This specification relates to automatic correction of program logic.
Security continues to be a critical issue for applications. Despite enhancements to program robustness, the number of vulnerabilities due to errors in program logic in critical applications (such as browsers) continues to rise.
Errors in program logic, or “semantic errors,” are distinct from structural errors in a program. Structural errors can result in violations of the program's basic structure. For example, overwriting a heap or stack buffer is a structural error. Various approaches have been proposed for automatically detecting such structural errors, for instance, without reference to the program's specification. Referencing the program's specification is not necessary to detect structural errors because such errors (e.g., writing off the end of a buffer) are not program specific. Attacks that take advantage of structural errors can also often be ameliorated by changes to the program (such as address randomization) that do not change the program's semantics. Attacks enabled by semantic errors cannot be eliminated by modifications that maintain program semantics.
Although a fair amount of work has been done on structural errors (e.g., program shepherding, address randomization, stack guards, etc), semantic errors, by contrast, have seen less attention. Such errors can be more difficult to address because information about the intended operation of the program is not generally explicitly available. A technical problem exists that programs with semantic errors have an implementation that does not match the intended program specification and may permit behavior that was not intended by the programmer. In some situations, such semantic errors may be exploited by malicious parties, for example, to gain access to a computer.