mining anomalies
play

Mining Anomalies Andrzej Wasylkowski 1 Why Mine Anomalies? How - PDF document

Dec 19, 2022 •254 likes •446 views

Mining Anomalies Andrzej Wasylkowski 1 Why Mine Anomalies? How can we make programs more reliable? Testing, code inspection, etc. Mining anomalies, etc. In general: automatic defect detection 2 Overview Automatic Defect

  1. Mining Anomalies Andrzej Wasylkowski 1 Why Mine Anomalies? • How can we make programs more reliable? • Testing, code inspection, etc. • Mining anomalies, etc. • In general: automatic defect detection 2 Overview Automatic Defect Detection Rule-based Techniques Specification-checking Techniques Mining-based Techniques Mining Repositories Mining Traces Mining Source Code 3

  2. Overview Automatic Defect Detection Rule-based Techniques Specification-checking Techniques Mining-based Techniques Mining Repositories Mining Traces Mining Source Code 4 FindBugs FindBugs Violations Program Bug Patterns Hovemeyer, David, and William Pugh. 2004. Finding bugs 5 is easy. SIGPLAN Notices 39, no. 12 (December): 92–106 FindBugs’s Bug Patterns • Equal Objects Must Have Equal Hashcodes • Static Field Modifiable By Untrusted Code • Null Pointer Dereference • Return Value Should Be Checked • … Hovemeyer, David, and William Pugh. 2004. Finding bugs 6 is easy. SIGPLAN Notices 39, no. 12 (December): 92–106

  3. Rule-based Techniques • Fixed “bug patterns” to check against • Pros: Fully automatic, scalable • Cons: Limited to occurrences of “bug patterns” 7 Rule-based Techniques • Fixed “bug patterns” to check against • Pros: Fully automatic, scalable Can we add our own rules? • Cons: Limited to occurrences of “bug patterns” 8 Overview Automatic Defect Detection Rule-based Techniques Specification-checking Techniques Mining-based Techniques Mining Repositories Mining Traces Mining Source Code 9

  4. Overview Automatic Defect Detection Rule-based Techniques Specification-checking Techniques Mining-based Techniques Mining Repositories Mining Traces Mining Source Code 10 Specification-checking Verifier Violations Program Specification 11 Typestate: java.net.Socket init init getInputStream() connect() getOutputStream() getInputStream() close() * conn err getOutputStream() close() getOutputStream() closed Fink, Stephen J., Eran Yahav, Nurit Dor, G. Ramalingam, Emmanuel Geay. 2008. Effective typestate verification in the presence of aliasing. ACM 12 Transactions on Software Engineering and Methodology 17, no. 2 (April): 1–34

  5. Typestate Verification … Socket s1 = new Socket (); ✔ s1.connect (…); inp = s1.getInputStream (); init data = readData (inp); init s1.close (); getInputStream() … connect() getOutputStream() getInputStream() close() * conn err getOutputStream() … ✘ close() getOutputStream() Socket s1 = new Socket (); inp = s1.getInputStream (); closed data = readData (inp); s1.close (); … Fink, Stephen J., Eran Yahav, Nurit Dor, G. Ramalingam, Emmanuel Geay. 2008. Effective typestate verification in the presence of aliasing. ACM 13 Transactions on Software Engineering and Methodology 17, no. 2 (April): 1–34 Specification-checking Techniques • Use external specification to check against • Pros: adaptable, very precise • Cons: need specification, may have scalability problems 14 Specification-checking Techniques • Use external specification to check against • Pros: adaptable, very precise Writing specifications is very difficult! • Cons: need specification, may have scalability problems 15

  6. Overview Automatic Defect Detection Rule-based Techniques Specification-checking Techniques Mining-based Techniques Mining Repositories Mining Traces Mining Source Code 16 Overview Automatic Defect Detection Rule-based Techniques Specification-checking Techniques Mining-based Techniques Mining Repositories Mining Traces Mining Source Code 17 Mining Source Code • Code is typically correct • Deviant behavior can point to a bug • We can learn what is common behavior… • …and detect uncommon behavior 18

  7. ECC Rules lock() is typically paired with unlock() Program ECC Violations In foo, lock() is not Rule templates paired with unlock() <a> must be paired with <b> Engler, Dawson, David Yu Chen, Seth Hallem, Andy Chou, and Benjamin Chelf. 2001. Bugs as deviant behavior: A general approach to inferring 19 errors in systems code. In SOSP 2001 , 57–72. New York, NY: ACM. ECC: Example lock l; // Lock int a, b; // Variables potentially Rule template: // protected by l lock <l> protects variable <v> void foo () { lock (l); // Enter critical section a = a + b; // MAY: a,b protected by l unlock (l); // Exit critical section b = b + 1; // MUST: b not protected by l Rule: } lock l protects variable a void bar () { lock (l); a = a + 1; // MAY: a protected by l unlock (l); } void baz () { a = a + 1; // MAY: a protected by l Rule: unlock (l); b = b - 1; // MUST: b not protected by l lock l protects variable b a = a / 5; // MUST: a not protected by l } Engler, Dawson, David Yu Chen, Seth Hallem, Andy Chou, and Benjamin Chelf. 2001. Bugs as deviant behavior: A general approach to inferring 20 errors in systems code. In SOSP 2001 , 57–72. New York, NY: ACM. ECC: Example lock l; // Lock int a, b; // Variables potentially Rule template: // protected by l lock <l> protects variable <v> void foo () { lock (l); // Enter critical section a = a + b; // MAY: a,b protected by l unlock (l); // Exit critical section ✔ b = b + 1; // MUST: b not protected by l Rule: } lock l protects variable a void bar () { lock (l); Violation: a = a + 1; // MAY: a protected by l a is not protected by l in baz unlock (l); } void baz () { a = a + 1; // MAY: a protected by l unlock (l); Rule: b = b - 1; // MUST: b not protected by l lock l protects variable b a = a / 5; // MUST: a not protected by l } Engler, Dawson, David Yu Chen, Seth Hallem, Andy Chou, and Benjamin Chelf. 2001. Bugs as deviant behavior: A general approach to inferring 21 errors in systems code. In SOSP 2001 , 57–72. New York, NY: ACM.

  8. ECC: Example lock l; // Lock int a, b; // Variables potentially Rule template: // protected by l lock <l> protects variable <v> void foo () { lock (l); // Enter critical section a = a + b; // MAY: a,b protected by l unlock (l); // Exit critical section ✔ b = b + 1; // MUST: b not protected by l Rule: } lock l protects variable a void bar () { lock (l); Violation: a = a + 1; // MAY: a protected by l a is not protected by l in baz unlock (l); } void baz () { a = a + 1; // MAY: a protected by l Rule: unlock (l); b = b - 1; // MUST: b not protected by l lock l protects variable b a = a / 5; // MUST: a not protected by l } Engler, Dawson, David Yu Chen, Seth Hallem, Andy Chou, and Benjamin Chelf. 2001. Bugs as deviant behavior: A general approach to inferring 22 errors in systems code. In SOSP 2001 , 57–72. New York, NY: ACM. ECC: Example lock l; // Lock int a, b; // Variables potentially Rule template: // protected by l lock <l> protects variable <v> void foo () { lock (l); // Enter critical section a = a + b; // MAY: a,b protected by l unlock (l); // Exit critical section ✔ b = b + 1; // MUST: b not protected by l Rule: } lock l protects variable a void bar () { lock (l); Violation: a = a + 1; // MAY: a protected by l a is not protected by l in baz unlock (l); } void baz () { a = a + 1; // MAY: a protected by l Rule: ✘ unlock (l); b = b - 1; // MUST: b not protected by l lock l protects variable b a = a / 5; // MUST: a not protected by l } Engler, Dawson, David Yu Chen, Seth Hallem, Andy Chou, and Benjamin Chelf. 2001. Bugs as deviant behavior: A general approach to inferring 23 errors in systems code. In SOSP 2001 , 57–72. New York, NY: ACM. ECC: Summary • Mines rules based on templates • Pros: fully automatic, project-specific • Cons: templates are simple and have fixed size Engler, Dawson, David Yu Chen, Seth Hallem, Andy Chou, and Benjamin Chelf. 2001. Bugs as deviant behavior: A general approach to inferring 24 errors in systems code. In SOSP 2001 , 57–72. New York, NY: ACM.

  9. ECC: Summary • Mines rules based on templates • Pros: fully automatic, project-specific Templates have a fixed number of slots. • Cons: templates are simple and have fixed size Engler, Dawson, David Yu Chen, Seth Hallem, Andy Chou, and Benjamin Chelf. 2001. Bugs as deviant behavior: A general approach to inferring 25 errors in systems code. In SOSP 2001 , 57–72. New York, NY: ACM. PR-Miner Rules scsi_host_alloc, scsi_add_host, and Program PR-Miner scsi_scan_host typically come together Violations In sbp2_alloc_device, scsi_scan_host is missing Li, Zhenmin, and Yuanyuan Zhou. 2005. PR-Miner: Automatically extracting implicit programming rules and detecting violations in 26 large software code. In ESEC/FSE-13 , 306–315, New York, NY: ACM PR-Miner: Step 1 static void getRelationDescription (...) { HeapTuple relTup; ... relTup = SearchSysCache (...); if (!HeapTupleIsValid (relTup)) elog (...); relForm = ...; ... ReleaseSysCache (relTup); } Li, Zhenmin, and Yuanyuan Zhou. 2005. PR-Miner: Automatically extracting implicit programming rules and detecting violations in 27 large software code. In ESEC/FSE-13 , 306–315, New York, NY: ACM

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Patterns and Anomalies Christos Faloutsos CMU CMU SCS Thank you The Department of

Patterns and Anomalies Christos Faloutsos CMU CMU SCS Thank you The Department of

CMU SCS Mining Large Social Networks: Patterns and Anomalies Christos Faloutsos CMU CMU SCS Thank you The Department of Informatics Happy 20-th! Prof. Yannis Manolopoulos Prof. Kostas Tsichlas Mrs. Nina Daltsidou AUTH, May

743 views • 55 slides
Mining Approximate Top-K Subspace Anomalies in Multi-Dimensional Time-Series Data Xiaolei Li,

Mining Approximate Top-K Subspace Anomalies in Multi-Dimensional Time-Series Data Xiaolei Li,

Mining Approximate Top-K Subspace Anomalies in Multi-Dimensional Time-Series Data Xiaolei Li, Jiawei Han University of Illinois at Urbana-Champaign VLDB 2007 1 Time Series Data Many applications produce time series data Intel stock 2

888 views • 60 slides
Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

What is Web Mining? Wh t i W b Mi i What is Web Mining? Wh t i W b Mi i ? ? Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques to automat cally d scover and extract nformat on automatically

774 views • 20 slides
Accounting for the Anomaly Zoo: a Trading Cost Perspective DISCUSSANT Ingrid Tierens, Goldman

Accounting for the Anomaly Zoo: a Trading Cost Perspective DISCUSSANT Ingrid Tierens, Goldman

Accounting for the Anomaly Zoo: a Trading Cost Perspective DISCUSSANT Ingrid Tierens, Goldman Sachs ANOMALIES: FACT OR FICTION? Decades of empirical finance research papers suggest anomalies exist However, Data mining Post

489 views • 12 slides
Web Mining Web Mining Web mining is the use of data mining techniques to automatically

Web Mining Web Mining Web mining is the use of data mining techniques to automatically

What is Web Mining? What is Web Mining? Web Mining Web Mining Web mining is the use of data mining techniques to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) Web mining aims to

566 views • 22 slides
b s b c anomalies anomalies Found by LHCb (and perhaps Found by several experiments

b s b c anomalies anomalies Found by LHCb (and perhaps Found by several experiments

b s b c anomalies anomalies Found by LHCb (and perhaps Found by several experiments hinted by Belle) (LHCb, BaBar and Belle) Many observables: global pattern Two observables: R(D) and R(D*) Neutral current Charged current 1-loop

342 views • 19 slides
What is Anomalies? If Efficient Market Hypothesis holds, all securities should have the same

What is Anomalies? If Efficient Market Hypothesis holds, all securities should have the same

What is Anomalies? If Efficient Market Hypothesis holds, all securities should have the same risk-adjusted returns. Lecture 2: Anomalies and Market o Therefore, observable stock characteristics such as size, PE ratio, or price-book value

248 views • 9 slides
Anomaly Detection Lecture Notes for Chapter 9 Introduction to Data Mining, 2 nd Edition by Tan,

Anomaly Detection Lecture Notes for Chapter 9 Introduction to Data Mining, 2 nd Edition by Tan,

Anomaly Detection Lecture Notes for Chapter 9 Introduction to Data Mining, 2 nd Edition by Tan, Steinbach, Karpatne, Kumar 4/14/2019 Introduction to Data Mining, 2nd Edition 1 Anomaly/ Outlier Detection What are anomalies/outliers?

470 views • 32 slides
Fast and Scalable Method for Resolving Anomalies in Firewall Policies Hassan Gobjua

Fast and Scalable Method for Resolving Anomalies in Firewall Policies Hassan Gobjua

Fast and Scalable Method for Resolving Anomalies in Firewall Policies Hassan Gobjua Kamal Ahmat Verizon City University of New York Introduction Firewalls Types of Anomalies Related

380 views • 21 slides
Web Mining Web Mining to automatically discover and extract information from Web

Web Mining Web Mining to automatically discover and extract information from Web

What is Web Mining? What is Web Mining? Web mining is the use of data mining techniques Web Mining Web Mining to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) (another definition:

287 views • 15 slides
Flavour anomalies at the LHC M. Nardecchia INFN &amp; Sapienza University of Rome 30 May 2019,

Flavour anomalies at the LHC M. Nardecchia INFN &amp; Sapienza University of Rome 30 May 2019,

Flavour anomalies at the LHC M. Nardecchia INFN &amp; Sapienza University of Rome 30 May 2019, ICTP , Trieste Flavour Anomalies b s b c (LHCb from 2013) Babar+Belle+LHCb from 2012 1) Angular observables in B K +

702 views • 48 slides
Global anomalies on Lorentzian space-times Jochen Zahn Universit at Leipzig based on

Global anomalies on Lorentzian space-times Jochen Zahn Universit at Leipzig based on

Global anomalies on Lorentzian space-times Jochen Zahn Universit at Leipzig based on 1609.06562 (Ann. H. Poincar e) [joint work with A. Schenkel] LQP 41, G ottingen, February 2018 Global anomalies in the path integral Chiral SU p 2

375 views • 11 slides
Motivation Both human- and computer-generated programs sometimes contain data-flow anomalies .

Motivation Both human- and computer-generated programs sometimes contain data-flow anomalies .

Motivation Both human- and computer-generated programs sometimes contain data-flow anomalies . These anomalies result in the program being worse, in some sense, than it was intended to be. Data-flow analysis is useful in locating, and sometimes

409 views • 40 slides
Web Mining Web Mining to automatically discover and extract information from Web

Web Mining Web Mining to automatically discover and extract information from Web

What is Web Mining? What is Web Mining? Web mining is the use of data mining techniques Web Mining Web Mining to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) 1 2 The Web The Web

468 views • 23 slides
Detection of electromagnetic anomalies Detection of electromagnetic anomalies before volcanic

Detection of electromagnetic anomalies Detection of electromagnetic anomalies before volcanic

Detection of electromagnetic anomalies Detection of electromagnetic anomalies before volcanic eruptions by before volcanic eruptions by DEMETER micro- -satellite satellite DEMETER micro J. Zlotnicki 1 , F. Li 1 , M. Parrot 2 1: CNRS

407 views • 27 slides
Anomalies in Data Maximilian Toller KDDM2 Maximilian Toller, Know-Center &gt; www.tugraz.at 1

Anomalies in Data Maximilian Toller KDDM2 Maximilian Toller, Know-Center &gt; www.tugraz.at 1

www.tugraz.at Anomalies in Data SCIENCE PASSION TECHNOLOGY Anomalies in Data Maximilian Toller KDDM2 Maximilian Toller, Know-Center &gt; www.tugraz.at 1 KDDM2 www.tugraz.at Anomalies in Data Recall from earlier Maximilian Toller,

1.39k views • 84 slides
IpMorph : unification de la mystification de la prise d'empreinte Guillaume PRIGENT

IpMorph : unification de la mystification de la prise d'empreinte Guillaume PRIGENT

This document is licensed under a Creative Commons Attribution 3.0 License IpMorph : unification de la mystification de la prise d'empreinte Guillaume PRIGENT DIATEAM - Brest SSTIC - 5 juin 2009 1 IpMorph is an Open Source project

470 views • 17 slides
ARCHER Training Courses General Overview Reusing this material This work is licensed under a

ARCHER Training Courses General Overview Reusing this material This work is licensed under a

ARCHER Training Courses General Overview Reusing this material This work is licensed under a Creative Commons Attribution- NonCommercial-ShareAlike 4.0 International License. http://creativecommons.org/licenses/by-nc-sa/4.0/deed.en_US This

459 views • 14 slides
Learning Rules to Pre-process Web Data for Automatic Integration Kai Simon, Thomas Hornung, Georg

Learning Rules to Pre-process Web Data for Automatic Integration Kai Simon, Thomas Hornung, Georg

Learning Rules to Pre-process Web Data for Automatic Integration Kai Simon, Thomas Hornung, Georg Lausen Workshop &quot;Model Checking and Semantic Web Rules Languages 28th October 2006 D ata b ases and I nformation S ystems Research Group

759 views • 40 slides
Crawling the Community Structure of Multiplex Networks Ricky Laishram 1 Jeremy D. Wendt 2 Sucheta

Crawling the Community Structure of Multiplex Networks Ricky Laishram 1 Jeremy D. Wendt 2 Sucheta

Crawling the Community Structure of Multiplex Networks Ricky Laishram 1 Jeremy D. Wendt 2 Sucheta Soundarajan 1 1 Syracuse University, Syracuse NY, USA 2 Sandia National Laboratories, Albuquerque NM, USA Multiplex Networks Nodes have multiple

628 views • 20 slides
Achieve Online Mastery! A Review for Nonprofits OR Alliance of Childrens Programs

Achieve Online Mastery! A Review for Nonprofits OR Alliance of Childrens Programs

Achieve Online Mastery! A Review for Nonprofits OR Alliance of Childrens Programs Multichannel Content Planning Amy Sample Ward CEO, NTEN: The Nonprofit Technology Network @amyrsward #NPTechMastery How does it fit: Connec/ons How does

660 views • 39 slides
FreVast - Combining Modelling with Diagnostics at University Level Ingo Kirchner and Christopher

FreVast - Combining Modelling with Diagnostics at University Level Ingo Kirchner and Christopher

Central Idea Software Components Use Case - Course Example Implementation Plan FreVast - Combining Modelling with Diagnostics at University Level Ingo Kirchner and Christopher Kadow Institute of Meteorology Freie Universit at Berlin

421 views • 14 slides
Managing Kubernetes and OpenShift with ManageIQ Alissa Bonas @ Container Con Seattle 2015 The

Managing Kubernetes and OpenShift with ManageIQ Alissa Bonas @ Container Con Seattle 2015 The

Managing Kubernetes and OpenShift with ManageIQ Alissa Bonas @ Container Con Seattle 2015 The stages of containers world Containerizing an app Alissa Bonas @ Container Con Seattle 2015 The stages of containers world Run a container

911 views • 62 slides
Question: Which is more effective at cleaning your hair: a thick, viscous shampoo or a thin,

Question: Which is more effective at cleaning your hair: a thick, viscous shampoo or a thin,

Question: Which is more effective at cleaning your hair: a thick, viscous shampoo or a thin, freely Plastics flowing shampoo, or are they probably about equal? Observations About Plastics Plastic Some plastics are clear, others

346 views • 3 slides

More recommend