Research & Innovation

New Tools Could Eliminate Computer Bugs with Ironclad Certainty

Stevens research offers 100 percent guarantee that software is free from glitches

Computer screen identifying sections of code with problems

 (Hoboken, N.J. – May 2, 2019)  It’s bad enough losing an hour’s work when your computer crashes – but in settings like healthcare and aviation, software glitches can have far more serious consequences. In one notorious case, a computer bug caused cancer patients to receive lethal overdoses from a radiation therapy machine; in more recent headlines, flawed software was blamed for airplane crashes in Ethiopia and Indonesia. 

Now researchers at Stevens Institute of Technology, in collaboration with Yale University, are developing tools that could make catastrophic computer mishaps far less likely. Led by Eric Koskinen, an assistant professor of computer science at Stevens, the work not only aims to ensure that programs run correctly in specific situations, but also uses algorithms to determine whether it’s logically possible, in any circumstances whatsoever, for software to produce unwanted results. 

“What we’re aiming for is a 100 percent guarantee that you’ll never encounter a bug,” said Koskinen. 

Koskinen’s team, backed by over $2.5 million from the Office of Naval Research, models differences between two versions of a program. That’s useful because programmers often work by building on existing software, rather than writing code from scratch, and bugs can be introduced from one version to the next. This approach is especially valuable for the military, since defense agencies frequently buy software from private contractors, then make changes in-house before deploying them in mission-critical situations. 

 “They need a way to confirm that they’ve made changes correctly in-house, and haven’t introduced new problems,” Koskinen said.

To prove mathematically that a computer program could never have any kind of bug, no matter what circumstances, anticipated or unimagined, Koskinen’s team uses a strategy called temporal logic. Rather than scrutinize individual lines of code to look for syntactic differences, the team, including assistant professor Jun Xu, an expert in binary analysis at Stevens, looks at how a program behaves over time. The idea is to prove that no matter how long the program runs, there is no logical way for it ever to return an unwanted result.  

Modeling a program’s structure and behavior, rather than poring over individual lines of code, is important because the exact same lines of code can have different effects in different contexts, just as lines of code that appear very different can accomplish the same thing. It’s like studying a legal document, Koskinen explains: changing a single word might seem trivial, but can change the whole meaning of the document. Temporal logic helps to model a program’s potential, gaining powerful insights into the program’s real-world capabilities. 

The team’s approach also allows one to eliminate bugs in off-the-shelf commercial software for which the source code is unavailable. Without the source code, the team is left to compare computer programs using the binary version of the source code. “It’s difficult to see if the vulnerability really has been eliminated if you can’t see the source code,” he said. “The techinques we are building will do that: if you have a version of the software that you trust, our techniques will be able to help you spot changes – vulnerabilities in software updates or malware inserted into executable programs – and decide whether to trust the new version.”

Koskinen’s team is also developing a toolkit that other researchers and members of the public will be able to use to test software – and they are scaling up their approach to work with larger programs and more complex glitches.  “These are big issues that plague modern computer systems,” said Koskinen. “These issues will only grow more critical – in fields like healthcare, aviation, autonomous vehicles, and many more – so it’s vital we develop practical techniques to make computer-controlled systems bug-free and safe to use.” 

-- Stevens --

About Stevens Institute of Technology

Stevens Institute of Technology is a premier, private research university situated in Hoboken, New Jersey overlooking the Manhattan skyline. Since our founding in 1870, technological innovation has always been the hallmark and legacy of Stevens’ education and research. Within the university’s three schools and one college, 6,900 undergraduate and graduate students collaborate closely with faculty in an interdisciplinary, student-centric, entrepreneurial environment. Academic and research programs spanning business, computing, engineering, the arts and other fields actively advance the frontiers of science and leverage technology to confront our most pressing global challenges. The university is consistently ranked among the nation’s elite for return on tuition investment, career services and the mid-career salaries of alumni.

Stevens media contact: Thania Benios, 201-216-5003, [email protected]