z]

Arrogance? Between you and the GP, it's trivial to tell the arrogant one.
For those of us who don't understand, what is the relevance here?

Now, I haven't RTFA, but just because you're working towards an impossible goal doesn't mean you shouldn't get as close as you can.

Re:How about

[TheLink]

Clearview doesn't have to figure out whether the entire program is correct. It just tries to fix what's known to be incorrect (and presumably whether it falls into the subset of bugs it knows how to fix).

The sort of "correctness" and "incorrectness" for many security problems are typically "stupid mistakes" nothing very sophisticated.

You're taking too much of the "Ivory Tower Computer Science" view on this. Car analogy - Clearview isn't figuring out whether the whole car is perfect (in the real world it's 100% likely to be imperfect anyway ;) ), all it does is help detect and fix the holes in the exterior. It doesn't have to perfectly fix stuff.

FWIW I've already manually fixed programs without having the source, and managed to get a program to do stuff the manufacturer said the program can't do ;). I've also fixed a TCL program stored in an oracle database by hexediting the oracle DB file, but since that was TCL it doesn't count as "without the source"...

Just because you can't make it perfect doesn't mean you can't make it work better.

Re:How about

[blueg3]

Your claim to expertise is having read a single popular book, but you can't spot the common error of claiming because a general solution can't exist, no specific solution can exist?

Re:How about

[marciot]

Car analogy - Clearview isn't figuring out whether the whole car is perfect (in the real world it's 100% likely to be imperfect anyway ;) ), all it does is help detect and fix the holes in the exterior.

I ran this program on my car and all was good until I went to fill up the gas tank. Bloody hell, Clearview got rid of the gas tank orifice!

Re:How about

A computer progam is no different then a mathmatical function y=f(x) such as y=x^2. Even if the input is infinate one can mathmatically prove the function will never produce a negative output. The input for a computer program may be large or even infinate, but doesn't mean that you can't prove that it always satisfies some condition.

Re:How about

Parent has it right. Clearview's proposed solution is made of rainbows, unicorns and fail.

There's nothing wrong with detecting anomalies, but any attempt to modify the code to prevent the anomaly from forming is misguided at best. Even if the modified program fails to crash and fails to trigger the anomaly detector, there's no way to prove that the program still works as intended. For example, suppose the fix of an overflow also elides the initialization of some other variable, which results in data corruption? How is that better than an overflow/crash?

Therefore the only solution that I'd consider using in production would be to inject an exception that only fires at the point where the system detected the anomaly. Yes, that means my suggestion would only work on languages with a suitable exception model, and that it would only be useful on applications that handle the exception.

Re:How about

> also, you already know there is an error (otherwise the program wouldn't be triggered)

As a developer of Cppcheck - GPL licensed static code analysis tool - (https://sourceforge.net/apps/mediawiki/cppcheck/) I must say that finding an error does never mean that the error is for certain, because:
- The program that tries to find the bug can have a bug in its search algorithm.
- The target program might use the code in a way that you didn't even know would be possible, which looks like a bug, but actually works correctly. Good example of such code is the Linux kernel where you can have e.g. "extern int x[1]; x[4] = 0;".

And fixing it automatically could actually break a working program. E.g. consider: "char a[10]; char b[10]; a[10]=0; strcat( b, "text");" Here programmer tries to set last character from a to zero, but actually sets first character in b to zero. Fixing that to "a[9] = 0" would not only make possibly a shorter and cause data loss, but also the strcat to undefined array would probably cause crash.

But I'm sure they have considered all this. Just saying that fixing bugs automatically is not always that simple, because sometimes the program works only because of the existence of the bug and fix needs to be done on code level by carefully analyzing the situation.

Re:How about

[eggnoglatte]

The program doesn't analyze the code until something bad actually happens. It just runs the binary, and when it gets a NULL pointer de-reference or an access into unallocated memory, THEN it analyzes how the program got there and makes fixes.

Re:How about

Legal changes to the compiler can expose the bugs you listed as well. Just because the source code works on one compiler doesn't mean it's not a bug to make assumptions about allocations that aren't in the standard.

Re:How about

[Hurricane78]

That's why for heart-lung machines and other "mission critical" stuff with guarantees, people write their code in Haskell, and do real mathematical proofs for it. There are also tools to automatically generate those proofs from some annotations. But for most code, it simply isn't necessary to be that ultra-verbose.

Re:How about

"Entscheidungsproblem". You'd think a professor of CS at MIT would have heard of it.

Competence is overrated.

Re:How about

[JasterBobaMereel]

The first program ClearView runs on will no longer have any obvious bugs, but it will still have all it's subtle bugs, and it will have all the subtle bugs introduced by ClearView's fixes

Yes my car now has no rust spots and the windscreen has no chips in it but the steering wheel is now square, It changes from first gear to second via reverse, and the ignition does not work when I use my key ....

Re:How about

[mmcdouga]

Even if the modified program fails to crash and fails to trigger the anomaly detector, there's no way to prove that the program still works as intended. For example, suppose the fix of an overflow also elides the initialization of some other variable, which results in data corruption? How is that better than an overflow/crash?

The approach is valuable even if you can't prove the program still works as intended (which is impossible in general). The goal is to have a program that works a bit better than it would without ClearView.

For example, the unmodified web server may have a buffer overflow that can lead to the system being hijacked. ClearView modifies the program so that a connection is prematurely dropped, but hijacking is prevented. Neither behavior was what was the programmer intended, but we've taken a serious bug and replaced it with a minor bug. That's valuable.

The real issue is whether the modifications do in fact make the program work a bit better. Rinard's experiments indicate that they do, at least for the applications used in the experiments.

Re:How about

[Yvanhoe]

You are right. The correct argument against this is the halting problem : http://en.wikipedia.org/wiki/Halting_problem

Re:How about

Now that the whole Chuck Norris phase has kinda spun down does anyone see Bruce Schneier picking up the mantel? At least in geek culture / IT? I think it would be hilarious.

Re:How about

[kalirion]

But, you know, the MIT people have been chasing AI for a long time, so maybe they don't think that understanding something is important as long as there's a good simulacrum of the thing they're trying to create. Black box computer science.

Oh my god, the MIT people have managed to program a Motie Watchmaker! DO NOT LET THAT THING OUT INTO THE INTERTUBES!!!

Re:How about

Entscheidungsproblem. You'd think a professor of CS at MIT would have heard of it.

Unlikely. Unlike the chupacabra or the mermaid of which actual evidence exists, there's no sighting, myth, hypothesis, fantasy, dream, footprint, molt or any other form of evidence for any animal/plant by name Entschei. No, not even a dung trail. So no question entscheidungs has a huge existential problem. So an MIT prof couldnt possibly have heard of it.

Re:How about

[slimjim8094]

Yes, but most of those are static errors and can be/are found with lint or your compiler. Admittedly some similar improvement can probably be made with dynamic errors (exceptions, etc) but this can only be extremely limited. To fix any non-trivial dynamic errors like this requires a fundamental understanding of what the program does and how to do it... this is hard for programmers. A deterministic, non-intelligent computer could never do this work.

Re:How about

[Abstrackt]

Now that the whole Chuck Norris phase has kinda spun down does anyone see Bruce Schneier picking up the mantel? At least in geek culture / IT? I think it would be hilarious.

Ask and ye shall receive.

Re:How about

[slimjim8094]

You (perhaps) joke, but this is a real problem. In context, a bug in one program would be a feature in another...

This is a trivial example, but imagine a program designed to segfault: int main() { char* p=0; char x=*p; }.

How do you fix this? What's correct? Do you assign p to a safe value? If so, what? Do you simply remove the assignment of x? What about anything downstream that uses x? What if you wanted it to crash? What if p was assigned by a function (scanf)? What should it be?

Without knowing the purpose, intent, and processes of the program, this simple bug is unfixable. A human could say "I meant to assign p" or "scanf shouldn't be giving me null..." or even adding a conditional that spits out an error message and continues.

In a sense, these programs fail because their behavior is undefined. And it's undefined for a reason - there's many states it could be, and one it should be, and it's not matching up.

Re:How about

[clone53421]

Actually it would be very easy to write a program to detect buffer underruns. Just monitor what was there already, what comes in, what goes out, and what executes. (The OS tries to do this, but the level of virtualization needed to catch everything in realtime is probably prohibitively expensive in terms of extra memory and CPU work. This tool, on the other hand, doesn't care if the responsiveness of the application is sub-par, as long as it runs.) If something comes in and then later tries to execute, you'd normally throw a data protection error if you caught it, but this attempts to track the machine-level algorithm and detect exactly how the data convinced the program that it was code to be executed. If you can algorithmically write a patch to prevent the buffer underrun, you're golden.

This is, quite frankly, awe-inspiring. Not that it can detect an exploit and shut it down – that's relatively easy – but to actually re-write the preceding algorithm to make the exploit impossible.

Re:How about

[Java+Pimp]

Nope. Same issue.

The halting problem refers to the problem of finding a general solution that will determine for all possible programs whether or not they will halt.

You most certainly can write an algorithm that can determine if certain subclasses of programs will halt.

Re:How about

[hrimhari]

What I understood from the article is that the program uses something in the likes of a mix of neural networks with fuzzy logic to detect what the normal behavior of a certain software is.

Example: it runs for a certain number of iterations in "analyze" mode, creating rules that link input with output.

Then it's triggered when an abnormal behavior occurs and tries to find a patch to the software so that the cause of abnormal behavior becomes normal without impacting the previously detected rules.

Example: (obviously simplified) It identifies a rule that links typing something in "url" field and the following actions:
1. identify protocol
2. identify host name
3. resolve host name
4. connect to host
5. ask for path
6. parse/show response

If at some point something is written in "url" field but breaks the above rules, it will create a patch that will force this faulty input to behave nicely.

If my understanding is correct, there's no magic or perpetual motion involved. It's a matter of using learning followed by inference. Maybe both at the same time.

Maybe the Bayesian SPAM Filtering algorithm could be used as a real life far-cousin example?

Re:How about

Although a big contrived, AOL used buffer overflows to prevent Microsoft from hijacking its instant messaging software (http://www.securiteam.com/securitynews/2EUQJRFS3U.html).

Re:How about

[setagllib]

When you ask, Bruce Schneier receives.

Re:It's interesting, but software should "expire".

[DeadDecoy]

That's true for some/most cases where we're still exploring how to develop a piece of software around a task. Other pieces of software are well defined and don't really need to be evolved. How many times do you need to recode linked lists until their good enough? I think we're reaching a similar consensus with designing UIs, where some architectural patterns will remain consistent across languages. Like setting up a text box or button. As these pieces become refined or 'immortal' it will free us lowly humans up to work on other problems like fixing that damn vending machine that always clings to my precious snacks.

Uh oh...

[Taur0]

How long before it decides that human existence is a bug?

Re:Uh oh...

[garompeta]

human miseries are not bugs, but features.

Re:Microsoft will never buy it

"If additional rules are violated, or if a patch causes the system to crash, ClearView rejects it and tries another. "

So Microsoft won't be using it then ...

More like...
(user to IT): When I left last night, I had Word open in Windows on this PC... when I came back this morning, the document open in GVim in Linux!

sensasionalists ?

[cameigons]

I'm sick of the stupid headlines I've been reading about the so called projects of MIT students lately... I mean, clearly an 'immortal invulnerable program' is impossible at least for practical purposes by definition(they're dependent on the underlying OS, on other softwares and last but not least on the hardware integrity). Other recent headlines about their CS students claiming to be able to tell who's gay based on their facebook friends.... pff omg, when did it all get so preposterous. Why aren't they more honest about the reach of their ambitions. If you take these teachers words to the letter it seems like they don't know what's theoretically sound and what isn't...

Re:sensasionalists ?

[jdkane]

University has to have that "edge" you know, by having professors just slight off centre- the controversy keeps the school in the news and enrollment and prestige stays up.

Masters?

This type of stuff, like your friend did, has been written since the 1960s. It doesn't really work, unless the input code is written by slackers or idiots.

I'm fairly certain I've seen this type of code written in a few lines of perl.

A programmer with skill will KNOW how to write maintainable, readable, reusable code and simply do it. If fact, when pressured to not follow best practices, I suspect he will call in sick a few days to "help" management come to their senses.

If someone actually earned a masters from this, that graduate program should be laughed out of existence. OR, you are explaining it very well.

This is complete junk

This is completely useless for any real application and for any complicated bugs. I've dealt with this for many many years. It sounds good in theory, but it simply doesn't work in the real world.

Re:This is complete junk

[clone53421]

This is completely useless for any real application and for any complicated bugs.

You mean like – oh, just for a random example – say a security exploit in Firefox?

Wondering if it can be gamed

[shoor]

First of all, if you have a binary image of a program in some read only place, you could just compare to the running/working image to see if it were compromised and reload the original if it were. Admittedly, that can be a lot of work and ClearView might be more efficient. But, if it's just checking the behavior of the program, what's to keep hackers from getting their own copies of ClearView and figuring out how to game it, just like any other detection software. That is, making hacked programs perform so that they seem to be well behaved. Of course, if the idea is to turn the compromised software into a bot that is continuously spewing stuff out through the ethernet port, that might be hard to hide. But would you need ClearView to check that?

Be skeptical

Martin Rinard is a talented man with the largest ego in academia. Of course he is "unabashed"; he's never been "abashed" for a moment in his life. Every research project Rinard has completed has been the one he claimed would scoop and shut down all other computer scientists' efforts. Take any claims he makes with a big grain of salt. It's not that he's a fraud, it's just that history shows he isn't nearly as godlike as he thinks or claims to be.

Posted anonymously because I don't need Rinard as an enemy.

Ridiculous!

[Ancient_Hacker]

What a bunch of crapola.

Finding and fixing bugs, as any programmer knows, is anything but a simple and mechanical procedure.

About all ClearView can do is go "Oh, the stack has been bashed, let's NOP out the call to this code"

Compare this to the amount of work to find and fix an off-by-one error or an unset pointer.

There is no comparison.

Re:Ridiculous!

[DarkOx]

I can image clearview being able to fix some of those problems.

Oh the "stacks been smashed" -> let me I usually see a code that looks like a pointer dereference called and then a fetch of between 5 and 67 bytes
->This time it was 643 bytes!
->I will just stick a jump in there and save off the stack and write some code to copy not more than 67 bytes which from past experience is safe from location A to location B and then put the stack back and set the program counter to the address after the jump I inserted.

Now this certainly may change the actually function of the application but possibly not in a way the users will notice or care about!

oh, I've seen this before somewhere

[roman_mir]

From TFA:

When something goes wrong, ClearView detects the anomaly and identifies the rules that have been violated. It then comes up with several potential patches designed to force the software to follow the violated rules. (The patches are applied directly to the binary, bypassing the source code.) ClearView analyzes these possibilities to decide which are most likely to work, then installs the top candidates and tests their effectiveness. If additional rules are violated, or if a patch causes the system to crash, ClearView rejects it and tries another.

reminded me of another ingenious software application:

Your life is the sum of a remainder of an unbalanced equation inherent to the programming of the matrix. You are the eventuality of an anomaly, which despite my sincerest efforts I have been unable to eliminate from what is otherwise a harmony of mathematical precision. While it remains a burden to sedulously avoid it, it is not unexpected, and thus not beyond a measure of control. Which has led you, inexorably, here. ...
The first matrix I designed was quite
naturally perfect, it was a work of art, flawless,
sublime. A triumph equaled only by its monumental
failure. ...
she stumbled upon a solution whereby nearly 99.9% of all test subjects accepted the program, as long as they were given a choice, even if they were only aware of the choice at a near unconscious level. While this answer functioned, it was obviously fundamentally flawed, thus creating the otherwise contradictory systemic anomaly, that if left unchecked might threaten the system itself. Ergo, those that refused the program, while a minority, if unchecked, would constitute an escalating probability of disaster.

So, the solution to any program failure is creation of Zion, (the rest of the idea here is left to the imagination of the reader.)

Virus Scanner

[allcoolnameswheretak]

Sounds just like the way your everyday virus scanner works.

Martin Rinard a prof?

[McNihil]

http://en.wikipedia.org/wiki/Rice's_theorem

Can I get my star now?

People this is what we get when people grow up with Windows.

Well...

Isn't this already done with the "Hello World" program?

But seriously all software depends on hardware, you would really amaze me if you had a contiguous area of current that kept on fixing itself

thesis grade?

[pigwiggle]

Hmmm. Sounds like some CS urban legend. Never heard - not once - of a "thesis grade". Pass, no-pass, conditional pass. I didn't receive a grade myself. Just a diploma. Be great for those kind of folks that put GPA's on their CV, though.

Re:thesis grade?

Probably a case of "lost in translation". Where I live, MSc-equivalent diplomas include the grade for the "graduation work" or however you call it.

No good.

It rates far too high on the thisAlgorithmBecomingSkynet index.

Yea, cause this hasn't been tried before ...

[BitZtream]

Seriously, why the hell is this news on slashdot?

This certainly isn't a new idea, and it'll meet the same fate as existing ideas, a quick death as someone figures out how to use it to cause more damage than good.

How does it know the difference between intentional and accidental? It doesn't. This is why compilers can't fix programmer bugs, they can at best warn or error on them. The compiler really is the most likely part of the process to find and fix any bugs that can be automagically found in a closed system.

'find a potential patch' ?

I have that, its the 'Check for updates' button.

Yes I realize that its trying to detect runtime errors and correct those, but anyone with half a clue about CS knows multiple reasons why this simply doesn't work. The first and foremost reason being that it will take something intentional, classify it as a bug and 'fix' it. In effect breaking it. The only way to fix this is to keep a big exception list that constantly needs updated ... which will also have bugs. Rinse, repeat for the rest of eternity.

Re:It's interesting, but software should "expire".

[yanyan]

Missing, old, or obsolete functionality are not bugs.

Digital Signatures

The patches are applied directly to the binary, bypassing the source code.

So it patches binaries thus rendering the digital signature invalid. This makes your system more vulnerable to attacks that modify binaries maliciously.

Occam's Razor

[Lord+Grey]

From TFA:

By observing a program's normal behavior and assigning a set of rules, ClearView detects certain types of errors, particularly those caused when an attacker injects malicious input into a program. When something goes wrong, ClearView detects the anomaly and identifies the rules that have been violated. It then comes up with several potential patches designed to force the software to follow the violated rules. (The patches are applied directly to the binary, bypassing the source code.) ClearView analyzes these possibilities to decide which are most likely to work, then installs the top candidates and tests their effectiveness. If additional rules are violated, or if a patch causes the system to crash, ClearView rejects it and tries another.

So, when ClearView finds something wrong it magics up a patch, using some analysis based on previous execution path behavior or something (waves hand dismissively), then installs the patch directly into the application code.

Maybe I'm just oversimplifying things, but what about just taking a snapshot of the application and replacing the whole thing, shotgun-style, from read-only media when the binary changes unexpectedly? Wouldn't that be a hell of a lot simpler? A Perl-based daemon wielding the mighty md5 utility could do that in, what, 100 lines of code and comments?

Re:Occam's Razor

[omnichad]

malicious input. We're not talking about modifying code here. And there's plenty of encrypted binaries that modify their code in-memory in the process of decrypting themselves. Are you saying that ClearView should re-inject the original code into memory, and force the program into a loop of decrypting itself over and over again?

Re:Occam's Razor

[raddan]

The binary on disk may not change, particularly if it's a running program that's exploited. In fact, the binary image loaded into memory may not change, either. An exploit might be as simple as getting a program into an 'impossible state' through the use of a buffer overflow. Checking the binary in disk, or even the binary image in memory, will not detect this.

We've tested it!

[neo00]

To prove the correctness of ClearView, we ran it against itself, and found no bugs, no vulnerabilities,.... nothing at all!

User error

[TSPhoenix]

The program will just realise that all programs break because of user inputs, and will patch programs so users can't interact with them.

More promising approaches have been tried

[Animats]

There are more promising approaches, mostly involving some form of checkpointing. The idea is that when an error is detected, you go back to the previous checkpoint at which things were going well, determine what input caused the problem, reject that input, and continue forward from there. In some cases, you have a second, different program checking the outputs from the first. This sort of thing has been used in telephony, and Tandem, before HP acquired it, was big on this sort of thing.

The clever thing to do is to collect the failing cases and, from them, build a model of what triggers the bug. There's been work on automated crash dump analysis that does this sort of thing, at both HP and Microsoft.

link to the complete article

the complete article has a lot more information:
http://www.cs.washington.edu/homes/mernst/pubs/automatic-patching-sosp2009.pdf

ASM

[andreyvul]

you automatically have the source
patch a few bytes and off you go

Re:ASM

[abbe]

echo 'bmV2ZXIg Z29ubmEg Z2l2ZSB5 b3UgdXAs bmV2ZXIg Z29ubmEg bGV0IHlv dSBkb3du Cg=='|\ tr -d ' '|base64 -d -

s,\\,/,g

If the bug isn't fixed it the source code

[symbolset]

If the bug isn't fixed in the source code, the bug isn't fixed. This solution becomes a crutch upon which poor programmers depend until everything stops working altogether.

Re:If the bug isn't fixed it the source code

[omnichad]

Now you're getting the idea. Intel and AMD are advancing too quickly. Already, computers can process uncompiled scripting languages at a pretty good pace. To sell their upcoming products, they have to introduce more slowdowns into the world's software. See, they are secretly funding ClearView, to encourage buggier code to be written that can be patched on-the-fly with enough processing power.

Re:It's interesting, but software should "expire".

[jimmydevice]

"How many times do you need to recode linked lists until their good enough" WTF???

FUD

[jawahar]

If FUD is applied to proprietary software vendors, they fear that disclosing their software bugs might dilute their credibility among customers.

That's a first post of sorts.

First nigger post I've ever seen here that got modded "Funny."

The mods must be the sense-of-humor group today.

If the moderation changes later, I swear, it was "Score:0, Funny" when I posted this.

From a developer's point of view...

[bolt_the_dhampir]

I've tried several programs that study the source code and tries to find possible null pointers, unchecked input, possibly dirty data and whatnot, and they all have one problem - false detections. When the program studies the source code and gives you the output of this process, you can quickly decide whether to act on it, fixing the potential bug, ignore the problem as "intended behaviour", or simply correct the syntax so the source code studying application doesn't complain about it anymore. However, if you were to run this thing, which is only concerned with the binary, wouldn't it have to run again for every single version of your application you distribute? Also, you'd never actually get any patch information back to put into the source, except maybe in binary... In addition to this, when some programmers take a quick and dirty approach to things to meet deadlines (which are sometimes more important than clean code) how will the program know about your "// DIRTY HACK. WILL FIX LATER, BUT THIS IS NEEDED FOR THE DEMO. FUNCTION X() WILL WORK AS EXPECTED WITH THE TEST DATA" comment in code? Will it try to correct the binary, producing unexpected results?

Re:It's interesting, but software should "expire".

[JohnFluxx]

Hah, we're a long way from finishing code to do text boxes and buttons.

There are many improvements:

1) Write them to work with opengl
2) Write them to scale properly at any DPI
3) Have them fully themable via CSS style sheets
4) Have them stylable with SVG files
5) Adding multi-touch support

Also, the linux kernel has something like 17 seperate linked list implementations, each doing slightly different things :)

Is not a Bug. Is a Feature

[Tuqui]

"Is not a Bug. Is a Feature"
What can I do If this program starts to delete all my "features"?.

The actual paper.

[ROBOKATZ]

It might help to read the actual paper instead of some hand-waving article.

Test it on my program, please

[Arancaytar]

Here's the pseudo-code:

begin turings_revenge
    this_will_crash = find_errors(turings_revenge)
    if (this_will_crash)
    then
        terminate_gracefully();
    else
        segfault();
    end
end

So, will it crash, or won't it?

Re:Test it on my program, please

[maxume]

Well, after one of the heuristics in the scanner notes the stupid call to 'segfault()' and replaces it with something benign, no, it won't crash.

Re:Test it on my program, please

[Arancaytar]

Curses! Formal logic has been foiled by pragmatism again. :P

Unabashed?

Martin Rinard, unabashed? I'm shocked, absolutely shocked.

Re:It's interesting, but software should "expire".

[clone53421]

He didn't use a car analogy. Let me help.

"How many times do you have to re-invent the wheel until it's good enough?"

Unless you're complaining about "their" where "there" should be. In that case, carry on.

Oh, GREAT

[Kazoo+the+Clown]

Just what we need, a license for even MORE sloppy coding techniques...

Fixing bugs without accessing source code

[cryptor3]

I once filed a bug report to a developer with instructions on how to reproduce it.

He responded with a fix that involved no changes to the source code.

He said, "don't do that."

I disagree. I believe this is possible.

[Crazy+Taco]

You can't write an algorithm that takes as input another algorithm and outputs whether that second algorithm is correct or not.

I personally disagree with this statement, on the grounds that humans can take programs and determine if they are correct. No one understands exactly how the brain works, but it is clearly very capable of making any calculation a computer could make (albeit at slower speeds), and in that sense it is a computer. Again, no one understands the actual programming, how the mind moves from item to item, but it does often move from sequential thought to sequential thought as a program might. Though different than the computers we have invented ourselves, I think there are enough similarities to say that we work as an enormously complex, self-modifying algorithm, and that particular algorithm can in fact take an arbitrary program and prove correctness. Granted, we aren't born with this ability, and require training (hence the self modifying part), but a properly trained computer scientist/mathemetician will have developed, in his mind, an appropriate algorithm for generally verifying program correctness.

My basic conclusion, then, is that because we know intelligence exists, then it should be possible to construct it (though that is exceedingly hard). In the specific case of proving correctness, though, we may not even need to be a self modifying algorithm, because once someone has learned enough about computer science/math, they have the general tools in their mind to prove correctness, and they need not add any more logical rules. But for sure, as long as desiging a self modifying algorithm is considered fair game, then designing an algorithm that can become capable of proving correctness is possible.

But this whole discussion is actually a moot point, because ClearView doesn't fall (or claim to fall) into the category of determining whether a program is correct. In fact, it doesn't claim to make even a subset of a program correct. It simply replaces specific cases of undesirable behavior with behavior that, while not 100% equivalent, is still less likely to cause major problems. For example, if code has a buffer overflow problem, it is obviously not correct because it can be exploited. If replaced with a fixed length buffer, it won't be equivalent to the original, but the program at least will do nothing more than crash, as opposed to allowing a hacker to gain control of your machine. This is just an exercise in making broken code slightly less dangerous; it's not about proving correctness in any way. And therefore, it is totally possible and outside the scope of the algorithm-that-verifies-correctness problem.

Re: insightful? try stupid

I'm sorry you had to come out of 21-month hibernation to say something so stupid, but you're quite wrong.

You can prove that a given change breaks unit tests, except ... wait for it ... they don't use unit tests. Instead they use their rainbows and unicorns magic heuristics. You can't prove anything without a comprehensive per-application unit test suite, so you might as well just replace all the syscalls with nop stubs. For all you know, that's what this program does. That's why this idea is worthless to industry.

Black box voodoo machine code rewriting without a comprehensive testing is pure madness. No serious company would ever consider doing this; therefore the idea is completely worthless as implemented.

Randomly modifying the a program and then failing to test it is worse than doing nothing. Read the rest of the comment you replied to for the correct way to drop a connection. The suggested method allows for unit testing that includes unexpected failures caught at runtime by the watchdog application.

Interesting use of ClearView in hacker PoV

[zukinux]

Interesting use of ClearView in hacker point of view, the program can be patched to not change the binaries, but just to write which places seem vulnerable, and try to attack those vectors of input to gain a zero-day attack on a program which other fuzzers didn't seem to detect those input errors, etc.

Nah...

[h00manist]

All fancy language to qualify as a research project, but the authors *really* just want a universalautowarezpatchercracker