in increasing soundness and precision
play

In Increasing Soundness and Precision of Static Analyzers Anders - PowerPoint PPT Presentation

Dec 03, 2022 •349 likes •530 views

Systematic Approaches for In Increasing Soundness and Precision of Static Analyzers Anders Mller Aarhus University Joint work with Esben Sparre Andreasen and Benjamin Barslev Nielsen C ENTER FOR A DVANCED S OFTWARE A NALYSIS

  1. Systematic Approaches for In Increasing Soundness and Precision of Static Analyzers Anders Møller Aarhus University Joint work with Esben Sparre Andreasen and Benjamin Barslev Nielsen Π C ENTER FOR A DVANCED S OFTWARE A NALYSIS http://casa.au.dk/

  2. Some lessons learned from developing a static analyzer for JavaScript • How to detect soundness bugs that matter? • How to isolate precision bottlenecks? … in a large static analyzer for a complex language and a massive platform API

  3. Soundness and precision in static analysis the set of reachable states as approximated by a static analysis the set of reachable states of a given program When analyzing JavaScript programs: unsoundness precision loss imprecise ⇒ slow 3

  4. Outline • Soundness testing • Blended analysis 1 • Delta debugging 2 (or, cause reduction ) • Combining the techniques 1) Dufour, Ryder, and Sevitsky, Blended Analysis for Performance Understanding of Framework-Based Applications , ISSTA’07 2) Zeller and Hildebrandt, Simplifying and Isolating Failure-Inducing Input , STE 2002 4

  5. Soundness testing Provably sound • sound with respect to all concrete executions • infeasible for an analyzer as complex as TAJS vs. Probably sound • sound with respect to a finite set of concrete executions • very easy to test • over 1 million soundness checks in TAJS’s test suite 5

  6. Soundness testing – example A JavaScript program: A value log from an execution: 6

  7. Artificially increasing precision with blended analysis Filter abstract values based on concrete values: Dufour, Ryder, and Sevitsky, Blended Analysis for Performance Understanding of Framework-Based Applications , ISSTA’07

  8. Delta debugging Systematically minimizes input while preserving a target behavior Typical inputs: Programs to analyze Minimized input JavaScript program satisfying the predicate 1 (hopefully with the same cause Some predicate as the original program) 1) https://github.com/wala/jsdelta 8

  9. Delta debugging – precision example Limitations: • Generally only finds one problem at a time • May introduce spurious behaviors underscore.js 1548 lines 1 Analysis times out after 3 minutes (“unanalyzable”) 8 lines! 1) https://github.com/wala/jsdelta 9

  10. Combining the techniques ① Soundness testing + delta debugging ② Blended analysis + delta debugging ③ Soundness testing + blended analysis ④ Soundness testing + blended analysis + delta debugging 10

  11. ① Soundness testing + delta debugging Debugging is easier when there Goal: Isolate a soundness bug is only one soundness test failing Program to analyze Minimized unsound program Analysis result is unsound 11

  12. ② Blended analysis + delta debugging Goal: find precision bottlenecks Idea: bottlenecks are program locations that benefit from blended analysis – what is the minimal set of such locations? All locations in program to analyze Minimized set of locations satisfying predicate Program analyzable Why better than reducing the program? in 3 minutes? • Finds all the critical locations in the program • Avoids spurious behaviors introduced by delta debugger 12

  13. Example: finding precision bottlenecks critical that name is not “any string” critical that func is not any function from obj Useful information for analysis designers! Tells us where we need to improve the analysis abstractions 13

  14. ③ Soundness testing + blended analysis Soundness testing is possible even with unanalyzable programs! (where “unanalyzable” means “cannot be analyzed within 3 minutes”) Blended analysis does not affect the soundness tests when using the same concrete executions Our model of Symbol was inadequate 14

  15. ④ Soundness testing + blended analysis + delta debugging Automatically find a minimal unsound program from an unanalyzable program: 15

  16. Recommendations to static analysis developers 1. Implement a dynamic analysis to record value logs from concrete executions 2. Use soundness testing systematically – When soundness bugs are detected, use delta debugging 3. When critical precision problems appear, use blended analysis – Use delta debugging to find the critical program locations 4. Soundness bugs can be found, even with programs that are unanalyzable due to insufficient precision 16

  17. A workflow for static analysis developers Can be automated! 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ON THE COST OF TYPE-TAG SOUNDNESS Ben Greenman Zeina Migeed ON THE COST OF TYPE-TAG SOUNDNESS

ON THE COST OF TYPE-TAG SOUNDNESS Ben Greenman Zeina Migeed ON THE COST OF TYPE-TAG SOUNDNESS

ON THE COST OF TYPE-TAG SOUNDNESS Ben Greenman Zeina Migeed ON THE COST OF TYPE-TAG SOUNDNESS 1. Tag soundness 2. Performance cost of soundness 3. Evaluation method 4. Conclusions TYPE-TAG SOUNDNESS Type Soundness e : If

1.28k views • 64 slides
On 1 -soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and L Jian Department of

On 1 -soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and L Jian Department of

On 1 -soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and L Jian Department of Computer Science Nanjing University luping@ics.nju.edu.cn, myou@ics.nju.edu.cn Contents Introduction to Workflow Nets Basic Properties of Workflow

558 views • 27 slides
EASAC Position on Genome Editing The increasing precision now possible in plant breeding

EASAC Position on Genome Editing The increasing precision now possible in plant breeding

EASAC Position on Genome Editing The increasing precision now possible in plant breeding represents a big improvement compared with conventional breeding approaches relying on random, uncontrolled chemical- or radiation-induced mutagenesis

347 views • 12 slides
Columbia-Suicide Severity Rating Scale (C-SSRS) Increasing Precision, Improving Care Delivery and

Columbia-Suicide Severity Rating Scale (C-SSRS) Increasing Precision, Improving Care Delivery and

On the Road to Prevention: Identification & Triage Using the Columbia-Suicide Severity Rating Scale (C-SSRS) Increasing Precision, Improving Care Delivery and Redirecting Scarce Resources Administration Training Posner, K.; Brent, D.;

1.01k views • 56 slides
The Modal Logic K Contents 1 Soundness and Completeness; Decidability 1 1.1 Soundness . . . .

The Modal Logic K Contents 1 Soundness and Completeness; Decidability 1 1.1 Soundness . . . .

The Modal Logic K Contents 1 Soundness and Completeness; Decidability 1 1.1 Soundness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Completeness: Proof idea . . . . . . . . . . . . . . . . . . . . . . 2 2

361 views • 3 slides
VLVK EHF. VLVK EHF. Precision machining Precision machining Professional precision for

VLVK EHF. VLVK EHF. Precision machining Precision machining Professional precision for

VLVK EHF. VLVK EHF. Precision machining Precision machining Professional precision for 26 years From the start Vlvk was established in 1988 By Danel Gumundsson One person working for the first year (DG) Magns

564 views • 9 slides
1 2 3 4 Key messages Technological development is key in maintaining or increasing yields

1 2 3 4 Key messages Technological development is key in maintaining or increasing yields

Potato Jan Verhagen 1 2 3 4 Key messages Technological development is key in maintaining or increasing yields (responsive management, breeding, biotech) and in achieving mitigation goals (N-management, precision agriculture). Technology

190 views • 5 slides
Mixed Precision Training PAI Overview What is mixed-precision

Mixed Precision Training PAI Overview What is mixed-precision

Mixed Precision Training PAI Overview What is mixed-precision & Why mixed-precision How mixed-precision Mixed-precision tools on PAI-tensorflow Experimental results 1 What is mixed-precision

1.38k views • 45 slides
AM P A R CudA Multiple Precision ARithmetic librarY When do we need more precision?

AM P A R CudA Multiple Precision ARithmetic librarY When do we need more precision?

CAMPARY CudA Multiple Precision ARithmetic librarY Valentina Popescu Joined work with: Mioara Joldes, Jean-Michel Muller March 2015 AM P A R CudA Multiple Precision ARithmetic librarY When do we need more precision? Youtube view

912 views • 42 slides
Blueprint for Restoring Safety and Soundness to the GSEs: One Year Later November 2018 Safety

Blueprint for Restoring Safety and Soundness to the GSEs: One Year Later November 2018 Safety

Blueprint for Restoring Safety and Soundness to the GSEs: One Year Later November 2018 Safety and Soundness Blueprint: One Year Later Disclaimer Moelis & Company LLC (Moelis) prepared this presentation based on publicly available

306 views • 18 slides
Probabilistic Computation Lecture 15 Computing with Less Randomness, or with Imperfect

Probabilistic Computation Lecture 15 Computing with Less Randomness, or with Imperfect

Probabilistic Computation Lecture 15 Computing with Less Randomness, or with Imperfect Randomness 1 Soundness Amplification for BPP 2 Soundness Amplification for BPP Repeat M(x) t times and take majority 2 Soundness Amplification for

1.78k views • 125 slides
On the Soundness of Behavioural Abstraction in Hybrid Systems SIM@SYST.Level, 19 th of October,

On the Soundness of Behavioural Abstraction in Hybrid Systems SIM@SYST.Level, 19 th of October,

On the Soundness of Behavioural Abstraction in Hybrid Systems SIM@SYST.Level, 19 th of October, 2014, Cargse, France Simon Bliudze and Sbastien Furic Towards On the Soundness of Behavioural Abstraction in Hybrid Systems SIM@SYST.Level, 19

673 views • 40 slides
(IHBG) Competitive NOFA Training Rating Factor 3: Soundness of Approach 1 Rating Factor 3

(IHBG) Competitive NOFA Training Rating Factor 3: Soundness of Approach 1 Rating Factor 3

FY20 Indian Housing Block Grant (IHBG) Competitive NOFA Training Rating Factor 3: Soundness of Approach 1 Rating Factor 3 Soundness of Approach 2 Maximum total 40 points Rating Factor Title Points Factor 3 Subfactor 3.1- IHBG

863 views • 40 slides
Propositional Logic: Soundness of Formal Deduction Alice Gao Lecture 9 CS 245 Logic and

Propositional Logic: Soundness of Formal Deduction Alice Gao Lecture 9 CS 245 Logic and

Propositional Logic: Soundness of Formal Deduction Alice Gao Lecture 9 CS 245 Logic and Computation Fall 2019 1 / 16 Learning Goals By the end of this lecture, you should be able to deduction and the soundness of formal deduction.

302 views • 16 slides
MIXED PRECISION TRAINING Michael OConnor MIXED PRECISION What is the benefit? Using mixed

MIXED PRECISION TRAINING Michael OConnor MIXED PRECISION What is the benefit? Using mixed

MIXED PRECISION TRAINING Michael OConnor MIXED PRECISION What is the benefit? Using mixed precision and Volta your networks can be: 1. 3-4x faster 2. Reduce memory consumption and bandwidth pressure 3. just as powerful with no architecture

541 views • 11 slides
Concurrent Featherweight VeriFast Formalization and Soundness Proof Bart Jacobs May 4, 2015

Concurrent Featherweight VeriFast Formalization and Soundness Proof Bart Jacobs May 4, 2015

Concurrent Featherweight VeriFast Formalization and Soundness Proof Bart Jacobs May 4, 2015 Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness Contents The Programming Language 1 Concrete Execution 2 Small Step

448 views • 40 slides
Anthony J. Damico Analyzing European social survey data with R Kaunas University of Technology

Anthony J. Damico Analyzing European social survey data with R Kaunas University of Technology

Anthony J. Damico Analyzing European social survey data with R Kaunas University of Technology 2014 09 15 Why use R? R is a language and environment for statistical computing and graphics More than just another statistical analysis

491 views • 26 slides
Two-Way Alternating Automata and Finite Models Tedious proofs of irrelevant results Mikolaj

Two-Way Alternating Automata and Finite Models Tedious proofs of irrelevant results Mikolaj

Two-Way Alternating Automata and Finite Models Tedious proofs of irrelevant results Mikolaj Bojanczyk Warsaw University Two-Way Alternating Automata and Finite Models p.1/18 Intuition on the automaton A two-way alternating automaton

799 views • 57 slides
Data mining methods for longitudinal data Characterizing and discriminating classes Gilbert

Data mining methods for longitudinal data Characterizing and discriminating classes Gilbert

1.1 Kind of searched knowledge Data mining methods for longitudinal data Characterizing and discriminating classes Gilbert Ritschard, Dept of Econometrics, University of Geneva (Which attributes and which values best

518 views • 8 slides
Information Session on Statistical Methods Offerings in LHAE and OISE Prof. Anna Katyn

Information Session on Statistical Methods Offerings in LHAE and OISE Prof. Anna Katyn

Information Session on Statistical Methods Offerings in LHAE and OISE Prof. Anna Katyn Chmielewski Prof. Scott Davies Sep. 6, 2017 Overview Introductions 1. Why learn statistical methods? 2. Do I get Research Methods [RM] credit

637 views • 32 slides
OpenLoops 2 M. F. Zoller in collaboration with F. Buccioni, J.-N. Lang, J. Lindert, P.

OpenLoops 2 M. F. Zoller in collaboration with F. Buccioni, J.-N. Lang, J. Lindert, P.

OpenLoops 2 M. F. Zoller in collaboration with F. Buccioni, J.-N. Lang, J. Lindert, P. Maierhfer, S. Pozzorini and H. Zhang [arxiv:1907.13071] LoopFest XVIII Fermilab 08/14/2019 OpenLoops OpenLoops is a fully automated numerical tool

658 views • 45 slides
Formal Verification and Security Group Research Interests Natasha Sharygina

Formal Verification and Security Group Research Interests Natasha Sharygina

Formal Verification and Security Group Research Interests Natasha Sharygina www.verify.inf.usi.ch Universit` a della Svizzera Italiana (USI) October 30, 2009 FVS Group (USI) Research Interests October 30, 2009 1 / 21 Outline FVS group

578 views • 53 slides
Data Linking: Capturing and Utilising Implicit Schema-Level Relations Andriy Nikolov Victoria

Data Linking: Capturing and Utilising Implicit Schema-Level Relations Andriy Nikolov Victoria

Data Linking: Capturing and Utilising Implicit Schema-Level Relations Andriy Nikolov Victoria Uren Enrico Motta Data linking: current state Automatic instance matching algorithms SILK, ODDLinker, KnoFuss, Pairwise matching

263 views • 12 slides
Holographic Techni-dilaton Maurizio Piai Swansea University D. Elander, MP, arXiv: 1212.2600 D.

Holographic Techni-dilaton Maurizio Piai Swansea University D. Elander, MP, arXiv: 1212.2600 D.

Holographic Techni-dilaton Maurizio Piai Swansea University D. Elander, MP, arXiv: 1212.2600 D. Elander, MP arXiv: 1112.2915 - NPB R. Lawrance, MP arXiv: 1207.0427 D. Elander, MP arXiv: 1208.0546 - NPB C. Nunez, I. Papadimitriou, MP

683 views • 29 slides

More recommend