munin at mimisbrunnr.net
Mon Jul 13 20:13:32 UTC 2015
Maybe. From a (slightly) closer reading, I think what they do is they generate “bail-out” cases from the tests that they pull out of the donor applications. The checking they do is “local” I think, so you have high confidence that the local region of code that you paste in is unchanged, but maybe it has further reaching effects?
Questions like these seem out of the scope of what is considered by CodePhage.
For an example of work along this line that didn’t get the press afforded to the CodePhage team, consider this paper: http://www.cs.cmu.edu/~clegoues/docs/legoues-icse09.pdf <http://www.cs.cmu.edu/~clegoues/docs/legoues-icse09.pdf>
The problem is very similar: work from a series of positive and negative test cases to modify a buggy program to be a not-buggy program. This work is at the source code level, though. They use genetic programming and permutations of the source code with expressions substituted from other expressions in the program, if I remember correctly.
Making proving equality of two procedures (pre and post patch) scale is still being actively researched, I think…
> On Jul 13, 2015, at 10:22 AM, Manuel <manuel at acanthephyra.net> wrote:
> On Mon, Jul 13, 2015 at 09:05:16AM -0400, Andrew wrote:
>> Their paper is here:
>> A related paper on a system to automatically find the bugs to repair is
>> here: http://dspace.mit.edu/openaccess-disseminate/1721.1/96155
> Skimming through the paper, it also seems like it could replace parsers that crash on invalid input (and thus fail noisily) with lenient parsers that don't crash when handling those inputs. This may or may not lead to the creation of entirely new states (e.g. a lenient configuration parser that accepts complex, invalid syntax could lead to a runtime configuration that causes crashes later during execution) and by extension vulnerabilities.
> langsec-discuss mailing list
> langsec-discuss at mail.langsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the langsec-discuss