Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fixing Bugs, But Bypassing the Source Code

Posted by timothy on from the wrapping-puzzles-in-enigmas dept.

shreshtha contributes this snippet from MIT's Technology Review: "Martin Rinard, a professor of computer science at MIT, is unabashed about the ultimate goal of his group's research: 'delivering an immortal, invulnerable program.' In work presented this month at the ACM Symposium on Operating Systems Principles in Big Sky, MT, his group has developed software that can find and fix certain types of software bugs within a matter of minutes." Interestingly, this software doesn't need access to the source code of the target program.

4 of 234 comments (clear)

  1. Did they use that tool to develop that tool? by 140Mandak262Jamuna · · Score: 5, Interesting
    My friend developed an automatic code quality estimation program for his masters thesis. It will basically find average the number of lines per function, ratio of code to comment, and other such metrics and give a letter grade to the code. The fiendish prof announced that he will run that code through itself. Whatever letter grade it spits out will be his thesis grade. He got a D. He begged and cried and threw a hissy fit and wangled a B and scraped through the degree.

    I wonder if we should turn that software loose on itself and see what it finds.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  2. Re:How about by raddan · · Score: 4, Interesting

    You can't write an algorithm that takes as input another algorithm and outputs whether that second algorithm is correct or not. Since ClearView must make this decision somehow (this behavior is bad; make it good), the process cannot be algorithmic. However-- this is exactly how the vast majority of software is written now-- a programmer has a good idea about how to solve the problem, but does not "provably" solve it. If you believe language designers, that's part of the problem. ClearView just adds another layer of heuristics on top of the ones that are already there. Someone has to come up with those rules. This makes the actual work of understanding a program much more complicated. But, you know, the MIT people have been chasing AI for a long time, so maybe they don't think that understanding something is important as long as there's a good simulacrum of the thing they're trying to create. Black box computer science.

  3. Re:How about by TheLink · · Score: 4, Interesting

    Clearview doesn't have to figure out whether the entire program is correct. It just tries to fix what's known to be incorrect (and presumably whether it falls into the subset of bugs it knows how to fix).

    The sort of "correctness" and "incorrectness" for many security problems are typically "stupid mistakes" nothing very sophisticated.

    You're taking too much of the "Ivory Tower Computer Science" view on this. Car analogy - Clearview isn't figuring out whether the whole car is perfect (in the real world it's 100% likely to be imperfect anyway ;) ), all it does is help detect and fix the holes in the exterior. It doesn't have to perfectly fix stuff.

    FWIW I've already manually fixed programs without having the source, and managed to get a program to do stuff the manufacturer said the program can't do ;). I've also fixed a TCL program stored in an oracle database by hexediting the oracle DB file, but since that was TCL it doesn't count as "without the source"...

    Just because you can't make it perfect doesn't mean you can't make it work better.

    --
  4. Re:clearview by Danny+Rathjens · · Score: 3, Interesting

    !X id1

    id1: Friar Tuck... I am under attack! Pray save me!
    id1: Off (aborted)

    id2: Fear not, friend Robin! I shall rout the Sheriff of Nottingham's men!

    id1: Thank you, my good fellow!
    http://catb.org/jargon/html/meaning-of-hack.html