Fixing Bugs, But Bypassing the Source Code 234
shreshtha contributes this snippet from MIT's Technology Review: "Martin Rinard, a professor of computer science at MIT, is unabashed about the ultimate goal of his group's research: 'delivering an immortal, invulnerable program.' In work presented this month at the ACM Symposium on Operating Systems Principles in Big Sky, MT, his group has developed software that can find and fix certain types of software bugs within a matter of minutes." Interestingly, this software doesn't need access to the source code of the target program.
I sure wouldn't (Score:5, Funny)
run this software before running ClearView on it first. Imagine what this could do if it had a bug in its code!
Re: (Score:3, Funny)
Error - Stack recursion. Head asploding!
Re: (Score:2, Insightful)
That would obviously bring SkyNet into existence!
This really deserves (Score:5, Funny)
How about (Score:5, Insightful)
Re: (Score:2)
The relevance here?
Re:How about (Score:4, Interesting)
Re: (Score:3, Insightful)
ClearView doesn't have to prove that a program is either correct or incorrect. It only has to detect certain types of bugs, and fix them. There is no guarantee your program is correct after running it.
And personally I can't think of any cases where a buffer overflow is part of a correct program...
Re: (Score:3, Insightful)
Even if the modified program fails to crash and fails to trigger the anomaly detector, there's no way to prove that the program still works as intended. For example, suppose the fix of an overflow also elides the initialization of some other variable, which results in data corruption? How is that better than an overflow/crash?
The approach is valuable even if you can't prove the program still works as intended (which is impossible in general). The goal is to have a program that works a bit better than it
Re:How about (Score:5, Insightful)
Except that you are making two mistakes:
- the Entscheidungsproblem refers to the problem of finding a general solution that will determine for all possible programs whether or not they are correct. This is an undecidable problem. However, this does NOT mean you can't find a solution for certain subclasses of programs, or a program that finds certain kinds of flaws.
- also, you already know there is an error (otherwise the program wouldn't be triggered), and the type of error (e.g. NULL pointer, array index out of bounds etc.) . That makes much easier again than the general Entscheidungsproblem.
Re: (Score:2)
Re: (Score:2)
The program doesn't analyze the code until something bad actually happens. It just runs the binary, and when it gets a NULL pointer de-reference or an access into unallocated memory, THEN it analyzes how the program got there and makes fixes.
Re:How about (Score:5, Interesting)
The sort of "correctness" and "incorrectness" for many security problems are typically "stupid mistakes" nothing very sophisticated.
You're taking too much of the "Ivory Tower Computer Science" view on this. Car analogy - Clearview isn't figuring out whether the whole car is perfect (in the real world it's 100% likely to be imperfect anyway
FWIW I've already manually fixed programs without having the source, and managed to get a program to do stuff the manufacturer said the program can't do
Just because you can't make it perfect doesn't mean you can't make it work better.
Re:How about (Score:4, Insightful)
Car analogy - Clearview isn't figuring out whether the whole car is perfect (in the real world it's 100% likely to be imperfect anyway ;) ), all it does is help detect and fix the holes in the exterior.
I ran this program on my car and all was good until I went to fill up the gas tank. Bloody hell, Clearview got rid of the gas tank orifice!
Re: (Score:3, Insightful)
You (perhaps) joke, but this is a real problem. In context, a bug in one program would be a feature in another...
This is a trivial example, but imagine a program designed to segfault: int main() { char* p=0; char x=*p; }.
How do you fix this? What's correct? Do you assign p to a safe value? If so, what? Do you simply remove the assignment of x? What about anything downstream that uses x? What if you wanted it to crash? What if p was assigned by a function (scanf)? What should it be?
Without knowing the purpos
Re: (Score:2)
The first program ClearView runs on will no longer have any obvious bugs, but it will still have all it's subtle bugs, and it will have all the subtle bugs introduced by ClearView's fixes
Yes my car now has no rust spots and the windscreen has no chips in it but the steering wheel is now square, It changes from first gear to second via reverse, and the ignition does not work when I use my key ....
Re: (Score:2)
That's why for heart-lung machines and other "mission critical" stuff with guarantees, people write their code in Haskell, and do real mathematical proofs for it. There are also tools to automatically generate those proofs from some annotations. But for most code, it simply isn't necessary to be that ultra-verbose.
Re:How about (Score:4, Insightful)
Your claim to expertise is having read a single popular book, but you can't spot the common error of claiming because a general solution can't exist, no specific solution can exist?
Re: (Score:2)
Re:How about (Score:4, Funny)
Bruce Schneier is the general solution.
Re: (Score:3, Informative)
Now that the whole Chuck Norris phase has kinda spun down does anyone see Bruce Schneier picking up the mantel? At least in geek culture / IT? I think it would be hilarious.
Ask and ye shall receive [schneierfacts.com].
...an immortal, invulnerable program... (Score:5, Funny)
Has anyone cracked "Hello World" yet?
Re: (Score:3, Funny)
It's not immortal. You want:
while 1:
print "Hello World"
Re: (Score:2)
Sorry, but I have prior art on a truly immortal and bug-free program:
10 PRINT "HELLO WORLD"
20 GOTO 10
Let me know who I should contact so MIT can send the royalty checks on my software patent to me.
Re: (Score:2)
You forgot
0 REM Block Control-C
1 ONERR GOTO 10
5 REM Control-Reset reboots
6 POKE 1010,0
Re: (Score:3, Funny)
These two posts contain the most robust code I've seen all day. But still,
"A computer's attention span is no longer than it's power cord."
Re: (Score:2, Funny)
import fusiononachip
reference: http://xkcd.com/353/ [xkcd.com]
Re: (Score:2)
Has anyone cracked "Hello World" yet?
I think someone cracked my "Hello World". It compiled fine but when I ran it, it printed out "Core Dumped".
Source doesn't run (Score:2)
Re: (Score:2)
Yes, it sounds like a dumb idea. Sure, you can look for certain simple things in running or compiled code, but you can't debug much more complicated things without access to the source, unless perhaps this checking program were orders of magnitude more complicated than the code it's checking. Why bother, when you can just get the source?
It's like trying to make some kind of "scanner" which can detect faults in a building's design, without even going inside the building, (which obviously would require a lo
Re: (Score:2)
There's a lot of code optimization, for example, that works better with object code (or some platform-independent intermediate code or bytecode) than with source code, by doing template matching. The source code may give hints about the user's intentions, which is useful for some kinds of problem solving. The object code give information about patterns that are common regardless of intention, which is useful for other kinds of problem solving. I've found the latter to be quite useful in debugging difficu
Re: (Score:2)
A person needs source code to effectively check things. A program doesn't. Source code isn't magic, it's just set up to be nice for a person to read. It's crap for a machine to read though, which is why pure interpreters are so slow.
Re: (Score:2)
Misleading Slashdot summary, as usual (Score:2, Informative)
It checks a bunch of identical machines for a set of know bugs, then applies a bunch of predermined patches until one works.
That's nice, but not what was promised.
Re: (Score:2)
They say this is intended as a method for keeping crap old code going when the original vendors are gone. Odds are, this autopatcher is going to be dealing with stuff the like of which you'd expect to see on thedailywtf.
Re: (Score:2, Informative)
This is good in preventing an attack or code injection. But as far as bug fixing nothing could be further from the truth. Some developer still needs to look at the assembly generated to identify the bad path taken, find that place in the code, fi
Re: (Score:2)
Well, obviously a valuable tool for finding bugs is a valuable tool for improving software. But perhaps not by itself.
Re: (Score:3, Insightful)
But was it a source patch, or a binary patch? A binary patch is at best a dirty work-around, becuase the bug will keep reappearing in subsequent released of the software (perhaps even in needed patches for other issues).
Why owuld you need to access the source (Score:2)
code. I would argue that would be the worst way to do it.
Look at the hex, make changes. The conept is no different then inserting or replacing a JMP to get around software protection.
Re: (Score:3, Interesting)
Look at the hex, make changes. The conept is no different then inserting or replacing a JMP to get around software protection.
Exactly! This software sounds like it might work for getting around non-technical vendor-imposed arbitrary limitations.
If you don't feel like paying for the Standard Edition of SQL Server 2005 anymore, now you won't have to, you can just purchase the slightly crippled Workgroup edition, and have ClearView make sure the database keeps on running after it blows by its self-imposed limits. Don't have legal copies of Windows 7, that's ok. Now your government or your office will have a contingency plan, should
Re: (Score:3, Insightful)
paff. People have been doing this with SuperZap on mainframe code for 30 years. Kids.
Now get off my lawn.
If humans did the same..! (Score:5, Funny)
The very first time ClearView encounters an exploit it closes the program and begins analyzing the binary, searching for a patch that could have stopped the error.
Think of how much bullshit would go out of business if people were to do the same thing (i.e. sit down and think it over) when presented with some unusual idea.
Re: (Score:2)
THIS IS UNNATURAL HERESY!!!!
You've convinced me. We need to destroy this program and replace it with one that makes judgments based on feelings.
Who will police the police? (Score:2, Interesting)
clearview (Score:4, Insightful)
If the programs that Clearview is monitering/patching are the target, wouldn't it make sense for an attacker to focus on Clearview first? Perhaps even alter its function to serve the purposes of the attacker instead of the user. Why attack the programs it is patching when you could hit Clearview and gain the ability to hijack everything it is patching?
Re:clearview (Score:5, Funny)
So run two.
Re:clearview (Score:4, Interesting)
id1: Friar Tuck... I am under attack! Pray save me!
id1: Off (aborted)
id2: Fear not, friend Robin! I shall rout the Sheriff of Nottingham's men!
id1: Thank you, my good fellow!
http://catb.org/jargon/html/meaning-of-hack.html [catb.org]
Re: (Score:2)
Because hopefully you're running Clearview in your development environment, not a production one.
Re: (Score:2)
That is no deterrent. Many programs are made by reasonably intelligent people who "know what they're doing" software is complex, especially for something like this.
Why? Antivirus programs serve a very similar function and yet they are under attack all the time.
neither are other
Re:clearview (Score:4, Insightful)
Really ... they know what they are doing? Then why is it called:
Research
If they knew what they were doing it wouldn't really be research would it.
ALL software has bugs. Adding more software to fix bugs ... introduces more bugs.
This doesn't just apply to software, it applies to just about everything, right down to the atoms that make of the universe from our perspective. As far as we can figure, the universe itself will break down to a state that will no longer support life as we know it. Adding more layers of protection falls under the laws of diminishing returns, software, hardware, bridges, cars, or molecules.
Re: (Score:2)
Adding more software to fix bugs ... introduces more bugs.
Is a debugger software?
Your general point is valid - increasing complexity allows for increasing entropy. But entropy can be locally reduced.
Did they use that tool to develop that tool? (Score:5, Interesting)
I wonder if we should turn that software loose on itself and see what it finds.
Re:Did they use that tool to develop that tool? (Score:5, Insightful)
Fiendish? What could possibly be more fair and objective than making him eat his own dogfood?
Re: (Score:2)
Fiendish? What could possibly be more fair and objective than making him eat his own dogfood?
Suggesting that he runs his prof's code through the analyzer, if the prof truly believes his code deserves a "D"...
Re: (Score:3, Insightful)
Being graded on the quality of the ideas in the thesis and not the implementation?
Why even implement then? Just write a paper and be done with it.
In other words, if the MSc thesis requirements include an implementation then clearly the quality of the implementation is going to be evaluated.
If that guy ever gets a real job outside of academia the lesson he learned from that singular experience will probably define his career.
Re: (Score:2)
I guess it does form a sort of paradox. If the grade of "D" is in fact an accurate measure of the quality of the source code of the grading program, then maybe the program deserves an "A" after all.
Re: (Score:3, Insightful)
"Fiendish" prof? If this is even a true story, it rates a "duhh!" Of course he should have ran his analyzer on his own code..
Re:Did they use that tool to develop that tool? (Score:5, Insightful)
Either that or put in an author check that automatically spits out an A+ if it detects that the author of the code was himself....
thesis grade? (Score:2, Insightful)
Hmmm. Sounds like some CS urban legend. Never heard - not once - of a "thesis grade". Pass, no-pass, conditional pass. I didn't receive a grade myself. Just a diploma. Be great for those kind of folks that put GPA's on their CV, though.
Re: (Score:2)
Great story, but [Citation needed].
Re: (Score:2)
More appropriate would be to give your friend a F as he seems to have entirely missed the point. If he had a clue, he would have added a check to itself to always give itself an A, maybe throw in a joke about it along the way.
He didn't deserve a D, that much is clear.
Re: (Score:2, Insightful)
It will basically find average the number of lines per function, ratio of code to comment, and other such metrics and give a letter grade to the code.
int is_equal(int a, int b) {
if ((a = b)) {
return 1;
}
return 0;
}
Do I get an A?
Re: (Score:2)
Perhaps, but I think your function is misnamed. It should be called "is_b_nonzero".
Re: (Score:2)
Dude deserves to fail: when confronted, he shoulda countered that he used his program as a baseline: the program that minimally gets a "pass", when run through the analyzer. Any MS student who can't BS his thesis prof... *sigh*...!
Re: (Score:2)
The fiendish prof announced that he will run that code through itself. Whatever letter grade it spits out will be his thesis grade.
The even more fiendish student submits the following code:
int main(int argc, char **argv)
{
printf("A\n");
}
Of course, with lots of fluff around it to make it less obvious...
Obviously Linux developers aren't human ;-) (Score:3, Interesting)
This is absolutely correct, so long as one assumes that Windows systems are the only systems, and Linux developers aren't human.
Re: (Score:3, Interesting)
The fact that they care far less about backwards compatibility ABI since most things for Linux can be recompiled might have a slight effect on why Linux bugs get 'fixed' faster. You have a different definition of 'fix' than most of the world.
No Silver Bullet (Score:3, Insightful)
There has been no silver bullet in Software Engineering, not for attacker and not for defenders. I highly doubt this is one. From the article, I gather that this is actually some kind of macro Design by Contract based self-fixer. This means it is at best just as good as the people writing the contracts. It will however fail for more complex contracts, which are needed frequently in practice, unless it can get over all sorts of theoretical and practical limitations. And it will make behavior non-predictable, since your software could be patched at any time.
I would say this is a pretty bad idea, both from a security point of view and from a data-integrity and software reliability point of view.
Re: (Score:3, Informative)
I'd also point out, that from an Automata Theory standpoint, "The task of software verification is not solvable by a computer" (MIT's own Sipser).
Re: (Score:2)
Sensationalism ruined it for me (Score:5, Insightful)
When a potentially harmful vulnerability is discovered in a piece of software, it takes nearly a month on average for human engineers to come up with a fix and to push the fix out to affected systems
Yes. It takes us 5 seconds to an hour to actually come up with the fix, the remainder of the month is spent in bureaucratic hell - sitting in a trouble ticket queue, sitting in a verification queue, sitting in a QA manager's inbox, sitting with the communications team.
Clearview, if it does what it says on the tin, only addresses the 5 second problem. Any "sane" dev shop would still run the resultant patch through the many cogs and loops of modern software management. You won't get your hole patched any quicker, you'll just have shifted the coders' attention away from your own app's bugs, and onto Clearview's bugs. Net gain: less than zero.
Theoretically and conceptually, it's an interesting tool (you know, like Intercal). It just doesn't really fit in the industry, IMHO.
Re: (Score:2)
Good idea... (Score:2)
sensasionalists ? (Score:4, Informative)
Be skeptical (Score:2, Interesting)
Martin Rinard is a talented man with the largest ego in academia. Of course he is "unabashed"; he's never been "abashed" for a moment in his life. Every research project Rinard has completed has been the one he claimed would scoop and shut down all other computer scientists' efforts. Take any claims he makes with a big grain of salt. It's not that he's a fraud, it's just that history shows he isn't nearly as godlike as he thinks or claims to be.
Posted anonymously because I don't need Rinard as an enemy.
Ridiculous! (Score:2)
What a bunch of crapola.
Finding and fixing bugs, as any programmer knows, is anything but a simple and mechanical procedure.
About all ClearView can do is go "Oh, the stack has been bashed, let's NOP out the call to this code"
Compare this to the amount of work to find and fix an off-by-one error or an unset pointer.
There is no comparison.
Re: (Score:2)
I can image clearview being able to fix some of those problems.
Oh the "stacks been smashed" -> let me I usually see a code that looks like a pointer dereference called and then a fetch of between 5 and 67 bytes
->This time it was 643 bytes!
->I will just stick a jump in there and save off the stack and write some code to copy not more than 67 bytes which from past experience is safe from location A to location B and then put the stack back and set the program counter to the address after the jump I i
oh, I've seen this before somewhere (Score:2)
From TFA:
When something goes wrong, ClearView detects the anomaly and identifies the rules that have been violated. It then comes up with several potential patches designed to force the software to follow the violated rules. (The patches are applied directly to the binary, bypassing the source code.) ClearView analyzes these possibilities to decide which are most likely to work, then installs the top candidates and tests their effectiveness. If additional rules are violated, or if a patch causes the system to crash, ClearView rejects it and tries another.
reminded me of another ingenious software application:
Your life is the sum of a remainder of an unbalanced equation inherent to the programming of the matrix. You are the eventuality of an anomaly, which despite my sincerest efforts I have been unable to eliminate from what is otherwise a harmony of mathematical precision. While it remains a burden to sedulously avoid it, it is not unexpected, and thus not beyond a measure of control. Which has led you, inexorably, here. ... ...
The first matrix I designed was quite
naturally perfect, it was a work of art, flawless,
sublime. A triumph equaled only by its monumental
failure.
she stumbled upon a solution whereby nearly 99.9% of all test subjects accepted the program, as long as they were given a choice, even if they were only aware of the choice at a near unconscious level. While this answer functioned, it was obviously fundamentally flawed, thus creating the otherwise contradictory systemic anomaly, that if left unchecked might threaten the system itself. Ergo, those that refused the program, while a minority, if unchecked, would constitute an escalating probability of disaster.
So, the solution to any program failure is creation of Zion, (the rest of the idea here is left to the imagination of the reader.)
Martin Rinard a prof? (Score:2)
http://en.wikipedia.org/wiki/Rice's_theorem [wikipedia.org]
Can I get my star now?
People this is what we get when people grow up with Windows.
Yea, cause this hasn't been tried before ... (Score:2)
Seriously, why the hell is this news on slashdot?
This certainly isn't a new idea, and it'll meet the same fate as existing ideas, a quick death as someone figures out how to use it to cause more damage than good.
How does it know the difference between intentional and accidental? It doesn't. This is why compilers can't fix programmer bugs, they can at best warn or error on them. The compiler really is the most likely part of the process to find and fix any bugs that can be automagically found in a closed
Occam's Razor (Score:2)
More promising approaches have been tried (Score:2)
There are more promising approaches, mostly involving some form of checkpointing. The idea is that when an error is detected, you go back to the previous checkpoint at which things were going well, determine what input caused the problem, reject that input, and continue forward from there. In some cases, you have a second, different program checking the outputs from the first. This sort of thing has been used in telephony, and Tandem, before HP acquired it, was big on this sort of thing.
The clever thi
Is not a Bug. Is a Feature (Score:2)
"Is not a Bug. Is a Feature"
What can I do If this program starts to delete all my "features"?.
The actual paper. (Score:3, Informative)
Test it on my program, please (Score:2)
Here's the pseudo-code:
begin turings_revenge
this_will_crash = find_errors(turings_revenge)
if (this_will_crash)
then
terminate_gracefully();
else
segfault();
end
end
So, will it crash, or won't it?
Fixing bugs without accessing source code (Score:3, Interesting)
I once filed a bug report to a developer with instructions on how to reproduce it.
He responded with a fix that involved no changes to the source code.
He said, "don't do that."
Re:It's interesting, but software should "expire". (Score:4, Funny)
This doesn't support innovation and improvement, and that's the cornerstone of technology improvement.
Please allow myself to introduce... myself.
Re: (Score:3, Interesting)
Hah, we're a long way from finishing code to do text boxes and buttons.
There are many improvements:
1) Write them to work with opengl
2) Write them to scale properly at any DPI
3) Have them fully themable via CSS style sheets
4) Have them stylable with SVG files
5) Adding multi-touch support
Also, the linux kernel has something like 17 seperate linked list implementations, each doing slightly different things :)
Re:MS will probably kill it (Score:5, Insightful)
If MS included this in Windows, you'd never get to see the login screen because the CPU would be so busy fixing bugs.
Yeah, and if it did happen to work (Score:2)
It would totally wipe out Microsoft's current business model. I think they better wait until they sucker everyone into software rental agreements before this is unleashed on Windows.
.
Re: (Score:2)
And how would it do that? You think MS software has every feature for every situation that will ever exist? Its just the bugs that are the problem?
Re: (Score:2)
If MS included this in Windows, you'd never get to see the login screen because the CPU would be so busy fixing bugs.
This sort of thing plays well to the geek's hive mind. But is it really worth a mod-up to +5, Insightful?
Vulnerability Report: Microsoft Windows 7 - 2009 [secunia.com] There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..
Re:MS will probably kill it (Score:4, Insightful)
Me-thinks someone sounds jealous they did not think of it first.
Re: (Score:2)
If MS included this in Windows, you'd never get to see the login screen because the CPU would be so busy fixing bugs.
If MS included this in windows, it'd be blazing fast, because all those stupid thread lockups would be gone, along with endlessly increasing numbers of file handles. Responsiveness would shoot through the roof, even if ClearView was eating a core or two for breakfast...
But I would prefer to see stuff like this built into compilers, rather than on an end user system. This article described what I thought compilers were supposed to do, before I learned programming. Turns out profiling is actually a rather dum
Re: (Score:2)
Re:MS will probably kill it (Score:5, Informative)
imagine the sheer volume of .CONF files a Linux user would have to waft through just to get this to check a distro for bugs.
Looks like the volume is...zero? I think maybe I don't understand what you mean. Is ".CONF" some sort of Windows-speak for configuration files? If so, then the fact that they're all in /etc (or possibly /usr/etc or /usr/local/etc) and /home should make them very easy to skip.
Re: (Score:2)
By .CONF I'm sure they mean "configuration files which begin with a .". In my home directory there seem to be 80 of the things, and I have no idea what is in more than 2 of them.
Re:MS will probably kill it (Score:5, Funny)
Is this some sort of "out-stereotype the operating system" competition? If so, here is my entry:
If the tool from TFA existed already, Mac users wouldn't notice it until Steve Jobs named it the iPatcher and made some cutesy advertisements with Justin Long wearing an eye patch. At that point they'd proclaim it made their systems invulnerable to bugs in a far superior way than Windows and Linux.
Re: (Score:2)
Re: (Score:2)
Ouch! The dreaded "Offtopic" moderation...perhaps I should elaborate:
Others have already pointed out the "blackhats just got a new weapon" scenario, so I thought another possible (mis)use would be to patch software to which we do not have the source code.