Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fixing Bugs, But Bypassing the Source Code

Posted by timothy on from the wrapping-puzzles-in-enigmas dept.

shreshtha contributes this snippet from MIT's Technology Review: "Martin Rinard, a professor of computer science at MIT, is unabashed about the ultimate goal of his group's research: 'delivering an immortal, invulnerable program.' In work presented this month at the ACM Symposium on Operating Systems Principles in Big Sky, MT, his group has developed software that can find and fix certain types of software bugs within a matter of minutes." Interestingly, this software doesn't need access to the source code of the target program.

10 of 234 comments (clear)

  1. Misleading Slashdot summary, as usual by Anonymous Coward · · Score: 2, Informative

    It checks a bunch of identical machines for a set of know bugs, then applies a bunch of predermined patches until one works.

    That's nice, but not what was promised.

    1. Re:Misleading Slashdot summary, as usual by Meshach · · Score: 1, Informative

      The program does not really "fix software bugs" at all. What it does is notice if a program starts taking an abnormal code path. The "normality" of a path is based on how the program operates. If a program starts taking an abnormal path then it is terminated.

      This is good in preventing an attack or code injection. But as far as bug fixing nothing could be further from the truth. Some developer still needs to look at the assembly generated to identify the bad path taken, find that place in the code, figure out how the program got there, apply a fix, test the fix, then deploy the new application. If anything this is a QA tool for software to avoid attacks.

      A valuable tool for exposing bugs. Bug as far as actually improving software I do not see it.

      --
      "Maybe this world is another planet's hell"
      Aldous Huxley
    2. Re:Misleading Slashdot summary, as usual by Anonymous Coward · · Score: 1, Informative

      Either you didn't read the article, or you have a massive reading comprehension problem. Clearview actually creates patches to fix problems that it identifies. Note the following passage from the article:

      "For seven of the attacking team's approaches, ClearView created patches that corrected the underlying errors. In all cases, it discarded corrections that had negative side effects. On average, ClearView came up with a successful patch within about five minutes of its first exposure to an attack."

    3. Re:Misleading Slashdot summary, as usual by Anonymous Coward · · Score: 1, Informative

      You should re-read the article, and specifically the following passage:

      "For seven of the attacking team's approaches, ClearView created patches that corrected the underlying errors. In all cases, it discarded corrections that had negative side effects. On average, ClearView came up with a successful patch within about five minutes of its first exposure to an attack."

      So it does indeed fix bugs, contrary to your claim.

  2. Re:No Silver Bullet by Yold · · Score: 2, Informative

    I'd also point out, that from an Automata Theory standpoint, "The task of software verification is not solvable by a computer" (MIT's own Sipser).

  3. sensasionalists ? by cameigons · · Score: 4, Informative

    I'm sick of the stupid headlines I've been reading about the so called projects of MIT students lately... I mean, clearly an 'immortal invulnerable program' is impossible at least for practical purposes by definition(they're dependent on the underlying OS, on other softwares and last but not least on the hardware integrity). Other recent headlines about their CS students claiming to be able to tell who's gay based on their facebook friends.... pff omg, when did it all get so preposterous. Why aren't they more honest about the reach of their ambitions. If you take these teachers words to the letter it seems like they don't know what's theoretically sound and what isn't...

  4. Re:MS will probably kill it by Xtifr · · Score: 4, Informative

    imagine the sheer volume of .CONF files a Linux user would have to waft through just to get this to check a distro for bugs.

    501:~ $ locate .CONF
    502:~ $

    Looks like the volume is...zero? I think maybe I don't understand what you mean. Is ".CONF" some sort of Windows-speak for configuration files? If so, then the fact that they're all in /etc (or possibly /usr/etc or /usr/local/etc) and /home should make them very easy to skip.

  5. That's a first post of sorts. by Anonymous Coward · · Score: 1, Informative

    First nigger post I've ever seen here that got modded "Funny."

    The mods must be the sense-of-humor group today.

    If the moderation changes later, I swear, it was "Score:0, Funny" when I posted this.

  6. The actual paper. by ROBOKATZ · · Score: 2, Informative

    It might help to read the actual paper instead of some hand-waving article.

  7. Re:How about by Abstrackt · · Score: 2, Informative

    Now that the whole Chuck Norris phase has kinda spun down does anyone see Bruce Schneier picking up the mantel? At least in geek culture / IT? I think it would be hilarious.

    Ask and ye shall receive.

    --
    They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett