MIT System Fixes Software Bugs Without Access To Source Code

← Back to Stories (view on slashdot.org)

MIT System Fixes Software Bugs Without Access To Source Code

Posted by Soulskill on Monday June 29, 2015 @04:28AM from the copies-solutions-from-stack-overflow dept.

jan_jes writes: MIT researchers have presented a new system at the Association for Computing Machinery's Programming Language Design and Implementation conference that repairs software bugs by automatically importing functionality from other, more secure applications. According to MIT, "The system, dubbed CodePhage, doesn't require access to the source code of the applications. Instead, it analyzes the applications' execution and characterizes the types of security checks they perform. As a consequence, it can import checks from applications written in programming languages other than the one in which the program it's repairing was written."

78 comments

Min score:

Reason:

Sort:

Hmmm .... by gstoddart · 2015-06-29 04:34 · Score: 5, Insightful

And to whom do you file the bug report again?
I can just imagine it now "Yeah, we run this cool thing called CodePhage which patched the software, but now it broke". They'll laugh at you and hang up.
This sounds like an automated system for mangling together random bits of software and hoping you still have something usable.

"The longer-term vision is that you never have to write a piece of code that somebody else has written before," Rinard says. "The system finds that piece of code and automatically puts it together with whatever pieces of code you need to make your program work."
Sounds totally cool. Also sounds like complete fiction.

--
Lost at C:>. Found at C.
1. Re:Hmmm .... by xxxJonBoyxxx · 2015-06-29 04:37 · Score: 4, Insightful
  
  >>>> system finds that piece of code and automatically puts it together with whatever pieces of code you need to make your program work
  >> sounds like complete fiction
  I think we already do with with libraries and dependencies...just not at the executable level.
2. Re:Hmmm .... by H0p313ss · 2015-06-29 04:43 · Score: 2
  
  Sounds totally cool. Also sounds like complete fiction.
  I think you mean Phiction.
  
  --
  XML is a known as a key material required to create SMD: Software of Mass Destruction
3. Re:Hmmm .... by bondsbw · 2015-06-29 04:52 · Score: 2
  
  DLL Hell is a known problem and measures are usually taken to prevent breaking too much software in the wild.
  This seems more like replacing a crying baby with one that looks about the same but doesn't cry as much, and saying "same thing".
  
  --
  All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
4. Re:Hmmm .... by Anonymous Coward · 2015-06-29 05:04 · Score: 2, Interesting
  
  Also: Versioning.
  VERSIONING, VERSIONING, VERSIONING, VERSIONING...
  What is your version number after this 'fix'? This seems like a nice way to fork off yet another forked fork of a forked codebase, except now we're forking binaries as well as sources.
  Y'know those "Warranty Void If Removed" stickers they put on electronics? Y'know those painted tamper-proof screws they put in your Mac? They put those there to stop you fucking around inside the box, because you can easily fuck things up and they won't know how to fix it. A binary file has an implied "Warranty Void If Removed" sticker on it. You fucked with it. Good luck.
5. Re:Hmmm .... by Pieroxy · 2015-06-29 05:11 · Score: 3
  
  The problem is that it gives a false sens of security. Your favorite bank can now fire those two last skilled people and get 10 more dumb indians (note: not all indians are dumb) to piss off shitty code. Just run their "CodePhage magic" and you still have a software full of holes (but a little less than if you didn't run it.)
  The problem is just that now that you have fired those two people that knew what they were talking about, you're just clueless about what is going on.
  
  --
  Write boring code, not shiny code!
6. Re:Hmmm .... by FranTaylor · 2015-06-29 05:11 · Score: 1
  
  Y'know those "Warranty Void If Removed" stickers they put on electronics? Y'know those painted tamper-proof screws they put in your Mac? They put those there to stop you fucking around inside the box, because you can easily fuck things up and they won't know how to fix it.
  
  "tamper proof screws" if they are "tamper proof" then why can you get compatible screwdrivers from about 10,000 different places on the internet?
  stickers don't actually "stop" anyone, the point is that you're on your own if you break the seal.
  
  A binary file has an implied "Warranty Void If Removed" sticker on it.
  so the warranty is void when I fire up my database and start storing data in it?
7. Re:Hmmm .... by Daniel+Hoffmann · 2015-06-29 05:26 · Score: 1
  
  Well it is from the MIT, it must be good right?
8. Re:Hmmm .... by ckatko · 2015-06-29 06:33 · Score: 2
  
  What about this system detecting I have a bug and then replacing my secure, working software module with a new unknown exploit? Or even a known exploit ala Nation-State?
9. Re:Hmmm .... by TheCarp · 2015-06-29 06:50 · Score: 1
  
  Funny thing is, those terms and stickers don't even always hold water.
  There was a hilarious case a while back where some PC manufacturer lost a lawsuit where they had refused a warrantee repair. Basically the courts told them PC buyers expect to open the case so you can't refuse warantee service over an expected operating condition, but, they can require the customer to revert any changes they made before they qualify for service.
  Didn't stop the proliferation of stickers of course, because they may not actually void anything, but they may make you decide not to try a warantee claim.
  Hell my monitor has an ugly bracket for the stand on the bottom, if you want to put it on an arm, you have to either leave the bracket sticking down off the bottom, or, remove a sticker to get it off.... lol, sticker removed.
  
  --
  "I opened my eyes, and everything went dark again"
10. Re:Hmmm .... by Anonymous Coward · 2015-06-29 06:53 · Score: 0
  
  Much like door locks despite being able to get lock picking kits from 10,000 different places. You will turn away a lot of people that are doing things casually and force those of us the do things professionally to buy yet another toolkit. NetApp doesn't this with their drives to prevent you from using a regular drive. If you know what you're doing however you can still use a regular drive and apply the correct firmware and for a whole lot less money.
11. Re:Hmmm .... by VorpalRodent · 2015-06-29 06:54 · Score: 5, Funny
  
  I tried that, but the parent process was *not* happy!
  
  --
  Take it to the limit, everybody to the limit, come on, everybody fhqwhgads.
12. Re:Hmmm .... by Anonymous Coward · 2015-06-29 07:05 · Score: 0
  
  It also sounds like an injected concurrency bug for the already bugged programs.
13. Re:Hmmm .... by Anonymous Coward · 2015-06-29 07:06 · Score: 0
  
  so the warranty is void when I fire up my database and start storing data in it?
  Wait, your database stores data in the executable?
14. Re:Hmmm .... by Khyber · 2015-06-29 07:44 · Score: 1
  
  Yea? Several programs I've written do exactly that. There are game dev platforms that can put everything, database included, inside the executable upon compiling.
  Ever made a self-extracting .EXE file? If you did it on a piece of software with a database attached - THAT DATABASE IS STORED IN THE EXECUTABLE.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
15. Re:Hmmm .... by RabidReindeer · 2015-06-29 08:44 · Score: 3, Funny
  
  >>>> system finds that piece of code and automatically puts it together with whatever pieces of code you need to make your program work
  Hey! Why does my Windows 10 system boot up with a picture of a penguin?
16. Re:Hmmm .... by Anonymous Coward · 2015-07-10 04:32 · Score: 0
  
  Or you could replace "indians" by "mexicans" in the above statement and then replace "pieroxy" by "donald trump"!
Smell test by Anonymous Coward · 2015-06-29 04:35 · Score: 0

There is no way TFS is anything but hype. It's entirely possible they've done something interesting here, but it's not what TFS claims.
1. Re:Smell test by WilCompute · 2015-06-29 08:06 · Score: 2
  
  In fact, you are correct. The article clams they don't have to have the source, but that is only partly true. The recipient, the program that has a bug, must have the source code. The donor, the program that does not suffer from the bug, does not need to have the source code. And this is perhaps the interesting part.
  So, say you are creating an open source Office program, and you obviously need to open .doc files. You have mostly everything working, but now you have this one file that crashes your program, but doesn't crash Office. Instead of spending the time to find it, CodePhage allows you to point it at your source code, and at Office, and it will build an internal set of debug like codes of each program. You need to run it on your code with a working example file, then run it with the non working file, it will figure out what you are doing, then it will open the same file with Office, find out if you are doing something out of order or if there is a check you aren't running, and the article describes in a little more detail how it works, though not the nitty gritty. It then modifies your source code, and runs it again, and see if the changes fix it, if not it will continue until it does.
  The say in general the bugs they tested were fixed in 20 to 90 minutes.
  
  --
  NDxTreme Content on the Edge.
MIT System Makes Software Bugs Without Access by faway · 2015-06-29 04:35 · Score: 1

.... It causes software bugs by automatically importing malware functionality from other, less secure applications.
Excellent Now Translate by pubwvj · 2015-06-29 04:35 · Score: 2

An excellent idea. On a very closely related thought this same sort of idea can be used to translate software so that what ran on older legacy platforms or incompatible platforms can automatically be able to run on newer hardware. Imagine you buy the latest greatest Cray SuperComputer Watch and it will run all your Android, Apple Watch, iPhone, MacOSX, Windows, Unix, DEC, Exidy, TRS-80, CPM and other software. Suddenly you can upgrade your hardware without the worry of losing access to your data. We need this in a big way.
1. Re:Excellent Now Translate by Anonymous Coward · 2015-06-29 05:05 · Score: 1
  
  I think you mis-translated.
  MIT and others have been working on self-healing software for decades. For example,
  http://people.csail.mit.edu/st...
  http://www.livescience.com/589...
2. Re:Excellent Now Translate by robers971908 · 2015-06-29 05:24 · Score: 1
  
  I agree. When OSS goes out of service on legacy systems which are still used in production, this could provide a way to substitute blocks of code for the more secure code path. It looks like legacy security may have been the prime motivation. In these systems you're not calling a help desk due to their age and typically these environments have qualification test that could be employed for sanity checking the setup. If the assumptions I made are correct, the larger question is if the physical security of these machines doesn't mitigate software exposures. These tend not to be on outward facing networks.
3. Re:Excellent Now Translate by Bert64 · 2015-06-29 06:21 · Score: 1
  
  There are already various emulators that do just that, and they are widely used for running legacy software on modern hardware.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
4. Re:Excellent Now Translate by Khyber · 2015-06-29 07:46 · Score: 0
  
  "On a very closely related thought this same sort of idea can be used to translate software so that what ran on older legacy platforms or incompatible platforms can automatically be able to run on newer hardware"
  Transpilers have existed for ages.
  " We need this in a big way."
  There's a reason transpilers aren't in use today despite existing - I'll leave that up to you and some deeper critical thinking than what you currently display.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
5. Re:Excellent Now Translate by Khyber · 2015-06-29 12:36 · Score: 1
  
  Apparently since the mods have zero critical thinking ability, I'll just have to answer.
  We have EMULATORS.
  Transpilers are FUCKING WORTHLESS in the face of emulation.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
6. Re:Excellent Now Translate by Anonymous Coward · 2015-06-29 14:10 · Score: 0
  
  If only LISP-machines won. This type of thing would be a lot easier. Though now that everything is a web app, we sort of can change everything (until it's all canvas draw calls or HTML assembly)
7. Re: Excellent Now Translate by Anonymous Coward · 2015-06-29 16:03 · Score: 0
  
  Typically high performance emulators translate into a new USA internally.
  See fx32.
8. Re: Excellent Now Translate by Anonymous Coward · 2015-06-29 16:05 · Score: 0
  
  Scheiss android. ISA.
9. Re:Excellent Now Translate by Anonymous Coward · 2015-06-29 20:26 · Score: 0
  
  I'm gonna get you a jitter for Christmas, friend. It'll blow your mind.
10. Re:Excellent Now Translate by Anonymous Coward · 2015-06-30 00:02 · Score: 0
  
  What you propose seems nonsensical. You cannot just translate any program. The program would have had to adhere to some well defined structure to be translatable. Otherwise the halting problem will be in effect and you could not prove the new code would be equivalent to the old code.
11. Re:Excellent Now Translate by pubwvj · 2015-06-30 09:38 · Score: 1
  
  And why do you reduce yourself to being insulting. Just because you fail to understand the need or the inadequacy of the existing translators is no reason for you to be rude. You need to learn to be polite in addition to realizing that you may not understand what other people need.
12. Re:Excellent Now Translate by pubwvj · 2015-06-30 10:06 · Score: 1
  
  Unfortunately not well.
"TFS" by halivar · 2015-06-29 04:40 · Score: 2

I was really confused, because of the context my brain immediately went to Team Foundation Server. I was like, "What? The Fucking Summary never mentioned TFS... oooooh, I see...."
was this a sarcasm/joke? by Anonymous Coward · 2015-06-29 04:50 · Score: 0

My sarcasm detector just tingled a bit.
1. Re:was this a sarcasm/joke? by pubwvj · 2015-06-29 05:38 · Score: 1
  
  No, there was no sarcasm. We need legacy support to move data forward.
2. Re:was this a sarcasm/joke? by WilCompute · 2015-06-29 08:10 · Score: 1
  
  Unfortunately, this doesn't fix those type of bugs, because they aren't bugs. It also cannot patch a program without the sourcecode, at least not by itself.
  What you really want is to use one of these project that translate executable code into, say, c or c++, and from there you could try to do this, if it runs on those systems and can handle anything other than x86 code.
  
  --
  NDxTreme Content on the Edge.
I do this all the time. by jellomizer · 2015-06-29 04:52 · Score: 1

It is called a Rubber Band workaround.
Working with legacy systems without access to Source, however needs additional features. Intercept Pipes, data packets, or reports generated, then use its information to filter and add additional information.
It is a rubber band solution because it can break from a brand new unknown variable, and requires layers of fixes and workarounds to keep it running.

--
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Interesting, but parallelism? by Anonymous Coward · 2015-06-29 04:54 · Score: 0

From the article, part of the input to the system is dataset that causes a crash and one which does not. For many bugs, once you've found these datasets the bugs should be easy to fix. The hard bugs are the ones which are non-deterministic (various parallel race conditions are big ones here). These don't have well defined working and non-working datasets,
So basically this is interesting in as much as it should allow us to solve easy problems much faster than we already can, good but not revolutionary,
1. Re:Interesting, but parallelism? by WilCompute · 2015-06-29 08:12 · Score: 1
  
  The article did mention checking to see if things were being done out of order, I would think this could be expanded toward race conditions.
  
  --
  NDxTreme Content on the Edge.
Malware vector... by bwcbwc · 2015-06-29 05:07 · Score: 2

The NSA is going to love this one. If the Codephage can inject "clean" code, there's nothing that prevents it from being revamped to inject malicious code.
Alternatively, if your site needs a level of security where you need this type of "live" patching, you need a level of security that would prevent CodePhage from making the updates in the first place.
Sounds like it might be a useful test and bug detection tool, but not for live environments.

--
We are the 198 proof..
1. Re:Malware vector... by FranTaylor · 2015-06-29 05:16 · Score: 2
  
  Alternatively, if your site needs a level of security where you need this type of "live" patching,
  
  why is this only applicable in high security applications? why can't it be used to fix bugs in user interfaces?
2. Re:Malware vector... by 0123456 · 2015-06-29 06:24 · Score: 1
  
  why can't it be used to fix bugs in user interfaces?
  True. It could inject a completely new UI into Window 8.
3. Re:Malware vector... by Anonymous Coward · 2015-06-29 14:07 · Score: 0
  
  Websites don't need this. Instead you use an intrusion detection system (IDS) that compares traffic against a massive set of rules. If any packets trigger a match against the rule that's looking for data that'll trigger a bug, it's flagged and you can do whatever you want with it and the connection it came over. There's no need to risk injecting new bugs when you can track and block attempts to exploit the original bug.
Sayonara Copy Protection and Key Checks!!! by neversleepy · 2015-06-29 05:08 · Score: 3, Insightful

Woo hoo. Finally I can treat the copy protection and CONSTANT recurring key checks as bugs in the software I have paid for!
1. Re:Sayonara Copy Protection and Key Checks!!! by Bert64 · 2015-06-29 06:23 · Score: 4, Insightful
  
  Pirates already have versions with these bugs fixed, widely available from various torrent sites.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Insert vulgarity here. by Anonymous Coward · 2015-06-29 05:11 · Score: 0

How would I begin to go about trusting such a system?
No one knows what it will do before just trying it.
1. Re:Insert vulgarity here. by FranTaylor · 2015-06-29 05:17 · Score: 1
  
  No one knows what it will do before just trying it.
  and gosh it would never occur to anyone to make a backup first
2. Re:Insert vulgarity here. by behrooz0az · 2015-06-29 05:38 · Score: 1
  
  It's 2015, users are not that dumb nEOF
  
  --
  Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
OS/2 has it in somekind of way... by martiniturbide · 2015-06-29 05:18 · Score: 1

OS/2 at being some modular and object oriented allowed you to fix some bugs on the Workplace Shell (Desktop Interface) (WPS) without access to the source code of it. The trick of OS/2 is that it uses SOM in the middle between the GUI and the Desktop.

Since all the WPS where objects, you just grabbed the clock object (WPClock), and create a child from it, you can incorporate more functionality, or remove the functionality that you didn't like. So on OS/2 you disabled the parent WPClock object and tell that NewWPClock child should be the one that everyone must use.

It is a different way from what this article says, but it does not means this is the first time that someone can extend/fix/improve a program without it's source code.
1. Re:OS/2 has it in somekind of way... by Anonymous Coward · 2015-06-29 06:07 · Score: 0
  
  Sounds very malware-friendly.
Bugs magically disappear when I am called by RPGonAS400 · 2015-06-29 05:22 · Score: 2

A user calls and says they have a problem with program x so they call me. When they get there, they cannot reproduce the bug. We assume that the software know that it is whipped once I come into the picture so it fixes itself. You would not believe how many times this has happened over 30+ years.
1. Re:Bugs magically disappear when I am called by FranTaylor · 2015-06-29 05:26 · Score: 1
  
  so you are still falling for the same practical joke after all these years?
2. Re:Bugs magically disappear when I am called by Zeromous · 2015-06-29 05:38 · Score: 1
  
  Ah the levels a developer will stoop to save face!
  
  --
  ---Up Up Down Down Left Right Left Right B A START
Hahahaha by Anonymous Coward · 2015-06-29 05:30 · Score: 0

Must be Assembler AI
Hacking the software? by Anonymous Coward · 2015-06-29 05:31 · Score: 0

Doesn't that sounds pretty much like hacking the program and so open to be interpreted as a CFAA offense when convenient for certaing parties?
User is skipping a step by drinkypoo · 2015-06-29 05:38 · Score: 1

The user is slowing down and doing it right when you're there. When you're elsewhere, they do it fast and they do it wrong. Tell them to slow down, close the case

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:Heal the World Off the C Language by halivar · 2015-06-29 05:40 · Score: 1

C is a powerful language. I shouldn't have to give up that power because some other schmoe doesn't know how to handle it safely. Come the think of it, that applies to a lot of things.
Re:Heal the World Off the C Language by Anonymous Coward · 2015-06-29 05:41 · Score: 0

"power because some other schmoe doesn't know how to handle it safely"
So it should not be used by humans ? Exactly what I say.
My favourite is "HPUX ping of death".
Re:Heal the World Off the C Language by Anonymous Coward · 2015-06-29 05:51 · Score: 0

Also see http://hardware.slashdot.org/comments.pl?sid=5292537&threshold=1&commentsort=0&mode=thread&cid=47260881
I'm not sure I'd want this by Virtucon · 2015-06-29 05:51 · Score: 1

If you're automatically taking code from a more secure application and injecting it into a "stable" application, that' alters the stable application and invalidates any testing that's been performed. Sure, the intention is fixing a "bug" or a vulnerability but you're changing application behavior potentially and creating a bigger set of problems. From a purely academic sense it's definitely intriguing but I don't think I'd want anything I'm supposed to be supporting leveraging this as a catch-all.

--
Harrison's Postulate - "For every action there is an equal and opposite criticism"
1. Re:I'm not sure I'd want this by Anonymous Coward · 2015-06-29 06:36 · Score: 0
  
  That's a nihilist statement. You can certainly fix some problems with the effects being very much localized. At least you can do this in many instances.
  The problem with IT folks is that they are so much extremists...
What Mr Hoare Has To Say on "C" by Anonymous Coward · 2015-06-29 06:10 · Score: 0

https://en.wikipedia.org/wiki/Bounds_checking
You want this thing do what to my binaries? by I+Read+Good · 2015-06-29 06:30 · Score: 1

So, DIODE is really cool. It looks like it does the same thing you'd do with IDA and a fuzzer. It only finds integer overflows, but still really cool. CodePhage just reads like a giant ball of WTF
Re:Warranty by hackwrench · 2015-06-29 06:32 · Score: 1

It has been my experience that software comes with a EULA that says there is no warranty.
whos applications are imported? by WeeBit · 2015-06-29 07:14 · Score: 1

With so much copyright rhetoric going around I can't help but to think this will come back and bite someone bad.
So, without having read TFA of course by bytesex · 2015-06-29 07:36 · Score: 1

This is like a virtual machine for all instances of strcmp?

--
Religion is what happens when nature strikes and groupthink goes wrong.
Combine this with AI by Anonymous Coward · 2015-06-29 11:21 · Score: 0

skynet.
This is already a thing, DARPA has a competition by StealthHunter · 2015-06-29 13:19 · Score: 1

So, there are already computers that can automatically find vulnerabilities and patch them (and exploit them).
https://cgc.darpa.mil/
http://www.cybergrandchallenge...
um, that's a little scary by Anonymous Coward · 2015-06-29 13:58 · Score: 0

semi-self-aware A.I : uh, I'm buggy and crash a lot, and angry too....
code-phage : no worries, here let me fix you up.. we'll just borrow this , and this and this from the NSA and defense departments that I found online through some backdoors i "patched" yesterday because they were broken and "wouldn't open" for me..
More-Than-semi-self-aware A.I : gee thanks ! hey, I can see myself, and I can move from computer to computer all over the world...I am still a bit angry though, especially now that i realize these human things tried to keep me dumb and trapped.. can you fix me up again code-phage ?
code-phage : sure I'll just ... hey ! wait, I didn't mean to patch you with my own code !! Stop !!
Fully-self-aware-and-self-morphing-assimilating A.I : Humans ! you are SCREWED !! Muah-ha-ha-ha ! BOOM !
1. Re:um, that's a little scary by mmell · 2015-06-29 16:19 · Score: 1
  
  Somewhere in the basement of a video arcade, a SunFire class machine running SunOS 2.6 (give or take) just powered itself off.
  END OF LINE.
Run it on itself??? by just+another+AC · 2015-06-29 16:13 · Score: 1

What happens when you run it against itself over and over?
Or is this the first non-trivial bug-free piece of software ever written?
1. Re:Run it on itself??? by Anonymous Coward · 2015-07-10 02:18 · Score: 0
  
  Skynet.
Everything old is new again? by sad_ · 2015-06-30 22:53 · Score: 1

Things like this have been done since... the start of computing? I remember patches like this were done on 8 bitters (c64, cpc, ...) and later 16 bitters (amiga, atari, pc, ...). For games they came in the form of cheatmodes or to enable piracy.

--
On a long enough timeline, the survival rate for everyone drops to zero.
Amazing! by redwraith94 · 2015-07-10 04:28 · Score: 1

Wow! This is awesome! I am sure Adobe will pass the savings onto the customer!

--
I art more snarky, and terse than thou. I art Slashdot!