specification less semantic bug detection
play

Specification-less Semantic Bug Detection Zhendong Su ETH Zurich - PowerPoint PPT Presentation

Dec 05, 2022 •24 likes •1.3k views

Specification-less Semantic Bug Detection Zhendong Su ETH Zurich What is the key mission of Computer Science? To help people turn creative ideas into working systems Software research is central to this mission A lot of progress to celebrate

  1. Approach Verify that Generate Randomly Query for the Pivot Select Generate the Pivot Row is Pivot Row Database Row contained

  2. Approach Verify that Generate Randomly Query for the Pivot Select Generate the Pivot Row is Pivot Row Database Row contained

  3. Approach How do we generate this query? Verify that Generate Randomly Query for the Pivot Select Generate the Pivot Row is Pivot Row Database Row contained

  4. How to generate queries? SELECT picture, description FROM animal_pictures WHERE Generate an expression that yields TRUE for the pivot row

  5. How to generate queries? Modify Use in Randomly Evaluate expression to WHERE Generate Expression yield TRUE clause Expression on Pivot Row

  6. Random exp. generation animal_pictures animal description picture We first generate a random expression https://www.sqlite.org/syntax/expr.html

  7. Random exp. generation animal = 'Cat' AND description LIKE '%cute%' AND = LIKE descri animal 'Cat' '%cute%' ption

  8. Random exp. generation animal = 'Cat' AND description LIKE '%cute%' AND Evaluate the tree based on the pivot row = LIKE descri animal 'Cat' '%cute%' ption

  9. Random exp. evaluation Constant nodes return their assigned literal AND values = LIKE 'Cat' '%cute%' descri animal 'Cat' '%cute%' ption

  10. Random exp. evaluation Column references return the values from the pivot row AND 'Cat = LIKE plants (cute!)' 'Cat' 'Cat' '%cute%' descri animal 'Cat' '%cute%' ption

  11. Random exp. evaluation Compound nodes compute their result AND based on their children TRUE TRUE 'Cat = LIKE plants (cute!)' 'Cat' 'Cat' '%cute%' descri animal 'Cat' '%cute%' ption

  12. Random exp. evaluation TRUE AND TRUE TRUE 'Cat = LIKE plants (cute!)' 'Cat' 'Cat' '%cute%' descri animal 'Cat' '%cute%' ption

  13. Query synthesis SELECT picture, description FROM animal_pictures WHERE animal = 'Cat' AND description LIKE '%cute%'

  14. Random exp. evaluation TRUE What about when the expression does not evaluate to TRUE ? AND TRUE TRUE 'Cat = LIKE plants (cute!)' 'Cat' 'Cat' '%cute%' descri animal 'Cat' '%cute%' ption

  15. Random exp. evaluation What about when the expression does not evaluate to TRUE ? FALSE animal = 'Dog' = 'Dog' 'Cat' animal 'Dog'

  16. Random exp. rectification switch (result) { case TRUE: result = randexpr; case FALSE: result = NOT randexpr; case NULL: result = randexpr ISNULL; }

  17. Random exp. rectification switch (result) { case TRUE: FALSE result = randexpr; animal = 'Dog' case FALSE: result = NOT randexpr; case NULL: result = randexpr ISNULL; }

  18. Random exp. rectification switch (result) { case TRUE: TRUE result = randexpr; NOT(animal = 'Dog') case FALSE: result = NOT randexpr; case NULL: result = randexpr ISNULL; }

  19. How to generate queries? SELECT picture, description FROM animal_pictures WHERE NOT(animal = 'Dog')

  20. Tested DBMS PostgreSQL We tested these (and other DBMS) in a period of 3-4 months

  21. DBMS

  22. DBMS

  23. DBMS

  24. Bugs overview Real Bugs DBMS Fixed Verified SQLite 65 0 MySQL 15 10 PostgreSQL 5 4 Sum 85 14 99 real bugs : code fixes or verified as bugs

  25. Bugs overview Real Bugs DBMS Fixed Verified SQLite 65 0 MySQL 15 10 PostgreSQL 5 4 Sum 85 14 The SQLite developers quickly responded to all our bug reports à we focused on this DBMS

  26. Bugs overview Real Bugs DBMS Fixed Verified SQLite 65 0 MySQL 15 10 PostgreSQL 5 4 Sum 85 14 All MySQL bug reports were verified quickly

  27. Bugs overview Real Bugs DBMS Fixed Verified SQLite 65 0 MySQL 15 10 PostgreSQL 5 4 Sum 85 14 MySQL’s trunk is unavailable , and it has a long release cycle

  28. Bugs overview Real Bugs DBMS Fixed Verified SQLite 65 0 MySQL 15 10 PostgreSQL 5 4 Sum 85 14 We found the fewest bugs in PostgreSQL and not all could be easily addressed

  29. Oracles Real Bugs DBMS Containment Error SEGFAULT SQLite 46 17 2 MySQL 14 10 1 PostgreSQL 1 7 1 Sum 61 34 4

  30. Oracles Real Bugs Containment Oracle DBMS Containment Error SEGFAULT SQLite 46 17 2 MySQL 14 10 1 PostgreSQL 1 7 1 Sum 61 34 4 Our Containment oracle allowed us to detect most errors

  31. Result: bug in SQLite3 Real Bugs Containment CREATE TABLE t0(c1 TEXT PRIMARY KEY) WITHOUT ROWID; Oracle CREATE INDEX i0 ON t0(c1 COLLATE NOCASE); INSERT INTO t0(c1) VALUES ('A'); INSERT INTO t0(c1) VALUES ('a'); An index is an auxiliary data structure that should not affect the query’s result

  32. Result: bug in SQLite3 Real Bugs Containment CREATE TABLE t0(c1 TEXT PRIMARY KEY) WITHOUT ROWID; Oracle CREATE INDEX i0 ON t0(c1 COLLATE NOCASE); c1 INSERT INTO t0(c1) VALUES ('A'); INSERT INTO t0(c1) VALUES ('a'); 'A' 'a'

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

New Challenges in New Challenges in Semantic Concept Detection Semantic Concept Detection M.-F.

New Challenges in New Challenges in Semantic Concept Detection Semantic Concept Detection M.-F.

New Challenges in New Challenges in Semantic Concept Detection Semantic Concept Detection M.-F. Weng, C.-K. Chen, Y.-H. Yang, R.-E. Fan, Y.-T. Hsieh, Y.-Y. Chuang, W. H. Hsu, and C.-J. Lin National Taiwan University Preliminaries for Semantic

367 views • 16 slides
Semantic segmentation Image classification Object detection Semantic segmentation Evolution

Semantic segmentation Image classification Object detection Semantic segmentation Evolution

Accel : A Corrective Fusion Network for Efficient Semantic Segmentation on Video Samvit Jain , Xin Wang , Joseph Gonzalez RISE Lab, UC Berkeley Semantic segmentation Image classification Object detection Semantic segmentation Evolution

857 views • 13 slides
Efficient Semantic-Aware Detection of Near Duplicate Resources 7 th Extended Semantic Web

Efficient Semantic-Aware Detection of Near Duplicate Resources 7 th Extended Semantic Web

Efficient Semantic-Aware Detection of Near Duplicate Resources 7 th Extended Semantic Web Conference E. Ioannou, O. Papapetrou, D. Skoutas, W. Nejdl Wednesday, 2nd June 2010, Heraklion, Greece Outline 1. Motivation 2. RDFsim Approach

299 views • 26 slides
Specification-based intrusion detection Effectively detecting intrusions using business logic

Specification-based intrusion detection Effectively detecting intrusions using business logic

Specification-based intrusion detection Effectively detecting intrusions using business logic specification J. Lima, N. Escravana 1 Abstract In the recent years, the advent large-scale, highly targeted cyber-attacks raised the concern on the

375 views • 35 slides
Unifying Service Oriented Technologies for the Specification and Detection of their Antipatterns

Unifying Service Oriented Technologies for the Specification and Detection of their Antipatterns

PhD Thesis Unifying Service Oriented Technologies for the Specification and Detection of their Antipatterns Francis PALMA Supervised by: Dr. Naouel Moha, Universit e du Qu ebec ` a Montr eal, Canada eneuc, Dr. Yann-Ga el Gu

1.04k views • 85 slides
Schematron Based Semantic Constraints Specification Framework & Validation Rules Engine for

Schematron Based Semantic Constraints Specification Framework & Validation Rules Engine for

Schematron Based Semantic Constraints Specification Framework & Validation Rules Engine for JSON Advisor: Dr. Lixin Tao Student: Dr. Amer Ali DPS 2014 Abstract JavaScript Object Notation (JSON) has emerged as a popular format for

993 views • 48 slides
Rich Feature Hierarchies for Accurate Object Detection and Semantic Segmentation Authors: Ross

Rich Feature Hierarchies for Accurate Object Detection and Semantic Segmentation Authors: Ross

Rich Feature Hierarchies for Accurate Object Detection and Semantic Segmentation Authors: Ross Girshick, Jeff Donahue, Trevor Darrell, Jitendra Malik Presented by Huihuang Zheng Problem: Object Detection Regionlets SegDPM (2013) Selective

499 views • 19 slides
Rich feature hierarchies for accurate object detection and semantic segmentation Ross Girshick, Je

Rich feature hierarchies for accurate object detection and semantic segmentation Ross Girshick, Je

Rich feature hierarchies for accurate object detection and semantic segmentation Ross Girshick, Je ff Donahue, Trevor Darrell, Jitendra Malik UC Berkeley Tech Report @ http://arxiv.org/abs/1311.2524 Detection & Segmentation input

704 views • 37 slides
Inconsistency Detection in Semantic Annotation Nora Hollenstein Nathan

Inconsistency Detection in Semantic Annotation Nora Hollenstein Nathan

Inconsistency Detection in Semantic Annotation Nora Hollenstein Nathan Schneider Bonnie Webber Overview Related Work Introduction Hypothesis Data sets Multiword Expressions

920 views • 25 slides
Machine Learning for NLP SVMs for semantic error detection Aurlie Herbelot 2018 Centre for

Machine Learning for NLP SVMs for semantic error detection Aurlie Herbelot 2018 Centre for

Machine Learning for NLP SVMs for semantic error detection Aurlie Herbelot 2018 Centre for Mind/Brain Sciences University of Trento 1 Error Detection and Correction: introduction 2 Error Detection and Correction (EDC) The aim of EDC

567 views • 52 slides
Introduction The automatic detection and extraction of Semantic Relations is a crucial step to

Introduction The automatic detection and extraction of Semantic Relations is a crucial step to

Causal Relation Extraction Eduardo Blanco, Nuria Castell, Dan Moldovan HLT Research Institute, TALP Research Centre, Lymba Corporation LREC 2008, Marrakech Introduction The automatic detection and extraction of Semantic Relations is a

285 views • 16 slides
Sequential Attention-based Detection of Semantic Incongruities from EEG While Listening to Speech

Sequential Attention-based Detection of Semantic Incongruities from EEG While Listening to Speech

Sequential Attention-based Detection of Semantic Incongruities from EEG While Listening to Speech Nara Institute of Science and Technology, Japan Shunnosuke Motomura Hiroki Tanaka Satoshi Nakamura /xx 1 Background: Assessment of sentences

242 views • 13 slides
Real-Time Object Detection and Semantic Segmentation Geetank Raipuria Wei Li Corporate

Real-Time Object Detection and Semantic Segmentation Geetank Raipuria Wei Li Corporate

Real-Time Object Detection and Semantic Segmentation Geetank Raipuria Wei Li Corporate Development manager Computer Vision Engineer NavInfo Europe Presented at GTC 2019 Session S9351 NavInfo - our growth benefits from AI Smart Mobility

735 views • 34 slides
Scalable Detection of Semantic Clones Mark Gabel Lingxiao Jiang Zhendong Su Motivation

Scalable Detection of Semantic Clones Mark Gabel Lingxiao Jiang Zhendong Su Motivation

Scalable Detection of Semantic Clones Mark Gabel Lingxiao Jiang Zhendong Su Motivation Maintenance problem Refactoring Automated procedure extraction Aspect mining Program understanding Copy/paste bugs 2 Clone

421 views • 27 slides
Semantic Web Languages Basics Web Ontology Languages Wide variety of languages for Explicit

Semantic Web Languages Basics Web Ontology Languages Wide variety of languages for Explicit

Semantic Web Languages Basics Web Ontology Languages Wide variety of languages for Explicit Specification Graphical notations Semantic networks UML RDF/RDFS Logic based Description Logics (e.g., OIL, DAML+OIL, OWL,

408 views • 30 slides
Semantic Web 2008 Se a t c eb 008 Semantic Web ca. 2008 S ti W b 2008 Semantic Web

Semantic Web 2008 Se a t c eb 008 Semantic Web ca. 2008 S ti W b 2008 Semantic Web

Semantic Web 2008 Se a t c eb 008 Semantic Web ca. 2008 S ti W b 2008 Semantic Web companies starting & growing Siderean, SandPiper, SiberLogic, Ontology Works, Intellidimension, Intellisophic, TopQuadrant, Data Grid, Mondeca,

481 views • 23 slides
1. Cryonics Backup Plan 2. Hall of Fame and History 3. Fundraiser for needy cryonicist 1. Backup

1. Cryonics Backup Plan 2. Hall of Fame and History 3. Fundraiser for needy cryonicist 1. Backup

Society for Venturism http://www.venturist.info 1. Cryonics Backup Plan 2. Hall of Fame and History 3. Fundraiser for needy cryonicist 1. Backup Plan: Attempt to rescue Cryopreserved Venturist Members if their cryonics organization fails or has

112 views • 10 slides
1 UNCLASSIFIED UNCLASSIFIED Military Mortuary Affairs Responsibilities In DoD, mortuary

1 UNCLASSIFIED UNCLASSIFIED Military Mortuary Affairs Responsibilities In DoD, mortuary

UNCLASSIFIED Agenda Defense Support of Civil Authorities for Mortuary Affairs NORAD-USNORTHCOM Quick Overview North American Aerospace Defense Command (NORAD) Military Mortuary Affairs Roles, Missions, Forces and United States

328 views • 5 slides
Processing Dialogue-Based Data in the UIMA Framework Milan Gnjatovi , Manuela Kunze, Dietmar

Processing Dialogue-Based Data in the UIMA Framework Milan Gnjatovi , Manuela Kunze, Dietmar

Processing Dialogue-Based Data in the UIMA Framework Milan Gnjatovi , Manuela Kunze, Dietmar Rsner University of Magdeburg Overview Background Processing dialogue-based Data Conclusion Gnjatovi , Kunze, Rsner 2 Background

600 views • 21 slides
Using Dashboards to Make Human Services Data Human ICPH Beyond Housing 2020 Session 2.12

Using Dashboards to Make Human Services Data Human ICPH Beyond Housing 2020 Session 2.12

Using Dashboards to Make Human Services Data Human ICPH Beyond Housing 2020 Session 2.12 Presented by: Lisa Kessler Courtney Lewis Data Analyst Transition Age Youth System Coordinator Allegheny County Department Allegheny County

646 views • 42 slides
Current guidelines on cardiac markers - how should they be introduced and how should the

Current guidelines on cardiac markers - how should they be introduced and how should the

Current guidelines on cardiac markers - how should they be introduced and how should the implementation be evaluated Professor P. O. Collinson MA MB BChir FRCPath FRCP edin MD FACB EurClin Chem Consultant Chemical Pathologist and Professor of

623 views • 59 slides
CSN08101 Digital Forensics Lecture 5: Data management and Autopsy Lecture 5: Data management and

CSN08101 Digital Forensics Lecture 5: Data management and Autopsy Lecture 5: Data management and

CSN08101 Digital Forensics Lecture 5: Data management and Autopsy Lecture 5: Data management and Autopsy Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Data Management for Forensics You will learn in this lecture: Command

663 views • 24 slides
The Role le of In Intravascular Im Imaging of Lip ipid Core in in Cardiovascular Drug

The Role le of In Intravascular Im Imaging of Lip ipid Core in in Cardiovascular Drug

The Role le of In Intravascular Im Imaging of Lip ipid Core in in Cardiovascular Drug Development Sean Madden, PhD VP of R&D and Clinical Outline What is NIRS-IVUS? Why and when would a pharma company do an imaging study?

417 views • 26 slides
Summary of Calorimeter-Muon sessions Daniel Jeans, LLR - Ecole polytechnique 21 presentations

Summary of Calorimeter-Muon sessions Daniel Jeans, LLR - Ecole polytechnique 21 presentations

Summary of Calorimeter-Muon sessions Daniel Jeans, LLR - Ecole polytechnique 21 presentations impossible to cover everything in sufficient detail... LCWS2010 Beijing LCWS2010 Beijing 1 Introduction Calorimeters for PFA high granularity

445 views • 22 slides

More recommend