Presentation is loading. Please wait.

Presentation is loading. Please wait.

Combining Logical and Probabilistic Reasoning in Program Analysis

Published byShana Cummings Modified over 6 years ago

Similar presentations

Presentation on theme: "Combining Logical and Probabilistic Reasoning in Program Analysis"— Presentation transcript:

1 Combining Logical and Probabilistic Reasoning in Program Analysis
Mayur Naik, University of Pennsylvania Thank you. Joint work with: Mukund Raghothaman Xin Zhang Sulekha Kulkarni Xujie Si

2 Conventional Logical Approach
Program Analysis Designing program analyses that work in practice remains as much as art as its science Current approach: Knowledgeable writer designs analyses Also, needs experience. Uses experience to decide what approximations to incorporate. Why approximations? Undecidable problems Properties ill-defined, For example, consider an analysis trying to find races in the program. Many data races are benign and programmers do want them to be reported. Notion of benign is subjective and not well-defined. Most large programs call native code i.e code for which we don’t have source code but only the binaries. These are invisible to analysis tools that operate on source/assembly code. No well defined recipe for choosing approximations. And the guiding principle employed is to choose approximations such that analysis still produces useful results inspite of the inherent imprecision due to the approximations. Dagstuhl 8/29/17

3 Conventional Logical Approach
Program Analysis Approximations Exact solutions impossible to compute Properties impossible to state precisely Missing or opaque program fragments Designing program analyses that work in practice remains as much as art as its science Current approach: Knowledgeable writer designs analyses Also, needs experience. Uses experience to decide what approximations to incorporate. Why approximations? Undecidable problems Properties ill-defined, For example, consider an analysis trying to find races in the program. Many data races are benign and programmers do want them to be reported. Notion of benign is subjective and not well-defined. Most large programs call native code i.e code for which we don’t have source code but only the binaries. These are invisible to analysis tools that operate on source/assembly code. No well defined recipe for choosing approximations. And the guiding principle employed is to choose approximations such that analysis still produces useful results inspite of the inherent imprecision due to the approximations. path(a, a). path(a, c) :- path(a, b), edge(b, c). Dagstuhl 8/29/17

4 Conventional Logical Approach
false alarm! path(1,7) edge(7,2) edge(7,5) path(1,2) path(1,5) edge(2,8) edge(5,8) path(1,8) edge(8,6) path(1,6) edge(1,7) path(1,1) Program Analysis x may be null … int f(A z) { ... x.f = y; } 1 2 3 4 5 6 8 7 path(a, a). path(a, c) :- path(a, b), edge(b, c). - On the other side of current picture, User runs analysis on programs. For large programs, analysis might produce many reports. User needs to analyze the reports and fix the bugs. Problem! Many reports are false alarms. False alarms because approximations. Approximations are necessary but guide the approximations. Much effort wasted leading to user frustration. Stop using tool. Key issue: the writer’s notion of usefulness when choosing approximations did not match the user’s notion Dagstuhl 8/29/17

5 Conventional Logical Approach
Program Analysis “People ignore the tool if more than 30% false positives are reported …” [Coverity, CACM’10] - On the other side of current picture, User runs analysis on programs. For large programs, analysis might produce many reports. User needs to analyze the reports and fix the bugs. Problem! Many reports are false alarms. False alarms because approximations. Approximations are necessary but guide the approximations. Much effort wasted leading to user frustration. Stop using tool. Key issue: the writer’s notion of usefulness when choosing approximations did not match the user’s notion Dagstuhl 8/29/17

6 Our Key Idea Shift decisions about usefulness of results
from analysis writers to analysis users Approximations Program Analysis Feedback Analysis Writer Analysis User - Writer still makes decisions about approximations. User can also give feedback to the analysis tool and guide it towards more acceptable results. Key technical challenges: Allow both writer and user to systematically interact with the system Approach should be smart enough to learn from limited user feedback Dagstuhl 8/29/17

7 Combined Logical and Probabilistic Approach
Program Analysis path(a, c) :- path(a, b), edge(b, c). 2.0 Logic Probability Dagstuhl 8/29/17

8 Combined Logical and Probabilistic Approach
Stochastic Logic Programs (SLP) [Muggleton, 1996] Probabilistic Relational Models (PRM) [Koller, 1999] path(a, c) :- path(a, b), edge(b, c). 2.0 Bayesian Logic (BLOG) [Milch et al., 2005] Logic Probability Markov Logic Network (MLN) [Richardson & Domingos, 2006] Probabilistic Prolog (ProbLog) [De Raedt et al., 2007] Dagstuhl 8/29/17

9 Our Results: Applications, Inference, Learning
Analysis Objective Petablox Nichrome Analysis Instance Weighted Constraints To enable effective learning and inference on the weighted constraints, we have developed multiple solving techniques inside Nichrome. or Dagstuhl 8/29/17

10 Our Results: Applications, Inference, Learning
Analysis Objective Petablox Analysis Instance Objective Addressed Challenge Publication Accuracy in bug-finding User feedback FSE 2015 verification Assertions of interest PLDI 2013 PLDI 2014 Scalability on single program Procedure reuse within a program Automated Verification Abstraction Selection PLDI 2014 Static Bug Detection Alarm Classification FSE 2015 To enable effective learning and inference on the weighted constraints, we have developed multiple solving techniques inside Nichrome. Interactive Verification Alarm Resolution OOPSLA 2017 Dagstuhl 8/29/17

11 Our Results: Applications, Inference, Learning
Insight Solving Technique Publications Sparsity Iterative-lazy SAT 2015 Horn Clauses Proof-guided AAAI 2016 Locality Query-guided POPL 2016 Similarity across instances Incremental CP 2016 Sparsity Iterative-lazy SAT 2015 Horn Clauses Proof-guided AAAI 2016 Locality Query-guided POPL 2016 Similarity across instances Incremental CP 2016 With all these techniques, nichrome can scale learning and inference to large instances containing up to 10^30 clauses that are from domains like … Nichrome Dagstuhl 8/29/17

12 Our Results: Applications, Inference, Learning
Frontend Petablox Analysis Task Adapativity Task Scale to problems containing upto 1030 clauses from domains like software verification, statistical AI, mathematical optimization, and information retrieval Weighted Analysis With all these techniques, nichrome can scale learning and inference to large instances containing up to 10^30 clauses that are from domains like … Backend Nichrome or Dagstuhl 8/29/17

13 Our Results: Applications, Inference, Learning
path(1,7) edge(7,2) edge(7,5) path(1,2) path(1,5) edge(2,8) edge(5,8) path(1,8) edge(8,6) path(1,6) edge(1,7) path(1,1) Is path(1, 6) true in most likely world? What is probability of path(1, 6) being true? Maximum A Posteriori (MAP) Inference Marginal Probability Inference Dagstuhl 8/29/17

14 Our Results: Applications, Inference, Learning
points(a, b) :- addr(a, b). points(a, b) :- copy(a, c), points(c, b). copy(a, b) :- assign(a, b). copy(a, b) :- load(c, a), points(c, b). copy(a, b) :- store(c, b), points(c, a). path(a, c) :- path(a, b), edge(b, c). 2.0 Structure Learning Weight Learning Constraint-Based Synthesis of Datalog Programs, CP ’17. Synthesizing Datalog Programs via Active Learning, 2018. Dagstuhl 8/29/17

15 Empirical Results: Alarm Ranking
Graph size Alarms FP fraction at full rank Tuples Clauses Reported Oracle Random MLN classifier Bayesian ranker Datarace Detection Analysis (28 rules) avrora 25,187 27,135 1,226 641 0.48 0.19 0.05 FTP server 44,182 49,925 549 225 0.59 0.32 0.12 web crawler 7,211 7,856 188 55 0.71 0.33 0.18 Information Flow Analysis (38 rules) App 1 4,421 6,759 352 150 0.57 0.23 App 2 2,661 3,830 212 52 0.75 0.69 0.46 App 3 5,648 9,456 288 32 0.89 0.83 0.58 Dagstuhl 8/29/17

16 Empirical Results: Dataraces, FTP server
Dagstuhl 8/29/17

17 Conclusions Combining logical and probabilistic reasoning in program analysis provides best of both worlds Our approach: extend conventional program analyses by augmenting logical rules with weights => Adopt semantics of models from AI community New solver for accurate and scalable inference and learning by leveraging domain insights Dagstuhl 8/29/17

Download ppt "Combining Logical and Probabilistic Reasoning in Program Analysis"

Similar presentations

Runtime Techniques for Efficient and Reliable Program Execution Harry Xu CS 295 Winter 2012.

Runtime Techniques for Efficient and Reliable Program Execution Harry Xu CS 295 Winter 2012.
The 20th International Conference on Software Engineering and Knowledge Engineering (SEKE2008) Department of Electrical and Computer Engineering

The 20th International Conference on Software Engineering and Knowledge Engineering (SEKE2008) Department of Electrical and Computer Engineering
University of Texas at Austin Machine Learning Group Department of Computer Sciences University of Texas at Austin Discriminative Structure and Parameter.

University of Texas at Austin Machine Learning Group Department of Computer Sciences University of Texas at Austin Discriminative Structure and Parameter.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.

Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.
Programming Abstractions for Approximate Computing Michael Carbin with Sasa Misailovic, Hank Hoffmann, Deokhwan Kim, Stelios Sidiroglou, Martin Rinard.

Programming Abstractions for Approximate Computing Michael Carbin with Sasa Misailovic, Hank Hoffmann, Deokhwan Kim, Stelios Sidiroglou, Martin Rinard.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Ai in game programming it university of copenhagen Statistical Learning Methods Marco Loog.

Ai in game programming it university of copenhagen Statistical Learning Methods Marco Loog.
Approximate Counting via Correlation Decay Pinyan Lu Microsoft Research.

Approximate Counting via Correlation Decay Pinyan Lu Microsoft Research.
CPSC 322, Lecture 26Slide 1 Reasoning Under Uncertainty: Belief Networks Computer Science cpsc322, Lecture 27 (Textbook Chpt 6.3) March, 16, 2009.

CPSC 322, Lecture 26Slide 1 Reasoning Under Uncertainty: Belief Networks Computer Science cpsc322, Lecture 27 (Textbook Chpt 6.3) March, 16, 2009.
CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.

CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.
CPSC 322, Lecture 19Slide 1 Propositional Logic Intro, Syntax Computer Science cpsc322, Lecture 19 (Textbook Chpt 5.0-5.1) February, 23, 2009.

CPSC 322, Lecture 19Slide 1 Propositional Logic Intro, Syntax Computer Science cpsc322, Lecture 19 (Textbook Chpt ) February, 23, 2009.
A Probabilistic Framework for Information Integration and Retrieval on the Semantic Web by Livia Predoiu, Heiner Stuckenschmidt Institute of Computer Science,

A Probabilistic Framework for Information Integration and Retrieval on the Semantic Web by Livia Predoiu, Heiner Stuckenschmidt Institute of Computer Science,
Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.

Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.
CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.

CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.
CSE 574 – Artificial Intelligence II Statistical Relational Learning Instructor: Pedro Domingos.

CSE 574 – Artificial Intelligence II Statistical Relational Learning Instructor: Pedro Domingos.
Overview of program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc05.html.

Overview of program analysis Mooly Sagiv html://
Overview of program analysis Mooly Sagiv html://www.math.tau.ac.il/~msagiv/courses/wcc03.html.

Overview of program analysis Mooly Sagiv html://
Statistical Relational Learning Pedro Domingos Dept. Computer Science & Eng. University of Washington.

Statistical Relational Learning Pedro Domingos Dept. Computer Science & Eng. University of Washington.
Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.

Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.

Similar presentations

Ads by Google