Self Repairing Software

Researchers at the Massachusetts Institute of Technology and the University of Washington are developing self repairing software capable of locating and fixing certain types of bugs within minutes of the introduction of the problem. Their current focus is on preventing crashes of web applications, but eventually the researchers hope to expand their scope to develop nearly invulnerable software of all types that will run indefinitely until stopped by a user.
 
A photograph of the first computer 'bug' found in the Mark II Aiken Relay Calculator while it was being tested at Harvard University on September 9, 1945. (Source: U.S. Naval Historical Center Online Library) 
A photograph of the first computer ‘bug’ found in the Mark II Aiken Relay Calculator while it was being tested at Harvard University on September 9, 1945. (Source: U.S. Naval Historical Center Online Library)

Called ClearView, this initial offering works without human intervention or access to source code. Instead it monitors the normal behavior of the binary application and catches deviations from the expected when they occur. The first time a particular problem is encountered, the application is closed down. It then develops several potential fixes, trying each to determine the best fix available. That fix is then applied automatically if the same anomaly is encountered again – without closing the application if possible.

ClearView is particularly effective against malicious attacks, especially those attempting to inject new data into applications. In recent tests, ClearView had a 100% success rate in fending off hackers attempting to hijack a Firefox browser using the 10 most popular attack methods. In seven cases the program was able to create a patch to correct the underlying errors, rejecting corrections that themselves had negative effects on Firefox. The successful patches were applied within five minutes on average. This is a significant improvement over manual patches to similar applications which often take a month or longer to develop, test, and apply to the production site.

There can be drawbacks to this approach. ClearView may not be able to identify patches that subvert the intent of the original application or limit its functionality by rejecting valid content submitted by authorized users. For example, a patch to fix a problem with long URL submission might decide to place a maximum length restriction on URLs and cut off the end of perfectly valid URLs. Those pages found at locations with longer addresses would become inaccessible to users despite housing legitimate and benign content.

TFOT has previously reported on other self repairing technology including a self repairing hollow glass material containing epoxy resin that can be used in aircraft construction, a form of artificial rubber capable of repairing itself after being torn cleanly into two pieces, and polymers that repair surface scratches when exposed to sunlight or other ultraviolet radiation.

Read more about ClearView on Dr. Michael Rinard’s research page at MIT’s Computer Science and Artificial Intelligence Laboratory or in this paper (PDF) describing the approach taken in some detail.