Google Uses AI to Automatically Fix 15% of Bugs

Google Security Engineering team demonstrated how AI can revolutionize software debugging and patching workflows.

Problem Addressed: Manually fixing sanitizer bugs like memory corruption and thread issues is time-intensive and prone to human error. Automating bug fixes for software vulnerabilities detected by sanitizers in languages like C/C++, Java, and Go. Google developed an AI-powered patching pipeline using Large Language Models (LLMs) for automating bug fixes.

Google's AI-powered patching pipeline leverages a structured five-step process to automate bug fixing effectively.

1. Detect vulnerabilities: The pipeline identifies sanitizer bugs (errors like memory corruption or thread issues) and reliably reproduces them to ensure they are actionable.

2. Isolate bugs: It narrows the focus to the problemetic code section, enabling precise prompts for Large Language Models (LLMs).

3. Generate fixes with AI: Using an LLM, such as Google's Gemini, it crafts accurate code patches tailored to the problem.

4. Test proposed fixes: The pipeline automates the creation of commits from the generated patches, integrating them into the codebase and running extensive automated tests.

5. Human review: Even after passing all tests, the machine-generated patches undergo rigorous review by developers to ensure safety and functionality.

Observations:

• The system scales across large codebases, improving efficiency in handling bugs.

• This model can help fixing all kind of bugs not just sanitizer bugs.

• All patches undergo rigorous testing to ensure reliability before deployment.

• Automated the fixing of 15% of sanitizer bugs, translating to hundreds of successful patches.

• Fixes generated by AI are subject to human review, enhancing accuracy.

• Faster patching reduces security risks, minimizing exposure to exploits.

Reference: https://storage.googleapis.com/gweb-research2023-media/pubtools/7563.pdf