Researchers eliminate coding errors by using good code from “donor” apps
The main appeal of open source software is in the fact that its source code can be reviewed by anyone and, theoretically, stealthy backdoors and unintentional errors should be spotted and removed quickly.
In practice, the programmer teams engaged in developing open source software are often small and lack both the time and money to dedicate some of their efforts to constantly auditing the code for vulnerabilities.
A group of MIT researchers has come up with a solution to that problem: a technique for automatically transferring code between systems to eliminate errors.
They call it Code Phage (CP), and have successfully tested it by using seven donor applications to eliminate errors in seven recipient applications. All in all, they eliminated ten errors, and believe the method can be used to eliminate out of bounds access, integer overflow, and divide by zero errors.
“The CP donor analysis operates directly on stripped binaries with no need for source code or symbolic information of any kind. CP can therefore use arbitrary binaries, including closed-source proprietary binaries, as donors for other applications,” the researchers explained.
CP also supports multilingual code transfer between applications written in different programming languages, allows transfer checks between different versions of the same application, can work with any source of seed and error-triggering inputs, and the recipient and donor apps don’t have to implement the same functionality.
“In recent years the increasing scope and volume of software development efforts has produced a broad range of systems with similar or overlapping goals. Together, these systems capture the knowledge and labor of many developers. But each individual system largely reflects the effort of a single team and, like essentially all software systems, still contains errors,” they pointed out.
“The system that implements this technique, CP, makes it possible to automatically harness the combined efforts of multiple potentially independent development efforts to improve them all regardless of the relationships that may or may not exist across development organizations.”
The ultimate goal is to make the creation of reliable and functional software systems more effective.