While Sun is just beginning to explore advanced software-development tools, programmers at Microsoft have already come to depend on them. To get a handle on bugs in its Windows 2000 operating system, Microsoft paid more than $60 million in 1999 to acquire Intrinsa, maker of a bug-finding tool called Prefix. The program, which sifts through huge swaths of code searching for patterns that match a defined list of common semantic errors, helped find thousands of mistakes in Windows and other Microsoft products. But Prefix is slow and processor-intensive, requiring days of server time to analyze all of Windows. And because the bugs on its blacklist are “hard-wired,” the program has to be rewritten before it can find new types of errors, says Microsoft’s Larus.To solve those problems, Microsoft is developing a new flexible version of the program. Like Sun’s analysis engine, the Microsoft technology runs on programmers’ desktops and transforms code into abstract structures that can be examined for trouble spots. But the program also allows the thousands of Microsoft programmers to create their own plug-ins that search for errors specific to the type of software being written. Although Microsoft is still refining its program, the company is already considering sharing the tool with companies that make programs for Windows.
And one step beyond these solutions is an experimental bug-finding tool called Slam, which is designed to catch every last deviation from a general programming rule. For instance, whenever programmers have put software “locks” on data to prevent interference while a certain section of their code is using the data, they should make sure to remove the locks before other sections of code take over. Slam can explore every conceivable path in a program’s execution to make sure this happens. Slam is “complete,” says Larus. “If it doesn’t find this error, you know there aren’t any.”
Not all the ideas being pursued are technological. Some simply aim to get people together to solve problems. Two years ago IBM contributed $40 million to launch Eclipse, a nonprofit network of open-source software writers who are cooperating on the creation of a highly integrated development environment with built-in tools for creating software that runs on almost any operating system.
The essence of the project, says Eclipse board of directors chairman Skip McGaughey, is its democratic, open-source design process. “The general feeling,” he says, “is that when the design stage is done in the open with many, many people participating, the odds of getting a design right are orders of magnitude better.”
There’s no way of knowing whether a more democratic engineering culture or the sophisticated debugging solutions now under investigation by software companies might have helped programmers catch the kind of oversight the Slammer worm exploited. But as code analysis technology itself grows more powerful, the payoff should be more reliable software for everyone. Says Microsoft’s Larus, “I believe the only way we’re going to get software to be acceptably better is to apply better tools to it.”