MIT researchers have developed a new program called CodePhage, which can fix software bugs in a unique manner: by inserting healthy code from other programs.
The system has been developed by MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) and is capable of fixing buggy software without gaining access to the original source code.
By deploying CodePhage, the team of researchers managed to fix errors in seven types of common open source programs. In each scenario, the researchers used functionality that was borrowed from two to four "donor" programs.
The program that has the software bug is the "recipient." When CodePhage is successfully able to detect a bug, the program automatically begins to seek out a fix for the same from a gamut of sources and alternative programs.
To fix a program with bugs, CodePhage needs two types of sample inputs: one that makes the program crash and another that does not. These inputs are run via the donor program.
Upon finding an effective "donor" code, CodePhage patches the same on the "recipient" and tries it out to see if it fits. All this is done without CodePhage accessing the source code. Until the perfect donor or match is found for the "recipient," CodePhage continues to follow the process. The program analysis procedure helps it in discerning how to rectify the buggy software.
With CodePhage at their disposal, developers will be able to decrease the time they spend on writing code checks and will have the ability to insert them automatically into the process instead.
"The longer-term vision is that you never have to write a piece of code that somebody else has written before. The system finds that piece of code and automatically puts it together with whatever pieces of code you need to make your program work," said research team member Martin Rinard.
The researchers are of the belief that fixing bugs in such a manner will make the code secure since hackers look to take advantage of such vulnerabilities to access a system. CodePhage is able to both fix and recognize basic programming errors, such as integer overflows, out of bounds access and divide-by zero issues. The findings have been profiled in Phys.Org.
