New Method To Detect and Prove GPL Violations

qwerty writes "A paper to be presented at the upcoming academic conference Automated Software Engineering describes a new method to detect code theft and could be used to detect GPL violations in particular. While the co-called birthmarking method is demonstrated for Java, it is general enough to work for other languages as well. The API Benchmark observes the interaction between an application and (dynamic) libraries that are part of the runtime system. This captures the observable behavior of the program and cannot be easily foiled using code obfuscation techniques, as shown in the paper (PDF). Once such a birthmark is captured, it can be searched for in other programs. By capturing the birthmarks from popular open-source frameworks, GPL-violating applications could be identified."

new use of old trick

[toolslive]

I used to be a research assistent, and at university, we used this technique to see if students copied their assignments. They could rename variables, move pieces of text, change comments all the way they liked, but the execution profile stayed the same. We caught a lot of students, and they never figured out how we did it.

No, really

[Plunky]

lets just set the code free. lets not chase it down the street to make sure it stays free, just let it go as it will.

Re:A couple of things....

[TheRaven64]

There is tons of really useful code out there that doesn't make any system or library calls at all. It just takes data, processes it in some way, and hands back the results

Are you sure? You know that read and write are system calls? And that printf, sqrt, exp, etc are all library functions? Even trivial code makes a lot of system calls. A hello world program, in C, on Linux, makes 27 system calls (number from strace).

FSF and Stallman have endorsed permissive licenses

[tepples]

The GPL is really more of a social instrument than a software license, so for people like Stallman a BSD-style license (which is just one step above public domain and true freedom) would be unacceptable.

Not so fast. The GPL FAQ [gnu.org] states that there exist situations where a permissive license is appropriate, in particular short programs [gnu.org] and web site templates [gnu.org]. Mr. Stallman has also endorsed the use of a permissive license for a library designed as the reference implementation of a Free file format that replaces patented file formats [xiph.org].

Re:new use of old trick

[SnowZero]

Well, for the class I TA'ed, it was probably available, just not widely popular yet. Of course, cheaters are usually easy to catch, so even simple systems work pretty well. So, in their attempt to save time and effort, cheaters are often are bad at covering up their tracks. Anything that yields possible hits can be verified by human inspection. Why are almost all cheaters so lazy? Because if they weren't, they'd just do the assignment.

Cheaters in my classes tended to: (1) not correct misspellings or bugs in code (2) cheat with former or current project partners (3) hand in the written portion of the assignments directly stacked on each other, which then get graded immediately following each other.