a true positives theorem for a static race detector
play

A True Positives Theorem for a Static Race Detector Presentation by - PowerPoint PPT Presentation

Aug 25, 2022 •346 likes •1.11k views

A True Positives Theorem for a Static Race Detector Presentation by Julia Belyakova and Artem Pelenitsyn For CS 7580 (instructor: Jan Vitek), 10/30/2019 A subset of slides is taken from Ilya Sergeys web page Static Analyses for Program

  1. A True Positives Theorem for a Static Race Detector Presentation by Julia Belyakova and Artem Pelenitsyn For CS 7580 (instructor: Jan Vitek), 10/30/2019 A subset of slides is taken from Ilya Sergey’s web page

  2. Static Analyses 
 for Program Validation 7

  3. The Essence of Static Analysis “abstraction” α C e p program 
 property 
 execution of interest 8

  4. α e 1 p α e 2 9

  5. Static Analysis p 1 e 1 p 2 e 2 concreteSem ( c ) = e 3 e 6 e 4 p 3 e 5 p 4 10

  6. Static Analysis p 1 } “has bugs” e 1 p 2 e 2 } concreteSem ( c ) = e 3 e 6 e 4 p 3 e 5 “correct” p 4 11

  7. Verifier 
 or a 
 Bug Detector? 12

  8. Program Verifier true positive p 1 e 1 false positive p 2 e 2 e 3 e 6 e 4 true negative p 3 e 5 true negative p 4 13

  9. Sound Program Verifier true positive p 1 e 1 false positive p 2 e 2 e 3 e 6 e 4 true negative p 3 e 5 true negative p 4 14

  10. Sound Program Verifier true positive p 1 e 1 false positive p 2 e 2 e 3 e 6 e 4 true negative p 3 e 5 true negative p 4 abstract over-approximation < 15

  11. Sound Program Verifier true positive p 1 e 1 false positive p 2 e 2 e 3 e 6 e 4 true negative p 3 e 5 true negative p 4 abstract over-approximation < 16

  12. Sound Program Verifier true positive p 1 Developer : e 1 Go away, that never happens! false positive p 2 e 2 e 3 e 6 e 4 true negative p 3 e 5 true positive p 4 if (n == VERY_UNLIKELY_VALUE) { bug.explode(); } else { // do nothing } 17

  13. Unsound Program “Verifier” true positive p 1 e 1 false positive p 2 e 2 e 3 e 6 e 4 true negative p 3 e 5 false negative p 4 if (n == VERY_UNLIKELY_VALUE) { bug.explode(); } else { // do nothing } 18

  14. “Sound” Program Verifier true positive p 1 e 1 false positive p 2 e 2 e 3 e 6 e 6 e 4 true negative p 3 e 5 false negative p 4 19

  15. “Sound” Program Verifier true positive p 1 e 1 false positive p 2 e 2 e 3 e 6 e 4 true negative p 3 e 5 concrete under-approximation abstract over-approximation < 20

  16. Sound Static Verifiers • False negatives (bugs missed) are bad • False positives (non-bugs reported) are okay • Constructed as over-approximation ( of under-approximation ) • Soundness Theorem : 
 Under certain assumptions about the programs, the analyser has no false negatives . 21

  17. p 1 } “has bugs” e 1 p 2 e 2 } e 3 e 6 e 4 p 3 e 5 “correct” p 4 22

  18. Static Bug Finder true positive p 1 e 1 false positive p 2 e 2 e 3 e 6 e 4 true negative p 3 e 5 false negative p 4 23

  19. Unsound Static Bug Finder true positive p 1 e 1 false positive p 2 e 2 e 3 e 6 e 4 true negative p 3 e 5 false negative p 4 24

  20. Sound (but imprecise) Static Bug Finder true positive p 1 e 1 false negative p 2 e 2 e 3 e 6 e 4 true negative p 3 e 5 false negative p 4 abstract under-approximation < 25

  21. Loss of Precision in Static Bug Finders if (n != VERY_UNLIKELY_VALUE) { e 2 // bug happens here } else { e 3 // normal execution } Idea: over-approximate in concrete semantics! 26

  22. Sound (but Imprecise) Static Bug Finder true positive p 1 e 1 false negative p 2 e 2 Let’s merge these executions into Let’s consider these two equivalent! one that subsumes both! e 3 e 6 e 4 true negative p 3 e 5 false negative p 4 27

  23. if (*) { // bug happens here } else { true positive p 1 // normal execution } e 1 false negative true positive p 2 p 2 e 2 e 23 overApproxConcreteSem (c) = 1. e 3 e 6 e 4 true negative p 3 e 5 false negative p 4 28

  24. Sound Static Bug Finder if (*) { // bug happens here } else { true positive p 1 // normal execution } e 1 true positive p 2 e 23 overApproxConcreteSem (c) = 1. e 6 e 4 true negative p 3 e 5 false negative p 4 concrete over-approximation abstract under-approximation < 29

  25. Towards Sound Static Bug Finders (this work) • False negatives (bugs missed) are okay • False positives (non-bugs reported) are bad • Constructed as under-approximation of over-approximation • Soundness (True Positives) Theorem : 
 Under certain assumptions about the programs, the analyser has no false positives . 30

  26. A True Positives Theorem 
 for a Static Race Detector Nikos Gorogiannis Peter O’Hearn Ilya Sergey

  27. Key Messages Unsound (and incomplete) static analyses can be principled , satisfying meaningful theorems 
 that help to understand their behaviour and guide their design One can have an unsound but effective static analysis, 
 which has significant industrial impact, 
 and which is supported by a meaningful theorem . 2

  28. Context 1. We had a demonstrably-effective industrial analysis: 
 RacerD (OOPSLA'18); >3k fixes in Facebook Java 2. No soundness theorem 3. Architecture: compositional abstract interpreter 4. No heuristic alarm filtering Just ad hoc? Our reaction: 
 Semantics/theory should understand/explain, not lecture. 5

  29. Case Study: RacerDX • A provably TP-Sound version of Facebook’s RacerD concurrency analyser 
 (Blackshear et al., OOPSLA’18) • Buggy executions: data races in lock-based concurrent programs • Syntactic assumptions : 
 Java programs with well-scoped locking ( synchronised ), no recursion, reflection, dynamic class loading; global variables are ignored. • Concrete over-approximation : 
 Loops and conditionals are non-deterministic. 32

  30. Formal Result RacerDX enjoys the True Positives Theorem wrt . Data Race Detection (Details in the paper) 38

  31. For an Idealized Language Static Analysis with True Positives Theorem* Goal : to build a static analysis s.t. if the analysis reports a bug , it is a true bug 1

  32. True bug can be exhibited The race reported There exists by the analysis an execution of P for program P that exhibits is a true race the race 2

  33. Ingredients program ● execution of the formalism ● race ● analysis ● For an Idealized Language proof ● 3

  34. Ingredients of a data race lock () println(b.f) unlock () path Racy Program: b = new Bloop() u = new Burble() b.f := 42 u.meps(b) || u.reps(b) parallel composition 4

  35. Concurrent program syntax 5

  36. State ● (command, stack, heap, locks) Single-threaded program C : Trace (list of states) ● concrete semantics Concrete semantics ● (set of traces) 6

  37. Concrete semantics of commands 7

  38. Concrete semantics of commands stack heap command # of locks empty trace top stack frame value of var x location pointed by π given stack s & heap h 8

  39. Concrete semantics of compound statements (1) run C , get all its traces (2) take the last state of each trace (4) glue traces of C and c together (3) run c from the last state, get its traces 9

  40. Concrete trace example no lock Stack s0 Initial state: memory location 〈 skip, s0, h0, 0 〉 a p1 Heap h0 [ 〈 lock (), s0, h0, 1 〉 , lock () (p1, f) p2 a.f := 5 〈 a.f:=5, s0, h1, 1 〉 , (p2, _) 666 unlock () 〈 unlock (), s0, h1, 0 〉 ] Heap h1 (p1, f) p2 program execution trace (p2, _) 5 10

  41. State ● Two-threaded c ။ ε or ε ။ c program C 1 ။ C 2 : concrete semantics Trace ● Concrete semantics ● 11

  42. 2-threaded program interleaves single traces (2) interleave all individual traces (full and partial) (1) run components individually 12

  43. Concurrent traces example interleave lock () lock () (taking care of locks) x := 5 x := 777 unlock () unlock () print(1) print(2) lock () ။ ε lock () lock () lock () x := 5 ။ ε x := 5 y := 777 x := 5 unlock () ။ ε unlock () unlock () lock () print(1) ။ ε lock () print(2) … ε ။ lock () y := 777 lock () ε ။ y := 777 … unlock () ε ။ unlock () print(1) ε ။ print(2) 13

  44. Data race means concurrent access to location 14

  45. Data race means concurrent access to location print(1) ။ ε print(1) ။ ε ε ။ print(2) ε ။ print(2) … lock () ။ ε lock () ။ ε a.f := 5 ။ ε ε ။ y := a.f no lock! print(1) print(1) ။ ε lock () print(2) ε ။ print(2) a.f := 5 y := a.f lock () ။ ε unlock () ε ။ y := a.f a.f := 5 ။ ε concurrent Write ။ Read to the same location 15

  46. Can we identify a data race without building the traces? 16

  47. Abstract Semantics Abstract State ● tracks accesses (wobblies, locks, path accesses) to memory locations Abstraction of a set of ● helps identify concrete single -threaded traces true races = 17

  48. Wobblies can evade data races (produce false positives) same path b.f refers to different locations 18

  49. Abstraction keeps track of accesses and wobblies 𝜐 without heap, stack, locks substitution (needed for method calls) (3) mark x & π as wobbly (2) remember access to π (1) abstract the beginning of the trace abstract set of traces using exec discard substitution 19

  50. Why reading is wobbly? same path a.f.n a p1 refers to different locations, so there is no race lock () x := a a.f.n := 5 // a.f.n x.f := new … unlock () y := a.f.n (p1, f) p2 (p2, n) p3 (p1, f) p4 (p2, n) p3 (p4, n) p5 20

  51. Abstract access captures concrete access If a path access is recorded in the abstract state, there is a concrete trace exhibiting the access 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A True Positives Theorem for a Static Race Detector Nikos Gorogiannis Peter OHearn Ilya

A True Positives Theorem for a Static Race Detector Nikos Gorogiannis Peter OHearn Ilya

A True Positives Theorem for a Static Race Detector Nikos Gorogiannis Peter OHearn Ilya Sergey Key Messages Unsound (and incomplete) static analyses can be principled , satisfying meaningful theorems that help to understand their

688 views • 44 slides
Compositional Static Race Detection at Scale, without False Positives Ilya Sergey Joint work

Compositional Static Race Detection at Scale, without False Positives Ilya Sergey Joint work

Compositional Static Race Detection at Scale, without False Positives Ilya Sergey Joint work with Sam Blackshear, Peter OHearn, Nikos Gorogiannis Key Messages Static analyses for concurrency can be made scalable and precise . Unsound

827 views • 80 slides
# of true positives true positive rate = # of known positives (Proportion of actual positives

# of true positives true positive rate = # of known positives (Proportion of actual positives

True positive rate (Sensitivity) # of true positives true positive rate = # of known positives (Proportion of actual positives that are correctly identified) True negative rate (Specificity) # of true negatives true negative rate = # of known

475 views • 24 slides
# of true positives true positive rate = # of known positives (Proportion of actual positives

# of true positives true positive rate = # of known positives (Proportion of actual positives

True positive rate (Sensitivity) # of true positives true positive rate = # of known positives (Proportion of actual positives that are correctly identified) True negative rate (Specificity) # of true negatives true negative rate = # of known

402 views • 18 slides
Washington, DC As of April 8 Total Number Percent Positives All 1523 100 Race Unknown 536

Washington, DC As of April 8 Total Number Percent Positives All 1523 100 Race Unknown 536

2 Washington, DC As of April 8 Total Number Percent Positives All 1523 100 Race Unknown 536 35.2 White 253 16.6 Black/African American 542 35.6 Asian 20 1.3 American Indian/Alaska Native 6 .4 Native Hawaiian Pacific Islander

408 views • 13 slides
Looking Inside a Race Detector kavya @kavya719 data race detection data races when two+

Looking Inside a Race Detector kavya @kavya719 data race detection data races when two+

Looking Inside a Race Detector kavya @kavya719 data race detection data races when two+ threads concurrently access a shared memory location, at least one access is a write. data race // Shared variable R R R var count = 0 W R

691 views • 57 slides
Static Versioning of Global State for Race Condition Detection Steffen Keul Dept. of Programming

Static Versioning of Global State for Race Condition Detection Steffen Keul Dept. of Programming

Introduction Static State Versioning Version Computation Conclusion Static Versioning of Global State for Race Condition Detection Steffen Keul Dept. of Programming Languages and Compilers Institute of Software Technology University of

577 views • 28 slides
Static Analysis and Interactive Theorem Proving - A Match Made in Heaven ? Jael E. Kriener

Static Analysis and Interactive Theorem Proving - A Match Made in Heaven ? Jael E. Kriener

Introduction Static Analysis by Example Interactive Theorem Proving in Coq Bliss? - Not Quite Yet... Static Analysis and Interactive Theorem Proving - A Match Made in Heaven ? Jael E. Kriener University of Kent, Canterbury November 18, 2011

429 views • 25 slides
Static Data Race Detection for SPMD Programs via an Extended Polyhedral Representation Prasanth

Static Data Race Detection for SPMD Programs via an Extended Polyhedral Representation Prasanth

Static Data Race Detection for SPMD Programs via an Extended Polyhedral Representation Prasanth Chatarasi, Jun Shirako, Vivek Sarkar Habanero Extreme Scale Software Research Group Department of Computer Science Rice University 6th

657 views • 37 slides
PointsTo Static Use-After-Free Detector for C/C++ Presented by: Peter Goodman PointsTo detects

PointsTo Static Use-After-Free Detector for C/C++ Presented by: Peter Goodman PointsTo detects

PointsTo Static Use-After-Free Detector for C/C++ Presented by: Peter Goodman PointsTo detects use-after-free bugs Static, whole-program analyzer that finds use-after-free bugs in C/C++ code Implemented in C++ as an LLVM plugin that

591 views • 26 slides
Eraser: A Dynamic Data Race Detector for Multithreaded Programs Review Introduce tool to

Eraser: A Dynamic Data Race Detector for Multithreaded Programs Review Introduce tool to

Eraser: A Dynamic Data Race Detector for Multithreaded Programs Review Introduce tool to help eliminate data races Threads must use mutex locks Finds bugs during dynamic executions Checks shared variables on heap or global vars

275 views • 6 slides
ThreadSanitizer APIs for External Libraries Kuba Mracek, Apple ThreadSanitizer

ThreadSanitizer APIs for External Libraries Kuba Mracek, Apple ThreadSanitizer

ThreadSanitizer APIs for External Libraries Kuba Mracek, Apple ThreadSanitizer ThreadSanitizer Data race detector ThreadSanitizer Data race detector LLVM IR instrumentation: ThreadSanitizer Data race detector LLVM

706 views • 47 slides
Proof: The theorem is proven using this scheme: a. j. Definition of invertible. j. d.

Proof: The theorem is proven using this scheme: a. j. Definition of invertible. j. d.

2.3 Characterizations of Invertible Matrices Theorem 8 (The Invertible Matrix Theorem) Let A be a square n n matrix. The the following statements are equivalent (i.e., for a given A , they are either all true or all false). a. A is an invertible

223 views • 4 slides
Static Analysis of Race-Free Interrupt-Driven Programs Deepak DSouza Department of Computer

Static Analysis of Race-Free Interrupt-Driven Programs Deepak DSouza Department of Computer

Data Flow Analysis Concurrent Programs Race-Free Programs Sync-CFG Analysis Analysis Static Analysis of Race-Free Interrupt-Driven Programs Deepak DSouza Department of Computer Science and Automation Indian Institute of Science,

981 views • 47 slides
Detecting Data Races in Multi-Threaded Programs Eraser A Dynamic Data-Race Detector for

Detecting Data Races in Multi-Threaded Programs Eraser A Dynamic Data-Race Detector for

Detecting Data Races in Multi-Threaded Programs Eraser A Dynamic Data-Race Detector for Multi-Threaded Programs MultiRace An Efficient On-the-Fly Data-Race Detection Tool for Multi-Threaded C++ Programs John C. Linford Slide 1 / 31 Key

606 views • 31 slides
LLOV : A Fast Static Data-Race Checker for OpenMP Programs Utpal Bora PhD Student Computer

LLOV : A Fast Static Data-Race Checker for OpenMP Programs Utpal Bora PhD Student Computer

LLOV : A Fast Static Data-Race Checker for OpenMP Programs Utpal Bora PhD Student Computer Science and Engineering IIT Hyderabad, India February 23, 2020 Bora, Utpal (IITH) LLVM-Performance@CGO20 1 / 29 Table of Contents Motivation for

888 views • 60 slides
Money that is paid in order to free someone who has been captured or kidnapped. -Merriam-Webster

Money that is paid in order to free someone who has been captured or kidnapped. -Merriam-Webster

Ransom : Money that is paid in order to free someone who has been captured or kidnapped. -Merriam-Webster Ransomware : A malware designed to block access to a computer system, files, screen, disk or etc. until the requested amount of money is

338 views • 17 slides
The presentation will start shortly COVID-19 Health Care Provider Briefing Middlesex and London

The presentation will start shortly COVID-19 Health Care Provider Briefing Middlesex and London

The presentation will start shortly COVID-19 Health Care Provider Briefing Middlesex and London Region April 24, 2020 Welcome Presenter: Dr. Alex Summers Associate Medical Officer of Health Middlesex-London Health Unit Surveillance Report

541 views • 18 slides
Bloom Filters References A. Broder and M. Mitzenmacher, Network applications of Bloom A.

Bloom Filters References A. Broder and M. Mitzenmacher, Network applications of Bloom A.

2/16/2017 Bloom Filters References A. Broder and M. Mitzenmacher, Network applications of Bloom A. Broder and M. Mitzenmacher, Network applications of Bloom filters: A survey, Internet Mathematics , vol. 1 no. 4, pp. 485-509, 2004. Li

532 views • 22 slides
Introduction to Static Analysis for Assurance John Rushby Computer Science Laboratory SRI

Introduction to Static Analysis for Assurance John Rushby Computer Science Laboratory SRI

Introduction to Static Analysis for Assurance John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby Static Analysis for Assurance: 1 Overview What is static analysis? Examples of some techniques

732 views • 34 slides
Chapter 3: Performance Measures in Classification Dr. Xudong Liu Assistant Professor School of

Chapter 3: Performance Measures in Classification Dr. Xudong Liu Assistant Professor School of

Chapter 3: Performance Measures in Classification Dr. Xudong Liu Assistant Professor School of Computing University of North Florida Monday, 9/16/2019 1 / 8 Confusion Matrix Each row in a confusion matrix represents an actual class. Each

280 views • 8 slides
Multiple Tests Reality Null is True Null is False (No effect/relation) (Effect/relation

Multiple Tests Reality Null is True Null is False (No effect/relation) (Effect/relation

EDUC 7610 Chapter 11 Multiple Tests Reality Null is True Null is False (No effect/relation) (Effect/relation exists) Null is True Type II Error Correct Decision (Fail to Reject Null) (false negative) Null is False Type I Error

544 views • 12 slides
Modeling filter configuration Tyler Moore Computer Science &amp; Engineering Department, SMU,

Modeling filter configuration Tyler Moore Computer Science &amp; Engineering Department, SMU,

Notes Modeling filter configuration Tyler Moore Computer Science &amp; Engineering Department, SMU, Dallas, TX CSE 5/7338 Lecture 9 ROC curves Optimal filter configuration An economic model of optimal filter configuration Notes

236 views • 5 slides
Optimal Personalized Filtering Against Spear-Phishing Attacks Aron Laszka, Yevgeniy

Optimal Personalized Filtering Against Spear-Phishing Attacks Aron Laszka, Yevgeniy

Optimal Personalized Filtering Against Spear-Phishing Attacks Aron Laszka, Yevgeniy Vorobeychik, and Xenofon Koutsoukos Institute for Software Integrated Systems Department of Electrical Engineering and Computer Science Malicious E-Mails

315 views • 14 slides

More recommend