Google Uses AI to Automatically Fix 15% of Bugs
Google Security Engineering team demonstrated how AI can revolutionize software debugging and patching workflows.
Problem Addressed: Manually fixing sanitizer bugs like memory corruption and thread issues is time-intensive and prone to human error. Automating bug fixes for software vulnerabilities detected by sanitizers in languages like C/C++, Java, and Go. Google developed an AI-powered patching pipeline using Large Language Models (LLMs) for automating bug fixes.
Google's AI-powered patching pipeline leverages a structured five-step process to automate bug fixing effectively.
Detect vulnerabilities: The pipeline identifies sanitizer bugs (errors like memory corruption or thread issues) and reliably reproduces them to ensure they are actionable.
Isolate bugs: It narrows the focus to the problemetic code section, enabling precise prompts for Large Language Models (LLMs).
Generate fixes with AI: Using an LLM, such as Google's Gemini, it crafts accurate code patches tailored to the problem.
Test proposed fixes: The pipeline automates the creation of commits from the generated patches, integrating them into the codebase and running extensive automated tests.
Human review: Even after passing all tests, the machine-generated patches undergo rigorous review by developers to ensure safety and functionality.
Observations:
The system scales across large codebases, improving efficiency in handling bugs.
This model can help fixing all kind of bugs not just sanitizer bugs.
All patches undergo rigorous testing to ensure reliability before deployment.
Automated the fixing of 15% of sanitizer bugs, translating to hundreds of successful patches.
Fixes generated by AI are subject to human review, enhancing accuracy.
Faster patching reduces security risks, minimizing exposure to exploits.
Reference: https://storage.googleapis.com/gweb-research2023-media/pubtools/7563.pdf
