Microsoft is creating AI bug detectors taught to hunt for bugs and fix them without being trained on data coming from actual bugs. With this, Microsoft researchers are working on a deep learning model trained to look for software bugs through "hide-and-seek" or basically no real-world bugs to learn from.
New Way of Finding and Fixing Code Bugs
Although there are dozens of tools already available for static code analysis in a number of languages to look for security flaws, as per Owasp, researchers are still looking for new techniques using machine learning to help improve the ability to detect and fix flaws.
According to the story by ZDNet, finding and fixing code bugs can be hard and costly despite the help of AI.Researchers Microsoft Research Cambridge, UK, have shared their work on BugLab, a Python implementation of a new approach for self-supervised learning of both bug detection and repair.
No-Training Method with Lack of Real-World Bugs
As per the publication, the ambition for "no training" was actually driven due to the lack of annotated real-world bugs to help train bug-finding deep learning models. While there is still a lot of source code available, most of them are not annotated.
BugLab is currently aiming to find hard-to-detect bugs compared to critical bugs that can easily be found through the traditional program analysis. Their approach promises to avoid the expensive process of manually coding a model to find bugs.
19 Unknown Bugs Found in Python Open-Source Packages
The group says they found 19 unknown bugs in open-source Python packages coming from PyPI as detailed in the Self-Supervised Bug Detection and Repair paper. The paper was presented at the Neural Information Processing Systems 2021 conference.
A principal researcher at Microsoft Research and Marc Brockschmidt, Miltos Allamantis, a senior principal research manager at Microsoft, gave a statement. As per Allamantis, BugLab can be taught in order to find and fix bugs without having to use labeled data through what he called a "hide and seek" game.
BugLab's Approach Towards the Use of AI in Finding Bugs
Going beyond reasoning over a code's structure, the researchers believe that bugs can be found by understanding the ambiguity of natural language hints that software developers often leave in variable names, code comments, and more.
Their BugLab approach uses two competing models. It builds on certain existing self-supervised learning efforts in the field using computer vision, deep learning, and natural language processing or NLP.
The method is said to resemble or is "inspired by" generative adversarial networks or GANs, the neural network that is sometimes used to help create deep fakes. To add, the researchers noted in the paper that in their case, they aim to train a bug detection model without having to use training data coming from real-life bugs.
Related Article: Minecraft Vulnerability Spotted | How to Fix Log4j Bug
This article is owned by Tech Times
Written by Urian B.