SAN FRANCISCO -- A university researcher showed off on Saturday an open-source tool that helps programmers dramatically shrink the amount of code they need to audit to find a particular bug.
The tool, known as Delta, uses a brute-force algorithm to break programs up into snippets of code and then tests the program minus a particular piece of code to see if the error still occurs. While an intelligent analysis could find a bug faster, the dumb, brute-force approach is surprisingly effective, Daniel Wilkerson, an analyst-programmer at the University of California at Berkeley, said at the CodeCon conference.
"You could try to do this manually and be more clever about it, but brute force automation wins over cleverness almost every time," he said.
Automated tools to find bugs have become more popular among security researchers. Open-source programs have benefited from static source-code analysis tools, while Microsoft uses its own such expert systems to audit code created by the company's programmers. Network fuzzers, which mangle data packets in an attempt to create exceptions in programs that then can be exploited, have also become popular.
Posted by: Robert Lemos