Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Software Bug Science Technology

Fixing Bugs, But Bypassing the Source Code 234

Posted by timothy from the wrapping-puzzles-in-enigmas dept.
shreshtha contributes this snippet from MIT's Technology Review: "Martin Rinard, a professor of computer science at MIT, is unabashed about the ultimate goal of his group's research: 'delivering an immortal, invulnerable program.' In work presented this month at the ACM Symposium on Operating Systems Principles in Big Sky, MT, his group has developed software that can find and fix certain types of software bugs within a matter of minutes." Interestingly, this software doesn't need access to the source code of the target program.
This discussion has been archived. No new comments can be posted.

Fixing Bugs, But Bypassing the Source Code More

Fixing Bugs, But Bypassing the Source Code

Comments Filter:

  • Misleading Slashdot summary, as usual (Score:2, Informative)

    by Anonymous Coward on Thursday October 29, 2009 @07:13PM (#29918131)

    It checks a bunch of identical machines for a set of know bugs, then applies a bunch of predermined patches until one works.

    That's nice, but not what was promised.

  • Re:Misleading Slashdot summary, as usual (Score:2, Informative)

    by Meshach ( 578918 ) on Thursday October 29, 2009 @07:48PM (#29918457)
    The program does not really "fix software bugs" at all. What it does is notice if a program starts taking an abnormal code path. The "normality" of a path is based on how the program operates. If a program starts taking an abnormal path then it is terminated.

    This is good in preventing an attack or code injection. But as far as bug fixing nothing could be further from the truth. Some developer still needs to look at the assembly generated to identify the bad path taken, find that place in the code, figure out how the program got there, apply a fix, test the fix, then deploy the new application. If anything this is a QA tool for software to avoid attacks.

    A valuable tool for exposing bugs. Bug as far as actually improving software I do not see it.

  • Re:No Silver Bullet (Score:3, Informative)

    by Yold ( 473518 ) on Thursday October 29, 2009 @08:00PM (#29918559)

    I'd also point out, that from an Automata Theory standpoint, "The task of software verification is not solvable by a computer" (MIT's own Sipser).

  • sensasionalists ? (Score:4, Informative)

    by cameigons ( 1617181 ) on Thursday October 29, 2009 @08:14PM (#29918749)
    I'm sick of the stupid headlines I've been reading about the so called projects of MIT students lately... I mean, clearly an 'immortal invulnerable program' is impossible at least for practical purposes by definition(they're dependent on the underlying OS, on other softwares and last but not least on the hardware integrity). Other recent headlines about their CS students claiming to be able to tell who's gay based on their facebook friends.... pff omg, when did it all get so preposterous. Why aren't they more honest about the reach of their ambitions. If you take these teachers words to the letter it seems like they don't know what's theoretically sound and what isn't...

  • Re:MS will probably kill it (Score:5, Informative)

    by Xtifr ( 1323 ) on Thursday October 29, 2009 @08:35PM (#29919005) Homepage

    imagine the sheer volume of .CONF files a Linux user would have to waft through just to get this to check a distro for bugs.

    501:~ $ locate .CONF
    502:~ $

    Looks like the volume is...zero? I think maybe I don't understand what you mean. Is ".CONF" some sort of Windows-speak for configuration files? If so, then the fact that they're all in /etc (or possibly /usr/etc or /usr/local/etc) and /home should make them very easy to skip.

  • Re:Misleading Slashdot summary, as usual (Score:1, Informative)

    by Anonymous Coward on Thursday October 29, 2009 @08:56PM (#29919203)

    Either you didn't read the article, or you have a massive reading comprehension problem. Clearview actually creates patches to fix problems that it identifies. Note the following passage from the article:

    "For seven of the attacking team's approaches, ClearView created patches that corrected the underlying errors. In all cases, it discarded corrections that had negative side effects. On average, ClearView came up with a successful patch within about five minutes of its first exposure to an attack."

  • Re:Misleading Slashdot summary, as usual (Score:1, Informative)

    by Anonymous Coward on Thursday October 29, 2009 @09:16PM (#29919363)

    You should re-read the article, and specifically the following passage:

    "For seven of the attacking team's approaches, ClearView created patches that corrected the underlying errors. In all cases, it discarded corrections that had negative side effects. On average, ClearView came up with a successful patch within about five minutes of its first exposure to an attack."

    So it does indeed fix bugs, contrary to your claim.

  • That's a first post of sorts. (Score:1, Informative)

    by Anonymous Coward on Friday October 30, 2009 @01:00AM (#29920747)

    First nigger post I've ever seen here that got modded "Funny."

    The mods must be the sense-of-humor group today.

    If the moderation changes later, I swear, it was "Score:0, Funny" when I posted this.

  • The actual paper. (Score:3, Informative)

    by ROBOKATZ ( 211768 ) on Friday October 30, 2009 @08:13AM (#29922339)
    It might help to read the actual paper [mit.edu] instead of some hand-waving article.

  • Re:How about (Score:3, Informative)

    by Abstrackt ( 609015 ) on Friday October 30, 2009 @12:30PM (#29925371)

    Now that the whole Chuck Norris phase has kinda spun down does anyone see Bruce Schneier picking up the mantel? At least in geek culture / IT? I think it would be hilarious.

    Ask and ye shall receive [schneierfacts.com].

Slashdot Top Deals

Disclaimer: "These opinions are my own, though for a small fee they be yours too." -- Dave Haynie

Close