DARPA MUSE R&D Project
A DARPA MUSE R&D Project is a DARPA R&D Project that seeks to make significant advances in the way software is built, debugged, verified, maintained and understood.
References
2014
- http://www.darpa.mil/Our_Work/I2O/Programs/Mining_and_Understanding_Software_Enclaves_%28MUSE%29.aspx
- As computing devices become more pervasive, the software systems that control them have become increasingly more complex and sophisticated. Consequently, despite the tremendous resources devoted to making software more robust and resilient, ensuring that programs are correct — especially at scale — remains a difficult and challenging endeavor. Unfortunately, uncaught errors triggered during program execution can lead to potentially crippling security violations, unexpected runtime failure or unintended behavior, all of which can have profound negative consequences on economic productivity, reliability of mission-critical systems, and correct operation of important and sensitive cyber infrastructure.
Vulnerabilities manifest when implementations do not conform to design. Determining program correctness thus fundamentally requires a precise understanding of a program’s intended behavior, and a means to convey this understanding unambiguously in a form suitable for automated inspection. Having useful, comprehensible and efficiently checkable program specifications is therefore critical for gaining high assurance and confidence of complex software systems. Often, however, the behaviors exposed by a program's implementation do not match those defined by the program's specification, in large part because the task of writing useful, correct and efficiently checkable specifications is often as hard as the task of writing the implementations that purport to satisfy it.
To help overcome these challenges, DARPA has created the Mining and Understanding Software Enclaves (MUSE) program. MUSE seeks to make significant advances in the way software is built, debugged, verified, maintained and understood. Central to its approach is the creation of a community infrastructure built around a large, diverse and evolving corpus of software drawn from the hundreds of billions of lines of open source code available today.
An integral part of the envisioned infrastructure would be a continuously operational specification mining engine. This engine would leverage deep program analyses and foundational ideas underlying big data analytics to populate and refine a database containing inferences about useful properties, behaviors and vulnerabilities of the program components in the corpus. The collective knowledge gleaned from this effort would facilitate new mechanisms for dramatically improving software reliability, and help develop radically different approaches for automatically constructing and repairing complex software.
Among the many envisioned benefits of the program are scalable automated mechanisms to identify and repair program errors, and specification-based tools to create and synthesize new, custom programs from existing corpus elements based on properties discovered from this mining activity.
The MUSE program is interested in close and continued collaboration of experts from a range of fields, including but not limited to: programming languages, program analysis, theorem proving and verification, testing, compilers, software engineering, machine learning, databases, statisticians, systems and a multitude of application domains. The program intends to emphasize creating and leveraging open source technology.
- As computing devices become more pervasive, the software systems that control them have become increasingly more complex and sophisticated. Consequently, despite the tremendous resources devoted to making software more robust and resilient, ensuring that programs are correct — especially at scale — remains a difficult and challenging endeavor. Unfortunately, uncaught errors triggered during program execution can lead to potentially crippling security violations, unexpected runtime failure or unintended behavior, all of which can have profound negative consequences on economic productivity, reliability of mission-critical systems, and correct operation of important and sensitive cyber infrastructure.