New tools from Microsoft Research help developers write bug-free code, faster
We love putting innovation into the hands of others—whether it’s public institutions, medical researchers, media companies or business leaders. But, the people we get most excited to empower with innovation are developers. Developers can make a difference in every industry domain and they can help solve society’s most pressing challenges. As we used to say in the Developer Division, “The world runs on software,” and developers are behind its code.
Let’s be clear, being a developer today isn’t getting any easier. The pressure is on like never before for developers to write error-free code at a rapid pace. The technologies we’re using and the solutions we’re building have become more complex, making bugs harder to find and longer to fix.
This week at Microsoft Build, the Microsoft Research team shares some of its projects that can help relieve the mounting pressure on developers. Here’s a list of those projects, all available as open source so developers can start using them right away.
Automation to the rescue
These Microsoft Research developments in testing, proof-oriented programming and natural language can help developers reach bug-free code faster. Each project automates developer tasks in different ways, making it easier to find and fix bugs, increase correctness or even stop errors from happening in the first place.
Find concurrency bugs faster with Project Coyote
Pantazis Deligiannis, Akash Lal and their colleagues at Microsoft Research India and Redmond are making it easier to debug concurrent systems with Project Coyote. Project Coyote is a .NET library and tool for unit-testing concurrent programs.
Project Coyote goes beyond stress testing by allowing developers to control task executions as well as other sources of nondeterminism such as message ordering, failures and timers. By embracing concurrency with Project Coyote, developers can count on finding those “impossible to find bugs” that they could not find otherwise. The tool has built-in search algorithms developed over years of research that help find bugs fast. It also remembers all the test paths taken. So, when a bug is found, the path can be fully reproduced every time. This automation saves developers time and makes concurrent systems more reliable. Project Coyote is being used by several teams in Azure for testing their services, reporting much fewer bugs in production as well as faster code velocity because of the confidence derived from robust testing.
Check out the Tech Minutes: Project Coyote video to get started.
Keep the cloud bug free by fuzzing REST APIs with RESTler
We’re also improving code correctness in our cloud by using RESTler, the first stateful REST API fuzzer brought to life by Microsoft Partner Researcher Patrice Godefroid and Microsoft Engineer Marina Polishchuk. Fuzzing, the automated method that uses unexpected data inputs to find system errors like crashes, is essential when working with REST APIs in critical cloud systems. Yet, REST APIs can be very complex and vulnerable to bugs.
The RESTler tool takes as input an OpenAPI specification of a REST API and then automatically creates and executes tests, without any prerecorded API traffic, to find bugs in the cloud services behind that REST API. This is done by using two components, a compiler and a test engine, that work together to generate and execute tests. Fuzzing with RESTler is already being adopted by Microsoft engineers working on cloud-based products like Azure, Office 365 and Bing services and it’s helping them find bugs in their systems.
Explore the interactive Tech Minutes: RESTler video to learn more.
Find assurance with mathematical proofs through Project Everest
Going beyond fuzzing, Nik Swamy and his colleagues at Microsoft Research work in advancing the science of proof-oriented programming with Project Everest. Their goal is to offer assurance about a piece of software—that it correctly computes its results, never leaks secrets and never crashes—by introducing mathematical proofs. Project Everest produces verified cryptographic routines, parsers and protocols that are deployed in production settings with strong correctness and security guarantees and great performance.
Just to give you an idea of the scale of this approach to code verification, Project Everest’s codebase is greater than 600,000 lines of code. And at every push, researchers verify that this chunk of code is correct and secure. At the heart of Project Everest, there is a new programming language called F*, which allows developers to write programs and proofs together. Focusing on specific high-value domains, the researchers have built tools to automatically produce software with proofs. For example, the EverParse tool automatically produces correct and secure parsers of low-level binary formats which can be used to ensure that software correctly handles potentially malicious attacker-provided input.
Go to the Tech Minutes: Project Everest video for an F* and EverParse demo.
Reduce bugs in the first place with AI from CodeBERT
While the other tools coming from Microsoft Research focus on finding and fixing bugs, Nan Duan, research manager at Microsoft Research Asia, and his team are thinking about how mistakes can be prevented in the first place. They are working in the field of Code Intelligence, which leverages AI to help software developers by developing large-scale pretrained models for code and natural language.
A recent system the team has developed is called CodeBERT. It supports code-code, code-text, text-code and text-text transformations in six programming languages. With CodeBERT, developers can use code completion systems when questioning what to write next. If they come across an unfamiliar piece of code, they can access code summarization to see a natural language description of what the code actually does. CodeBERT also has code search systems that developers can use to locate code written by others with the same intent by using natural language queries. Finally, CodeBERT has the power to translate technical documentation into dozens of languages automatically.
Discover what it’s all about in this Tech Minutes: CodeBERT video.
Learn more about Microsoft Research developments
Microsoft Research is committed to helping developers and shaping the future of programming. All these projects are open source so that developers can try them in their own projects.
Beyond these projects, researchers at Microsoft are working on a wide range of computer science challenges—studying developer productivity, creating powerful new testing tools, applying the latest advances in AI and even inventing new programming languages. Visit our Research Collection to learn more about how research is contributing to the developer toolchain ecosystem.
Learn more about these projects from the researchers who came together for a panel discussion at Microsoft Build: Microsoft Research Unplugged – Developer edition.