"Cyclone" blows computer bugs out of code
"Cyclone" blows computer bugs out of code
- Subject: "Cyclone" blows computer bugs out of code
- From: "Craig A. Mattocks" <email@hidden>
- Date: Mon, 19 Nov 2001 03:47:56 -0500
Objective Cyclone anyone?
http://www.newscientist.com/news/news.jsp?id=ns99991578
Info and source code at:
http://www.cs.cornell.edu/Projects/cyclone/
"Cyclone" blows computer bugs out of code
15:29, 16 November 2001 - Will Knight
A new computer language designed to avoid unforeseen programming
errors could prevent many computer security breaches, according to
the US researchers behind the project.
The language Cyclone is being created by a team of computer
scientists at Cornell University and AT&T Labs in New York. Cyclone
is a redesigned version of the programming language C, which is
currently used to create many applications for different types of
computers.
Cyclone is designed to make almost impossible the inclusion of major
bugs that force software vendors to release software patches and can
lead to security breaches.
"C is a very powerful language, but you can also hang yourself with
that power," says Graham Hutton, an expert in computer languages at
the University of Nottingham. "They are trying to have the power of
C, but with a few more checks to make it a safer language to use -
that is definitely a good thing."
Gremlin code
The researchers say C programmers can often create code that will
results in a serious bug when the application is fully implemented.
This sort of error is difficult to predict and can cause a program to
crash or perform incorrectly. It may also open the door to computer
hackers.
The Cyclone compiler identifies segments of code that could
eventually cause such problems using a "type-checking engine". This
does not just look for specific strings of code, but analyses the
code's purpose and singles out conflicts known to be potentially
dangerous.
Buffer overrun errors are a particularly common example of this sort
of problem. These involve the incorrect use of memory and can allow
someone to gain access to parts of a program that should be
restricted.
"The idea is to take good security ideas from higher level languages
and implement them at a lower level," says researcher Greg Morrisett,
of Cornell University. "We will typically put in a C application and
the Cyclone compiler will find all sorts of type errors."
The Cyclone compiler will rewrite the code or suggest fixes to avoid
potential bugs. Even if a bug still occurs, the compiled system will
lead the program to halt safely, not crash.
Scale up
The language is written in a very similar way to C, which makes it
possible to rewrite programs already in C with minimum effort. The
researchers have so far used the language to create a simple web
server that, they say, should be immune from the usual bugs.
Morrisett says the key difficulty lies in scaling up to larger
systems written in Cyclone. The big issue, he says, is avoiding
potential bugs while retaining maximum functionality.
"Our ultimate goal is to have something as humongous as the Linux
operating system built in Cyclone," says Morrisett.
On Friday, Morrisett and fellow team members submitted a paper on
Cyclone for the Programming Language Design and Implementation
Conference, which takes place in Germany in June 2002.
--------------------------------------------------------------------
"We all agree that your theory is crazy, but is it crazy enough?"
- Niels Bohr (1885-1962), Nobel physicist, founder of quantum theory
--------------------------------------------------------------------